aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/Fit123/fit123.inc14
-rw-r--r--config/Fit123/fit123.xml6
-rw-r--r--config/anyterm/anyterm.inc2
-rw-r--r--config/anyterm/anyterm.xml4
-rwxr-xr-xconfig/apache_mod_security-dev/apache_mod_security_view_logs.php4
-rw-r--r--config/apache_mod_security-dev/apache_view_logs.php4
-rw-r--r--config/apache_mod_security-dev/apache_virtualhost.xml30
-rw-r--r--config/apache_mod_security/apache_mod_security.inc14
-rw-r--r--config/apache_mod_security/apache_mod_security.xml6
-rw-r--r--config/apache_mod_security/apache_mod_security_view_logs.php6
-rw-r--r--config/apcupsd/apcupsd.conf.php2
-rw-r--r--config/apcupsd/apcupsd.inc7
-rw-r--r--config/apcupsd/apcupsd.xml17
-rwxr-xr-xconfig/apcupsd/apcupsd_mail.php2
-rwxr-xr-xconfig/apcupsd/apcupsd_status.php7
-rw-r--r--config/archive/assp.xml2
-rw-r--r--config/archive/clamsmtp.xml4
-rw-r--r--config/archive/doorman.xml2
-rw-r--r--config/archive/dspam/conf.default/config.xml8
-rw-r--r--config/archive/dspam/pkg/dspam-config.inc6
-rw-r--r--config/archive/dspam/pkg/dspam.xml60
-rw-r--r--config/archive/dspam/pkg/p3scan-pf.xml12
-rw-r--r--config/archive/dspam/www/wizards/dspam_wizard.xml2
-rw-r--r--config/archive/freenas/pkg/freenas.xml166
-rw-r--r--config/archive/frickin/frickin.xml4
-rw-r--r--config/archive/p3scan-pf/p3scan-pf.xml12
-rw-r--r--config/archive/p3scan.xml6
-rw-r--r--config/archive/portsentry/portsentry.xml2
-rw-r--r--config/archive/quagga/quagga.xml2
-rw-r--r--config/archive/sassassin.xml6
-rw-r--r--config/archive/viralator.xml4
-rw-r--r--config/arping/arping.xml2
-rw-r--r--config/arpwatch.xml8
-rw-r--r--config/asterisk/asterisk.xml12
-rw-r--r--config/autoconfigbackup/autoconfigbackup.inc6
-rw-r--r--config/autoconfigbackup/autoconfigbackup.php8
-rw-r--r--config/autoconfigbackup/autoconfigbackup.xml18
-rw-r--r--config/autoconfigbackup/autoconfigbackup_backup.php6
-rw-r--r--config/autoconfigbackup/autoconfigbackup_stats.php6
-rw-r--r--config/autoconfigbackup/certs/gd-class2-root.crt24
-rw-r--r--config/autoconfigbackup/certs/gd_intermediate.crt29
-rw-r--r--config/avahi/avahi.xml10
-rw-r--r--config/backup/backup.xml8
-rw-r--r--config/bacula-client/bacula-client.xml6
-rw-r--r--config/bacula-client/bacula-client_view_config.php7
-rw-r--r--config/bandwidthd/bandwidthd.inc11
-rw-r--r--config/bandwidthd/bandwidthd.xml4
-rw-r--r--config/bind/bind.inc95
-rw-r--r--config/bind/bind.widget.php2
-rw-r--r--config/bind/bind.xml18
-rw-r--r--config/blinkled/blinkled.xml2
-rw-r--r--config/blinkled8/blinkled.inc2
-rw-r--r--config/blinkled8/blinkled.xml8
-rw-r--r--config/bsdstats/bsdstats.xml2
-rw-r--r--config/checkmk-agent/checkmk.xml4
-rw-r--r--config/clamav.xml2
-rw-r--r--config/countryblock/countryblock.inc2
-rw-r--r--config/countryblock/countryblock.xml46
-rw-r--r--config/countryblock/countryblock_IPBlocklist.widget.tmp2
-rw-r--r--config/countryblock/help.tmp2
-rw-r--r--config/cron/cron.xml10
-rw-r--r--config/dansguardian/dansguardian.xml54
-rwxr-xr-xconfig/dansguardian/dansguardian_about.php10
-rw-r--r--config/dashboard/dashboard.xml4
-rw-r--r--config/denyhosts/denyhosts.inc6
-rw-r--r--config/denyhosts/denyhosts.xml2
-rw-r--r--config/developers/developers.xml2
-rw-r--r--config/diag_states_pt/diag_new_states.xml2
-rw-r--r--config/dnsblacklist/dnsblacklist.xml8
-rw-r--r--config/dnsmasq-edns/dnsmasq-edns.xml4
-rw-r--r--config/dyntables/pkg/dyntables.xml10
-rw-r--r--config/filemgr/filemgr.xml66
-rw-r--r--config/filer/filer.xml4
-rw-r--r--config/freeradius.xml6
-rw-r--r--config/freeradius2/freeradius.xml22
-rw-r--r--config/freeradius2/freeradius_view_config.php6
-rw-r--r--config/freeradius2/freeradiusauthorizedmacs.xml22
-rw-r--r--config/freeswitch/freeswitch.inc2
-rw-r--r--config/freeswitch/freeswitch.xml2
-rw-r--r--config/freeswitch_dev/freeswitch.xml2
-rw-r--r--config/freeswitch_dev/v_config.inc2
-rw-r--r--config/gwled/gwled.inc2
-rw-r--r--config/gwled/gwled.xml6
-rw-r--r--config/haproxy-devel/haproxy.inc388
-rw-r--r--config/haproxy-devel/haproxy.widget.php2
-rw-r--r--config/haproxy-devel/haproxy.xml36
-rwxr-xr-xconfig/haproxy-devel/haproxy_global.php92
-rw-r--r--config/haproxy-devel/haproxy_htmllist.inc2
-rw-r--r--config/haproxy-devel/haproxy_listeners.php28
-rw-r--r--config/haproxy-devel/haproxy_listeners_edit.php58
-rw-r--r--config/haproxy-devel/haproxy_pool_edit.php69
-rw-r--r--config/haproxy-devel/haproxy_pools.php6
-rw-r--r--config/haproxy-devel/haproxy_socketinfo.inc2
-rw-r--r--config/haproxy-devel/haproxy_stats.php11
-rw-r--r--config/haproxy-devel/haproxy_utils.inc2
-rw-r--r--config/haproxy-legacy/haproxy.inc2
-rw-r--r--config/haproxy-legacy/haproxy.xml18
-rwxr-xr-xconfig/haproxy-legacy/haproxy_frontends.php6
-rwxr-xr-xconfig/haproxy-legacy/haproxy_frontends_edit.php6
-rwxr-xr-xconfig/haproxy-legacy/haproxy_global.php6
-rwxr-xr-xconfig/haproxy-legacy/haproxy_servers.php6
-rwxr-xr-xconfig/haproxy-legacy/haproxy_servers_edit.php6
-rw-r--r--config/haproxy-stable/haproxy.inc2
-rw-r--r--config/haproxy-stable/haproxy.xml14
-rwxr-xr-xconfig/haproxy-stable/haproxy_global.php6
-rwxr-xr-xconfig/haproxy-stable/haproxy_listeners.php6
-rwxr-xr-xconfig/haproxy-stable/haproxy_listeners_edit.php6
-rwxr-xr-xconfig/haproxy-stable/haproxy_pool_edit.php6
-rwxr-xr-xconfig/haproxy-stable/haproxy_pools.php6
-rw-r--r--config/haproxy/haproxy.inc2
-rw-r--r--config/haproxy/haproxy.xml14
-rwxr-xr-xconfig/haproxy/haproxy_global.php6
-rwxr-xr-xconfig/haproxy/haproxy_listeners.php6
-rwxr-xr-xconfig/haproxy/haproxy_listeners_edit.php6
-rwxr-xr-xconfig/haproxy/haproxy_pool_edit.php6
-rwxr-xr-xconfig/haproxy/haproxy_pools.php6
-rw-r--r--config/havp/havp.inc6
-rw-r--r--config/havp/havp.xml14
-rw-r--r--config/havp/havp_avset.xml4
-rw-r--r--config/havp/havp_fscan.xml4
-rw-r--r--config/hula.xml2
-rwxr-xr-xconfig/igmpproxy/firewall_rules_edit.tmp2
-rw-r--r--config/igmpproxy/igmpproxy.xml10
-rw-r--r--config/imspector/imspector.inc2
-rw-r--r--config/imspector/imspector.xml14
-rw-r--r--config/imspector/imspector_acls.xml4
-rw-r--r--config/imspector/imspector_logs.php2
-rw-r--r--config/imspector/services_imspector_logs.php2
-rw-r--r--config/imspector/services_imspector_logs2.php2
-rwxr-xr-xconfig/ipblocklist/7/email.tmp2
-rwxr-xr-xconfig/ipblocklist/7/ipblocklist.tmp2
-rwxr-xr-xconfig/ipblocklist/7/ipblocklist.xml40
-rwxr-xr-xconfig/ipblocklist/7/ipblocklist_if.tmp2
-rwxr-xr-xconfig/ipblocklist/7/manual_add.tmp2
-rwxr-xr-xconfig/ipblocklist/7/settings.tmp2
-rwxr-xr-xconfig/ipblocklist/7/whitelist.tmp2
-rw-r--r--config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp2
-rwxr-xr-xconfig/ipblocklist/8/email.tmp2
-rwxr-xr-xconfig/ipblocklist/8/ipblocklist.tmp2
-rwxr-xr-xconfig/ipblocklist/8/ipblocklist.xml42
-rwxr-xr-xconfig/ipblocklist/8/ipblocklist_if.tmp2
-rwxr-xr-xconfig/ipblocklist/8/manual_add.tmp2
-rwxr-xr-xconfig/ipblocklist/8/settings.tmp2
-rwxr-xr-xconfig/ipblocklist/8/whitelist.tmp2
-rw-r--r--config/iperf.xml2
-rw-r--r--config/ipguard/ipguard.xml4
-rw-r--r--config/iprangealiases/iprangealiases.xml4
-rw-r--r--config/jail_template.xml4
-rw-r--r--config/jailctl.xml14
-rw-r--r--config/jailctl/jailctl.xml12
-rw-r--r--config/ladvd/ladvd.xml4
-rw-r--r--config/lcdproc-dev/lcdproc.xml8
-rw-r--r--config/lcdproc-dev/lcdproc_client.php1
-rw-r--r--config/lcdproc/lcdproc.xml14
-rw-r--r--config/lightsquid/lightsquid.xml12
-rw-r--r--config/mactovendor/bin/diag_arp.php_2
-rw-r--r--config/mactovendor/mactovendor.xml12
-rw-r--r--config/mailreport/mail_reports.inc8
-rw-r--r--config/mailreport/mailreport.xml22
-rw-r--r--config/mailscanner/mailscanner.inc2
-rw-r--r--config/mailscanner/mailscanner.xml24
-rwxr-xr-xconfig/mailscanner/mailscanner_about.php10
-rw-r--r--config/miniupnpd/miniupnpd.xml6
-rwxr-xr-xconfig/miniupnpd/sbin/miniupnpdbin56202 -> 56203 bytes
-rw-r--r--config/miniupnpd/status_upnp.php2
-rw-r--r--config/netio-newpkg.xml2
-rw-r--r--config/netio.xml2
-rw-r--r--config/nmap/nmap.inc4
-rw-r--r--config/nmap/nmap.xml6
-rw-r--r--config/notes/notes.xml2
-rw-r--r--config/nrpe2/nrpe2.xml2
-rw-r--r--config/ntop/ntop.xml2
-rw-r--r--config/nut/nut.inc6
-rw-r--r--config/nut/nut.xml10
-rw-r--r--config/nut/status_nut.php2
-rw-r--r--config/olsrd.xml2
-rw-r--r--config/onatproto/onatproto.xml4
-rw-r--r--config/open-vm-tools/open-vm-tools.xml2
-rw-r--r--config/open-vm-tools_2/open-vm-tools.xml2
-rw-r--r--config/openbgpd/openbgpd.xml10
-rw-r--r--config/openbgpd/openbgpd_raw.php2
-rw-r--r--config/openbgpd/openbgpd_status.php2
-rw-r--r--config/openospfd/openospfd.xml6
-rw-r--r--config/openospfd/openospfd_interfaces.xml2
-rw-r--r--config/openospfd/status_ospfd.php4
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc30
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.xml12
-rw-r--r--config/openvpn-status/openvpn-status.xml2
-rw-r--r--config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml6
-rw-r--r--config/ovpnenhance/ovpnenhance.xml10
-rw-r--r--config/packetcapturefix/packetcapturefix.xml4
-rw-r--r--config/pf-blocker/pfBlocker.widget.php2
-rwxr-xr-xconfig/pf-blocker/pfblocker.xml28
-rw-r--r--config/pfflowd.xml6
-rw-r--r--config/pfstat.xml2
-rw-r--r--config/phpservice/phpservice.xml8
-rw-r--r--config/phpservice/phpservice_php.tmp2
-rw-r--r--config/phpsysinfo/phpsysinfo.xml4
-rw-r--r--config/postfix/postfix.php2
-rwxr-xr-xconfig/postfix/postfix.widget.php2
-rw-r--r--config/postfix/postfix.xml32
-rwxr-xr-xconfig/postfix/postfix_about.php10
-rwxr-xr-xconfig/postfix/postfix_queue.php6
-rwxr-xr-xconfig/postfix/postfix_search.php6
-rw-r--r--config/postfix/postfix_view_config.php4
-rw-r--r--config/pre2upgrade/pre2upgrade.php2
-rw-r--r--config/pre2upgrade/pre2upgrade.xml2
-rw-r--r--config/pure-ftpd.xml2
-rw-r--r--config/quagga_ospfd/quagga_ospfd.xml8
-rw-r--r--config/quagga_ospfd/quagga_ospfd_interfaces.xml2
-rw-r--r--config/rate/rate.xml6
-rw-r--r--config/routed/routed.xml4
-rw-r--r--config/rrd-summary/rrd-summary.xml2
-rw-r--r--config/sarg/sarg.xml24
-rwxr-xr-xconfig/sarg/sarg_about.php10
-rwxr-xr-xconfig/sarg/sarg_frame.php2
-rwxr-xr-xconfig/sarg/sarg_realtime.php6
-rwxr-xr-xconfig/sarg/sarg_reports.php6
-rw-r--r--config/sarg/sarg_schedule.xml4
-rw-r--r--config/servicewatchdog/services_servicewatchdog.php44
-rw-r--r--config/servicewatchdog/servicewatchdog.inc6
-rw-r--r--config/servicewatchdog/servicewatchdog.xml10
-rw-r--r--config/shellcmd/shellcmd.xml8
-rw-r--r--config/siproxd.inc2
-rw-r--r--config/siproxd.xml10
-rw-r--r--config/snort-old/bin/barnyard2bin641791 -> 0 bytes
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/README.contrib84
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/addmsg.pl299
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/addsid.pl382
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl280
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/makesidex.pl261
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/oinkgui.pl1046
-rw-r--r--config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl2754
-rwxr-xr-xconfig/snort-old/bin/snort2cbin13508 -> 0 bytes
-rw-r--r--config/snort-old/pfsense_rules/local.rules7
-rw-r--r--config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md51
-rw-r--r--config/snort-old/pfsense_rules/rules/pfsense-voip.rules10
-rwxr-xr-xconfig/snort-old/snort.inc1640
-rw-r--r--config/snort-old/snort.xml378
-rw-r--r--config/snort-old/snort_advanced.xml196
-rw-r--r--config/snort-old/snort_alerts.php124
-rw-r--r--config/snort-old/snort_blocked.php174
-rw-r--r--config/snort-old/snort_check_for_rule_updates.php634
-rw-r--r--config/snort-old/snort_define_servers.xml364
-rw-r--r--config/snort-old/snort_download_rules.php790
-rw-r--r--config/snort-old/snort_dynamic_ip_reload.php49
-rw-r--r--config/snort-old/snort_rules.php626
-rw-r--r--config/snort-old/snort_rules_edit.php207
-rw-r--r--config/snort-old/snort_rulesets.php230
-rw-r--r--config/snort-old/snort_threshold.xml129
-rw-r--r--config/snort-old/snort_whitelist.xml129
-rw-r--r--config/snort-old/snort_xmlrpc_sync.php114
-rwxr-xr-xconfig/snort/snort.inc659
-rw-r--r--config/snort/snort.priv.inc12
-rwxr-xr-xconfig/snort/snort.xml115
-rw-r--r--config/snort/snort_alerts.js115
-rwxr-xr-xconfig/snort/snort_alerts.php293
-rw-r--r--config/snort/snort_alerts.widget.php246
-rw-r--r--config/snort/snort_barnyard.php575
-rw-r--r--config/snort/snort_blocked.php66
-rw-r--r--config/snort/snort_check_cron_misc.inc135
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php162
-rwxr-xr-xconfig/snort/snort_define_servers.php55
-rwxr-xr-xconfig/snort/snort_download_rules.php2
-rwxr-xr-xconfig/snort/snort_download_updates.php314
-rw-r--r--config/snort/snort_edit_hat_data.php34
-rw-r--r--config/snort/snort_frag3_engine.php23
-rw-r--r--config/snort/snort_ftp_client_engine.php23
-rw-r--r--config/snort/snort_ftp_server_engine.php23
-rw-r--r--config/snort/snort_httpinspect_engine.php23
-rw-r--r--config/snort/snort_import_aliases.php20
-rwxr-xr-xconfig/snort/snort_interfaces.php149
-rwxr-xr-xconfig/snort/snort_interfaces_edit.php190
-rw-r--r--config/snort/snort_interfaces_global.php55
-rw-r--r--config/snort/snort_interfaces_suppress.php46
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php36
-rw-r--r--config/snort/snort_interfaces_whitelist.php177
-rw-r--r--config/snort/snort_ip_list_mgmt.php275
-rw-r--r--config/snort/snort_ip_reputation.php506
-rw-r--r--config/snort/snort_iprep_list_browser.php99
-rw-r--r--config/snort/snort_list_view.php28
-rw-r--r--config/snort/snort_log_view.php93
-rw-r--r--config/snort/snort_migrate_config.php39
-rw-r--r--config/snort/snort_passlist.php205
-rw-r--r--config/snort/snort_passlist_edit.php (renamed from config/snort/snort_interfaces_whitelist_edit.php)119
-rw-r--r--config/snort/snort_post_install.php125
-rwxr-xr-xconfig/snort/snort_preprocessors.php380
-rwxr-xr-xconfig/snort/snort_rules.php345
-rwxr-xr-xconfig/snort/snort_rules_edit.php57
-rw-r--r--config/snort/snort_rules_flowbits.php120
-rwxr-xr-xconfig/snort/snort_rulesets.php121
-rw-r--r--config/snort/snort_select_alias.php31
-rw-r--r--config/snort/snort_stream5_engine.php24
-rwxr-xr-xconfig/snort/snort_sync.xml14
-rw-r--r--config/snort/widget-snort.inc24
-rw-r--r--config/softflowd/softflowd.xml6
-rw-r--r--config/spamd/spamd.xml16
-rw-r--r--config/spamd/spamd_db.php19
-rw-r--r--config/squid-head/squid.xml16
-rw-r--r--config/squid/squid.xml22
-rw-r--r--config/squid/squid_ng.inc2
-rw-r--r--config/squid/squid_ng.xml16
-rw-r--r--config/squid3/31/squid.xml44
-rw-r--r--config/squid3/31/squid_ng.inc2
-rw-r--r--config/squid3/31/squid_ng.xml16
-rw-r--r--config/squid3/31/squid_reverse.inc11
-rw-r--r--config/squid3/33/check_ip.php7
-rwxr-xr-xconfig/squid3/33/squid.inc134
-rw-r--r--config/squid3/33/squid.xml70
-rwxr-xr-xconfig/squid3/33/squid_cache.xml15
-rwxr-xr-xconfig/squid3/33/squid_ng.inc2
-rwxr-xr-xconfig/squid3/33/squid_ng.xml16
-rwxr-xr-xconfig/squid3/33/squid_reverse.inc9
-rw-r--r--config/squid3/33/swapstate_check.php8
-rw-r--r--config/squid3/old/squid.xml20
-rw-r--r--config/squid3/old/squid_ng.inc2
-rw-r--r--config/squid3/old/squid_ng.xml16
-rw-r--r--config/squidGuard-devel/squidguard.xml22
-rw-r--r--config/squidGuard/squidguard.xml22
-rw-r--r--config/sshdcond/sshdcond.xml4
-rw-r--r--config/sshterm/sshterm.xml4
-rw-r--r--config/states-summary/states-summary.xml2
-rw-r--r--config/strikeback/strikeback.xml22
-rw-r--r--config/stunnel.xml4
-rw-r--r--config/sudo/sudo.inc2
-rw-r--r--config/sudo/sudo.xml6
-rw-r--r--config/suricata/suricata.inc381
-rw-r--r--config/suricata/suricata.priv.inc11
-rw-r--r--config/suricata/suricata.xml155
-rw-r--r--config/suricata/suricata_alerts.js85
-rw-r--r--config/suricata/suricata_alerts.php316
-rw-r--r--config/suricata/suricata_alerts.widget.php229
-rw-r--r--config/suricata/suricata_app_parsers.php392
-rw-r--r--config/suricata/suricata_barnyard.php214
-rw-r--r--config/suricata/suricata_blocked.php323
-rw-r--r--config/suricata/suricata_check_cron_misc.inc231
-rw-r--r--config/suricata/suricata_check_for_rule_updates.php180
-rw-r--r--config/suricata/suricata_define_vars.php29
-rw-r--r--config/suricata/suricata_download_rules.php20
-rw-r--r--config/suricata/suricata_download_updates.php188
-rw-r--r--config/suricata/suricata_flow_stream.php353
-rw-r--r--config/suricata/suricata_generate_yaml.php101
-rw-r--r--config/suricata/suricata_global.php155
-rw-r--r--config/suricata/suricata_import_aliases.php199
-rw-r--r--config/suricata/suricata_interfaces.php176
-rw-r--r--config/suricata/suricata_interfaces_edit.php271
-rw-r--r--config/suricata/suricata_libhtp_policy_engine.php226
-rw-r--r--config/suricata/suricata_list_view.php75
-rw-r--r--config/suricata/suricata_logs_browser.php74
-rw-r--r--config/suricata/suricata_logs_mgmt.php489
-rw-r--r--config/suricata/suricata_os_policy_engine.php194
-rw-r--r--config/suricata/suricata_passlist.php206
-rw-r--r--config/suricata/suricata_passlist_edit.php329
-rw-r--r--config/suricata/suricata_post_install.php41
-rw-r--r--config/suricata/suricata_rules.php321
-rw-r--r--config/suricata/suricata_rules_edit.php71
-rw-r--r--config/suricata/suricata_rules_flowbits.php121
-rw-r--r--config/suricata/suricata_rulesets.php121
-rw-r--r--config/suricata/suricata_select_alias.php37
-rw-r--r--config/suricata/suricata_suppress.php209
-rw-r--r--config/suricata/suricata_suppress_edit.php77
-rw-r--r--config/suricata/suricata_uninstall.php93
-rw-r--r--config/suricata/suricata_yaml_template.inc17
-rw-r--r--config/suricata/widget-suricata.inc8
-rw-r--r--config/syslog-ng/syslog-ng.xml6
-rw-r--r--config/systempatches/system_patches.php2
-rw-r--r--config/systempatches/system_patches_edit.php6
-rw-r--r--config/systempatches/systempatches.xml10
-rw-r--r--config/test_package/test_package.xml18
-rw-r--r--config/tftp/tftp.xml4
-rw-r--r--config/tftp2/tftp.xml4
-rw-r--r--config/tinc/tinc.xml10
-rw-r--r--config/tinydns/tinydns.xml24
-rw-r--r--config/tinydns/tinydns_dhcp_filter.php4
-rw-r--r--config/tinydns/tinydns_status.php6
-rw-r--r--config/tinydns/tinydns_view_logs.php6
-rw-r--r--config/unbound/unbound.xml10
-rw-r--r--config/unbound/unbound_acls.php2
-rw-r--r--config/unbound/unbound_status.php2
-rw-r--r--config/urltables/urltables.xml4
-rw-r--r--config/varnish3/varnish.inc6
-rwxr-xr-xconfig/varnish3/varnish.widget.php2
-rw-r--r--config/varnish3/varnish_backends.xml20
-rw-r--r--config/varnish3/varnish_lb_directors.xml8
-rw-r--r--config/varnish3/varnish_settings.xml2
-rw-r--r--config/varnish3/varnish_view_config.php6
-rw-r--r--config/varnish3/varnishstat.php6
-rw-r--r--config/varnish64/varnish.inc6
-rwxr-xr-xconfig/varnish64/varnish.widget.php2
-rw-r--r--config/varnish64/varnish_backends.xml18
-rw-r--r--config/varnish64/varnish_lb_directors.xml8
-rw-r--r--config/varnish64/varnish_settings.xml2
-rw-r--r--config/varnish64/varnish_view_config.php6
-rw-r--r--config/varnish64/varnishstat.php6
-rw-r--r--config/vhosts/vhosts.inc14
-rw-r--r--config/vhosts/vhosts.xml8
-rw-r--r--config/vhosts/vhosts_php.tmp2
-rw-r--r--config/vnstat/vnstat.xml4
-rw-r--r--config/vnstat2/vnstat2.xml62
-rw-r--r--config/vnstat2/vnstat_php_frontend/lang/cs.php2
-rw-r--r--config/vnstat2/vnstat_php_frontend/lang/en.php2
-rw-r--r--config/vnstat2/www/diag_vnstat.php4
-rw-r--r--config/vnstat2/www/diag_vnstat2.php4
-rw-r--r--config/widescreen/bin/fbegin.inc_14
-rw-r--r--config/widescreen/widescreen.xml22
-rw-r--r--config/widget-antivirus/antivirus_status.widget.php2
-rw-r--r--config/widget-antivirus/widget-antivirus.xml6
-rw-r--r--config/widget-havp/widget-havp.xml12
-rw-r--r--config/widget-snort/widget-snort.xml6
-rw-r--r--config/xsl/package.xsl11
-rw-r--r--config/zabbix2/zabbix2-agent.xml6
-rw-r--r--config/zabbix2/zabbix2-proxy.xml15
-rw-r--r--config/zabbix2/zabbix2.inc4
-rw-r--r--config/zebedee/zebedee.xml20
-rw-r--r--config/zebedee/zebedee_del_key.php6
-rw-r--r--config/zebedee/zebedee_keys.php6
-rw-r--r--config/zebedee/zebedee_log.php6
-rw-r--r--config/zebedee/zebedee_view_config.php6
418 files changed, 10649 insertions, 16769 deletions
diff --git a/config/Fit123/fit123.inc b/config/Fit123/fit123.inc
index f8e5bab3..b1338df2 100644
--- a/config/Fit123/fit123.inc
+++ b/config/Fit123/fit123.inc
@@ -33,24 +33,24 @@ function Fit123_install_config() {
//Greate directories and downloading files to them
//Date
exec("mkdir /usr/local/pkg/Fit123/date");
- exec("fetch -o /usr/local/pkg/Fit123/date/index.php http://www.pfsense.com/packages/config/Fit123/bin/date/index.abc");
+ exec("fetch -o /usr/local/pkg/Fit123/date/index.php https://packages.pfsense.org/packages/config/Fit123/bin/date/index.abc");
//Captive Portal Add-On
exec("mkdir /usr/local/pkg/Fit123/cpaddon");
- exec("fetch -o /usr/local/pkg/Fit123/cpaddon/filter.inc http://www.pfsense.com/packages/config/Fit123/bin/cpaddon/filter.inc");
- exec("fetch -o /usr/local/pkg/Fit123/cpaddon/services_captiveportal.php http://www.pfsense.com/packages/config/Fit123/bin/cpaddon/services_captiveportal.abc");
+ exec("fetch -o /usr/local/pkg/Fit123/cpaddon/filter.inc https://packages.pfsense.org/packages/config/Fit123/bin/cpaddon/filter.inc");
+ exec("fetch -o /usr/local/pkg/Fit123/cpaddon/services_captiveportal.php https://packages.pfsense.org/packages/config/Fit123/bin/cpaddon/services_captiveportal.abc");
//LTSP 3th network boot Option
exec("mkdir /usr/local/pkg/Fit123/LTSP");
- exec("fetch -o /usr/local/pkg/Fit123/LTSP/ http://www.pfsense.com/packages/config/Fit123/bin/ltsp/services.inc");
- exec("fetch -o /usr/local/pkg/Fit123/LTSP/services_dhcp.php http://www.pfsense.com/packages/config/Fit123/bin/ltsp/services_dhcp.abc");
+ exec("fetch -o /usr/local/pkg/Fit123/LTSP/ https://packages.pfsense.org/packages/config/Fit123/bin/ltsp/services.inc");
+ exec("fetch -o /usr/local/pkg/Fit123/LTSP/services_dhcp.php https://packages.pfsense.org/packages/config/Fit123/bin/ltsp/services_dhcp.abc");
//AFC Reset's states after filter change
exec("mkdir /usr/local/pkg/Fit123/afc");
- exec("fetch -o /usr/local/pkg/Fit123/afc/reset_states.sh http://www.pfsense.com/packages/config/Fit123/bin/afc/reset_states.sh");
+ exec("fetch -o /usr/local/pkg/Fit123/afc/reset_states.sh https://packages.pfsense.org/packages/config/Fit123/bin/afc/reset_states.sh");
exec("chmod 744 /usr/local/pkg/Fit123/afc/reset_states.sh");
//DDNS
exec("mkdir /usr/local/pkg/Fit123/ddns");
//DNS Server adds option for a 3th and 4th DNS Server
exec("mkdir /usr/local/pkg/Fit123/dnssrv");
- exec("fetch -o /usr/local/pkg/Fit123/dnssrv/system.php http://www.pfsense.com/packages/config/Fit123/bin/dnssrv/system.abc");
+ exec("fetch -o /usr/local/pkg/Fit123/dnssrv/system.php https://packages.pfsense.org/packages/config/Fit123/bin/dnssrv/system.abc");
conf_mount_ro();
config_unlock();
}
diff --git a/config/Fit123/fit123.xml b/config/Fit123/fit123.xml
index fc7f85c3..0ff202f9 100644
--- a/config/Fit123/fit123.xml
+++ b/config/Fit123/fit123.xml
@@ -34,17 +34,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/Fit123/fit123.inc</item>
+ <item>https://packages.pfsense.org/packages/config/Fit123/fit123.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/Fit123/ddns.xml</item>
+ <item>https://packages.pfsense.org/packages/config/Fit123/ddns.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/Fit123/cass.xml</item>
+ <item>https://packages.pfsense.org/packages/config/Fit123/cass.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/anyterm/anyterm.inc b/config/anyterm/anyterm.inc
index 12cf7c2c..5ec4e5f1 100644
--- a/config/anyterm/anyterm.inc
+++ b/config/anyterm/anyterm.inc
@@ -42,7 +42,7 @@ function anyterm_install() {
// Grab latest version of executablevi /
$freebsdv=trim(`uname -r | cut -d'.' -f1`);
- `fetch -q -o /usr/local/sbin/ http://www.pfsense.org/packages/config/anyterm/binaries{$freebsdv}/anytermd`;
+ `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/anyterm/binaries{$freebsdv}/anytermd`;
exec("chmod a+rx /usr/local/sbin/anytermd");
if($config['installedpackages']['anyterm']['config'][0]['username'])
diff --git a/config/anyterm/anyterm.xml b/config/anyterm/anyterm.xml
index e155696c..f3b78012 100644
--- a/config/anyterm/anyterm.xml
+++ b/config/anyterm/anyterm.xml
@@ -59,12 +59,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/anyterm/anyterm.inc</item>
+ <item>https://packages.pfsense.org/packages/config/anyterm/anyterm.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/anyterm/access_anyterm.php</item>
+ <item>https://packages.pfsense.org/packages/config/anyterm/access_anyterm.php</item>
</additional_files_needed>
<tabs>
<tab>
diff --git a/config/apache_mod_security-dev/apache_mod_security_view_logs.php b/config/apache_mod_security-dev/apache_mod_security_view_logs.php
index 669c71f4..68d41f59 100755
--- a/config/apache_mod_security-dev/apache_mod_security_view_logs.php
+++ b/config/apache_mod_security-dev/apache_mod_security_view_logs.php
@@ -38,8 +38,8 @@ require_once("/etc/inc/pkg-utils.inc");
require_once("/etc/inc/globals.inc");
require_once("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Apache Proxy: Logs";
diff --git a/config/apache_mod_security-dev/apache_view_logs.php b/config/apache_mod_security-dev/apache_view_logs.php
index 10bb1db6..3338d5f3 100644
--- a/config/apache_mod_security-dev/apache_view_logs.php
+++ b/config/apache_mod_security-dev/apache_view_logs.php
@@ -38,8 +38,8 @@ require_once("/etc/inc/functions.inc");
require_once("/etc/inc/pkg-utils.inc");
require_once("/etc/inc/globals.inc");
require_once("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Status: Apache VirtualHost Logs";
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index 7851e683..488eb822 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -52,77 +52,77 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security.inc</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security.template</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security.template</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_groups.xml</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_groups.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_view_logs.php</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_view_logs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache.template</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache.template</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_balancer.template</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_balancer.template</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_balancer.xml</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_balancer.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_logs_data.php</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_logs_data.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_manipulation.xml</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_manipulation.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_mod_security_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_mod_security_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security-dev/apache_view_logs.php</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_view_logs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/apache_mod_security-dev/pkg_apache.inc</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/pkg_apache.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/apache_mod_security-dev/apache_location.xml</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_location.xml</item>
</additional_files_needed>
<tabs>
<tab>
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc
index af8159bf..8475ca50 100644
--- a/config/apache_mod_security/apache_mod_security.inc
+++ b/config/apache_mod_security/apache_mod_security.inc
@@ -105,19 +105,19 @@ function apache_mod_security_resync() {
global $config, $g;
apache_mod_security_install();
if(!file_exists(rules_directory . "/10_asl_rules.conf"))
- exec("/usr/bin/fetch -q -o " . rules_directory . "/10_asl_rules.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/10_asl_rules.conf");
+ exec("/usr/bin/fetch -q -o " . rules_directory . "/10_asl_rules.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/10_asl_rules.conf");
if(!file_exists(rules_directory . "/a_exclude.conf"))
- exec("/usr/bin/fetch -q -o " . rules_directory . "/a_exclude.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/a_exclude.conf");
+ exec("/usr/bin/fetch -q -o " . rules_directory . "/a_exclude.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/a_exclude.conf");
if(!file_exists(rules_directory . "/blacklist.conf"))
- exec("/usr/bin/fetch -q -o " . rules_directory . "/blacklist.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/blacklist.conf");
+ exec("/usr/bin/fetch -q -o " . rules_directory . "/blacklist.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/blacklist.conf");
if(!file_exists(rules_directory . "/default.conf"))
- exec("/usr/bin/fetch -q -o " . rules_directory . "/rules/default.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/default.conf");
+ exec("/usr/bin/fetch -q -o " . rules_directory . "/rules/default.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/default.conf");
if(!file_exists(rules_directory . "/recons.conf"))
- exec("/usr/bin/fetch -q -o " . rules_directory . "/recons.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/recons.conf");
+ exec("/usr/bin/fetch -q -o " . rules_directory . "/recons.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/recons.conf");
if(!file_exists(rules_directory . "/rootkits.conf"))
- exec("/usr/bin/fetch -q -o " . rules_directory . "/rootkits.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/rootkits.conf");
+ exec("/usr/bin/fetch -q -o " . rules_directory . "/rootkits.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/rootkits.conf");
if(!file_exists(rules_directory . "/useragents.conf"))
- exec("/usr/bin/fetch -q -o " . rules_directory . "/useragents.conf http://www.pfsense.com/packages/config/apache_mod_security/rules/useragents.conf");
+ exec("/usr/bin/fetch -q -o " . rules_directory . "/useragents.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/useragents.conf");
apache_mod_security_checkconfig();
apache_mod_security_restart();
}
diff --git a/config/apache_mod_security/apache_mod_security.xml b/config/apache_mod_security/apache_mod_security.xml
index c42ebddf..0b973689 100644
--- a/config/apache_mod_security/apache_mod_security.xml
+++ b/config/apache_mod_security/apache_mod_security.xml
@@ -50,17 +50,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security.inc</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/apache_mod_security/apache_mod_security_view_logs.php</item>
+ <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security_view_logs.php</item>
</additional_files_needed>
<tabs>
<tab>
diff --git a/config/apache_mod_security/apache_mod_security_view_logs.php b/config/apache_mod_security/apache_mod_security_view_logs.php
index 921b44db..b2e60320 100644
--- a/config/apache_mod_security/apache_mod_security_view_logs.php
+++ b/config/apache_mod_security/apache_mod_security_view_logs.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
apache_mod_security_view_logs.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009, 2010 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
@@ -40,8 +40,8 @@ if($_REQUEST['getactivity']) {
exit;
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: Mod_Security+Apache+Proxy: Logs";
diff --git a/config/apcupsd/apcupsd.conf.php b/config/apcupsd/apcupsd.conf.php
index 7a0340cd..7b6096bc 100644
--- a/config/apcupsd/apcupsd.conf.php
+++ b/config/apcupsd/apcupsd.conf.php
@@ -122,7 +122,7 @@ POLLTIME {$polltime}
# LOCKFILE <path to lockfile>
# Path for device lock file. Not used on Win32.
-LOCKFILE /var/spool/lock
+LOCKFILE {$lockfile}
# SCRIPTDIR <path to script directory>
# Directory in which apccontrol and event scripts are located.
diff --git a/config/apcupsd/apcupsd.inc b/config/apcupsd/apcupsd.inc
index a2b8d2ff..3340738a 100644
--- a/config/apcupsd/apcupsd.inc
+++ b/config/apcupsd/apcupsd.inc
@@ -153,6 +153,7 @@ function sync_package_apcupsd(){
$nisport=($apcupsd_config['nisport'] != ''? $apcupsd_config['nisport'] : "3551");
$upsclass=$apcupsd_config['upsclass'];
$upsmode=$apcupsd_config['upsmode'];
+ $lockfile=($apcupsd_config['lockfile'] != ''? $apcupsd_config['lockfile'] : "/var/tmp");
include("/usr/local/pkg/apcupsd.conf.php");
file_put_contents(APCUPSD_BASE . "/etc/apcupsd/apcupsd.conf", $apcupsdconf, LOCK_EX);
@@ -163,6 +164,12 @@ function sync_package_apcupsd(){
$apcupsd_rcfile="/usr/local/etc/rc.d/apcupsd.sh";
if (is_array($apcupsd_config) && $apcupsd_config['apcupsdenabled']=="on"){
$apcupsd_start = "echo \"Starting APC UPS Daemon...\"\n";
+ $apcupsd_start .= " if [ ! -d {$lockfile} ]; then \n";
+ $apcupsd_start .= " /bin/mkdir -p {$lockfile} \n";
+ $apcupsd_start .= " fi \n";
+ $apcupsd_start .= " if [ -f {$lockfile}/LCK.. ]; then \n";
+ $apcupsd_start .= " /bin/rm -f {$lockfile}/LCK.. \n";
+ $apcupsd_start .= " fi \n";
if ($apcupsd_config['killonpowerfail']=="on"){
$apcupsd_start .= " " . APCUPSD_BASE . "/sbin/apcupsd --kill-on-powerfail";
}else{
diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml
index 85148b2b..3ed95a7a 100644
--- a/config/apcupsd/apcupsd.xml
+++ b/config/apcupsd/apcupsd.xml
@@ -40,28 +40,28 @@
<name>Apcupsd</name>
<title>Services: Apcupsd (General)</title>
<category>Monitoring</category>
- <version>0.2</version>
+ <version>0.3</version>
<include_file>/usr/local/pkg/apcupsd.inc</include_file>
<addedit_string>Apcupsd has been created/modified.</addedit_string>
<delete_string>Apcupsd has been deleted.</delete_string>
<restart_command>/usr/local/etc/rc.d/apcupsd.sh restart</restart_command>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd_status.php</item>
+ <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd_status.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd.conf.php</item>
+ <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.conf.php</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/apcupsd/apcupsd_mail.php</item>
+ <item>https://packages.pfsense.org/packages/config/apcupsd/apcupsd_mail.php</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
@@ -198,6 +198,13 @@ UPSTYPE DEVICE Description <br>
<type>checkbox</type>
</field>
<field>
+ <fielddescr>Lock File</fielddescr>
+ <fieldname>lockfile</fieldname>
+ <description>Path for device lock file. Default is /var/tmp</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
<name>Configuration parameters used during power failures</name>
<type>listtopic</type>
</field>
diff --git a/config/apcupsd/apcupsd_mail.php b/config/apcupsd/apcupsd_mail.php
index c9462aac..d5b97f92 100755
--- a/config/apcupsd/apcupsd_mail.php
+++ b/config/apcupsd/apcupsd_mail.php
@@ -1,7 +1,7 @@
<?php
/*
apcupsd_mail.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2014 Danilo G. Baio <dbaio@bsd.com.br>
All rights reserved.
diff --git a/config/apcupsd/apcupsd_status.php b/config/apcupsd/apcupsd_status.php
index e465f62c..693ec290 100755
--- a/config/apcupsd/apcupsd_status.php
+++ b/config/apcupsd/apcupsd_status.php
@@ -1,7 +1,7 @@
<?php
/*
apcupsd_status.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 Danilo G. Baio <dbaio@bsd.com.br>
All rights reserved.
@@ -29,9 +29,8 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: Apcupsd (Status)";
diff --git a/config/archive/assp.xml b/config/archive/assp.xml
index 94f35b2e..626b2438 100644
--- a/config/archive/assp.xml
+++ b/config/archive/assp.xml
@@ -61,7 +61,7 @@
<executable>perl</executable>
</service>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/All/assp-1.0.tgz</item>
+ <item>https://www.pfsense.org/packages/All/assp-1.0.tgz</item>
</additional_files_needed>
<custom_php_install_command>
$start = "/usr/bin/perl /usr/local/assp/assp.pl &amp;\necho $! > /var/run/assp.pid";
diff --git a/config/archive/clamsmtp.xml b/config/archive/clamsmtp.xml
index 16bb5d6d..4f2bf443 100644
--- a/config/archive/clamsmtp.xml
+++ b/config/archive/clamsmtp.xml
@@ -56,12 +56,12 @@
<description>SMTP virus scanner.</description>
</service>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/clamsmtp.inc</item>
+ <item>https://packages.pfsense.org/packages/config/clamsmtp.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/All/clamsmtpd</item>
+ <item>https://www.pfsense.org/packages/All/clamsmtpd</item>
</additional_files_needed>
<custom_php_install_command>
clamsmtp_install_command();
diff --git a/config/archive/doorman.xml b/config/archive/doorman.xml
index 64f35087..c2a5f18e 100644
--- a/config/archive/doorman.xml
+++ b/config/archive/doorman.xml
@@ -74,7 +74,7 @@
</tabs>
<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/doormanusers.xml</item>
+ <item>https://packages.pfsense.org/packages/config/doormanusers.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/archive/dspam/conf.default/config.xml b/config/archive/dspam/conf.default/config.xml
index 4b33662e..9aabd08e 100644
--- a/config/archive/dspam/conf.default/config.xml
+++ b/config/archive/dspam/conf.default/config.xml
@@ -849,9 +849,9 @@
<version>0.1</version>
<status>ALPHA</status>
<maintainer>fernando@netfilter.com.br</maintainer>
- <depends_on_package_base_url>http://www.pfsense.com/packages/All/</depends_on_package_base_url>
+ <depends_on_package_base_url>https://www.pfsense.org/packages/All/</depends_on_package_base_url>
<depends_on_package>p3scan-pf-2.3.2.tbz</depends_on_package>
- <config_file>http://www.pfsense.org/packages/config/p3scan-pf/p3scan-pf.xml</config_file>
+ <config_file>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf.xml</config_file>
<configurationfile>p3scan-pf.xml</configurationfile>
</package>
<package>
@@ -898,9 +898,9 @@
<version>0.1</version>
<status>ALPHA</status>
<maintainer>me@daniel.stefan.haischt.name</maintainer>
- <depends_on_package_base_url>http://www.pfsense.com/packages/All/</depends_on_package_base_url>
+ <depends_on_package_base_url>https://www.pfsense.org/packages/All/</depends_on_package_base_url>
<depends_on_package>sshtools-0.2.2.tbz</depends_on_package>
- <config_file>http://www.pfsense.org/packages/config/sshterm/sshterm.xml</config_file>
+ <config_file>https://packages.pfsense.org/packages/config/sshterm/sshterm.xml</config_file>
<configurationfile>sshterm.xml</configurationfile>
</package>
<menu>
diff --git a/config/archive/dspam/pkg/dspam-config.inc b/config/archive/dspam/pkg/dspam-config.inc
index 211bee51..bffae808 100644
--- a/config/archive/dspam/pkg/dspam-config.inc
+++ b/config/archive/dspam/pkg/dspam-config.inc
@@ -27,14 +27,14 @@ $CONFIG = array('DSPAM_HOME' => '/var/db/dspam',
'AUTODETECT' => 1,
'OPENSOURCE' => 0,
/* Is there a website which provides dedicated infos? */
- 'PACKAGE_WEBSITE' => 'http://www.pfsense.com/',
+ 'PACKAGE_WEBSITE' => 'https://www.pfsense.org/',
/* Is there a forum which provides dedicated infos? */
- 'PACKAGE_FORUM' => 'http://www.pfsense.com/',
+ 'PACKAGE_FORUM' => 'https://www.pfsense.org/',
/*
* Is there a issue tracker which allows to fill a
* support request or a bug report?
*/
- 'PACKAGE_TRACKER' => 'http://www.pfsense.com/',
+ 'PACKAGE_TRACKER' => 'https://www.pfsense.org/',
/* 'DATE_FORMAT' => '%d.%m.%Y %H:%M' */
'DATE_FORMAT' => '%b %d %H:%M'
);
diff --git a/config/archive/dspam/pkg/dspam.xml b/config/archive/dspam/pkg/dspam.xml
index 59740ae1..54373ffa 100644
--- a/config/archive/dspam/pkg/dspam.xml
+++ b/config/archive/dspam/pkg/dspam.xml
@@ -104,32 +104,32 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-perf.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-perf.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-admin.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-admin.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-admin-graph.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-admin-graph.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-admin-prefs.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-admin-prefs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-admin-stats.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-admin-stats.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
@@ -199,32 +199,32 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-prefs.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-prefs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-quarantine.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-quarantine.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-analysis.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-analysis.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-analysis-graph.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-analysis-graph.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-hfragment.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-hfragment.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/dspam-history.php</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/dspam-history.php</item>
</additional_files_needed>
<!-- package files -->
<additional_files_needed>
@@ -235,93 +235,93 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam-config.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam-config.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam-guifunc.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam-guifunc.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam-pkgfunc.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam-pkgfunc.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/dspam-utilfunc.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/dspam-utilfunc.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/000.mysql.sh</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/000.mysql.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/010.clamav-clamd.sh</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/010.clamav-clamd.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/020.clamav-freshclam.sh</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/020.clamav-freshclam.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/030.p3scan.sh</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/030.p3scan.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/clamd.conf</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/clamd.conf</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/default.prefs.sample</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/default.prefs.sample</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/freshclam.conf</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/freshclam.conf</item>
</additional_files_needed>
<!-- misc files -->
<additional_files_needed>
<prefix>/usr/local/www/wizards/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/wizards/dspam_wizard.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/wizards/dspam_wizard.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/wizards/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/wizards/dspam-lda-proxy.png</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/wizards/dspam-lda-proxy.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/wizards/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/wizards/dspam-pop-proxy.png</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/wizards/dspam-pop-proxy.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/wizards/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/wizards/dspam-smtp-relay.png</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/wizards/dspam-smtp-relay.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/pkg/verdana.ttf</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/pkg/verdana.ttf</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/themes/metallic/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dspam/www/themes/metallic/dspam.css</item>
+ <item>https://packages.pfsense.org/packages/config/dspam/www/themes/metallic/dspam.css</item>
</additional_files_needed>
<!--
fields gets invoked when the user adds or edits a item. The following items
diff --git a/config/archive/dspam/pkg/p3scan-pf.xml b/config/archive/dspam/pkg/p3scan-pf.xml
index f78c3912..b26dc32c 100644
--- a/config/archive/dspam/pkg/p3scan-pf.xml
+++ b/config/archive/dspam/pkg/p3scan-pf.xml
@@ -97,32 +97,32 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf-msg.xml</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf-msg.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf-emer.xml</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf-emer.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf-vir.xml</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf-vir.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf-spam.xml</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf-spam.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan_rules.php</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan_rules.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan.inc</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan.inc</item>
</additional_files_needed>
<!--
fields gets invoked when the user adds or edits a item. The following items
diff --git a/config/archive/dspam/www/wizards/dspam_wizard.xml b/config/archive/dspam/www/wizards/dspam_wizard.xml
index 4ac96a4c..6590f149 100644
--- a/config/archive/dspam/www/wizards/dspam_wizard.xml
+++ b/config/archive/dspam/www/wizards/dspam_wizard.xml
@@ -15,7 +15,7 @@
<![CDATA[
/*
dspam_wizard.xml
- part of pfSense (http://www.pfsense.org/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2006 Daniel S. Haischt
All rights reserved.
diff --git a/config/archive/freenas/pkg/freenas.xml b/config/archive/freenas/pkg/freenas.xml
index edac8085..f5b875ef 100644
--- a/config/archive/freenas/pkg/freenas.xml
+++ b/config/archive/freenas/pkg/freenas.xml
@@ -126,430 +126,430 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage_init.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage_init.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage_iscsi.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage_iscsi.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_manage_tools.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_manage_tools.php</item>
</additional_files_needed>
<!-- PHP files (RAID management) -->
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror_infos.php</item>
</additional_files_needed>
<!--
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror_init.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror_init.php</item>
</additional_files_needed>
-->
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gmirror_tools.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gmirror_tools.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum_infos.php</item>
</additional_files_needed>
<!--
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum_init.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum_init.php</item>
</additional_files_needed>
-->
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gvinum_tools.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gvinum_tools.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gconcat.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gconcat.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gconcat_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gconcat_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gconcat_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gconcat_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gconcat_tools.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gconcat_tools.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gstripe.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gstripe.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gstripe_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gstripe_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gstripe_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gstripe_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_gstripe_tools.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_gstripe_tools.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_graid5.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_graid5.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_graid5_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_graid5_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_graid5_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_graid5_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_raid_graid5_tools.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_raid_graid5_tools.php</item>
</additional_files_needed>
<!-- PHP files (mount management) -->
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_mount.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_mount.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_mount_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_mount_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/disks_mount_tools.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/disks_mount_tools.php</item>
</additional_files_needed>
<!-- PHP files (diagnostics) -->
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_ad_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_ad_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_ataidle_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_ataidle_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_disk_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_disk_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_iscsi_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_iscsi_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_mounts_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_mounts_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_part_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_part_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_raid_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_raid_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_smart_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_smart_infos.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_space_infos.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_space_infos.php</item>
</additional_files_needed>
<!-- PHP files (logs) -->
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_daemon.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_daemon.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_ftp.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_ftp.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_rsyncd.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_rsyncd.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_samba.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_samba.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_settings.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_settings.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_smartd.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_smartd.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/diag_fn_logs_sshd.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/diag_fn_logs_sshd.php</item>
</additional_files_needed>
<!-- PHP files (services) -->
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_afp.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_afp.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_ftp.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_ftp.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_nfs.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_nfs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_nfs_export.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_nfs_export.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_nfs_export_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_nfs_export_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_rsyncd.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_rsyncd.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_rsyncd_client.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_rsyncd_client.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_rsyncd_local.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_rsyncd_local.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_samba.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_samba.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_samba_share.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_samba_share.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_samba_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_samba_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/services_unison.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/services_unison.php</item>
</additional_files_needed>
<!-- PHP files (misc) -->
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/www/status_disks.php</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/www/status_disks.php</item>
</additional_files_needed>
<!-- package files -->
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_disks.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_disks.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_config.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_config.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_functions.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_functions.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_guiconfig.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_guiconfig.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_services.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_services.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_utils.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_utils.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/pkg/freenas_system.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/pkg/freenas_system.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/pkg/rc.freenas</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/pkg/rc.freenas</item>
</additional_files_needed>
<!-- kernel binaries -->
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/iscsi_initiator.ko</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/iscsi_initiator.ko</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/ext2fs.ko</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/ext2fs.ko</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/geom_concat.ko</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_concat.ko</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/geom_gpt.ko</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_gpt.ko</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/geom_mirror.ko</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_mirror.ko</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/geom_stripe.ko</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_stripe.ko</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/geom_vinum.ko</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/geom_vinum.ko</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/kernel.gz</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/kernel.gz</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/ntfs.ko</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/ntfs.ko</item>
</additional_files_needed>
<!-- misc binaries -->
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/iscontrol</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/iscontrol</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/mountd</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/mountd</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/nfsd</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/nfsd</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/rpcbind</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/rpcbind</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/rpc.lockd</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/rpc.lockd</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freenas/bin/rpc.statd</item>
+ <item>https://packages.pfsense.org/packages/config/freenas/bin/rpc.statd</item>
</additional_files_needed>
<!--
fields gets invoked when the user adds or edits a item. The following items
diff --git a/config/archive/frickin/frickin.xml b/config/archive/frickin/frickin.xml
index 79f8ca5b..51e4c0b6 100644
--- a/config/archive/frickin/frickin.xml
+++ b/config/archive/frickin/frickin.xml
@@ -59,12 +59,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/frickin/frickin.inc</item>
+ <item>https://packages.pfsense.org/packages/config/frickin/frickin.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/frickin/bin/frickin2</item>
+ <item>https://packages.pfsense.org/packages/config/frickin/bin/frickin2</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/archive/p3scan-pf/p3scan-pf.xml b/config/archive/p3scan-pf/p3scan-pf.xml
index f309cb50..d4bea8ec 100644
--- a/config/archive/p3scan-pf/p3scan-pf.xml
+++ b/config/archive/p3scan-pf/p3scan-pf.xml
@@ -104,32 +104,32 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-msg.xml</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-msg.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-transex.xml</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-transex.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-emer.xml</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-emer.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-vir.xml</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-vir.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-spam.xml</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf-spam.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf.inc</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan-pf/p3scan-pf.inc</item>
</additional_files_needed>
<!--
fields gets invoked when the user adds or edits a item. The following items
diff --git a/config/archive/p3scan.xml b/config/archive/p3scan.xml
index 9bc438ff..86376536 100644
--- a/config/archive/p3scan.xml
+++ b/config/archive/p3scan.xml
@@ -56,16 +56,16 @@
<description>POP3 virus/spam scanner.</description>
</service>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/p3scan.inc</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/All/p3scan</item>
+ <item>https://www.pfsense.org/packages/All/p3scan</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/etc/</prefix>
- <item>http://www.pfsense.org/packages/config/p3scan.mail</item>
+ <item>https://packages.pfsense.org/packages/config/p3scan.mail</item>
</additional_files_needed>
<custom_php_install_command>
p3scan_install_command();
diff --git a/config/archive/portsentry/portsentry.xml b/config/archive/portsentry/portsentry.xml
index 3220c8ff..175417b5 100644
--- a/config/archive/portsentry/portsentry.xml
+++ b/config/archive/portsentry/portsentry.xml
@@ -58,7 +58,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/portsentry/portsentry.inc</item>
+ <item>https://packages.pfsense.org/packages/config/portsentry/portsentry.inc</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/archive/quagga/quagga.xml b/config/archive/quagga/quagga.xml
index 4f4b65dc..732bd1c1 100644
--- a/config/archive/quagga/quagga.xml
+++ b/config/archive/quagga/quagga.xml
@@ -57,7 +57,7 @@
<additional_files_needed>
<prefix>/usr/local/etc/rc.d/</prefix>
<chmod>0777</chmod>
- <item>http://www.pfsense.org/packages/config/quagga/quagga.sh</item>
+ <item>https://packages.pfsense.org/packages/config/quagga/quagga.sh</item>
</additional_files_needed>
<custom_php_install_command>
mwexec("/usr/local/etc/rc.d/quagga.sh start");
diff --git a/config/archive/sassassin.xml b/config/archive/sassassin.xml
index eb82fd55..61cc0653 100644
--- a/config/archive/sassassin.xml
+++ b/config/archive/sassassin.xml
@@ -77,13 +77,13 @@
</tab>
</tabs>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sassassin_wl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/sassassin_wl.xml</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sassassin_bl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/sassassin_bl.xml</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sassassin.inc</item>
+ <item>https://packages.pfsense.org/packages/config/sassassin.inc</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/archive/viralator.xml b/config/archive/viralator.xml
index 7573af94..3953b126 100644
--- a/config/archive/viralator.xml
+++ b/config/archive/viralator.xml
@@ -50,10 +50,10 @@
<title>none</title>
<include_file>viralator.inc</include_file>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/viralator.inc</item>
+ <item>https://packages.pfsense.org/packages/config/viralator.inc</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/All/viralator.tgz</item>
+ <item>https://www.pfsense.org/packages/All/viralator.tgz</item>
</additional_files_needed>
<custom_php_install_command>
viralator_install_command();
diff --git a/config/arping/arping.xml b/config/arping/arping.xml
index 01651e83..02531b76 100644
--- a/config/arping/arping.xml
+++ b/config/arping/arping.xml
@@ -68,7 +68,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/arping/arping.inc</item>
+ <item>https://packages.pfsense.org/packages/config/arping/arping.inc</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/arpwatch.xml b/config/arpwatch.xml
index 7f2e72ef..f77fce34 100644
--- a/config/arpwatch.xml
+++ b/config/arpwatch.xml
@@ -75,12 +75,12 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>a+rx</chmod>
- <item>http://www.pfsense.com/packages/config/arpwatch_reports.php</item>
+ <item>https://packages.pfsense.org/packages/config/arpwatch_reports.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/sbin/</prefix>
<chmod>a+rx</chmod>
- <item>http://www.pfsense.com/packages/config/sm.php</item>
+ <item>https://packages.pfsense.org/packages/config/sm.php</item>
</additional_files_needed>
<fields>
<field>
@@ -113,13 +113,13 @@
$debug = "";
if(($pf_version > 2.0) && (isset($_POST['enable_email']) || ($config['installedpackages']['arpwatch']['config'][0]['enable_email'] == "on"))) {
if (!empty($config['notifications']['smtp']['notifyemailaddress']))
- $mail = " -m {$config['notifications']['smtp']['notifyemailaddress']}";
+ $mail = " -m \"{$config['notifications']['smtp']['notifyemailaddress']}\"";
} else {
$debug = "-d";
}
$int = convert_friendly_interface_to_real_interface_name($int);
$start = "touch {$log_file}\n";
- $start .= "/usr/local/sbin/arpwatch {$debug} -f {$log_file} \"{$mail}\" -i {$int} > /var/log/arpwatch.reports 2>&amp;1 &amp;";
+ $start .= "/usr/local/sbin/arpwatch {$debug} -f {$log_file} {$mail} -i {$int} > /var/log/arpwatch.reports 2>&amp;1 &amp;";
$stop = "/usr/bin/killall arpwatch";
write_rcfile(array(
"file" => "arpwatch.sh",
diff --git a/config/asterisk/asterisk.xml b/config/asterisk/asterisk.xml
index 7f9f56bf..d5fb3161 100644
--- a/config/asterisk/asterisk.xml
+++ b/config/asterisk/asterisk.xml
@@ -47,32 +47,32 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/asterisk/asterisk.inc</item>
+ <item>https://packages.pfsense.org/packages/config/asterisk/asterisk.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/asterisk/asterisk_calls.php</item>
+ <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_calls.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/asterisk/asterisk_edit_file.php</item>
+ <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_edit_file.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/asterisk/asterisk_log.php</item>
+ <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_log.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/asterisk/asterisk_cmd.php</item>
+ <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_cmd.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/asterisk/pkg_asterisk.inc</item>
+ <item>https://packages.pfsense.org/packages/config/asterisk/pkg_asterisk.inc</item>
</additional_files_needed>
<menu>
<name>Asterisk</name>
diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc
index 9feace47..f67191ae 100644
--- a/config/autoconfigbackup/autoconfigbackup.inc
+++ b/config/autoconfigbackup/autoconfigbackup.inc
@@ -29,8 +29,8 @@
require_once("filter.inc");
require_once("notices.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
require_once("crypt_acb.php");
// Plugin moved to save only
@@ -40,7 +40,7 @@ if(file_exists("/usr/local/pkg/parse_config/parse_config_upload.php"))
unlink("/usr/local/pkg/parse_config/parse_config_upload.php");
/* ensures patches match */
-function custom_php_validation_command($post, $input_errors) {
+function custom_php_validation_command($post, &$input_errors) {
global $_POST, $savemsg, $config;
if($post['password'] <> $post['passwordagain'])
diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php
index c0c15b95..20f5f741 100644
--- a/config/autoconfigbackup/autoconfigbackup.php
+++ b/config/autoconfigbackup/autoconfigbackup.php
@@ -29,8 +29,8 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
require("crypt_acb.php");
// Seperator used during client / server communications
@@ -115,7 +115,7 @@ function get_hostnames() {
<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
<?php
include("fbegin.inc");
- if(strstr($pfSversion, "1.2"))
+ if ($pf_version < 2.0)
echo "<p class=\"pgtitle\">{$pgtitle}</p>";
if($savemsg) {
echo "<div id='savemsg'>";
@@ -194,7 +194,7 @@ function get_hostnames() {
"&revision=" . urlencode($_REQUEST['newver']));
$data = curl_exec($curl_session);
$data_split = split("\+\+\+\+", $data);
- $sha256 = $data_split[0]; // sha256
+ $sha256 = trim($data_split[0]); // sha256
$data = $data_split[1];
if (!tagfile_deformat($data, $data, "config.xml"))
$input_errors[] = "The downloaded file does not appear to contain an encrypted pfSense configuration.";
diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml
index 8694a371..1e5d44c1 100644
--- a/config/autoconfigbackup/autoconfigbackup.xml
+++ b/config/autoconfigbackup/autoconfigbackup.xml
@@ -37,7 +37,7 @@
<description>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires Gold or Support Subscription from https://portal.pfsense.org</description>
<requirements>pfSense Portal subscription</requirements>
<name>AutoConfigBackup</name>
- <version>1.21</version>
+ <version>1.24</version>
<title>Diagnostics: Auto Configuration Backup</title>
<savetext>Change</savetext>
<include_file>/usr/local/pkg/autoconfigbackup.inc</include_file>
@@ -51,37 +51,37 @@
<additional_files_needed>
<prefix>/usr/local/pkg/write_config/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/autoconfigbackup/parse_config_upload.inc</item>
+ <item>https://packages.pfsense.org/packages/config/autoconfigbackup/parse_config_upload.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup.php</item>
+ <item>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup.inc</item>
+ <item>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/etc/inc/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/autoconfigbackup/crypt_acb.php</item>
+ <item>https://packages.pfsense.org/packages/config/autoconfigbackup/crypt_acb.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup_backup.php</item>
+ <item>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup_backup.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/write_config/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/autoconfigbackup/parse_config_upload.php</item>
+ <item>https://packages.pfsense.org/packages/config/autoconfigbackup/parse_config_upload.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/autoconfigbackup/autoconfigbackup_stats.php</item>
+ <item>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup_stats.php</item>
</additional_files_needed>
<tabs>
<tab>
@@ -140,7 +140,7 @@
</field>
</fields>
<custom_php_validation_command>
- custom_php_validation_command($_POST, &amp;$input_errors);
+ custom_php_validation_command($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
<![CDATA[
diff --git a/config/autoconfigbackup/autoconfigbackup_backup.php b/config/autoconfigbackup/autoconfigbackup_backup.php
index 2676aabe..a65fba4d 100644
--- a/config/autoconfigbackup/autoconfigbackup_backup.php
+++ b/config/autoconfigbackup/autoconfigbackup_backup.php
@@ -31,8 +31,8 @@ require("globals.inc");
require("guiconfig.inc");
require("/usr/local/pkg/autoconfigbackup.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
require("crypt_acb.php");
if(!$config['installedpackages']['autoconfigbackup']['config'][0]['username']) {
@@ -63,7 +63,7 @@ include("head.inc");
<div id='maincontent'>
<?php
include("fbegin.inc");
- if(strstr($pfSversion, "1.2"))
+ if ($pf_version < 2.0)
echo "<p class=\"pgtitle\">{$pgtitle}</p>";
if($savemsg) {
print_info_box($savemsg);
diff --git a/config/autoconfigbackup/autoconfigbackup_stats.php b/config/autoconfigbackup/autoconfigbackup_stats.php
index b45d3993..b991e3d3 100644
--- a/config/autoconfigbackup/autoconfigbackup_stats.php
+++ b/config/autoconfigbackup/autoconfigbackup_stats.php
@@ -31,8 +31,8 @@ require("globals.inc");
require("guiconfig.inc");
require("/usr/local/pkg/autoconfigbackup.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
require("crypt_acb.php");
// Seperator used during client / server communications
@@ -97,7 +97,7 @@ include("head.inc");
<div id='maincontent'>
<?php
include("fbegin.inc");
- if(strstr($pfSversion, "1.2"))
+ if ($pf_version < 2.0)
echo "<p class=\"pgtitle\">{$pgtitle}</p>";
if($savemsg) {
print_info_box($savemsg);
diff --git a/config/autoconfigbackup/certs/gd-class2-root.crt b/config/autoconfigbackup/certs/gd-class2-root.crt
deleted file mode 100644
index 42e8d1ee..00000000
--- a/config/autoconfigbackup/certs/gd-class2-root.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
-MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
-YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
-MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
-ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
-MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
-ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
-PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
-wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
-EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
-avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
-YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
-sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
-/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
-IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
-OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
-TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
-HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
-dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
-ReYNnyicsbkqWletNw+vHX/bvZ8=
------END CERTIFICATE-----
diff --git a/config/autoconfigbackup/certs/gd_intermediate.crt b/config/autoconfigbackup/certs/gd_intermediate.crt
deleted file mode 100644
index 33d97396..00000000
--- a/config/autoconfigbackup/certs/gd_intermediate.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
-ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
-RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
-MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
-QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
-b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
-b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
-KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
-VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
-SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
-cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
-6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
-MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
-kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
-BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
-BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
-c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
-AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
-BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
-OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
-A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
-0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
-RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
-qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
-U+4=
------END CERTIFICATE----- \ No newline at end of file
diff --git a/config/avahi/avahi.xml b/config/avahi/avahi.xml
index ef4fd961..d1e58bdc 100644
--- a/config/avahi/avahi.xml
+++ b/config/avahi/avahi.xml
@@ -85,27 +85,27 @@
<additional_files_needed>
<prefix>/root/</prefix>
<chmod>0755</chmod>
- <item>http://files.pfsense.org/packages/avahi/avahi.tar.gz</item>
+ <item>https://files.pfsense.org/packages/avahi/avahi.tar.gz</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/root/</prefix>
<chmod>0755</chmod>
- <item>http://files.pfsense.org/packages/avahi/avahi8.tar.gz</item>
+ <item>https://files.pfsense.org/packages/avahi/avahi8.tar.gz</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/avahi/avahi.inc</item>
+ <item>https://packages.pfsense.org/packages/config/avahi/avahi.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/etc/avahi/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/avahi/services/ssh.service</item>
+ <item>https://packages.pfsense.org/packages/config/avahi/services/ssh.service</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/etc/avahi/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/avahi/services/sftp-ssh.service</item>
+ <item>https://packages.pfsense.org/packages/config/avahi/services/sftp-ssh.service</item>
</additional_files_needed>
<custom_php_resync_config_command>
avahi_sync();
diff --git a/config/backup/backup.xml b/config/backup/backup.xml
index 8f26e3de..1ed9c46e 100644
--- a/config/backup/backup.xml
+++ b/config/backup/backup.xml
@@ -67,22 +67,22 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/backup/backup.xml</item>
+ <item>https://packages.pfsense.org/packages/config/backup/backup.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/backup/backup.inc</item>
+ <item>https://packages.pfsense.org/packages/config/backup/backup.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/backup/backup.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/backup/backup.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/backup/backup_edit.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/backup/backup_edit.tmp</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/bacula-client/bacula-client.xml b/config/bacula-client/bacula-client.xml
index c79a5a0c..8deb459a 100644
--- a/config/bacula-client/bacula-client.xml
+++ b/config/bacula-client/bacula-client.xml
@@ -53,17 +53,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/bacula-client/bacula-client.inc</item>
+ <item>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/bacula-client/bacula-client_fd.xml</item>
+ <item>https://packages.pfsense.org/packages/config/bacula-client/bacula-client_fd.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/bacula-client/bacula-client_view_config.php</item>
+ <item>https://packages.pfsense.org/packages/config/bacula-client/bacula-client_view_config.php</item>
</additional_files_needed>
<menu>
<name>Bacula-client</name>
diff --git a/config/bacula-client/bacula-client_view_config.php b/config/bacula-client/bacula-client_view_config.php
index 021e1c15..305bcb83 100644
--- a/config/bacula-client/bacula-client_view_config.php
+++ b/config/bacula-client/bacula-client_view_config.php
@@ -1,7 +1,7 @@
<?php
/*
bacula-client_view_config.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2012 M�rcio Carlos Ant�o
All rights reserved.
@@ -30,11 +30,10 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
- $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
if ($pf_version > 2.0)
define('BACULA_LOCALBASE', '/usr/pbi/bacula-' . php_uname("m"));
else
diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc
index 7cdc8006..16ce4ab1 100644
--- a/config/bandwidthd/bandwidthd.inc
+++ b/config/bandwidthd/bandwidthd.inc
@@ -34,9 +34,15 @@ switch ($pfs_version) {
case "1.2":
case "2.0":
define('PKG_BANDWIDTHD_BASE', '/usr/local/bandwidthd');
+ define('PKG_BANDWIDTHD_RUNTIME_LIBRARY_ENV', '');
break;
- default:
+ case "2.1":
define('PKG_BANDWIDTHD_BASE', '/usr/pbi/bandwidthd-' . php_uname("m") . '/bandwidthd');
+ define('PKG_BANDWIDTHD_RUNTIME_LIBRARY_ENV', '');
+ break;
+ default:
+ define('PKG_BANDWIDTHD_BASE', '/usr/pbi/bandwidthd-' . php_uname("m") . '/local/bandwidthd');
+ define('PKG_BANDWIDTHD_RUNTIME_LIBRARY_ENV', 'LD_LIBRARY_PATH=/usr/pbi/bandwidthd-' . php_uname("m") . '/local/lib');
}
// End: Check pfSense version
@@ -63,6 +69,7 @@ function bandwidthd_install_config() {
/* the conf file must be ./etc/bandwidthd.conf relative to the current dir */
$bandwidthd_base_dir = PKG_BANDWIDTHD_BASE;
$bandwidthd_config_dir = PKG_BANDWIDTHD_BASE . "/etc";
+ $bandwidthd_runtime_library_env = PKG_BANDWIDTHD_RUNTIME_LIBRARY_ENV;
conf_mount_rw();
config_lock();
@@ -336,7 +343,7 @@ if [ ! -f "{$bandwidthd_htdocs_dir}/logo.gif" ] ; then
/bin/cp {$bandwidthd_base_dir}/htdocs/logo.gif {$bandwidthd_htdocs_dir}
fi
cd {$bandwidthd_nano_dir}
-{$bandwidthd_nano_dir}/bandwidthd
+{$bandwidthd_runtime_library_env} {$bandwidthd_nano_dir}/bandwidthd
cd -
EOD;
} else {
diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml
index 44a33bac..fc768761 100644
--- a/config/bandwidthd/bandwidthd.xml
+++ b/config/bandwidthd/bandwidthd.xml
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>bandwidthd</name>
- <version>2.0.1_5 pkg v.0.3</version>
+ <version>2.0.1_5 pkg v.0.4</version>
<title>Bandwidthd</title>
<aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml&amp;id=0</aftersaveredirect>
<include_file>/usr/local/pkg/bandwidthd.inc</include_file>
@@ -77,7 +77,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0677</chmod>
- <item>http://www.pfsense.com/packages/config/bandwidthd/bandwidthd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/bandwidthd/bandwidthd.inc</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/bind/bind.inc b/config/bind/bind.inc
index 1818b225..17d171d1 100644
--- a/config/bind/bind.inc
+++ b/config/bind/bind.inc
@@ -43,7 +43,7 @@ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
if ($pf_version > 2.0)
define('BIND_LOCALBASE', '/usr/pbi/bind-' . php_uname("m"));
else
- define('BIND_LOCALBASE','/usr/local');
+ define('BIND_LOCALBASE','/usr/local');
define('CHROOT_LOCALBASE','/cf/named');
@@ -95,8 +95,7 @@ function bind_zone_validate($post, $input_errors){
}
}
- function bind_sync(){
-
+function bind_sync(){
global $config;
conf_mount_rw();
//create rndc
@@ -164,8 +163,8 @@ EOD;
}
//check ips to listen on
if (preg_match("/All/",$bind['listenon'])){
- $bind_listenonv6="Any;";
- $bind_listenon="Any;";
+ $bind_listenonv6="any;";
+ $bind_listenon="any;";
}
else{
$bind_listenonv6="";
@@ -198,10 +197,10 @@ EOD;
if ($bind_notify == on)
$bind_conf .="\t\tnotify yes;\n";
if ($hide_version == on)
- $bind_conf .="\t\tversion \"N/A\";\n";
+ $bind_conf .="\t\tversion none;\n";
- $bind_conf .="\t\t$custom_options\n";
- $bind_conf .= "\t};\n\n";
+ $bind_conf .= preg_replace("/^/m","\t\t",$custom_options);
+ $bind_conf .= "\n\t};\n\n";
if ($bind_logging == on){
//check if bind is included on syslog
@@ -245,15 +244,22 @@ EOD;
#Config Zone domain
if(!is_array($config["installedpackages"]["bindacls"]) || !is_array($config["installedpackages"]["bindacls"]["config"])){
- $config["installedpackages"]["bindacls"]["config"][] =array("name"=>"any","description"=>"Default Access list","row" => array("value"=> "","description"=>""));
- write_config("Create Default bind acl 'Any'");
+ $config["installedpackages"]["bindacls"]["config"][] =
+ array("name"=>"none","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>""));
+ $config["installedpackages"]["bindacls"]["config"][] =
+ array("name"=>"any","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>""));
+ $config["installedpackages"]["bindacls"]["config"][] =
+ array("name"=>"localhost","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>""));
+ $config["installedpackages"]["bindacls"]["config"][] =
+ array("name"=>"localnets","description"=>"BIND Built-in ACL","row"=>array("value"=>"","description"=>""));
+ write_config("Create BIND Built-in ACLs");
}
$bindacls = $config["installedpackages"]["bindacls"]["config"];
for ($i=0; $i<sizeof($bindacls); $i++)
{
$aclname = $bindacls[$i]['name'];
$aclhost = $bindacls[$i]['row'];
- if($aclname != "any"){
+ if($aclname != "none" && $aclname != "any" && $aclname != "localhost" && $aclname != "localnets"){
$bind_conf .= "acl \"$aclname\" {\n";
for ($u=0; $u<sizeof($aclhost); $u++)
{
@@ -439,35 +445,46 @@ EOD;
$zone_conf .= "$hostname \t IN $hosttype $hostvalue \t$hostdst\n";
}
+
+ # Register DHCP static mappings
if (($zone[regdhcpstatic] == 'on') && is_array($config['dhcpd'])) {
- foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf)
- if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable']))
- foreach ($dhcpifconf['staticmap'] as $host)
- if ($host['ipaddr'] && $host['hostname']) {
- if($zonereverso == "on") {
- $hostdomain = $dhcpifconf['domain'];
- if(strlen($hostdomain) == 0) {
- $hostdomain = $config['system']['domain'];
- }
- if(strlen($hostdomain) != 0) {
- $hostdomain .= '.';
- }
- $zoneparts = array_reverse(explode('.',$zonename));
- $addressparts = explode('.',$host['ipaddr']);
- $addressstart = 0;
- while($addressstart < count($zoneparts) && $addressstart < count($addressparts) && $zoneparts[$addressstart] == $addressparts[$addressstart]) {
- $addressstart++;
- }
- $shortaddress='';
- for($addresspointer = count($addressparts)-1; $addresspointer >= $addressstart; $addresspointer--) {
- $shortaddress .= (strlen($shortaddress) > 0 ? '.' : '') . $addressparts[$addresspointer];
- }
- $zone_conf .= "{$shortaddress}\tIN PTR\t{$host['hostname']}.{$hostdomain}\n";
- } else {
- $zone_conf .= "{$host['hostname']}\tIN A\t{$host['ipaddr']}\n";
- }
- }
- }
+ $zoneparts = array_reverse(explode('.',$zonename));
+ foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) {
+ if (!isset($dhcpifconf['enable']) || !is_array($dhcpifconf['staticmap'])) {
+ continue;
+ }
+ foreach ($dhcpifconf['staticmap'] as $host) {
+ if (is_domain($host['domain'])) {
+ $domain = $host['domain'];
+ } elseif (is_domain($dhcpifconf['domain'])) {
+ $domain = $dhcpifconf['domain'];
+ } elseif (is_domain($config['system']['domain'])) {
+ $domain = $config['system']['domain'];
+ } else {
+ continue;
+ }
+ if (!is_hostname($host['hostname']) || !is_ipaddr($host['ipaddr'])) {
+ continue;
+ }
+ if ($zonereverso == "on") {
+ $parts = explode('.',$host['ipaddr']);
+ $intersect = array_intersect_assoc($parts,$zoneparts);
+ if (count($zoneparts) == count($intersect)) {
+ $diff = array_diff_assoc($parts,$zoneparts);
+ $shortaddr = implode('.',array_reverse($diff));
+ $zone_conf .= "{$shortaddr}\tIN PTR\t{$host['hostname']}.{$domain}.\n";
+ }
+ } else {
+ $parts = array_reverse(explode('.',$domain));
+ $diff = array_diff_assoc($parts,$zoneparts);
+ if (count($diff) == 0) {
+ $zone_conf .= "{$host['hostname']}\tIN A\t{$host['ipaddr']}\n";
+ }
+ }
+ }
+ }
+ }
+
if ($zone['customzonerecords']!=""){
$zone_conf .= "\n\n;\n;custom zone records\n;\n".base64_decode($zone['customzonerecords'])."\n";
}
diff --git a/config/bind/bind.widget.php b/config/bind/bind.widget.php
index 490ded9b..dc6b3bf0 100644
--- a/config/bind/bind.widget.php
+++ b/config/bind/bind.widget.php
@@ -1,7 +1,7 @@
<?php
/*
Copyright 2013 Marcello Coutinho
- Part of bind package for pfSense(www.pfsense.com)
+ Part of bind package for pfSense(www.pfsense.org)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/bind/bind.xml b/config/bind/bind.xml
index 76fdf523..beb96589 100644
--- a/config/bind/bind.xml
+++ b/config/bind/bind.xml
@@ -91,42 +91,42 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/bind/bind.xml</item>
+ <item>https://packages.pfsense.org/packages/config/bind/bind.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/bind/bind_views.xml</item>
+ <item>https://packages.pfsense.org/packages/config/bind/bind_views.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/bind/bind_zones.xml</item>
+ <item>https://packages.pfsense.org/packages/config/bind/bind_zones.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/bind/bind_acls.xml</item>
+ <item>https://packages.pfsense.org/packages/config/bind/bind_acls.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/bind/bind.inc</item>
+ <item>https://packages.pfsense.org/packages/config/bind/bind.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/bind/bind_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/bind/bind_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/bind/pkg_bind.inc</item>
+ <item>https://packages.pfsense.org/packages/config/bind/pkg_bind.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/bind/bind.widget.php</item>
+ <item>https://packages.pfsense.org/packages/config/bind/bind.widget.php</item>
</additional_files_needed>
<fields>
<field>
@@ -160,7 +160,7 @@
<field>
<fielddescr>Hide Version</fielddescr>
<fieldname>bind_hide_version</fieldname>
- <description>Hide the version of BIND, this prevents discover the version of our servers, use any exploit that exploits a vulnerability in Bind.</description>
+ <description>Hide the version of BIND (do not process queries to version.bind at all). This makes it more difficult to exploit the server.</description>
<type>checkbox</type>
</field>
<field>
diff --git a/config/blinkled/blinkled.xml b/config/blinkled/blinkled.xml
index d1141dbd..fb0965c9 100644
--- a/config/blinkled/blinkled.xml
+++ b/config/blinkled/blinkled.xml
@@ -12,7 +12,7 @@
<url>/pkg_edit.php?xml=blinkled.xml</url>
</menu>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/blinkled/blinkled.inc</item>
+ <item>https://packages.pfsense.org/packages/config/blinkled/blinkled.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
diff --git a/config/blinkled8/blinkled.inc b/config/blinkled8/blinkled.inc
index f466da94..6d0da039 100644
--- a/config/blinkled8/blinkled.inc
+++ b/config/blinkled8/blinkled.inc
@@ -69,7 +69,7 @@ function blinkled_stop() {
mwexec("/usr/bin/killall -9 blinkled");
}
-function validate_form_blinkled($post, $input_errors) {
+function validate_form_blinkled($post, &$input_errors) {
/* Make sure both aren't using the same interface */
if (($post['iface_led2']) && ($post['iface_led3']) &&
(($post['enable_led2']) && ($post['enable_led3'])) &&
diff --git a/config/blinkled8/blinkled.xml b/config/blinkled8/blinkled.xml
index 5fb5ff7c..932d0b0e 100644
--- a/config/blinkled8/blinkled.xml
+++ b/config/blinkled8/blinkled.xml
@@ -2,7 +2,7 @@
<packagegui>
<title>Interfaces: Assign LEDs</title>
<name>blinkled</name>
- <version>0.4</version>
+ <version>0.4.1</version>
<savetext>Save</savetext>
<include_file>/usr/local/pkg/blinkled.inc</include_file>
<menu>
@@ -12,14 +12,14 @@
<url>/pkg_edit.php?xml=blinkled.xml&amp;id=0</url>
</menu>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/blinkled8/blinkled.inc</item>
+ <item>https://packages.pfsense.org/packages/config/blinkled8/blinkled.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/blinkled8/binaries/blinkled</item>
+ <item>https://packages.pfsense.org/packages/config/blinkled8/binaries/blinkled</item>
</additional_files_needed>
<service>
<name>blinkled</name>
@@ -61,7 +61,7 @@
</field>
</fields>
<custom_php_validation_command>
- validate_form_blinkled($_POST, &amp;$input_errors);
+ validate_form_blinkled($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
sync_package_blinkled();
diff --git a/config/bsdstats/bsdstats.xml b/config/bsdstats/bsdstats.xml
index d66d6f58..e2cc4393 100644
--- a/config/bsdstats/bsdstats.xml
+++ b/config/bsdstats/bsdstats.xml
@@ -58,7 +58,7 @@
<additional_files_needed>
<prefix>/usr/bin/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/bsdstats/bin/dig</item>
+ <item>https://packages.pfsense.org/packages/config/bsdstats/bin/dig</item>
</additional_files_needed>
<custom_php_install_command>
system("/bin/mkdir -p /usr/local/etc/periodic/monthly/");
diff --git a/config/checkmk-agent/checkmk.xml b/config/checkmk-agent/checkmk.xml
index 6f458a1d..120b6634 100644
--- a/config/checkmk-agent/checkmk.xml
+++ b/config/checkmk-agent/checkmk.xml
@@ -47,12 +47,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/checkmk-agent/checkmk.inc</item>
+ <item>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/checkmk-agent/checkmk_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk_sync.xml</item>
</additional_files_needed>
<menu>
<name>Check_mk Agent</name>
diff --git a/config/clamav.xml b/config/clamav.xml
index 465c635a..94f8c74f 100644
--- a/config/clamav.xml
+++ b/config/clamav.xml
@@ -68,7 +68,7 @@
<description>A daemon that periodically updates the ClamAV virus database.</description>
</service>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/clamav.inc</item>
+ <item>https://packages.pfsense.org/packages/config/clamav.inc</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/countryblock/countryblock.inc b/config/countryblock/countryblock.inc
index 5451b4bf..dc7bffd3 100644
--- a/config/countryblock/countryblock.inc
+++ b/config/countryblock/countryblock.inc
@@ -139,7 +139,7 @@ function deinstall_command_cb()
exec("rm /usr/local/pkg/pf/countryblock.sh");
exec("pfctl -t countryblock -T kill");
exec("sed -i -e '/countryblock/d' /tmp/rules.debug");
- exec("pfctl -o basic -f /tmp/rules.debug");
+ exec("pfctl -f /tmp/rules.debug");
conf_mount_ro();
}
diff --git a/config/countryblock/countryblock.xml b/config/countryblock/countryblock.xml
index 146918d3..b7336e98 100644
--- a/config/countryblock/countryblock.xml
+++ b/config/countryblock/countryblock.xml
@@ -39,7 +39,7 @@
</copyright>
<description>Country Block</description>
<requirements>Active Internet</requirements>
- <faq>http://forum.pfsense.org/index.php/topic,25732.0.html</faq>
+ <faq>https://forum.pfsense.org/index.php/topic,25732.0.html</faq>
<name>Country Block Settings</name>
<version>0.2.4</version>
<title>Settings</title>
@@ -62,112 +62,112 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/countryblock.xml</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/countryblock.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/countryblock.inc</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/countryblock.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/interfaces.txt</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/interfaces.txt</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/countryblock.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/countryblock.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/execute.sh</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/execute.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/countryblock.sh</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/countryblock.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/index.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/index.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/ddaccordion.js</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/ddaccordion.js</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/jquery.min.js</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/jquery.min.js</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/public_smo_scripts.js</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/public_smo_scripts.js</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/titlebar.png</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/titlebar.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/titlebar-active.png</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/titlebar-active.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/purge.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/purge.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/whitelist.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/whitelist.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/countryblock_if.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/countryblock_if.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/firewall_shaper.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/firewall_shaper.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/help.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/help.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/settings.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/settings.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/class.phpmailer.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/class.phpmailer.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/class.smtp.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/class.smtp.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/email.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/email.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/countryblock/countryblock_IPBlocklist.widget.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/countryblock/countryblock_IPBlocklist.widget.tmp</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/countryblock/countryblock_IPBlocklist.widget.tmp b/config/countryblock/countryblock_IPBlocklist.widget.tmp
index 0ad1573b..59911f5a 100644
--- a/config/countryblock/countryblock_IPBlocklist.widget.tmp
+++ b/config/countryblock/countryblock_IPBlocklist.widget.tmp
@@ -1,7 +1,7 @@
<?php
/*
Copyright 2012 Thomas Schaefer - Tomschaefer.org
- Part of pfSense widgets (www.pfsense.com)
+ Part of pfSense widgets (www.pfsense.org)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/countryblock/help.tmp b/config/countryblock/help.tmp
index 2f466947..577a7f49 100644
--- a/config/countryblock/help.tmp
+++ b/config/countryblock/help.tmp
@@ -91,7 +91,7 @@ To run countryblock as a cron job use /usr/local/etc/rc.d/countryblock.sh <br>
<span style="color:red">Warning!</span> - Apply after every firewall change or state reset. Use at your own risk.
--->
-<a href="http://doc.pfsense.org/index.php/Country_Block">Please see wiki for help</a> or the <a href="http://forum.pfsense.org/index.php/topic,25732.0.html">Forum</a>
+<a href="https://doc.pfsense.org/index.php/Country_Block">Please see wiki for help</a> or the <a href="https://forum.pfsense.org/index.php/topic,25732.0.html">Forum</a>
</div>
diff --git a/config/cron/cron.xml b/config/cron/cron.xml
index 71e524b3..3376d9e0 100644
--- a/config/cron/cron.xml
+++ b/config/cron/cron.xml
@@ -68,27 +68,27 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/cron/cron.xml</item>
+ <item>https://packages.pfsense.org/packages/config/cron/cron.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/cron/cron.inc</item>
+ <item>https://packages.pfsense.org/packages/config/cron/cron.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/cron/cron.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/cron/cron.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/cron/cron_edit.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/cron/cron_edit.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/packages/cron/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/cron/index.php</item>
+ <item>https://packages.pfsense.org/packages/config/cron/index.php</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml
index e0cb58fd..55860775 100644
--- a/config/dansguardian/dansguardian.xml
+++ b/config/dansguardian/dansguardian.xml
@@ -59,137 +59,137 @@
<description><![CDATA[Award winning Open Source web content filter]]></description>
</service>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian.php</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ldap.php</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_ldap.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ldap.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_ldap.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ips_header.template</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_ips_header.template</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_users_header.template</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_users_header.template</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_users_footer.template</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_users_footer.template</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_about.php</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_about.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_config.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_config.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_sync.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardianfx.conf.template</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardianfx.conf.template</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_url_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_url_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_site_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_site_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_search_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_search_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_pics_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_pics_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_phrase_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_phrase_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_log.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_log.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_header_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_header_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_groups.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_groups.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_file_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_file_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_content_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_content_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_blacklist.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_blacklist.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_antivirus_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_antivirus_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian.conf.template</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.conf.template</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/icapscan.conf.template</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/icapscan.conf.template</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_rc.template</item>
+ <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_rc.template</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
diff --git a/config/dansguardian/dansguardian_about.php b/config/dansguardian/dansguardian_about.php
index b7834281..4cb47200 100755
--- a/config/dansguardian/dansguardian_about.php
+++ b/config/dansguardian/dansguardian_about.php
@@ -1,7 +1,7 @@
<?php
/*
dansguardian_about.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com>
All rights reserved.
@@ -29,8 +29,8 @@
require_once("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "About: Dansguardian Package";
@@ -93,11 +93,11 @@ include("head.inc");
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td>
- <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td>
+ <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Donations ");?></td>
- <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br><br>
+ <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br><br>
If you want your donation to go to this package developer, make a note on the donation forwarding it to me.<br><br>");?></td>
</tr>
</table>
diff --git a/config/dashboard/dashboard.xml b/config/dashboard/dashboard.xml
index c09a2eda..5d8b59fc 100644
--- a/config/dashboard/dashboard.xml
+++ b/config/dashboard/dashboard.xml
@@ -52,12 +52,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/dashboard/dashboard.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dashboard/dashboard.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://files.pfsense.org/packages/widgets.tgz</item>
+ <item>https://files.pfsense.org/packages/widgets.tgz</item>
</additional_files_needed>
<custom_php_install_command>
dashboard_install();
diff --git a/config/denyhosts/denyhosts.inc b/config/denyhosts/denyhosts.inc
index 8a862e01..37209715 100644
--- a/config/denyhosts/denyhosts.inc
+++ b/config/denyhosts/denyhosts.inc
@@ -38,7 +38,7 @@ function denyhosts_sync_package()
}
-// bounty: http://forum.pfsense.org/index.php/topic,15791.0/topicseen.html
+// bounty: https://forum.pfsense.org/index.php/topic,15791.0/topicseen.html
// pkg_add -r denyhosts
// python /usr/local/share/denyhosts/denyhosts.py –file=/var/log/auth.log
// /var/run/denyhosts.pid
@@ -60,7 +60,7 @@ function denyhosts_install_command()
exec("mkdir /usr/local/www/packages/denyhosts/");
}
- exec("pkg_add -r http://files.pfsense.com/packages/security/denyhosts-2.5.tbz");
+ exec("pkg_add -r https://files.pfsense.org/packages/security/denyhosts-2.5.tbz");
//misc files
if (!is_dir('/usr/local/www/edit_area/')) {
@@ -94,7 +94,7 @@ function denyhosts_install_command()
exec ('touch /var/log/denyhosts');
}
- $download_path = 'http://www.pfsense.com/packages/config/denyhosts/';
+ $download_path = 'https://packages.pfsense.org/packages/config/denyhosts/';
//rename PHP files from .tmp to .php
chdir('/tmp/');
diff --git a/config/denyhosts/denyhosts.xml b/config/denyhosts/denyhosts.xml
index 53658a7a..720f1b95 100644
--- a/config/denyhosts/denyhosts.xml
+++ b/config/denyhosts/denyhosts.xml
@@ -68,7 +68,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/denyhosts/denyhosts.inc</item>
+ <item>https://packages.pfsense.org/packages/config/denyhosts/denyhosts.inc</item>
</additional_files_needed>
<adddeleteeditpagefields>
<columnitem>
diff --git a/config/developers/developers.xml b/config/developers/developers.xml
index b6850d54..8b7ddb90 100644
--- a/config/developers/developers.xml
+++ b/config/developers/developers.xml
@@ -51,7 +51,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/~sullrich/extra/developer_pkg.tgz</item>
+ <item>https://www.pfsense.org/~sullrich/extra/developer_pkg.tgz</item>
</additional_files_needed>
<custom_php_install_command>
update_status("Extracing Developers package contents... This will take a bit!");
diff --git a/config/diag_states_pt/diag_new_states.xml b/config/diag_states_pt/diag_new_states.xml
index b8ea9dc3..0e4e6c7d 100644
--- a/config/diag_states_pt/diag_new_states.xml
+++ b/config/diag_states_pt/diag_new_states.xml
@@ -57,7 +57,7 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/diag_states_pt/diag_new_states.php</item>
+ <item>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.php</item>
</additional_files_needed>
<custom_php_deinstall_command>
mwexec("rm /usr/local/www/diag_new_states.php");
diff --git a/config/dnsblacklist/dnsblacklist.xml b/config/dnsblacklist/dnsblacklist.xml
index 52c59b35..75314810 100644
--- a/config/dnsblacklist/dnsblacklist.xml
+++ b/config/dnsblacklist/dnsblacklist.xml
@@ -62,22 +62,22 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dnsblacklist/dnsblacklist.xml</item>
+ <item>https://packages.pfsense.org/packages/config/dnsblacklist/dnsblacklist.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dnsblacklist/dnsblacklist.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dnsblacklist/dnsblacklist.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dnsblacklist/dnsblacklist.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/dnsblacklist/dnsblacklist.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://files.pfsense.org/packages/blacklists.tar.gz</item>
+ <item>https://files.pfsense.org/packages/blacklists.tar.gz</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/dnsmasq-edns/dnsmasq-edns.xml b/config/dnsmasq-edns/dnsmasq-edns.xml
index 35bf2901..c63c828e 100644
--- a/config/dnsmasq-edns/dnsmasq-edns.xml
+++ b/config/dnsmasq-edns/dnsmasq-edns.xml
@@ -52,12 +52,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/dnsmasq-edns/dnsmasq-edns.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dnsmasq-edns/dnsmasq-edns.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/dnsmasq-edns/dnsmasq-edns.patch</item>
+ <item>https://packages.pfsense.org/packages/config/dnsmasq-edns/dnsmasq-edns.patch</item>
</additional_files_needed>
<custom_php_install_command>
dnsmasq_edns_install();
diff --git a/config/dyntables/pkg/dyntables.xml b/config/dyntables/pkg/dyntables.xml
index 8a249966..8047b80b 100644
--- a/config/dyntables/pkg/dyntables.xml
+++ b/config/dyntables/pkg/dyntables.xml
@@ -83,7 +83,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dyntables/www/php/diag_dhcp_leases.php</item>
+ <item>https://packages.pfsense.org/packages/config/dyntables/www/php/diag_dhcp_leases.php</item>
</additional_files_needed>
<!--
|
@@ -93,7 +93,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dyntables/www/js/dyntables.js</item>
+ <item>https://packages.pfsense.org/packages/config/dyntables/www/js/dyntables.js</item>
</additional_files_needed>
<!--
|
@@ -103,12 +103,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dyntables/pkg/dyntables.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dyntables/pkg/dyntables.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dyntables/pkg/dyntables_classdefs.inc</item>
+ <item>https://packages.pfsense.org/packages/config/dyntables/pkg/dyntables_classdefs.inc</item>
</additional_files_needed>
<!--
|
@@ -118,7 +118,7 @@
<additional_files_needed>
<prefix>/usr/local/lib/php/extensions/no-debug-non-zts-20020429/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/dyntables/bin/json.so</item>
+ <item>https://packages.pfsense.org/packages/config/dyntables/bin/json.so</item>
</additional_files_needed>
<!--
fields gets invoked when the user adds or edits a item. The following items
diff --git a/config/filemgr/filemgr.xml b/config/filemgr/filemgr.xml
index 57f0e1f9..5c44ba13 100644
--- a/config/filemgr/filemgr.xml
+++ b/config/filemgr/filemgr.xml
@@ -29,7 +29,7 @@
</copyright>
<description>PHP File Manager</description>
<requirements>none</requirements>
- <faq>http://forum.pfsense.org/index.php/topic,26974.0.html</faq>
+ <faq>https://forum.pfsense.org/index.php/topic,26974.0.html</faq>
<name>File Manager</name>
<version>0.1.2</version>
<title>Settings</title>
@@ -52,162 +52,162 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/filemgr.xml</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/filemgr.inc</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/filemgr.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/file_manager.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/file_manager.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/index.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/index.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/bg_footer.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/bg_footer.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/bg_header.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/bg_header.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/bg_page.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/bg_page.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/file_editor_bg.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/file_editor_bg.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/folder.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/folder.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/folder_go.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/folder_go.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/folder_up.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/folder_up.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/go.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/go.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_delete.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_delete.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_download.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_download.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_file.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_file.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_html.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_html.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_open_as_web.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_open_as_web.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_php.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_php.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_picture.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_picture.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_rename.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_rename.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_script_edit.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_script_edit.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_use_file.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_use_file.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/ico_use_file_inactive.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/ico_use_file_inactive.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/index.html</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/index.html</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfmimg/new.png</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfmimg/new.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/config.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/config.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/download.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/download.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/file_editor_style.css</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/file_editor_style.css</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/functions.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/functions.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/index.html</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/index.html</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/rename.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/rename.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filemgr/rbfminc/session.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/session.tmp</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/filer/filer.xml b/config/filer/filer.xml
index 9196f889..ecb24bcd 100644
--- a/config/filer/filer.xml
+++ b/config/filer/filer.xml
@@ -49,12 +49,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filer/filer.inc</item>
+ <item>https://packages.pfsense.org/packages/config/filer/filer.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/filer/filer_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/filer/filer_sync.xml</item>
</additional_files_needed>
<menu>
<name>Filer</name>
diff --git a/config/freeradius.xml b/config/freeradius.xml
index 86a3300f..20f6675b 100644
--- a/config/freeradius.xml
+++ b/config/freeradius.xml
@@ -119,17 +119,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0775</chmod>
- <item>http://www.pfsense.org/packages/config/freeradiusclients.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradiusclients.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0775</chmod>
- <item>http://www.pfsense.org/packages/config/freeradiussettings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradiussettings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0775</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius.inc</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index 8e3105ef..13b4123a 100644
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -111,57 +111,57 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradius.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item>
</additional_files_needed>
<adddeleteeditpagefields>
<columnitem>
diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php
index a1943653..bfabd7fa 100644
--- a/config/freeradius2/freeradius_view_config.php
+++ b/config/freeradius2/freeradius_view_config.php
@@ -1,7 +1,7 @@
<?php
/*
freeradius_view_config.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com>
based on postfix_view_config.php
@@ -67,8 +67,8 @@ if ($_REQUEST['file']!=""){
get_file($_REQUEST['file']);
}
else{
- $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
- if(strstr($pfSversion, "1.2"))
+ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+ if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "FreeRADIUS: View Configuration";
diff --git a/config/freeradius2/freeradiusauthorizedmacs.xml b/config/freeradius2/freeradiusauthorizedmacs.xml
index 235d0218..05b5515a 100644
--- a/config/freeradius2/freeradiusauthorizedmacs.xml
+++ b/config/freeradius2/freeradiusauthorizedmacs.xml
@@ -111,57 +111,57 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradius.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradius_view_config.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusclients.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussettings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuseapconf.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussqlconf.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiuscerts.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiussync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusmodulesldap.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item>
+ <item>https://packages.pfsense.org/packages/config/freeradius2/freeradiusauthorizedmacs.xml</item>
</additional_files_needed>
<adddeleteeditpagefields>
<columnitem>
diff --git a/config/freeswitch/freeswitch.inc b/config/freeswitch/freeswitch.inc
index 0c073487..3a2be3c2 100644
--- a/config/freeswitch/freeswitch.inc
+++ b/config/freeswitch/freeswitch.inc
@@ -3018,7 +3018,7 @@ function freeswitch_php_install_command()
// $freebsd_version = "7.2";
//}
- $download_path = 'http://www.pfsense.com/packages/config/freeswitch/';
+ $download_path = 'https://packages.pfsense.org/packages/config/freeswitch/';
//exec("cd /tmp/;fetch ".$download_path."freeswitch.tgz"); //handled by freeswitch.xml
exec("tar zxvf /tmp/freeswitch.tgz -C /usr/local/");
unlink_if_exists("/tmp/freeswitch.tgz");
diff --git a/config/freeswitch/freeswitch.xml b/config/freeswitch/freeswitch.xml
index 1e815566..dc5cfc36 100644
--- a/config/freeswitch/freeswitch.xml
+++ b/config/freeswitch/freeswitch.xml
@@ -108,7 +108,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freeswitch/freeswitch.inc</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/freeswitch_dev/freeswitch.xml b/config/freeswitch_dev/freeswitch.xml
index 783b08cc..ed6f2320 100644
--- a/config/freeswitch_dev/freeswitch.xml
+++ b/config/freeswitch_dev/freeswitch.xml
@@ -103,7 +103,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch_dev/v_config.inc</item>
+ <item>https://packages.pfsense.org/packages/config/freeswitch_dev/v_config.inc</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/freeswitch_dev/v_config.inc b/config/freeswitch_dev/v_config.inc
index 49e05642..67c9fce9 100644
--- a/config/freeswitch_dev/v_config.inc
+++ b/config/freeswitch_dev/v_config.inc
@@ -68,7 +68,7 @@ function v_settings()
$config['installedpackages']['freeswitchsettings']['config'][0]['v_scripts_dir'] = '/usr/local/freeswitch/scripts';
$config['installedpackages']['freeswitchsettings']['config'][0]['v_storage_dir'] = '/usr/local/freeswitch/storage';
$config['installedpackages']['freeswitchsettings']['config'][0]['v_recordings_dir'] = '/usr/local/freeswitch/recordings';
- $config['installedpackages']['freeswitchsettings']['config'][0]['v_download_path'] = 'http://www.pfsense.com/packages/config/freeswitch_dev';
+ $config['installedpackages']['freeswitchsettings']['config'][0]['v_download_path'] = 'https://packages.pfsense.org/packages/config/freeswitch_dev';
}
//Update the settings
diff --git a/config/gwled/gwled.inc b/config/gwled/gwled.inc
index 7bb25147..dad6fe69 100644
--- a/config/gwled/gwled.inc
+++ b/config/gwled/gwled.inc
@@ -36,7 +36,7 @@ function gwled_stop() {
exec("/bin/pkill -9 -f gwled");
}
-function validate_form_gwled($post, $input_errors) {
+function validate_form_gwled($post, &$input_errors) {
/* Make sure both aren't using the same interface */
if (($post['gw_led2']) && ($post['gw_led3']) &&
(($post['enable_led2']) && ($post['enable_led3'])) &&
diff --git a/config/gwled/gwled.xml b/config/gwled/gwled.xml
index 35df41ee..015ab3bb 100644
--- a/config/gwled/gwled.xml
+++ b/config/gwled/gwled.xml
@@ -12,14 +12,14 @@
<url>/pkg_edit.php?xml=gwled.xml&amp;id=0</url>
</menu>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/gwled/gwled.inc</item>
+ <item>https://packages.pfsense.org/packages/config/gwled/gwled.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/gwled/gwled.php</item>
+ <item>https://packages.pfsense.org/packages/config/gwled/gwled.php</item>
</additional_files_needed>
<service>
<name>gwled</name>
@@ -66,7 +66,7 @@
</field>
</fields>
<custom_php_validation_command>
- validate_form_gwled($_POST, &amp;$input_errors);
+ validate_form_gwled($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
sync_package_gwled();
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index d039b55a..1e403c48 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -37,6 +37,7 @@ require_once("haproxy_xmlrpcsyncclient.inc");
$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty";
+global $a_acltypes;
$a_acltypes = array();
$a_acltypes["host_starts_with"] = array('name' => 'Host starts with',
'mode' => 'http', 'syntax' => 'hdr_beg(host) -i %1$s');
@@ -66,6 +67,7 @@ $a_acltypes["backendservercount"] = array('name' => 'Minimum count usable server
$a_acltypes["ssl_sni_matches"] = array('name' => 'Server Name Indication TLS extension matches',
'mode' => 'https', 'syntax' => 'req_ssl_sni -i %1$s', 'advancedoptions' => "tcp-request inspect-delay 5s\n\ttcp-request content accept if { req_ssl_hello_type 1 }");
+global $a_checktypes;
$a_checktypes = array();
$a_checktypes['none'] = array('name' => 'none', 'syntax' => '',
'descr' => 'No health checks will be performed.');
@@ -92,6 +94,7 @@ $a_checktypes['ESMTP'] = array('name' => 'ESMTP', 'syntax' => 'smtpchk EHLO',
$a_checktypes['SSL'] = array('name' => 'SSL', 'syntax' => 'ssl-hello-chk',
'descr' => 'Use SSLv3 client hello health checks for server testing.');
+global $a_httpcheck_method;
$a_httpcheck_method = array();
$a_httpcheck_method['OPTIONS'] = array('name' => 'OPTIONS', 'syntax' => 'OPTIONS');
$a_httpcheck_method['HEAD'] = array('name' => 'HEAD', 'syntax' => 'HEAD');
@@ -101,6 +104,7 @@ $a_httpcheck_method['PUT'] = array('name' => 'PUT', 'syntax' => 'PUT');
$a_httpcheck_method['DELETE'] = array('name' => 'DELETE', 'syntax' => 'DELETE');
$a_httpcheck_method['TRACE'] = array('name' => 'TRACE', 'syntax' => 'TRACE');
+global $a_closetypes;
$a_closetypes = array();
$a_closetypes['none'] = array('name' => 'none', 'syntax' => '',
'descr' => 'No close headers will be changed.');
@@ -113,6 +117,7 @@ $a_closetypes['forceclose'] = array('name' => 'forceclose', 'syntax' => 'forcecl
$a_closetypes['http-keep-alive'] = array('name' => 'http-keep-alive', 'syntax' => 'http-keep-alive',
'descr' => 'By default, when a client communicates with a server, HAProxy will only analyze, log, and process the first request of each connection. Setting "option http-keep-alive" enables HTTP keep-alive mode on the client- and server- sides. This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side at the expense of maintaining idle connections to the servers. In general, it is possible with this option to achieve approximately twice the request rate that the "http-server-close" option achieves on small objects. There are mainly two situations where this option may be useful : - when the server is non-HTTP compliant and authenticates the connection instead of requests (eg: NTLM authentication) - when the cost of establishing the connection to the server is significant compared to the cost of retrieving the associated object from the server.');
+global $a_servermodes;
$a_servermodes = array();
$a_servermodes["active"]['name'] = "active";
$a_servermodes["backup"]['name'] = "backup";
@@ -120,6 +125,7 @@ $a_servermodes["disabled"]['name'] = "disabled";
$a_servermodes["inactive"]['name'] = "inactive";
// http://www.exceliance.fr/sites/default/files/biblio/aloha_load_balancer_haproxy_cookie_persistence_methods_memo.pdf
+global $a_cookiemode;
$a_cookiemode = array();
$a_cookiemode['passive'] = array('name' => 'Passive', 'syntax' => 'cookie <cookie name>',
'descr' => 'Cookie is analysed on incoming request to choose server. HAProxy does not perform any insertion update or deletion on the Cookie or Set-Cookie. If the Cookie is not set, then the load-balancing algorithm is applied.');
@@ -142,6 +148,7 @@ $a_cookiemode['passive-session-prefix'] = array('name' => 'Passive-session-prefi
foreach($a_cookiemode as &$cookiemode)
$cookiemode['descr'] = $cookiemode['descr'] . "\n\n" . $cookiemode['syntax'] . "";
+global $a_sticky_type;
$a_sticky_type = array();
$a_sticky_type['none'] = array('name' => 'none',
'descr' => "No stick-table will be used");
@@ -158,26 +165,108 @@ $a_sticky_type['stick_rdp_cookie'] = array('name' => 'Stick on RDP-cookie',
'descr' => "Uses a RDP-Cookie send by the mstsc client, note that not all clients send this.",
'cookiedescr' => 'EXAMPLE: msts or mstshash');
+if(!function_exists('group_ports')){
+// function group_ports() is present in pfSense 2.2 in util.inc
+/* create ranges of sequential port numbers (200:215) and remove duplicates */
+function group_ports($ports) {
+ if (!is_array($ports) || empty($ports))
+ return;
+
+ $uniq = array();
+ foreach ($ports as $port) {
+ if (is_portrange($port)) {
+ list($begin, $end) = explode(":", $port);
+ if ($begin > $end) {
+ $aux = $begin;
+ $begin = $end;
+ $end = $aux;
+ }
+ for ($i = $begin; $i <= $end; $i++)
+ if (!in_array($i, $uniq))
+ $uniq[] = $i;
+ } else if (is_port($port)) {
+ if (!in_array($port, $uniq))
+ $uniq[] = $port;
+ }
+ }
+ sort($uniq, SORT_NUMERIC);
+
+ $result = array();
+ foreach ($uniq as $idx => $port) {
+ if ($idx == 0) {
+ $result[] = $port;
+ continue;
+ }
+
+ $last = end($result);
+ if (is_portrange($last))
+ list($begin, $end) = explode(":", $last);
+ else
+ $begin = $end = $last;
+
+ if ($port == ($end+1)) {
+ $end++;
+ $result[count($result)-1] = "{$begin}:{$end}";
+ } else {
+ $result[] = $port;
+ }
+ }
+
+ return $result;
+}
+}
+
+function haproxy_portoralias_to_list($port_or_alias) {
+ // input: a port or aliasname: 80 https MyPortAlias
+ // returns: a array of ports and portranges 80 443 8000:8010
+ global $aliastable;
+ $portresult = array();
+ if (alias_get_type($port_or_alias) == "port") {
+ $aliasports = $aliastable[$port_or_alias];
+ $ports = explode(' ',$aliasports);
+ foreach($ports as $port) {
+ $portresults = haproxy_portoralias_to_list($port);
+ $portresult = array_merge($portresult, $portresults);
+ }
+ return $portresult;
+ } else if (is_portrange($port_or_alias)) {
+ return (array)$port_or_alias;
+ } else if (is_port($port_or_alias)) {
+ if (getservbyname($port_or_alias, "tcp"))
+ return (array)getservbyname($port_or_alias, "tcp");
+ if (getservbyname($port_or_alias, "udp"))
+ return (array)getservbyname($port_or_alias, "udp");
+ return (array)$port_or_alias;
+ }
+ else
+ return null;
+}
+
function haproxy_custom_php_deinstall_command() {
- exec("cd /var/db/pkg && pkg_delete `ls | grep haproxy`");
- exec("rm /usr/local/pkg/haproxy*");
- exec("rm /usr/local/www/haproxy*");
+ global $static_output;
+ $static_output .= "HAProxy, running haproxy_custom_php_deinstall_command()\n";
+ update_output_window($static_output);
+ $static_output .= "HAProxy, deleting haproxy webgui\n";
+ update_output_window($static_output);
exec("rm /usr/local/etc/rc.d/haproxy.sh");
- exec("rm /etc/devd/haproxy.conf");
- exec("/etc/rc.d/devd restart");
+ $static_output .= "HAProxy, installing cron job if needed\n";
+ update_output_window($static_output);
haproxy_install_cron(false);
+ $static_output .= "HAProxy, running haproxy_custom_php_deinstall_command() DONE\n";
+ update_output_window($static_output);
}
function haproxy_custom_php_install_command() {
- global $g, $config;
+ global $g, $config, $static_output;
+ $static_output .= "HAProxy, running haproxy_custom_php_install_command()\n";
+ update_output_window($static_output);
+
+ $static_output .= "HAProxy, conf_mount_rw\n";
+ update_output_window($static_output);
conf_mount_rw();
-
- $freebsd_version = substr(trim(`uname -r`), 0, 1);
- if(!file_exists("/usr/bin/limits")) {
- exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits");
- exec("chmod a+rx /usr/bin/limits");
- }
+ $static_output .= "HAProxy, create '/usr/local/etc/rc.d/haproxy.sh'\n";
+ update_output_window($static_output);
$haproxy = <<<EOD
#!/bin/sh
@@ -189,7 +278,7 @@ function haproxy_custom_php_install_command() {
name="haproxy"
rcvar=`set_rcvar`
-command="/usr/local/bin/haproxy"
+command="/usr/pbi/haproxy-devel-`uname -m`/sbin/haproxy"
haproxy_enable=\${haproxy-"YES"}
start_cmd="haproxy_start"
@@ -241,27 +330,11 @@ EOD;
fclose($fd);
exec("chmod a+rx /usr/local/etc/rc.d/haproxy.sh");
- $devd = <<<EOD
-notify 0 {
- match "system" "IFNET";
- match "subsystem" "carp[0-9]+";
- match "type" "LINK_UP";
- action "/usr/local/etc/rc.d/haproxy.sh check";
-};
-notify 0 {
- match "system" "IFNET";
- match "subsystem" "carp[0-9]+";
- match "type" "LINK_DOWN";
- action "/usr/local/etc/rc.d/haproxy.sh check";
-};
-EOD;
- exec("mkdir -p /etc/devd");
- $fd = fopen("/etc/devd/haproxy.conf", "w");
- fwrite($fd, $devd);
- fclose($fd);
- exec("/etc/rc.d/devd restart");
+ $static_output .= "HAProxy, update configuration\n";
+ update_output_window($static_output);
+
$writeconfigupdate = false;
/* Do XML upgrade from haproxy 0.31 to haproxy-dev */
if (is_array($config['installedpackages']['haproxy']['ha_servers'])) {
@@ -332,9 +405,8 @@ EOD;
$writeconfigupdate = true;
}
// update config to "haproxy-devel 1.5-dev19 pkg v0.5"
- $a_backends = &$config['installedpackages']['haproxy']['ha_backends']['item'];
- if(is_array($a_backends)) {
- foreach ($a_backends as &$bind) {
+ if(is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) {
+ foreach ($config['installedpackages']['haproxy']['ha_backends']['item'] as &$bind) {
if($bind['httpclose'] && $bind['httpclose'] == "yes" ) {
$bind['httpclose'] = "httpclose";
$writeconfigupdate = true;
@@ -353,12 +425,22 @@ EOD;
}
}
}
- if ($writeconfigupdate)
- write_config("haproxy, update xml config version");
+ if ($writeconfigupdate) {
+ $static_output .= "HAProxy, write updated config\n";
+ update_output_window($static_output);
+ write_config("HAProxy, update xml config version");
+ }
+ $static_output .= "HAProxy, conf_mount_ro\n";
+ update_output_window($static_output);
conf_mount_ro();
- exec("/usr/local/etc/rc.d/haproxy.sh start");
+ $static_output .= "HAProxy, starting haproxy (if previously enabled)\n";
+ update_output_window($static_output);
+ haproxy_check_run(1);
+
+ $static_output .= "HAProxy, running haproxy_custom_php_install_command() DONE\n";
+ update_output_window($static_output);
}
function haproxy_install_cron($should_install) {
@@ -422,27 +504,17 @@ function write_backend($fd, $name, $pool, $frontend) {
global $a_checktypes, $a_cookiemode;
$a_servers = &$pool['ha_servers']['item'];
- $frontendtype = strtolower($frontend['type']);
-
- unset($sslserverpresent);
- if (is_array($a_servers))
- {
- foreach($a_servers as $be) {
- if (!$be['status'] == "inactive")
- continue;
- if ($be['ssl'])
- $sslserverpresent = true;
- }
- }
+ $frontendtype = $frontend['type'];
+ $frontend_ip = haproxy_interface_ip($frontend['extaddr']);
fwrite ($fd, "backend " . $name . "\n");
// https is an alias for tcp for clarity purposes
- if(strtolower($frontend['type']) == "https") {
- $backend_type = "tcp";
+ if($frontendtype == "https") {
+ $backend_mode = "tcp";
} else {
- $backend_type = $frontend['type'];
+ $backend_mode = $frontendtype;
}
- fwrite ($fd, "\tmode\t\t\t" . $backend_type . "\n");
+ fwrite ($fd, "\tmode\t\t\t" . $backend_mode . "\n");
if ($frontendtype == "http") {
if ($pool["persist_cookie_enabled"] == "yes") {
@@ -620,7 +692,7 @@ function write_backend($fd, $name, $pool, $frontend) {
$ssl = "";
if ($be['ssl'] == 'yes')
{
- $ssl = $backend_type == "http" ? ' ssl' : ' check-ssl';
+ $ssl = $frontendtype == "http" ? ' ssl' : ' check-ssl';
}
$weight = "";
if (is_numeric($be['weight'])){
@@ -635,13 +707,11 @@ function write_backend($fd, $name, $pool, $frontend) {
function haproxy_configure() {
global $g;
// reload haproxy
- haproxy_writeconf("{$g['varetc_path']}/haproxy");
return haproxy_check_run(1);
}
function haproxy_check_and_run(&$messages, $reload) {
global $g;
- $configpath = "{$g['varetc_path']}/haproxy";
$testpath = "{$g['varetc_path']}/haproxy_test";
haproxy_writeconf($testpath);
$retval = exec("haproxy -c -V -f $testpath/haproxy.cfg 2>&1", $output, $err);
@@ -659,7 +729,6 @@ function haproxy_check_and_run(&$messages, $reload) {
$ok = strstr($retval, "Configuration file is valid");
if ($ok && $reload) {
global $haproxy_run_message;
- haproxy_writeconf($configpath);
rmdir_recursive($testpath);
$ok = haproxy_check_run(1) == 0;
$messages = $haproxy_run_message;
@@ -733,7 +802,8 @@ function haproxy_writeconf($configpath) {
fwrite ($fd, "\tbind 127.0.0.1:$localstatsport\n");
fwrite ($fd, "\tmode http\n");
fwrite ($fd, "\tstats enable\n");
- fwrite ($fd, "\tstats refresh 10\n");
+ if (is_numeric($a_global['localstats_refreshtime']))
+ fwrite ($fd, "\tstats refresh {$a_global['localstats_refreshtime']}\n");
fwrite ($fd, "\tstats admin if TRUE\n");
fwrite ($fd, "\tstats uri /haproxy_stats.php?haproxystats=1\n");
fwrite ($fd, "\ttimeout client 5000\n");
@@ -748,20 +818,14 @@ function haproxy_writeconf($configpath) {
if(is_array($a_frontends)) {
foreach ($a_frontends as $frontend) {
if($frontend['status'] != 'active')
- {
- unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt");
continue;
- }
if(!$frontend['backend_serverpool'])
- {
- unlink_if_exists("var/etc/{$frontend['name']}.{$frontend['port']}.crt");
continue;
- }
-
+ $primaryfrontend = get_primaryfrontend($frontend);
$bname = get_frontend_ipport($frontend);
//check ssl info
- if (strtolower($frontend['type']) == "http" && $frontend['ssloffload']){
+ if (strtolower($primaryfrontend['type']) == "http" && $frontend['ssloffload']){
//ssl crt ./server.pem ca-file ./ca.crt verify optional crt-ignore-err all crl-file ./ca_crl.pem
$filename = "$configpath/{$frontend['name']}.{$frontend['port']}.pem";
$ssl_crt = " crt $filename";
@@ -786,7 +850,6 @@ function haproxy_writeconf($configpath) {
$a_bind[$bname] = array();
$a_bind[$bname]['config'] = array();
// Settings which are used only from the primary frontend
- $primaryfrontend = get_primaryfrontend($frontend);
$a_bind[$bname]['name'] = $primaryfrontend['name'];
$a_bind[$bname]['extaddr'] = $primaryfrontend['extaddr'];
$a_bind[$bname]['port'] = $primaryfrontend['port'];
@@ -803,7 +866,7 @@ function haproxy_writeconf($configpath) {
if (($frontend['secondary'] != 'yes') && ($frontend['name'] != $b['name'])) {
// only 1 frontend can be the primary for a set of frontends that share 1 address:port.
- $input_errors[] = "Multiple primary frondends for $bname";
+ $input_errors[] = "Multiple primary frontends for $bname use the 'Shared Frontend' option instead";
}
if ($ssl_crt != "") {
@@ -832,17 +895,28 @@ function haproxy_writeconf($configpath) {
// Prepare ports for processing by splitting
$portss = "{$bind['port']},";
$ports = split(",", $portss);
- $ssl_info = $bind['ssl_info'];
- $advanced_bind = $bind['advanced_bind'];
+
+ if($bind['type'] == "http") {
+ // ssl offloading is only possible in http mode.
+ $ssl_info = $bind['ssl_info'];
+ $advanced_bind = $bind['advanced_bind'];
+ } else {
+ $ssl_info = "";
+ $advanced_bind = "";
+ }
// Initialize variable
$listenip = "";
// Process and add bind directives for ports
$ip = haproxy_interface_ip($bind['extaddr']);
if ($ip){
- foreach($ports as $port) {
- if($port) {
- $listenip .= "\tbind\t\t\t$ip:{$port} {$ssl_info} {$advanced_bind}\n";
+ foreach($ports as $alias_or_port) {
+ if($alias_or_port) {
+ $portsnumeric = group_ports(haproxy_portoralias_to_list($alias_or_port));
+ foreach($portsnumeric as $portnumeric) {
+ $portnumeric = str_replace(":","-",$portnumeric);
+ $listenip .= "\tbind\t\t\t$ip:{$portnumeric} {$ssl_info} {$advanced_bind}\n";
+ }
}
}
}
@@ -860,7 +934,7 @@ function haproxy_writeconf($configpath) {
}
}
- // https is an alias for tcp for clarity purpouses
+ // https is an alias for tcp for clarity purposes
if($bind['type'] == "https") {
$backend_type = "tcp";
} else {
@@ -898,45 +972,15 @@ function haproxy_writeconf($configpath) {
$default_backend = "";
$i = 0;
foreach ($bind['config'] as $frontend) {
- $a_acl=&$frontend['ha_acls']['item'];
- if(!is_array($a_acl))
- $a_acl=array();
-
- $poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']);
+ $a_acl = get_frontend_acls($frontend);
- // Create different pools if the svrport is set
- if ($frontend['svrport'] > 0)
- $poolname .= "_" . $frontend['svrport'];
+ $poolname = $frontend['backend_serverpool'] . "_" . strtolower($bind['type']);
if (!isset($a_pendingpl[$poolname])) {
$a_pendingpl[$poolname] = array();
$a_pendingpl[$poolname]['name'] = $poolname;
- $a_pendingpl[$poolname]['frontend'] = $frontend;
- }
-
- if (strtolower($bind['type']) == "http" && $frontend['ssloffload']) {
- $aclname = "SNI_" . $poolname;
- if ($frontend['ssloffloadacl']){
- $cert = lookup_cert($frontend['ssloffloadcert']);
- $cert_cn = cert_get_cn($cert['crt']);
- $descr = haproxy_escape_acl_name($cert['descr']);
- $a_acl[] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
- unset($cert);
- }
- if ($frontend['ssloffloadacladditional']){
- $certs = $frontend['ha_certificates']['item'];
- if (is_array($certs)){
- if (count($certs) > 0){
- foreach($certs as $certref){
- $cert = lookup_cert($certref['ssl_certificate']);
- $cert_cn = cert_get_cn($cert['crt']);
- $descr = haproxy_escape_acl_name($cert['descr']);
- $a_acl[] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
- unset($cert);
- }
- }
- }
- }
+ $a_pendingpl[$poolname]['backend'] = $frontend['backend_serverpool'];
+ $a_pendingpl[$poolname]['frontend'] = $bind;
}
// Write this out once, and must be before any backend config text
@@ -947,8 +991,8 @@ function haproxy_writeconf($configpath) {
// combine acl's with same name to allow for 'combined checks' to check for example hostname and fileextension together..
$a_acl_combine = array();
foreach ($a_acl as $entry) {
- $name = $entry['name'];
- $a_acl_combine[$name][] = $entry;
+ $name = $entry['ref']['name'];
+ $a_acl_combine[$name][] = $entry['ref'];
}
foreach ($a_acl_combine as $a_usebackend) {
@@ -987,7 +1031,7 @@ function haproxy_writeconf($configpath) {
if (is_array($a_pendingpl) && is_array($a_backends)) {
foreach ($a_pendingpl as $pending) {
foreach ($a_backends as $pool) {
- if ($pending['frontend']['backend_serverpool'] == $pool['name']) {
+ if ($pending['backend'] == $pool['name']) {
write_backend($fd, $pending['name'], $pool, $pending['frontend']);
}
}
@@ -1131,20 +1175,57 @@ function load_ipfw_rules() {
mwexec("/sbin/ipfw -x $ipfw_zone_haproxy -q {$g['tmp_path']}/ipfw_{$ipfw_zone_haproxy}.haproxy.rules", true);
}
+function haproxy_plugin_carp($pluginparams) {
+ // called by pfSense when a CARP interface changes its state (called multiple times when multiple interfaces change state)
+ // $pluginparams['type'] always 'carp'
+ // $pluginparams['event'] either 'rc.carpmaster' or 'rc.carpbackup'
+ // $pluginparams['interface'] contains the affected interface
+ $type = $pluginparams['type'];
+ $event = $pluginparams['event'];
+ $interface = $pluginparams['interface'];
+ haproxy_check_run(0);
+}
+
+function haproxy_plugin_certificates($pluginparams) {
+ global $config;
+ $result = array();
+ if ($pluginparams['type'] == 'certificates' && $pluginparams['event'] == 'used_certificates') {
+ $result['pkgname'] = "HAProxy";
+ $result['certificatelist'] = array();
+ // return a array of used certificates.
+ foreach($config['installedpackages']['haproxy']['ha_backends']['item'] as &$frontend) {
+ $mainfrontend = get_primaryfrontend($frontend);
+ if (strtolower($mainfrontend['type']) == "http" && $mainfrontend['ssloffload']) {
+ if ($frontend['ssloffloadacl']){
+ $item = array();
+ $cert = $frontend['ssloffloadcert'];
+ $item['usedby'] = $frontend['name'];
+ $result['certificatelist'][$cert][] = $item;
+ }
+ if ($frontend['ssloffloadacladditional']){
+ foreach($frontend['ha_certificates']['item'] as $certref){
+ $item = array();
+ $cert = $certref['ssl_certificate'];
+ $item['usedby'] = $frontend['name'];
+ $result['certificatelist'][$cert][] = $item;
+ }
+ }
+ }
+ }
+ }
+ return $result;
+}
+
function haproxy_check_run($reload) {
global $config, $g, $haproxy_run_message;
+ $haproxylock = lock("haproxy", LOCK_EX);
$a_global = &$config['installedpackages']['haproxy'];
$configpath = "{$g['varetc_path']}/haproxy";
-
- exec("/usr/bin/limits -n 300014");
-
- if(use_transparent_clientip_proxying()) {
- filter_configure();
- load_ipfw_rules();
- } else
- mwexec("/usr/local/sbin/ipfw_context -d haproxy", true);
+ if ($reload)
+ haproxy_writeconf($configpath);
+
if(isset($a_global['enable'])) {
if (isset($a_global['carpdev'])) {
$status = get_carp_interface_status($a_global['carpdev']);
@@ -1154,15 +1235,25 @@ function haproxy_check_run($reload) {
//exec("/bin/pkill -F /var/run/haproxy.pid haproxy");//doesnt work for multiple pid's in a pidfile
haproxy_kill();
}
+ unlock($haproxylock);
return (0);
} else if (haproxy_is_running() && $reload == 0) {
+ unlock($haproxylock);
return (0);
}
log_error("Starting haproxy on CARP master.");
/* fallthrough */
- } else if ($reload == 0)
+ } else if ($reload == 0){
+ unlock($haproxylock);
return (0);
+ }
+ if(use_transparent_clientip_proxying()) {
+ filter_configure();
+ load_ipfw_rules();
+ } else
+ mwexec("/usr/local/sbin/ipfw_context -d haproxy", true);
+
if (haproxy_is_running()) {
if (isset($a_global['terminate_on_reload']))
$sf_st = "-st";//terminate old process as soon as the new process is listening
@@ -1174,14 +1265,15 @@ function haproxy_check_run($reload) {
}
foreach($output as $line)
$haproxy_run_message .= "<br/>" . htmlspecialchars($line) . "\n";
- return ($errcode);
} else {
if ($reload && haproxy_is_running()) {
//exec("/bin/pkill -F /var/run/haproxy.pid haproxy");//doesnt work for multiple pid's in a pidfile
haproxy_kill();
}
- return (0);
+ $errcode = 0;
}
+ unlock($haproxylock);
+ return ($errcode);
}
function haproxy_kill($killimmediately = true) {
@@ -1264,7 +1356,7 @@ function get_primaryfrontend($frontend) {
function get_frontend_ipport($frontend,$userfriendly=false) {
$mainfrontend = get_primaryfrontend($frontend);
- $result = haproxy_interface_ip($mainfrontend['extaddr'],$userfriendly);
+ $result = haproxy_interface_ip($mainfrontend['extaddr'], $userfriendly);
if ($userfriendly and is_ipaddrv6($result))
$result = "[{$result}]";
return $result . ":" . $mainfrontend['port'];
@@ -1318,6 +1410,7 @@ function get_haproxy_frontends($excludeitem="") {
}
function get_frontend_acls($frontend) {
+ $mainfrontend = get_primaryfrontend($frontend);
$result = array();
$a_acl = &$frontend['ha_acls']['item'];
if (is_array($a_acl))
@@ -1328,7 +1421,7 @@ function get_frontend_acls($frontend) {
continue;
// Filter out acls for different modes
- if ($acl['mode'] != '' && $acl['mode'] != strtolower($frontend['type']))
+ if ($acl['mode'] != '' && $acl['mode'] != strtolower($mainfrontend['type']))
continue;
$acl_item = array();
@@ -1338,17 +1431,52 @@ function get_frontend_acls($frontend) {
$result[] = $acl_item;
}
}
+
+ if (strtolower($mainfrontend['type']) == "http" && $mainfrontend['ssloffload']) {
+ $a_acl = &$frontend['ha_acls']['item'];
+ if(!is_array($a_acl))
+ $a_acl=array();
+
+ $poolname = $frontend['backend_serverpool'] . "_" . strtolower($frontend['type']);
+ $aclname = "SNI_" . $poolname;
+ if ($frontend['ssloffloadacl']){
+ $cert = lookup_cert($frontend['ssloffloadcert']);
+ $cert_cn = cert_get_cn($cert['crt']);
+ $descr = haproxy_escape_acl_name($cert['descr']);
+ unset($cert);
+ $acl_item = array();
+ $acl_item['descr'] = "Certificate ACL ".$cert_cn;
+ $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
+ $result[] = $acl_item;
+ }
+ if ($frontend['ssloffloadacladditional']){
+ $certs = $frontend['ha_certificates']['item'];
+ if (is_array($certs)){
+ foreach($certs as $certref){
+ $cert = lookup_cert($certref['ssl_certificate']);
+ $cert_cn = cert_get_cn($cert['crt']);
+ $descr = haproxy_escape_acl_name($cert['descr']);
+ unset($cert);
+ $acl_item = array();
+ $acl_item['descr'] = "Additional certificate ACLs: ".$cert_cn;
+ $acl_item['ref'] = array('name' => "{$aclname}_{$descr}",'expression' => 'host_matches', 'value' => $cert_cn);
+ $result[] = $acl_item;
+ }
+ }
+ }
+ }
return $result;
}
function get_backend($name) {
global $config;
$a_backend = &$config['installedpackages']['haproxy']['ha_pools']['item'];
- foreach($a_backend as $key => $backend)
- {
- if ($backend['name'] == $name)
- return $backend;
- }
+ if(is_array($a_backend))
+ foreach($a_backend as $key => $backend)
+ {
+ if ($backend['name'] == $name)
+ return $backend;
+ }
return null;
}
diff --git a/config/haproxy-devel/haproxy.widget.php b/config/haproxy-devel/haproxy.widget.php
index 7954e404..5d664e81 100644
--- a/config/haproxy-devel/haproxy.widget.php
+++ b/config/haproxy-devel/haproxy.widget.php
@@ -3,7 +3,7 @@
Copyright (C) 2013 PiBa-NL
Copyright 2011 Thomas Schaefer - Tomschaefer.org
Copyright 2011 Marcello Coutinho
- Part of pfSense widgets (www.pfsense.com)
+ Part of pfSense widgets (www.pfsense.org)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml
index bbc32575..acd934a7 100644
--- a/config/haproxy-devel/haproxy.xml
+++ b/config/haproxy-devel/haproxy.xml
@@ -58,76 +58,84 @@
<executable>haproxy</executable>
<description>The Reliable, High Performance TCP/HTTP Load Balancer</description>
</service>
+ <plugins>
+ <item>
+ <type>plugin_carp</type>
+ </item>
+ <item>
+ <type>plugin_certificates</type>
+ </item>
+ </plugins>
<configpath>installedpackages->haproxy->config</configpath>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_listeners.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_listeners.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_listeners_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_listeners_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_global.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_global.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_pools.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_pools.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_pool_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_pool_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_stats.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_stats.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_socketinfo.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_socketinfo.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_xmlrpcsyncclient.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_htmllist.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_htmllist.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy_utils.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy_utils.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/haproxy.widget.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.widget.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/haproxy-devel/pkg_haproxy.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/pkg_haproxy.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-devel/pkg_haproxy_tabs.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-devel/pkg_haproxy_tabs.inc</item>
</additional_files_needed>
<custom_delete_php_command>
</custom_delete_php_command>
diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php
index 8264558f..50472d9f 100755
--- a/config/haproxy-devel/haproxy_global.php
+++ b/config/haproxy-devel/haproxy_global.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool.php,v 1.5.2.6 2007/03/02 23:48:32 smos Exp $ */
/*
haproxy_global.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 PiBa-NL
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
@@ -36,6 +36,8 @@ require_once("haproxy_utils.inc");
require_once("globals.inc");
require_once("pkg_haproxy_tabs.inc");
+$simplefields = array('localstats_refreshtime','localstats_sticktable_refreshtime');
+
if (!is_array($config['installedpackages']['haproxy']))
$config['installedpackages']['haproxy'] = array();
@@ -68,7 +70,13 @@ if ($_POST) {
$input_errors[] = "The maximum number of connections should be numeric.";
if ($_POST['localstatsport'] && (!is_numeric($_POST['localstatsport'])))
- $input_errors[] = "The local stats port should be numeric.";
+ $input_errors[] = "The local stats port should be numeric or empty.";
+
+ if ($_POST['localstats_refreshtime'] && (!is_numeric($_POST['localstats_refreshtime'])))
+ $input_errors[] = "The local stats refresh time should be numeric or empty.";
+
+ if ($_POST['localstats_sticktable_refreshtime'] && (!is_numeric($_POST['localstats_sticktable_refreshtime'])))
+ $input_errors[] = "The local stats sticktable refresh time should be numeric or empty.";
/*if($_POST['synchost1'] && !is_ipaddr($_POST['synchost1']))
$input_errors[] = "Synchost1 needs to be an IPAddress.";
@@ -93,6 +101,8 @@ if ($_POST) {
$config['installedpackages']['haproxy']['localstatsport'] = $_POST['localstatsport'] ? $_POST['localstatsport'] : false;
$config['installedpackages']['haproxy']['advanced'] = $_POST['advanced'] ? base64_encode($_POST['advanced']) : false;
$config['installedpackages']['haproxy']['nbproc'] = $_POST['nbproc'] ? $_POST['nbproc'] : false;
+ foreach($simplefields as $stat)
+ $config['installedpackages']['haproxy'][$stat] = $_POST[$stat];
touch($d_haproxyconfdirty_path);
write_config();
}
@@ -114,6 +124,8 @@ $pconfig['carpdev'] = $config['installedpackages']['haproxy']['carpdev'];
$pconfig['localstatsport'] = $config['installedpackages']['haproxy']['localstatsport'];
$pconfig['advanced'] = base64_decode($config['installedpackages']['haproxy']['advanced']);
$pconfig['nbproc'] = $config['installedpackages']['haproxy']['nbproc'];
+foreach($simplefields as $stat)
+ $pconfig[$stat] = $config['installedpackages']['haproxy'][$stat];
// defaults
if (!$pconfig['logfacility'])
@@ -121,8 +133,8 @@ if (!$pconfig['logfacility'])
if (!$pconfig['loglevel'])
$pconfig['loglevel'] = 'info';
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Settings";
@@ -162,20 +174,6 @@ function enable_change(enable_change) {
<div id="mainarea">
<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td colspan="2" valign="top" class="listtopic">Recalculate certificate chain.</td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell">&nbsp;</td>
- <td width="78%" class="vtable">
- <input type="hidden" name="calculate_certificate_chain" id="calculate_certificate_chain" />
- <input type="button" class="formbtn" value="Recalculate certificate chains" onclick="$('calculate_certificate_chain').value='true';document.iform.submit();" />
- <br/>
- This can be required after certificates have been created or imported. As pfSense 2.1.0 currently does not
- always keep track of these dependencies which might be required to create a proper certificate chain when using SSLoffloading.
- </td>
- </tr>
-
- <tr>
<td colspan="2" valign="top" class="listtopic">General settings</td>
</tr>
<tr>
@@ -199,11 +197,17 @@ function enable_change(enable_change) {
</table>
Sets the maximum per-process number of concurrent connections to X.<br/>
<strong>NOTE:</strong> setting this value too high will result in HAProxy not being able to allocate enough memory.<br/>
+ <p>
<?php
$memusage = trim(`ps auxw | grep haproxy | grep -v grep | awk '{ print $5 }'`);
if($memusage)
- echo "<p>Current memory usage: {$memusage} K.</p>";
+ echo "Current memory usage: <b>{$memusage} kB.</b><br/>";
?>
+ Current <a href='/system_advanced_sysctl.php'>'System Tunables'</a> settings.<br/>
+ &nbsp;&nbsp;'kern.maxfiles': <b><?=`sysctl kern.maxfiles | awk '{ print $2 }'`?></b><br/>
+ &nbsp;&nbsp;'kern.maxfilesperproc': <b><?=`sysctl kern.maxfilesperproc | awk '{ print $2 }'`?></b><br/>
+ </p>
+ Full memory usage will only show after all connections have actually been used.
</td><td>
<table style="border: 1px solid #000;">
<tr>
@@ -216,23 +220,29 @@ function enable_change(enable_change) {
</td>
</tr>
<tr>
- <td align="right"><font size=-1>999</font></td>
- <td><font size=-1>1888K</font></td>
+ <td align="right"><font size=-1>1</font></td>
+ <td><font size=-1>50 kB</font></td>
+ </tr>
+ <tr>
+ <td align="right"><font size=-1>1.000</font></td>
+ <td><font size=-1>48 MB</font></td>
</tr>
<tr>
- <td align="right"><font size=-1>99999</font></td>
- <td><font size=-1>8032K</font></td>
+ <td align="right"><font size=-1>10.000</font></td>
+ <td><font size=-1>488 MB</font></td>
</tr>
<tr>
- <td align="right"><font size=-1>999999</font></td>
- <td><font size=-1>50016K</font></td>
+ <td align="right"><font size=-1>100.000</font></td>
+ <td><font size=-1>4,8 GB</font></td>
</tr>
<tr>
- <td align="right"><font size=-1>9999999</font></td>
- <td><font size=-1>467M</font></td>
+ <td colspan="2" style="white-space: nowrap"><font size=-2>Calculated for plain HTTP connections,<br/>using ssl offloading will increase this.</font></td>
</tr>
</table>
</td></tr></table>
+ When setting a high amount of allowed simultaneous connections you will need to add and or increase the following two <b><a href='/system_advanced_sysctl.php'>'System Tunables'</a></b> kern.maxfiles and kern.maxfilesperproc.
+ For HAProxy alone set these to at least the number of allowed connections * 2 + 31. So for 100.000 connections these need to be 200.031 or more to avoid trouble, take into account that handles are also used by other processes when setting kern.maxfiles.
+ <br/>
</td>
</tr>
<tr>
@@ -352,12 +362,25 @@ function enable_change(enable_change) {
</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell">Internal stats refresh rate</td>
+ <td class="vtable">
+ <input name="localstats_refreshtime" type="text" <?if(isset($pconfig['localstats_refreshtime'])) echo "value=\"{$pconfig['localstats_refreshtime']}\"";?> size="10" maxlength="5" /> Seconds, Leave this setting empty to not refresh the page automatically. EXAMPLE: 10
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Sticktable page refresh rate</td>
+ <td class="vtable">
+ <input name="localstats_sticktable_refreshtime" type="text" <?if(isset($pconfig['localstats_sticktable_refreshtime'])) echo "value=\"{$pconfig['localstats_sticktable_refreshtime']}\"";?> size="10" maxlength="5" /> Seconds, Leave this setting empty to not refresh the page automatically. EXAMPLE: 10
+ </td>
+ </tr>
+ <tr>
<td colspan="2" valign="top" class="listtopic">Global Advanced pass thru</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">&nbsp;</td>
<td width="78%" class="vtable">
- <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea>
+ <? $textrowcount = max(substr_count($pconfig['advanced'],"\n"), 2) + 2; ?>
+ <textarea name='advanced' rows="<?=$textrowcount;?>" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea>
<br/>
NOTE: paste text into this box that you would like to pass thru in the global settings area.
</td>
@@ -368,6 +391,19 @@ function enable_change(enable_change) {
</td>
</tr>
<tr>
+ <td colspan="2" valign="top" class="listtopic">Recalculate certificate chain.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">&nbsp;</td>
+ <td width="78%" class="vtable">
+ <input type="hidden" name="calculate_certificate_chain" id="calculate_certificate_chain" />
+ <input type="button" class="formbtn" value="Recalculate certificate chains" onclick="$('calculate_certificate_chain').value='true';document.iform.submit();" />(Other changes on this page will be lost)
+ <br/>
+ This can be required after certificates have been created or imported. As pfSense 2.1.0 currently does not
+ always keep track of these dependencies which might be required to create a proper certificate chain when using SSLoffloading.
+ </td>
+ </tr>
+ <tr>
<td colspan="2" valign="top" class="listtopic">Configuration synchronization</td>
</tr>
<tr>
diff --git a/config/haproxy-devel/haproxy_htmllist.inc b/config/haproxy-devel/haproxy_htmllist.inc
index 2e93ca2a..ae46ffd4 100644
--- a/config/haproxy-devel/haproxy_htmllist.inc
+++ b/config/haproxy-devel/haproxy_htmllist.inc
@@ -1,7 +1,7 @@
<?php
/*
haproxy_htmllist.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 PiBa-NL
All rights reserved.
diff --git a/config/haproxy-devel/haproxy_listeners.php b/config/haproxy-devel/haproxy_listeners.php
index 2a1f12e6..7022ec34 100644
--- a/config/haproxy-devel/haproxy_listeners.php
+++ b/config/haproxy-devel/haproxy_listeners.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */
/*
haproxy_listeners.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 PiBa-NL
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
@@ -70,8 +70,8 @@ if ($_GET['act'] == "del") {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Frontends";
@@ -123,8 +123,10 @@ include("head.inc");
$a_frontend_grouped = array();
foreach($a_frontend as &$frontend2) {
+ $mainfrontend = get_primaryfrontend($frontend2);
$ipport = get_frontend_ipport($frontend2, true);
$frontend2['ipport'] = $ipport;
+ $frontend2['type'] = $mainfrontend['type'];
$a_frontend_grouped[$ipport][] = $frontend2;
}
ksort($a_frontend_grouped);
@@ -167,29 +169,27 @@ include("head.inc");
$acls = get_frontend_acls($frontend);
$isaclset = "";
foreach ($acls as $acl) {
- $isaclset .= "&#10;" . $acl['descr'];
+ $isaclset .= "&#10;" . htmlspecialchars($acl['descr']);
}
- if ($frontend['ssloffloadacl'])
- $isaclset .= "&#10;" . "Certificate ACL";
- if ($frontend['ssloffloadacladditional'])
- $isaclset .= "&#10;" . "Additional certificate ACLs";
if ($isaclset)
echo "<img src=\"$img_acl\" title=\"" . gettext("acl's used") . ": {$isaclset}\" border=\"0\" />";
$isadvset = "";
- if ($frontend['advanced_bind']) $isadvset .= "Advanced bind: {$frontend['advanced_bind']}\r\n";
+ if ($frontend['advanced_bind']) $isadvset .= "Advanced bind: ".htmlspecialchars($frontend['advanced_bind'])."\r\n";
if ($frontend['advanced']) $isadvset .= "Advanced pass thru setting used\r\n";
if ($isadvset)
echo "<img src=\"$img_adv\" title=\"" . gettext("Advanced settings set") . ": {$isadvset}\" border=\"0\" />";
$backend_serverpool = $frontend['backend_serverpool'];
$backend = get_backend($backend_serverpool );
- $servers = $backend['ha_servers']['item'];
- $backend_serverpool_hint = gettext("Servers in pool:");
- if (is_array($servers)){
- foreach($servers as $server){
- $backend_serverpool_hint .= "\n".$server['address'].":".$server['port'];
+ if ($backend && is_array($backend['ha_servers']['item'])){
+ $servers = $backend['ha_servers']['item'];
+ $backend_serverpool_hint = gettext("Servers in pool:");
+ if (is_array($servers)){
+ foreach($servers as $server){
+ $backend_serverpool_hint .= "\n".$server['address'].":".$server['port'];
+ }
}
}
?>
diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php
index bd0f93d5..6731731d 100644
--- a/config/haproxy-devel/haproxy_listeners_edit.php
+++ b/config/haproxy-devel/haproxy_listeners_edit.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */
/*
haproxy_listeners_edit.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
Copyright (C) 2013 PiBa-NL merging (some of the) "haproxy-devel" changes from: Marcello Coutinho <marcellocoutinho@gmail.com>
@@ -57,8 +57,6 @@ function haproxy_js_acl_select($mode) {
return $seltext;
}
-$d_haproxyconfdirty_path = $g['varrun_path'] . "/haproxy.conf.dirty";
-
if (!is_array($config['installedpackages']['haproxy']['ha_backends']['item'])) {
$config['installedpackages']['haproxy']['ha_backends']['item'] = array();
}
@@ -80,6 +78,12 @@ if (isset($_GET['dup']))
$id = get_frontend_id($id);
+if (!is_numeric($id))
+{
+ //default value for new items.
+ $pconfig['ssloffloadacl'] = "yes";
+}
+
$servercerts = get_certificates_server();
$fields_sslCertificates=array();
@@ -151,8 +155,8 @@ if ($_POST) {
$ports = split(",", $_POST['port'] . ",");
foreach($ports as $port)
- if ($port && !is_numeric($port))
- $input_errors[] = "The field 'Port' value is not a number.";
+ if ($port && !is_numeric($port) && !is_portoralias($port))
+ $input_errors[] = "The field 'Port' value '".htmlspecialchars($port)."' is not a number or alias thereof.";
if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout']))
$input_errors[] = "The field 'Client timeout' value is not a number.";
@@ -223,21 +227,17 @@ if ($_POST) {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
-if (!$id)
-{
- //default value for new items.
- $pconfig['ssloffloadacl'] = "yes";
-}
-
$closehead = false;
$pgtitle = "HAProxy: Frontend: Edit";
include("head.inc");
-$primaryfrontends = get_haproxy_frontends($pconfig['name']);
+if (!isset($_GET['dup']))
+ $excludefrontend = $pconfig['name'];
+$primaryfrontends = get_haproxy_frontends($excludefrontend);
$interfaces = haproxy_get_bindable_interfaces();
?>
@@ -247,6 +247,8 @@ $interfaces = haproxy_get_bindable_interfaces();
.haproxy_primary{}
.haproxy_secondary{display:none;}
</style>
+ <script type="text/javascript" src="/javascript/suggestions.js"></script>
+ <script type="text/javascript" src="/javascript/autosuggest.js"></script>
</head>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
@@ -255,12 +257,18 @@ $interfaces = haproxy_get_bindable_interfaces();
<script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script>
<?php endif; ?>
-
<script type="text/javascript">
function htmllist_get_select_options(tableId) {
var seltext;
seltext = "";
- var type = d.getElementById("type").value;
+ var type;
+ var secondary = d.getElementById("secondary");
+ var primary_frontend = d.getElementById("primary_frontend");
+ if ((secondary !== null) && (secondary.checked))
+ type = primaryfrontends[primary_frontend.value]['ref']['type'];
+ else
+ type = d.getElementById("type").value;
+
if (tableId == 'tableA_acltable'){
if (type == 'health')
seltext = "<?php echo haproxy_js_acl_select('health');?>";
@@ -296,10 +304,10 @@ $interfaces = haproxy_get_bindable_interfaces();
function updatevisibility() {
d = document;
ssloffload = d.getElementById("ssloffload");
- type = d.getElementById("type");
- secondary = d.getElementById("secondary");
- primary_frontend = d.getElementById("primary_frontend");
+ var type;
+ var secondary = d.getElementById("secondary");
+ var primary_frontend = d.getElementById("primary_frontend");
if ((secondary !== null) && (secondary.checked))
type = primaryfrontends[primary_frontend.value]['ref']['type'];
else
@@ -444,8 +452,8 @@ $interfaces = haproxy_get_bindable_interfaces();
<tr class="haproxy_primary" align="left">
<td width="22%" valign="top" class="vncellreq">External port</td>
<td width="78%" class="vtable" colspan="2">
- <input name="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="10" maxlength="500" />
- <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,443</div>
+ <input name="port" id="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="10" maxlength="500" />
+ <div>The port to listen to. To specify multiple ports, separate with a comma (,). EXAMPLE: 80,8000</div>
</td>
</tr>
<tr class="haproxy_primary" align="left">
@@ -546,7 +554,8 @@ $interfaces = haproxy_get_bindable_interfaces();
<tr align="left">
<td width="22%" valign="top" class="vncell">Advanced pass thru</td>
<td width="78%" class="vtable" colspan="2">
- <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo htmlspecialchars($pconfig['advanced']); ?></textarea>
+ <? $textrowcount = max(substr_count($pconfig['advanced'],"\n"), 2) + 2; ?>
+ <textarea name='advanced' rows="<?=$textrowcount;?>" cols="70" id='advanced'><?php echo htmlspecialchars($pconfig['advanced']); ?></textarea>
<br/>
NOTE: paste text into this box that you would like to pass thru.
</td>
@@ -597,7 +606,7 @@ $interfaces = haproxy_get_bindable_interfaces();
<tr class="haproxy_ssloffloading_enabled haproxy_primary" align="left">
<td width="22%" valign="top" class="vncell">Advanced ssl options</td>
<td width="78%" class="vtable" colspan="2">
- <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> maxlength="64" />
+ <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo 'value="'.htmlspecialchars($pconfig['dcertadv']).'"';?> />
<br/>
NOTE: Paste additional ssl options(without commas) to include on ssl listening options.<br/>
some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
@@ -638,6 +647,9 @@ $interfaces = haproxy_get_bindable_interfaces();
<script type="text/javascript">
totalrows = <?php echo $counter; ?>;
updatevisibility();
+
+ var customarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>;
+ var oTextbox1 = new AutoSuggestControl(document.getElementById("port"), new StateSuggestions(customarray));
</script>
<?php
haproxy_htmllist_js();
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index 9b64df87..49eb4271 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */
/*
haproxy_pool_edit.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 PiBa-NL
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
@@ -221,12 +221,8 @@ if ($_POST) {
$pool['ha_servers']['item']=$a_servers;
- update_if_changed("name", $pool['name'], $_POST['name']);
- update_if_changed("cookie", $pool['cookie'], $_POST['cookie']);
update_if_changed("advanced", $pool['advanced'], base64_encode($_POST['advanced']));
update_if_changed("advanced_backend", $pool['advanced_backend'], base64_encode($_POST['advanced_backend']));
- update_if_changed("checkinter", $pool['checkinter'], $_POST['checkinter']);
- update_if_changed("monitor_uri", $pool['monitor_uri'], $_POST['monitor_uri']);
global $simplefields;
foreach($simplefields as $stat)
@@ -254,8 +250,8 @@ if ($_POST) {
$pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item'];
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$closehead = false;
@@ -308,6 +304,18 @@ foreach($simplefields as $field){
}
}
}
+ function toggleCSSdisplay(cssID)
+ {
+ var ss = document.styleSheets;
+ for (var i=0; i<ss.length; i++) {
+ var rules = ss[i].cssRules || ss[i].rules;
+ for (var j=0; j<rules.length; j++) {
+ if (rules[j].selectorText === cssID) {
+ rules[j].style.display = rules[j].style.display == "none" ? "" : "none";
+ }
+ }
+ }
+ }
function updatevisibility()
{
@@ -383,11 +391,36 @@ foreach($simplefields as $field){
</tr>
<tr align="left">
<td class="vncell" colspan="3"><strong>Server list</strong>
+ <span style="float:right;">
+ Toggle serverlist help. <a onclick="toggleCSSdisplay('.haproxy_help_serverlist');" title="<?php echo gettext("Help"); ?>"><img style="vertical-align:middle" src="/themes/<?php echo $g['theme']; ?>/images/icons/icon_help.gif" border="0" alt="help" /></a>
+ </span>
<?
$counter=0;
$a_servers = $pconfig['a_servers'];
haproxy_htmllist("tableA_servers", $a_servers, $fields_servers);
?>
+ <table class="haproxy_help_serverlist" style="border:1px dashed green" cellspacing="0">
+ <tr><td class="vncell">
+ Mode: </td><td class="vncell">Active: server will be used normally<br/>
+ Backup: server is only used in load balancing when all other non-backup servers are unavailable<br/>
+ Disabled: server is marked down in maintenance mode<br/>
+ Inactive: server will not be available for use
+ </td></tr><tr><td class="vncell">
+ Name: </td><td class="vncell">Used to as a name for the server in for example the stats<br/>EXAMPLE: MyWebServer
+ </td></tr><tr><td class="vncell">
+ Address: </td><td class="vncell">IP or hostname(only resolved on start-up.)<br/>EXAMPLE: 192.168.1.22 , fe80::1000:2000:3000:4000%em0 , WebServer1.localdomain
+ </td></tr><tr><td class="vncell">
+ Port: </td><td class="vncell">The port of the backend.<br/>EXAMPLE: 80 or 443<br/>
+ </td></tr><tr><td class="vncell">
+ SSL: </td><td class="vncell">Is the backend using SSL (commonly with port 443)<br/>
+ </td></tr><tr><td class="vncell">
+ Weight: </td><td class="vncell">A weight between 0 and 256, this setting can be used when multiple servers on different hardware need to be balanced with with a different part the traffic. A server with weight 0 wont get new traffic. Default if empty: 1
+ </td></tr><tr><td class="vncell">
+ Cookie: </td><td class="vncell">the value of the cookie used to identify a server (only when cookie-persistence is enabled below)
+ </td></tr><tr><td class="vncell">
+ Advanced: </td><td class="vncell">More advanced settings like rise,fall,error-limit,send-proxy and others can be configured here.<br/>For a full list of options see the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2">HAProxy manual: Server and default-server options</a>
+ </td></tr>
+ </table>
</td>
</tr>
<tr align="left">
@@ -459,6 +492,7 @@ foreach($simplefields as $field){
<tr align="left">
<td width="22%" valign="top" class="vncell">Transparent ClientIP</td>
<td width="78%" class="vtable" colspan="2">
+ WARNING Activating this option will load rules in IPFW and might interfere with CaptivePortal and possibly other services due to the way server return traffic must be 'captured' with a automatically created fwd rule. This also breaks directly accessing the (web)server on the ports configured above. Also a automatic sloppy pf rule is made to allow HAProxy to server traffic.<br/>
<input id="transparent_clientip" name="transparent_clientip" type="checkbox" value="yes" <?php if ($pconfig['transparent_clientip']=='yes') echo "checked"; ?> onclick='updatevisibility();' />
Use Client-IP to connect to backend servers.
<div class="haproxy_transparent_clientip">
@@ -479,13 +513,13 @@ foreach($simplefields as $field){
For proper workings this requires the reply's traffic to pass through pfSense by means of correct routing.
(uses the option "source 0.0.0.0 usesrc clientip")
<br/><br/>
- Note : When this is enabled for a single backend HAProxy will run as 'root', which reduces security.
+ Note : When this is enabled for a single backend HAProxy will run as 'root' instead of chrooting to a lower privileged user, this reduces security in case of a a bit.
</td>
</tr>
<tr align="left">
<td width="22%" valign="top" class="vncell">Per server pass thru</td>
<td width="78%" class="vtable" colspan="2">
- <input type="text" name='advanced' id='advanced' value='<?php echo $pconfig['advanced']; ?>' size="64" />
+ <input type="text" name='advanced' id='advanced' value='<?php echo htmlspecialchars($pconfig['advanced']); ?>' size="64" />
<br/>
NOTE: paste text into this box that you would like to pass thru. Applied to each 'server' line.
</td>
@@ -494,7 +528,8 @@ foreach($simplefields as $field){
<tr align="left">
<td width="22%" valign="top" class="vncell">Backend pass thru</td>
<td width="78%" class="vtable" colspan="2">
- <textarea rows="4" cols="70" name='advanced_backend' id='advanced_backend'><?php echo $pconfig['advanced_backend']; ?></textarea>
+ <? $textrowcount = max(substr_count($pconfig['advanced_backend'],"\n"), 2) + 2; ?>
+ <textarea rows="<?=$textrowcount;?>" cols="70" name='advanced_backend' id='advanced_backend'><?php echo htmlspecialchars($pconfig['advanced_backend']); ?></textarea>
<br/>
NOTE: paste text into this box that you would like to pass thru. Applied to the backend section.
</td>
@@ -629,10 +664,10 @@ set by the 'retries' parameter.</div>
</td>
</tr>
<tr><td>&nbsp;</td></tr>
- <tr>
+ <tr>
<td colspan="2" valign="top" class="listtopic">Cookie persistence</td>
- </tr>
- <tr align="left">
+ </tr>
+ <tr align="left">
<td width="22%" valign="top" class="vncell">Cookie Enabled</td>
<td width="78%" class="vtable" colspan="2">
<input id="persist_cookie_enabled" name="persist_cookie_enabled" type="checkbox" value="yes" <?php if ($pconfig['persist_cookie_enabled']=='yes') echo "checked"; ?> onclick='updatevisibility();' />
@@ -664,7 +699,7 @@ set by the 'retries' parameter.</div>
<br/>
<textarea readonly="yes" cols="60" rows="2" id="persist_cookie_mode_description" name="persist_cookie_mode_description" style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea>
</td>
- </tr>
+ </tr>
<tr class="haproxy_cookie_visible" align="left">
<td width="22%" valign="top" class="vncell">Cookie Cachable</td>
<td width="78%" class="vtable" colspan="2">
@@ -673,11 +708,11 @@ set by the 'retries' parameter.</div>
</td>
</tr>
<tr><td>&nbsp;</td></tr>
- <tr>
+ <tr>
<td colspan="2" valign="top" class="listtopic">Stick-table persistence</td>
- </tr>
+ </tr>
<tr><td class="vncell"></td><td class="vncell">These options are used to make sure seperate requests from a single client go to the same backend. This can be required for servers that keep track of for example a shopping cart.</td></tr>
- <tr align="left">
+ <tr align="left">
<td width="22%" valign="top" class="vncell">Stick tables</td>
<td width="78%" class="vtable" colspan="2">
<?
diff --git a/config/haproxy-devel/haproxy_pools.php b/config/haproxy-devel/haproxy_pools.php
index 01655006..92235933 100644
--- a/config/haproxy-devel/haproxy_pools.php
+++ b/config/haproxy-devel/haproxy_pools.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */
/*
haproxy_pools.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 PiBa-NL
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
@@ -65,8 +65,8 @@ if ($_GET['act'] == "del") {
exit;
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Backend server pools";
diff --git a/config/haproxy-devel/haproxy_socketinfo.inc b/config/haproxy-devel/haproxy_socketinfo.inc
index 5c6e847d..6beb17c5 100644
--- a/config/haproxy-devel/haproxy_socketinfo.inc
+++ b/config/haproxy-devel/haproxy_socketinfo.inc
@@ -3,7 +3,7 @@
Copyright (C) 2013 PiBa-NL
Copyright 2011 Thomas Schaefer - Tomschaefer.org
Copyright 2011 Marcello Coutinho
- Part of pfSense widgets (www.pfsense.com)
+ Part of pfSense widgets (www.pfsense.org)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/haproxy-devel/haproxy_stats.php b/config/haproxy-devel/haproxy_stats.php
index 8ad04c92..10dd136a 100644
--- a/config/haproxy-devel/haproxy_stats.php
+++ b/config/haproxy-devel/haproxy_stats.php
@@ -1,7 +1,7 @@
<?php
/*
haproxy_stats.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 PiBa-NL
All rights reserved.
@@ -65,7 +65,8 @@ if (isset($_GET['haproxystats']) || isset($_GET['scope']) || (isset($_POST) && i
}
require_once("guiconfig.inc");
if (isset($_GET['showsticktablecontent'])){
- header("Refresh: 2");
+ if (is_numeric($pconfig['localstats_sticktable_refreshtime']))
+ header("Refresh: {$pconfig['localstats_sticktable_refreshtime']}");
}
$shortcut_section = "haproxy";
require_once("haproxy.inc");
@@ -128,8 +129,8 @@ if ($_POST) {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Stats";
@@ -163,7 +164,7 @@ include("head.inc");
if (isset($_GET['showsticktablecontent'])){
$sticktablename = $_GET['showsticktablecontent'];
echo "<td colspan='2'>";
- echo "TESTJe<br/>";
+ echo "Contents of the sticktable: $sticktablename<br/>";
$res = haproxy_socket_command("show table $sticktablename");
foreach($res as $line){
echo "<br/>".print_r($line,true);
diff --git a/config/haproxy-devel/haproxy_utils.inc b/config/haproxy-devel/haproxy_utils.inc
index 058efc98..03bd434f 100644
--- a/config/haproxy-devel/haproxy_utils.inc
+++ b/config/haproxy-devel/haproxy_utils.inc
@@ -1,7 +1,7 @@
<?php
/*
haproxy_utils.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 PiBa-NL
All rights reserved.
diff --git a/config/haproxy-legacy/haproxy.inc b/config/haproxy-legacy/haproxy.inc
index 47dc5474..9f4b4ba6 100644
--- a/config/haproxy-legacy/haproxy.inc
+++ b/config/haproxy-legacy/haproxy.inc
@@ -308,7 +308,7 @@ function haproxy_configure() {
$freebsd_version = substr(trim(`uname -r`), 0, 1);
if(!file_exists("/usr/bin/limits")) {
- exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits");
+ exec("fetch -q -o /usr/bin/limits https://files.pfsense.org/extras/{$freebsd_version}/limits");
exec("chmod a+rx /usr/bin/limits");
}
diff --git a/config/haproxy-legacy/haproxy.xml b/config/haproxy-legacy/haproxy.xml
index 5706f3c7..8892c77c 100644
--- a/config/haproxy-legacy/haproxy.xml
+++ b/config/haproxy-legacy/haproxy.xml
@@ -62,42 +62,42 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_frontends.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_frontends.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_frontends_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_frontends_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_global.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_global.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_servers.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_servers.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-legacy/haproxy_servers_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy_servers_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/haproxy-legacy/pkg_haproxy.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-legacy/pkg_haproxy.inc</item>
</additional_files_needed>
<custom_delete_php_command>
</custom_delete_php_command>
@@ -110,7 +110,7 @@
included in package install
$freebsdv=trim(`uname -r | cut -d'.' -f1`);
conf_mount_rw();
- `fetch -q -o /usr/local/sbin/ http://www.pfsense.org/packages/config/haproxy-legacy/binaries{$freebsdv}/haproxy`;
+ `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/haproxy-legacy/binaries{$freebsdv}/haproxy`;
exec("chmod a+rx /usr/local/sbin/haproxy");
*/
haproxy_custom_php_install_command();
diff --git a/config/haproxy-legacy/haproxy_frontends.php b/config/haproxy-legacy/haproxy_frontends.php
index e97fbc7b..1aef0b8f 100755
--- a/config/haproxy-legacy/haproxy_frontends.php
+++ b/config/haproxy-legacy/haproxy_frontends.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */
/*
haproxy_baclkends.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -65,8 +65,8 @@ if ($_GET['act'] == "del") {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Frontend";
diff --git a/config/haproxy-legacy/haproxy_frontends_edit.php b/config/haproxy-legacy/haproxy_frontends_edit.php
index 99391fe9..db1c71be 100755
--- a/config/haproxy-legacy/haproxy_frontends_edit.php
+++ b/config/haproxy-legacy/haproxy_frontends_edit.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */
/*
haproxy_frontends_edit.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 Marcello Coutinho
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
@@ -263,8 +263,8 @@ if ($_POST) {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "HAProxy: Frontend: Edit";
diff --git a/config/haproxy-legacy/haproxy_global.php b/config/haproxy-legacy/haproxy_global.php
index f47ada8b..509fdfe2 100755
--- a/config/haproxy-legacy/haproxy_global.php
+++ b/config/haproxy-legacy/haproxy_global.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool.php,v 1.5.2.6 2007/03/02 23:48:32 smos Exp $ */
/*
haproxy_global.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 Marcello Coutinho
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
@@ -81,8 +81,8 @@ $pconfig['remotesyslog'] = $config['installedpackages']['haproxy']['remotesyslog
$pconfig['advanced'] = base64_decode($config['installedpackages']['haproxy']['advanced']);
$pconfig['nbproc'] = $config['installedpackages']['haproxy']['nbproc'];
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Settings";
diff --git a/config/haproxy-legacy/haproxy_servers.php b/config/haproxy-legacy/haproxy_servers.php
index b8f58b73..e04ed74c 100755
--- a/config/haproxy-legacy/haproxy_servers.php
+++ b/config/haproxy-legacy/haproxy_servers.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */
/*
haproxy_servers.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -66,8 +66,8 @@ if ($_GET['act'] == "del") {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Servers";
diff --git a/config/haproxy-legacy/haproxy_servers_edit.php b/config/haproxy-legacy/haproxy_servers_edit.php
index 4a8072b3..86431992 100755
--- a/config/haproxy-legacy/haproxy_servers_edit.php
+++ b/config/haproxy-legacy/haproxy_servers_edit.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */
/*
haproxy_servers_edit.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2013 Marcello Coutinho
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
@@ -149,8 +149,8 @@ if ($_POST) {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "HAProxy: Server: Edit";
diff --git a/config/haproxy-stable/haproxy.inc b/config/haproxy-stable/haproxy.inc
index eb45f21d..2b132a85 100644
--- a/config/haproxy-stable/haproxy.inc
+++ b/config/haproxy-stable/haproxy.inc
@@ -445,7 +445,7 @@ function haproxy_configure() {
$freebsd_version = substr(trim(`uname -r`), 0, 1);
if(!file_exists("/usr/bin/limits")) {
- exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits");
+ exec("fetch -q -o /usr/bin/limits https://files.pfsense.org/extras/{$freebsd_version}/limits");
exec("chmod a+rx /usr/bin/limits");
}
diff --git a/config/haproxy-stable/haproxy.xml b/config/haproxy-stable/haproxy.xml
index 50907cfe..a69b5df9 100644
--- a/config/haproxy-stable/haproxy.xml
+++ b/config/haproxy-stable/haproxy.xml
@@ -62,32 +62,32 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_listeners.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_listeners.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_listeners_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_listeners_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_global.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_global.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_pools.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_pools.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy-stable/haproxy_pool_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy-stable/haproxy_pool_edit.php</item>
</additional_files_needed>
<custom_delete_php_command>
</custom_delete_php_command>
@@ -98,7 +98,7 @@
<custom_php_install_command>
$freebsdv=trim(`uname -r | cut -d'.' -f1`);
conf_mount_rw();
- `fetch -q -o /usr/local/sbin/ http://files.pfsense.org/packages/7/haproxy-dev/haproxy`;
+ `fetch -q -o /usr/local/sbin/ https://files.pfsense.org/packages/7/haproxy-dev/haproxy`;
exec("chmod a+rx /usr/local/sbin/haproxy");
haproxy_custom_php_install_command();
</custom_php_install_command>
diff --git a/config/haproxy-stable/haproxy_global.php b/config/haproxy-stable/haproxy_global.php
index 0e960611..c8b05d52 100755
--- a/config/haproxy-stable/haproxy_global.php
+++ b/config/haproxy-stable/haproxy_global.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool.php,v 1.5.2.6 2007/03/02 23:48:32 smos Exp $ */
/*
haproxy_global.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -107,8 +107,8 @@ if (!$pconfig['logfacility'])
if (!$pconfig['loglevel'])
$pconfig['loglevel'] = 'info';
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Settings";
diff --git a/config/haproxy-stable/haproxy_listeners.php b/config/haproxy-stable/haproxy_listeners.php
index ef67108b..8c6125f0 100755
--- a/config/haproxy-stable/haproxy_listeners.php
+++ b/config/haproxy-stable/haproxy_listeners.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */
/*
haproxy_baclkends.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -65,8 +65,8 @@ if ($_GET['act'] == "del") {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Listener";
diff --git a/config/haproxy-stable/haproxy_listeners_edit.php b/config/haproxy-stable/haproxy_listeners_edit.php
index 22be121b..e9c6187c 100755
--- a/config/haproxy-stable/haproxy_listeners_edit.php
+++ b/config/haproxy-stable/haproxy_listeners_edit.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */
/*
haproxy_listeners_edit.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -241,8 +241,8 @@ if ($_POST) {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "HAProxy: Listener: Edit";
diff --git a/config/haproxy-stable/haproxy_pool_edit.php b/config/haproxy-stable/haproxy_pool_edit.php
index 6087e9d7..1e9958eb 100755
--- a/config/haproxy-stable/haproxy_pool_edit.php
+++ b/config/haproxy-stable/haproxy_pool_edit.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */
/*
haproxy_pool_edit.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -173,8 +173,8 @@ if ($_POST) {
$pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item'];
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "HAProxy: pool: Edit";
diff --git a/config/haproxy-stable/haproxy_pools.php b/config/haproxy-stable/haproxy_pools.php
index 78a1fdff..0edc2ad8 100755
--- a/config/haproxy-stable/haproxy_pools.php
+++ b/config/haproxy-stable/haproxy_pools.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */
/*
haproxy_pools.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -67,8 +67,8 @@ if ($_GET['act'] == "del") {
exit;
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Server pools";
diff --git a/config/haproxy/haproxy.inc b/config/haproxy/haproxy.inc
index aa8d5a3e..5eb2160e 100644
--- a/config/haproxy/haproxy.inc
+++ b/config/haproxy/haproxy.inc
@@ -627,7 +627,7 @@ function haproxy_writeconf() {
$freebsd_version = substr(trim(`uname -r`), 0, 1);
if(!file_exists("/usr/bin/limits")) {
- exec("fetch -q -o /usr/bin/limits http://files.pfsense.org/extras/{$freebsd_version}/limits");
+ exec("fetch -q -o /usr/bin/limits https://files.pfsense.org/extras/{$freebsd_version}/limits");
exec("chmod a+rx /usr/bin/limits");
}
}
diff --git a/config/haproxy/haproxy.xml b/config/haproxy/haproxy.xml
index 227d1b27..3be05802 100644
--- a/config/haproxy/haproxy.xml
+++ b/config/haproxy/haproxy.xml
@@ -62,32 +62,32 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy/haproxy.inc</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy/haproxy.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy/haproxy_listeners.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_listeners.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy/haproxy_listeners_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_listeners_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy/haproxy_global.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_global.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy/haproxy_pools.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_pools.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/haproxy/haproxy_pool_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_pool_edit.php</item>
</additional_files_needed>
<custom_delete_php_command>
</custom_delete_php_command>
@@ -100,7 +100,7 @@
included in package install
$freebsdv=trim(`uname -r | cut -d'.' -f1`);
conf_mount_rw();
- `fetch -q -o /usr/local/sbin/ http://www.pfsense.org/packages/config/haproxy/binaries{$freebsdv}/haproxy`;
+ `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/haproxy/binaries{$freebsdv}/haproxy`;
exec("chmod a+rx /usr/local/sbin/haproxy");
*/
haproxy_custom_php_install_command();
diff --git a/config/haproxy/haproxy_global.php b/config/haproxy/haproxy_global.php
index aa046544..16f5152d 100755
--- a/config/haproxy/haproxy_global.php
+++ b/config/haproxy/haproxy_global.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool.php,v 1.5.2.6 2007/03/02 23:48:32 smos Exp $ */
/*
haproxy_global.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -120,8 +120,8 @@ if (!$pconfig['logfacility'])
if (!$pconfig['loglevel'])
$pconfig['loglevel'] = 'info';
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Settings";
diff --git a/config/haproxy/haproxy_listeners.php b/config/haproxy/haproxy_listeners.php
index 1f6031c2..a5bc9a22 100755
--- a/config/haproxy/haproxy_listeners.php
+++ b/config/haproxy/haproxy_listeners.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */
/*
haproxy_baclkends.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -65,8 +65,8 @@ if ($_GET['act'] == "del") {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Listener";
diff --git a/config/haproxy/haproxy_listeners_edit.php b/config/haproxy/haproxy_listeners_edit.php
index 1695b5d5..2b71c7ea 100755
--- a/config/haproxy/haproxy_listeners_edit.php
+++ b/config/haproxy/haproxy_listeners_edit.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */
/*
haproxy_listeners_edit.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -241,8 +241,8 @@ if ($_POST) {
}
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "HAProxy: Listener: Edit";
diff --git a/config/haproxy/haproxy_pool_edit.php b/config/haproxy/haproxy_pool_edit.php
index 4560bea2..4da508f2 100755
--- a/config/haproxy/haproxy_pool_edit.php
+++ b/config/haproxy/haproxy_pool_edit.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_pool_edit.php,v 1.24.2.23 2007/03/03 00:07:09 smos Exp $ */
/*
haproxy_pool_edit.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -171,8 +171,8 @@ if ($_POST) {
$pconfig['a_servers']=&$a_pools[$id]['ha_servers']['item'];
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "HAProxy: pool: Edit";
diff --git a/config/haproxy/haproxy_pools.php b/config/haproxy/haproxy_pools.php
index 52b7650d..a0bf75a2 100755
--- a/config/haproxy/haproxy_pools.php
+++ b/config/haproxy/haproxy_pools.php
@@ -2,7 +2,7 @@
/* $Id: load_balancer_virtual_server.php,v 1.6.2.1 2006/01/02 23:46:24 sullrich Exp $ */
/*
haproxy_pools.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Scott Ullrich <sullrich@pfsense.com>
Copyright (C) 2008 Remco Hoef <remcoverhoef@pfsense.com>
All rights reserved.
@@ -67,8 +67,8 @@ if ($_GET['act'] == "del") {
exit;
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: HAProxy: Server pools";
diff --git a/config/havp/havp.inc b/config/havp/havp.inc
index 29a109ba..f6e37a3b 100644
--- a/config/havp/havp.inc
+++ b/config/havp/havp.inc
@@ -234,11 +234,11 @@ function havp_deinstall()
# ==============================================================================
# before form
# ------------------------------------------------------------------------------
-function havp_before_form($pkg)
+function havp_before_form(&$pkg)
{
}
# ------------------------------------------------------------------------------
-function havp_fscan_before_form($pkg)
+function havp_fscan_before_form(&$pkg)
{
if(is_array($pkg['fields']['field'])) {
foreach($pkg['fields']['field'] as $key => $field) {
@@ -252,7 +252,7 @@ function havp_fscan_before_form($pkg)
# ------------------------------------------------------------------------------
# validation
# ------------------------------------------------------------------------------
-function havp_validate_settings($post, $input_errors)
+function havp_validate_settings($post, &$input_errors)
{
$submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit'];
diff --git a/config/havp/havp.xml b/config/havp/havp.xml
index 6d991a81..47611030 100644
--- a/config/havp/havp.xml
+++ b/config/havp/havp.xml
@@ -3,7 +3,7 @@
<name>havp</name>
<title>Antivirus: HTTP proxy (havp + clamav)</title>
<category>Status</category>
- <version>0.88_03</version>
+ <version>1.02</version>
<include_file>/usr/local/pkg/havp.inc</include_file>
<menu>
<name>Antivirus</name>
@@ -18,22 +18,22 @@
<description>Antivirus HTTP proxy Service</description>
</service>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/havp/havp.inc</item>
+ <item>https://packages.pfsense.org/packages/config/havp/havp.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<!--additional_files_needed>
- <item>http://www.pfsense.com/packages/config/havp/havp_fscan.xml</item>
+ <item>https://packages.pfsense.org/packages/config/havp/havp_fscan.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed-->
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/havp/havp_avset.xml</item>
+ <item>https://packages.pfsense.org/packages/config/havp/havp_avset.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/havp/antivirus.php</item>
+ <item>https://packages.pfsense.org/packages/config/havp/antivirus.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
@@ -288,10 +288,10 @@
</field>
</fields>
<custom_php_command_before_form>
- havp_before_form(&amp;$pkg);
+ havp_before_form($pkg);
</custom_php_command_before_form>
<custom_php_validation_command>
- havp_validate_settings($_POST, &amp;$input_errors);
+ havp_validate_settings($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
havp_resync();
diff --git a/config/havp/havp_avset.xml b/config/havp/havp_avset.xml
index 3cea9b76..3d4372f4 100644
--- a/config/havp/havp_avset.xml
+++ b/config/havp/havp_avset.xml
@@ -92,10 +92,10 @@
</field>
</fields>
<custom_php_command_before_form>
- havp_before_form(&amp;$pkg);
+ havp_before_form($pkg);
</custom_php_command_before_form>
<custom_php_validation_command>
- havp_validate_settings($_POST, &amp;$input_errors);
+ havp_validate_settings($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
havp_avset_resync();
diff --git a/config/havp/havp_fscan.xml b/config/havp/havp_fscan.xml
index 1f0ca8dc..91dce25c 100644
--- a/config/havp/havp_fscan.xml
+++ b/config/havp/havp_fscan.xml
@@ -36,10 +36,10 @@
</field>
</fields>
<custom_php_command_before_form>
- havp_fscan_before_form(&amp;$pkg);
+ havp_fscan_before_form($pkg);
</custom_php_command_before_form>
<custom_php_validation_command>
- havp_validate_settings($_POST, &amp;$input_errors);
+ havp_validate_settings($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
</custom_php_resync_config_command>
diff --git a/config/hula.xml b/config/hula.xml
index 0270e8c5..fa3d7273 100644
--- a/config/hula.xml
+++ b/config/hula.xml
@@ -72,7 +72,7 @@
</menu>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/All/hula.tgz</item>
+ <item>https://www.pfsense.org/packages/All/hula.tgz</item>
</additional_files_needed>
<!-- Do not save invokes a simple input menu and will not update
diff --git a/config/igmpproxy/firewall_rules_edit.tmp b/config/igmpproxy/firewall_rules_edit.tmp
index dfb40bc8..25b669af 100755
--- a/config/igmpproxy/firewall_rules_edit.tmp
+++ b/config/igmpproxy/firewall_rules_edit.tmp
@@ -2,7 +2,7 @@
/* $Id: firewall_rules_edit.php,v 1.86.2.34.2.5 2007/11/20 00:29:07 cmb Exp $ */
/*
firewall_rules_edit.php
- part of pfSense (http://www.pfsense.com)
+ part of pfSense (https://www.pfsense.org)
Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
originally part of m0n0wall (http://m0n0.ch/wall)
diff --git a/config/igmpproxy/igmpproxy.xml b/config/igmpproxy/igmpproxy.xml
index 5d6fee04..2b531039 100644
--- a/config/igmpproxy/igmpproxy.xml
+++ b/config/igmpproxy/igmpproxy.xml
@@ -54,27 +54,27 @@
<description>IGMP(multicast) proxy.</description>
</service>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/igmpproxy/igmpproxy.inc</item>
+ <item>https://packages.pfsense.org/packages/config/igmpproxy/igmpproxy.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://files.pfsense.org/packages/igmpproxy</item>
+ <item>https://files.pfsense.org/packages/igmpproxy</item>
<prefix>/usr/local/sbin/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/igmpproxy/firewall_rules_edit.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/igmpproxy/firewall_rules_edit.tmp</item>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/igmpproxy/filter.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/igmpproxy/filter.tmp</item>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/igmpproxy/igmpproxy.tbz</item>
+ <item>https://packages.pfsense.org/packages/config/igmpproxy/igmpproxy.tbz</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
diff --git a/config/imspector/imspector.inc b/config/imspector/imspector.inc
index 52c7ae1b..7ade2e68 100644
--- a/config/imspector/imspector.inc
+++ b/config/imspector/imspector.inc
@@ -1,7 +1,7 @@
<?php
/*
imspector.inc
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2012 Marcello Coutinho.
Copyright (C) 2011 Scott Ullrich <sullrich@gmail.com>.
Copyright (C) 2011 Bill Marquette <billm@gmail.com>.
diff --git a/config/imspector/imspector.xml b/config/imspector/imspector.xml
index 72969778..fad8d656 100644
--- a/config/imspector/imspector.xml
+++ b/config/imspector/imspector.xml
@@ -85,37 +85,37 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/imspector/imspector_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/imspector/imspector_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/imspector/imspector_replacements.xml</item>
+ <item>https://packages.pfsense.org/packages/config/imspector/imspector_replacements.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/imspector/imspector_acls.xml</item>
+ <item>https://packages.pfsense.org/packages/config/imspector/imspector_acls.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/imspector/imspector.inc</item>
+ <item>https://packages.pfsense.org/packages/config/imspector/imspector.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/imspector/imspector_logs.php</item>
+ <item>https://packages.pfsense.org/packages/config/imspector/imspector_logs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/imspector/services_imspector_logs.php</item>
+ <item>https://packages.pfsense.org/packages/config/imspector/services_imspector_logs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/imspector/services_imspector_logs2.php</item>
+ <item>https://packages.pfsense.org/packages/config/imspector/services_imspector_logs2.php</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/imspector/imspector_acls.xml b/config/imspector/imspector_acls.xml
index 3176c75f..a8aeecc9 100644
--- a/config/imspector/imspector_acls.xml
+++ b/config/imspector/imspector_acls.xml
@@ -59,12 +59,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/sshdcond/sshdcond.inc</item>
+ <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/sshdcond/sshdcond_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond_sync.xml</item>
</additional_files_needed>
<tabs>
<tab>
diff --git a/config/imspector/imspector_logs.php b/config/imspector/imspector_logs.php
index e44ef35f..24cd7b0f 100644
--- a/config/imspector/imspector_logs.php
+++ b/config/imspector/imspector_logs.php
@@ -1,7 +1,7 @@
<?php
/*
services_imspector_logs.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
JavaScript Code is GPL Licensed from SmoothWall Express.
diff --git a/config/imspector/services_imspector_logs.php b/config/imspector/services_imspector_logs.php
index adb3fa66..4fca4433 100644
--- a/config/imspector/services_imspector_logs.php
+++ b/config/imspector/services_imspector_logs.php
@@ -1,7 +1,7 @@
<?php
/*
services_imspector_logs.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
JavaScript Code is GPL Licensed from SmoothWall Express.
diff --git a/config/imspector/services_imspector_logs2.php b/config/imspector/services_imspector_logs2.php
index 30f63058..d7bb4647 100644
--- a/config/imspector/services_imspector_logs2.php
+++ b/config/imspector/services_imspector_logs2.php
@@ -1,7 +1,7 @@
<?php
/*
services_imspector_logs.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
JavaScript Code is GPL Licensed from SmoothWall Express.
diff --git a/config/ipblocklist/7/email.tmp b/config/ipblocklist/7/email.tmp
index 739b0000..abeb4932 100755
--- a/config/ipblocklist/7/email.tmp
+++ b/config/ipblocklist/7/email.tmp
@@ -155,7 +155,7 @@ tr.d0 td {
$tab_array[1] = array("Settings", false, "settings.php");
$tab_array[2] = array("Whitelist", false, "whitelist.php");
$tab_array[3] = array("Interfaces", false, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
$tab_array[5] = array("Email", true, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/ipblocklist/7/ipblocklist.tmp b/config/ipblocklist/7/ipblocklist.tmp
index ffbfdc57..c447df6d 100755
--- a/config/ipblocklist/7/ipblocklist.tmp
+++ b/config/ipblocklist/7/ipblocklist.tmp
@@ -125,7 +125,7 @@ if(isset($_POST['formSubmit']))
$tab_array[1] = array("Settings", false, "settings.php");
$tab_array[2] = array("Whitelist", false, "whitelist.php");
$tab_array[3] = array("Interfaces", false, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
//$tab_array[5] = array("Email", false, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/ipblocklist/7/ipblocklist.xml b/config/ipblocklist/7/ipblocklist.xml
index 2b6ec976..d459127b 100755
--- a/config/ipblocklist/7/ipblocklist.xml
+++ b/config/ipblocklist/7/ipblocklist.xml
@@ -39,7 +39,7 @@
</copyright>
<description>IP Blocklist</description>
<requirements>perl</requirements>
- <faq>http://forum.pfsense.org/index.php/topic,24769.0.html</faq>
+ <faq>https://forum.pfsense.org/index.php/topic,24769.0.html</faq>
<name>IP Blocklist Settings</name>
<version>0.3.4</version>
<title>Settings</title>
@@ -62,97 +62,97 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist.xml</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist.inc</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/interfaces.txt</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/interfaces.txt</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist_list.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist_list.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/ipblocklist_if.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/ipblocklist_if.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/firewall_shaper.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/firewall_shaper.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/convert.pl</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/convert.pl</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/convert-execute.sh</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/convert-execute.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/purge.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/purge.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/index.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/index.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/whitelist.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/whitelist.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/purgeip.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/purgeip.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/IP-Blocklist.sh</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/IP-Blocklist.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/settings.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/settings.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/class.phpmailer.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/class.phpmailer.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/class.smtp.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/class.smtp.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/email.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/email.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/7/lists.txt</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/7/lists.txt</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/ipblocklist/7/ipblocklist_if.tmp b/config/ipblocklist/7/ipblocklist_if.tmp
index 42ba2d07..582d856a 100755
--- a/config/ipblocklist/7/ipblocklist_if.tmp
+++ b/config/ipblocklist/7/ipblocklist_if.tmp
@@ -132,7 +132,7 @@ include("head.inc");
$tab_array[1] = array("Settings", false, "settings.php");
$tab_array[2] = array("Whitelist", false, "whitelist.php");
$tab_array[3] = array("Interfaces", true, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
//$tab_array[5] = array("Email", false, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/ipblocklist/7/manual_add.tmp b/config/ipblocklist/7/manual_add.tmp
index 361b782b..a2218e61 100755
--- a/config/ipblocklist/7/manual_add.tmp
+++ b/config/ipblocklist/7/manual_add.tmp
@@ -6,7 +6,7 @@
</head>
<a href="ipblocklist_list.php"><img src="../../themes/nervecenter/images/icons/icon_alias_url_reload.gif" ALT="Manual" ALIGN=RIGHT></a>
-<span style="color:red">Experimental!</span> - This uses a different process to block IPs (uses IPFW) <a href="http://forum.pfsense.org/index.php/topic,24822.0.html" target="_blank"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a>
+<span style="color:red">Experimental!</span> - This uses a different process to block IPs (uses IPFW) <a href="https://forum.pfsense.org/index.php/topic,24822.0.html" target="_blank"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a>
<br/>Enter in IP format (xx.xx.xx.xx) or CIDR format (xx.xx.xx.xx/xx)
<br/><form method="post" action="">
<input name="content" type="text" />
diff --git a/config/ipblocklist/7/settings.tmp b/config/ipblocklist/7/settings.tmp
index a13dd22b..0c1fd804 100755
--- a/config/ipblocklist/7/settings.tmp
+++ b/config/ipblocklist/7/settings.tmp
@@ -47,7 +47,7 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
$tab_array[1] = array("Settings", true, "settings.php");
$tab_array[2] = array("Whitelist", false, "whitelist.php");
$tab_array[3] = array("Interfaces", false, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
//$tab_array[5] = array("Email", false, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/ipblocklist/7/whitelist.tmp b/config/ipblocklist/7/whitelist.tmp
index 51bd9f97..203cf798 100755
--- a/config/ipblocklist/7/whitelist.tmp
+++ b/config/ipblocklist/7/whitelist.tmp
@@ -45,7 +45,7 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
$tab_array[1] = array("Settings", false, "settings.php");
$tab_array[2] = array("Whitelist", true, "whitelist.php");
$tab_array[3] = array("Interfaces", false, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
//$tab_array[5] = array("Email", false, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp b/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp
index a62fcede..546e27c4 100644
--- a/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp
+++ b/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp
@@ -1,7 +1,7 @@
<?php
/*
Copyright 2011 Thomas Schaefer - Tomschaefer.org
- Part of pfSense widgets (www.pfsense.com)
+ Part of pfSense widgets (www.pfsense.org)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/ipblocklist/8/email.tmp b/config/ipblocklist/8/email.tmp
index 739b0000..abeb4932 100755
--- a/config/ipblocklist/8/email.tmp
+++ b/config/ipblocklist/8/email.tmp
@@ -155,7 +155,7 @@ tr.d0 td {
$tab_array[1] = array("Settings", false, "settings.php");
$tab_array[2] = array("Whitelist", false, "whitelist.php");
$tab_array[3] = array("Interfaces", false, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
$tab_array[5] = array("Email", true, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/ipblocklist/8/ipblocklist.tmp b/config/ipblocklist/8/ipblocklist.tmp
index 9291a468..ae654241 100755
--- a/config/ipblocklist/8/ipblocklist.tmp
+++ b/config/ipblocklist/8/ipblocklist.tmp
@@ -128,7 +128,7 @@ if(isset($_POST['formSubmit']))
$tab_array[1] = array("Settings", false, "settings.php");
$tab_array[2] = array("Whitelist", false, "whitelist.php");
$tab_array[3] = array("Interfaces", false, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
//$tab_array[5] = array("Email", false, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/ipblocklist/8/ipblocklist.xml b/config/ipblocklist/8/ipblocklist.xml
index 262d1719..77c05bab 100755
--- a/config/ipblocklist/8/ipblocklist.xml
+++ b/config/ipblocklist/8/ipblocklist.xml
@@ -39,7 +39,7 @@
</copyright>
<description>IP Blocklist</description>
<requirements>perl</requirements>
- <faq>http://forum.pfsense.org/index.php/topic,24769.0.html</faq>
+ <faq>https://forum.pfsense.org/index.php/topic,24769.0.html</faq>
<name>IP Blocklist Settings</name>
<version>0.3.5</version>
<title>Settings</title>
@@ -62,102 +62,102 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist.xml</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist.inc</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/interfaces.txt</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/interfaces.txt</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist_list.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist_list.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/ipblocklist_if.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/ipblocklist_if.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/firewall_shaper.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/firewall_shaper.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/convert.pl</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/convert.pl</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/convert-execute.sh</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/convert-execute.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/purge.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/purge.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/index.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/index.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/whitelist.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/whitelist.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/purgeip.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/purgeip.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/IP-Blocklist.sh</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/IP-Blocklist.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/settings.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/settings.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/class.phpmailer.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/class.phpmailer.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/class.smtp.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/class.smtp.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/email.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/email.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/lists.txt</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/lists.txt</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/ipblocklist/8/countryblock_IPBlocklist.widget.tmp</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/ipblocklist/8/ipblocklist_if.tmp b/config/ipblocklist/8/ipblocklist_if.tmp
index 42ba2d07..582d856a 100755
--- a/config/ipblocklist/8/ipblocklist_if.tmp
+++ b/config/ipblocklist/8/ipblocklist_if.tmp
@@ -132,7 +132,7 @@ include("head.inc");
$tab_array[1] = array("Settings", false, "settings.php");
$tab_array[2] = array("Whitelist", false, "whitelist.php");
$tab_array[3] = array("Interfaces", true, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
//$tab_array[5] = array("Email", false, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/ipblocklist/8/manual_add.tmp b/config/ipblocklist/8/manual_add.tmp
index 361b782b..a2218e61 100755
--- a/config/ipblocklist/8/manual_add.tmp
+++ b/config/ipblocklist/8/manual_add.tmp
@@ -6,7 +6,7 @@
</head>
<a href="ipblocklist_list.php"><img src="../../themes/nervecenter/images/icons/icon_alias_url_reload.gif" ALT="Manual" ALIGN=RIGHT></a>
-<span style="color:red">Experimental!</span> - This uses a different process to block IPs (uses IPFW) <a href="http://forum.pfsense.org/index.php/topic,24822.0.html" target="_blank"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a>
+<span style="color:red">Experimental!</span> - This uses a different process to block IPs (uses IPFW) <a href="https://forum.pfsense.org/index.php/topic,24822.0.html" target="_blank"><img src="../../themes/nervecenter/images/icons/icon_log.gif"></a>
<br/>Enter in IP format (xx.xx.xx.xx) or CIDR format (xx.xx.xx.xx/xx)
<br/><form method="post" action="">
<input name="content" type="text" />
diff --git a/config/ipblocklist/8/settings.tmp b/config/ipblocklist/8/settings.tmp
index a13dd22b..0c1fd804 100755
--- a/config/ipblocklist/8/settings.tmp
+++ b/config/ipblocklist/8/settings.tmp
@@ -47,7 +47,7 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
$tab_array[1] = array("Settings", true, "settings.php");
$tab_array[2] = array("Whitelist", false, "whitelist.php");
$tab_array[3] = array("Interfaces", false, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
//$tab_array[5] = array("Email", false, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/ipblocklist/8/whitelist.tmp b/config/ipblocklist/8/whitelist.tmp
index 51bd9f97..203cf798 100755
--- a/config/ipblocklist/8/whitelist.tmp
+++ b/config/ipblocklist/8/whitelist.tmp
@@ -45,7 +45,7 @@ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
$tab_array[1] = array("Settings", false, "settings.php");
$tab_array[2] = array("Whitelist", true, "whitelist.php");
$tab_array[3] = array("Interfaces", false, "ipblocklist_if.php");
- $tab_array[4] = array("Help", false, "http://doc.pfsense.org/index.php/IP_Blocklist");
+ $tab_array[4] = array("Help", false, "https://doc.pfsense.org/index.php/IP_Blocklist");
//$tab_array[5] = array("Email", false, "email.php");
display_top_tabs($tab_array);
?>
diff --git a/config/iperf.xml b/config/iperf.xml
index 2fe49699..f64500d9 100644
--- a/config/iperf.xml
+++ b/config/iperf.xml
@@ -73,7 +73,7 @@
</tab>
</tabs>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/iperfserver.xml</item>
+ <item>https://packages.pfsense.org/packages/config/iperfserver.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/ipguard/ipguard.xml b/config/ipguard/ipguard.xml
index cafc6e4e..74b58f86 100644
--- a/config/ipguard/ipguard.xml
+++ b/config/ipguard/ipguard.xml
@@ -63,12 +63,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/ipguard/ipguard.inc</item>
+ <item>https://packages.pfsense.org/packages/config/ipguard/ipguard.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/ipguard/ipguard_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/ipguard/ipguard_sync.xml</item>
</additional_files_needed>
<tabs>
<tab>
diff --git a/config/iprangealiases/iprangealiases.xml b/config/iprangealiases/iprangealiases.xml
index 0464ec6a..87af9b4b 100644
--- a/config/iprangealiases/iprangealiases.xml
+++ b/config/iprangealiases/iprangealiases.xml
@@ -52,12 +52,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/iprangealiases/iprangealiases.inc</item>
+ <item>https://packages.pfsense.org/packages/config/iprangealiases/iprangealiases.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/iprangealiases/iprangealiases.patch</item>
+ <item>https://packages.pfsense.org/packages/config/iprangealiases/iprangealiases.patch</item>
</additional_files_needed>
<custom_php_install_command>
iprangealiases_install();
diff --git a/config/jail_template.xml b/config/jail_template.xml
index d183200b..fc6b2502 100644
--- a/config/jail_template.xml
+++ b/config/jail_template.xml
@@ -14,12 +14,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/jail_template/jail_template.inc</item>
+ <item>https://packages.pfsense.org/packages/config/jail_template/jail_template.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/jail_template/jail_template.img.uzip</item>
+ <item>https://packages.pfsense.org/packages/config/jail_template/jail_template.img.uzip</item>
</additional_files_needed>
<include_file>/usr/local/pkg/jail_template.inc</include_file>
diff --git a/config/jailctl.xml b/config/jailctl.xml
index 079ddb6b..ab6cf1e3 100644
--- a/config/jailctl.xml
+++ b/config/jailctl.xml
@@ -30,37 +30,37 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl_defaults.xml</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_defaults.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl.inc</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl-utils.inc</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl-utils.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl_list.inc</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_list.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/sbin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/sbin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/sysinstall</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/sysinstall</item>
</additional_files_needed>
<tabs>
diff --git a/config/jailctl/jailctl.xml b/config/jailctl/jailctl.xml
index 5ca6c459..4c96f88d 100644
--- a/config/jailctl/jailctl.xml
+++ b/config/jailctl/jailctl.xml
@@ -30,32 +30,32 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl_defaults.xml</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_defaults.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl.inc</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl-utils.inc</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl-utils.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl_list.inc</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl_list.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/sbin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/jailctl/jailctl</item>
+ <item>https://packages.pfsense.org/packages/config/jailctl/jailctl</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/sbin/</prefix>
diff --git a/config/ladvd/ladvd.xml b/config/ladvd/ladvd.xml
index d250f16c..50f9b568 100644
--- a/config/ladvd/ladvd.xml
+++ b/config/ladvd/ladvd.xml
@@ -39,14 +39,14 @@
<include_file>/usr/local/pkg/ladvd.inc</include_file>
<aftersaveredirect>/pkg_edit.php?xml=ladvd.xml&amp;id=0</aftersaveredirect>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/ladvd/ladvd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/ladvd/ladvd.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/ladvd/status_ladvd.php</item>
+ <item>https://packages.pfsense.org/packages/config/ladvd/status_ladvd.php</item>
</additional_files_needed>
<menu>
<name>LADVD</name>
diff --git a/config/lcdproc-dev/lcdproc.xml b/config/lcdproc-dev/lcdproc.xml
index bca9b4c8..cf816d53 100644
--- a/config/lcdproc-dev/lcdproc.xml
+++ b/config/lcdproc-dev/lcdproc.xml
@@ -23,22 +23,22 @@
<url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
</menu>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc.inc</item>
+ <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc_screens.xml</item>
+ <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc_screens.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/lcdproc-dev/lcdproc_client.php</item>
+ <item>https://packages.pfsense.org/packages/config/lcdproc-dev/lcdproc_client.php</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://files.pfsense.org/misc/nexcom.so</item>
+ <item>https://files.pfsense.org/misc/nexcom.so</item>
<prefix>/usr/local/lib/lcdproc/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
diff --git a/config/lcdproc-dev/lcdproc_client.php b/config/lcdproc-dev/lcdproc_client.php
index 3337052c..5306c903 100644
--- a/config/lcdproc-dev/lcdproc_client.php
+++ b/config/lcdproc-dev/lcdproc_client.php
@@ -513,6 +513,7 @@
1 = All gateway up */
global $g;
global $config;
+ $a_gateways = return_gateways_array();
$gateways_status = array();
$gateways_status = return_gateways_status(true);
foreach ($a_gateways as $gname => $gateway)
diff --git a/config/lcdproc/lcdproc.xml b/config/lcdproc/lcdproc.xml
index 32a8f900..ba46e941 100644
--- a/config/lcdproc/lcdproc.xml
+++ b/config/lcdproc/lcdproc.xml
@@ -23,37 +23,37 @@
<url>/pkg_edit.php?xml=lcdproc.xml&amp;id=0</url>
</menu>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/lcdproc/lcdproc.inc</item>
+ <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/lcdproc/lcdproc_screens.xml</item>
+ <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc_screens.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/lcdproc/lcdproc_client.php</item>
+ <item>https://packages.pfsense.org/packages/config/lcdproc/lcdproc_client.php</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://files.pfsense.org/packages/lcdproc/nexcom.so</item>
+ <item>https://files.pfsense.org/packages/lcdproc/nexcom.so</item>
<prefix>/usr/local/lib/lcdproc/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://files.pfsense.org/packages/lcdproc/SureElec.so</item>
+ <item>https://files.pfsense.org/packages/lcdproc/SureElec.so</item>
<prefix>/usr/local/lib/lcdproc/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://files.pfsense.org/packages/lcdproc/picolcd.so</item>
+ <item>https://files.pfsense.org/packages/lcdproc/picolcd.so</item>
<prefix>/usr/local/lib/lcdproc/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://files.pfsense.org/packages/lcdproc/libusb.so.2</item>
+ <item>https://files.pfsense.org/packages/lcdproc/libusb.so.2</item>
<prefix>/usr/local/lib/lcdproc/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
diff --git a/config/lightsquid/lightsquid.xml b/config/lightsquid/lightsquid.xml
index 53d074c5..203cff68 100644
--- a/config/lightsquid/lightsquid.xml
+++ b/config/lightsquid/lightsquid.xml
@@ -74,32 +74,32 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/lightsquid/lightsquid.inc</item>
+ <item>https://packages.pfsense.org/packages/config/lightsquid/lightsquid.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/var/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://files.pfsense.org/packages/All/lightsquid_tpl.tbz</item>
+ <item>https://files.pfsense.org/packages/All/lightsquid_tpl.tbz</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/sqstat/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/lightsquid/sqstat.class.php</item>
+ <item>https://packages.pfsense.org/packages/config/lightsquid/sqstat.class.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/sqstat/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/lightsquid/sqstat.php</item>
+ <item>https://packages.pfsense.org/packages/config/lightsquid/sqstat.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/sqstat/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/lightsquid/sqstat.css</item>
+ <item>https://packages.pfsense.org/packages/config/lightsquid/sqstat.css</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/sqstat/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/lightsquid/zhabascript.js</item>
+ <item>https://packages.pfsense.org/packages/config/lightsquid/zhabascript.js</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/mactovendor/bin/diag_arp.php_ b/config/mactovendor/bin/diag_arp.php_
index 97e9b4bc..b66395a3 100644
--- a/config/mactovendor/bin/diag_arp.php_
+++ b/config/mactovendor/bin/diag_arp.php_
@@ -1,7 +1,7 @@
<?php
/*
diag_arp.php
- part of the pfSense project (http://www.pfsense.org)
+ part of the pfSense project (https://www.pfsense.org)
Copyright (C) 2004-2009 Scott Ullrich <sullrich@gmail.com>
originally part of m0n0wall (http://m0n0.ch/wall)
diff --git a/config/mactovendor/mactovendor.xml b/config/mactovendor/mactovendor.xml
index f0a67eb5..ab92f9fe 100644
--- a/config/mactovendor/mactovendor.xml
+++ b/config/mactovendor/mactovendor.xml
@@ -10,32 +10,32 @@
<additional_files_needed>
<prefix>/usr/local/pkg/mactovendor/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/mactovendor/mactovendor.inc</item>
+ <item>https://packages.pfsense.org/packages/config/mactovendor/mactovendor.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/mactovendor/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/mactovendor/bin/diag_arp.php_</item>
+ <item>https://packages.pfsense.org/packages/config/mactovendor/bin/diag_arp.php_</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/mactovendor/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/mactovendor/bin/status_dhcp_leases.php_</item>
+ <item>https://packages.pfsense.org/packages/config/mactovendor/bin/status_dhcp_leases.php_</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/mactovendor/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/mactovendor/bin/status_interfaces.php_</item>
+ <item>https://packages.pfsense.org/packages/config/mactovendor/bin/status_interfaces.php_</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/mactovendor/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/mactovendor/bin/status_wireless.php_</item>
+ <item>https://packages.pfsense.org/packages/config/mactovendor/bin/status_wireless.php_</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/mactovendor/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/mactovendor/bin/mac-prefixes</item>
+ <item>https://packages.pfsense.org/packages/config/mactovendor/bin/mac-prefixes</item>
</additional_files_needed>
<custom_php_install_command>
mactovendor_custom_php_install_command();
diff --git a/config/mailreport/mail_reports.inc b/config/mailreport/mail_reports.inc
index 746b4759..5d9e74b2 100644
--- a/config/mailreport/mail_reports.inc
+++ b/config/mailreport/mail_reports.inc
@@ -194,11 +194,13 @@ function mail_report_send($headertext, $cmdtext, $logtext, $attachments) {
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->Host = $config['notifications']['smtp']['ipaddress'];
+ $mail->Port = empty($config['notifications']['smtp']['port']) ? 25 : $config['notifications']['smtp']['port'];
- if ($config['notifications']['smtp']['ssl'] == "checked")
+ if ((isset($config['notifications']['smtp']['ssl']) && $config['notifications']['smtp']['ssl'] != "unchecked") || $config['notifications']['smtp']['ssl'] == "checked")
$mail->SMTPSecure = "ssl";
- $mail->Port = empty($config['notifications']['smtp']['port']) ? 25 : $config['notifications']['smtp']['port'];
+ if ((isset($config['notifications']['smtp']['tls']) && $config['notifications']['smtp']['tls'] != "unchecked") || $config['notifications']['smtp']['tls'] == "checked")
+ $mail->SMTPSecure = "tls";
if($config['notifications']['smtp']['username'] &&
$config['notifications']['smtp']['password']) {
@@ -238,7 +240,9 @@ function mail_report_generate_graph($database, $style, $graph, $start, $end) {
require_once("filter.inc");
require_once("shaper.inc");
require_once("rrd.inc");
+ require_once("util.inc");
global $g;
+ $g['theme'] = get_current_theme();
$pgtitle = array(gettext("System"),gettext("RRD Graphs"),gettext("Image viewer"));
diff --git a/config/mailreport/mailreport.xml b/config/mailreport/mailreport.xml
index 72fe6c87..fe6899d4 100644
--- a/config/mailreport/mailreport.xml
+++ b/config/mailreport/mailreport.xml
@@ -37,48 +37,48 @@
]]>
</copyright>
<name>mailreport</name>
- <version>2.0.10</version>
+ <version>2.0.11</version>
<title>Status: Email Reports</title>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/mailreport/mail_reports_generate.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/mail_reports_generate.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/etc/inc/</prefix>
- <item>http://www.pfsense.com/packages/config/mailreport/mail_reports.inc</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/mail_reports.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/etc/inc/phpmailer/</prefix>
- <item>http://www.pfsense.com/packages/config/mailreport/class.phpmailer.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/class.phpmailer.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/etc/inc/phpmailer/</prefix>
- <item>http://www.pfsense.com/packages/config/mailreport/class.pop3.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/class.pop3.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/etc/inc/phpmailer/</prefix>
- <item>http://www.pfsense.com/packages/config/mailreport/class.smtp.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/class.smtp.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
- <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
- <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
- <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report_add_cmd.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report_add_cmd.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
- <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report_add_log.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report_add_log.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
- <item>http://www.pfsense.com/packages/config/mailreport/status_mail_report_add_graph.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailreport/status_mail_report_add_graph.php</item>
</additional_files_needed>
<menu>
<name>Email Reports</name>
diff --git a/config/mailscanner/mailscanner.inc b/config/mailscanner/mailscanner.inc
index 9f5fd11d..0147bb2e 100644
--- a/config/mailscanner/mailscanner.inc
+++ b/config/mailscanner/mailscanner.inc
@@ -134,7 +134,7 @@ function sync_package_mailscanner($via_rpc=false) {
#General options
$info =($mailscanner['orgname']?'%org-name% = '.$mailscanner['orgname']."\n":'%org-name% = Pfsense'."\n");
$info .=($mailscanner['longorgname']?'%org-long-name% = '.$mailscanner['longorgname']."\n":'%org-long-name% = Pfsense Inc.'."\n");
- $info .=($mailscanner['website']?'%web-site% = '.$mailscanner['website']."\n":'%web-site% = www.pfsense.com'."\n");
+ $info .=($mailscanner['website']?'%web-site% = '.$mailscanner['website']."\n":'%web-site% = www.pfsense.org'."\n");
$max_children =($mailscanner['max_children']?$mailscanner['max_children']:'5');
$scan_messages=(preg_match('/ScanMessages/',$mailscanner['pim'])?"yes":"no");
$reject_message=(preg_match('/RejectMessage/',$mailscanner['pim'])?"yes":"no");
diff --git a/config/mailscanner/mailscanner.xml b/config/mailscanner/mailscanner.xml
index 2f97fcec..a7115a5c 100644
--- a/config/mailscanner/mailscanner.xml
+++ b/config/mailscanner/mailscanner.xml
@@ -58,64 +58,64 @@
<description>MailScanner</description>
</service>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner.inc</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner.xml</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_report.xml</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_report.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_antispam.xml</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_antispam.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_alerts.xml</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_alerts.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_antivirus.xml</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_antivirus.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_attachments.xml</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_attachments.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_content.xml</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_content.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_sync.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner_about.php</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner_about.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/mailscanner/mailscanner.conf.template</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.conf.template</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/mailscanner/pkg_mailscanner.inc</item>
+ <item>https://packages.pfsense.org/packages/config/mailscanner/pkg_mailscanner.inc</item>
</additional_files_needed>
<tabs>
<tab>
diff --git a/config/mailscanner/mailscanner_about.php b/config/mailscanner/mailscanner_about.php
index c3408906..1909e039 100755
--- a/config/mailscanner/mailscanner_about.php
+++ b/config/mailscanner/mailscanner_about.php
@@ -1,7 +1,7 @@
<?php
/*
mailscanner_about.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com>
All rights reserved.
@@ -29,8 +29,8 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "About: Mailscanner Package";
@@ -95,11 +95,11 @@ include("head.inc");
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td>
- <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td>
+ <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td>
- <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br>
+ <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br>
If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td>
</tr>
</table>
diff --git a/config/miniupnpd/miniupnpd.xml b/config/miniupnpd/miniupnpd.xml
index 53d70851..5474e4ee 100644
--- a/config/miniupnpd/miniupnpd.xml
+++ b/config/miniupnpd/miniupnpd.xml
@@ -76,17 +76,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/miniupnpd/miniupnpd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/miniupnpd/miniupnpd.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/miniupnpd/status_upnp.php</item>
+ <item>https://packages.pfsense.org/packages/config/miniupnpd/status_upnp.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/sbin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/miniupnpd/sbin/miniupnpd</item>
+ <item>https://packages.pfsense.org/packages/config/miniupnpd/sbin/miniupnpd</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/miniupnpd/sbin/miniupnpd b/config/miniupnpd/sbin/miniupnpd
index cb2f107d..cdd5de0e 100755
--- a/config/miniupnpd/sbin/miniupnpd
+++ b/config/miniupnpd/sbin/miniupnpd
Binary files differ
diff --git a/config/miniupnpd/status_upnp.php b/config/miniupnpd/status_upnp.php
index 2c374fce..5164c501 100644
--- a/config/miniupnpd/status_upnp.php
+++ b/config/miniupnpd/status_upnp.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
status_upnp.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2006 Seth Mos <seth.mos@dds.nl>.
All rights reserved.
diff --git a/config/netio-newpkg.xml b/config/netio-newpkg.xml
index 00ba1971..6f8551b8 100644
--- a/config/netio-newpkg.xml
+++ b/config/netio-newpkg.xml
@@ -59,7 +59,7 @@
</file>
<file>
<type>configfile</type>
- <location>http://www.pfsense.com/packages/config/netioserver-newpkg.xml</location>
+ <location>https://packages.pfsense.org/packages/config/netioserver-newpkg.xml</location>
</file>
</files>
<services>
diff --git a/config/netio.xml b/config/netio.xml
index bce2e077..cf0839d7 100644
--- a/config/netio.xml
+++ b/config/netio.xml
@@ -68,7 +68,7 @@
</tab>
</tabs>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/netioserver.xml</item>
+ <item>https://packages.pfsense.org/packages/config/netioserver.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/nmap/nmap.inc b/config/nmap/nmap.inc
index 552ad01c..272f27ef 100644
--- a/config/nmap/nmap.inc
+++ b/config/nmap/nmap.inc
@@ -1,7 +1,7 @@
<?
/* $Id$ */
/*
- part of pfSense (http://www.pfsense.org/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2006 Bill Marquette - bill.marquette@gmail.com.
All rights reserved.
@@ -28,7 +28,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-function nmap_custom_php_validation_command($post, $input_errors) {
+function nmap_custom_php_validation_command($post, & $input_errors) {
global $_POST, $savemsg, $config;
if (empty($_POST['hostname'])) {
$input_errors[] = gettext("You must enter an IP address to scan.");
diff --git a/config/nmap/nmap.xml b/config/nmap/nmap.xml
index cb3980a2..b07b3982 100644
--- a/config/nmap/nmap.xml
+++ b/config/nmap/nmap.xml
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>nmap</name>
- <version>6.01</version>
+ <version>6.40_2 pkg v1.2.1</version>
<title>Diagnostics: NMap</title>
<savetext>Scan</savetext>
<preoutput>yes</preoutput>
@@ -62,7 +62,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.org/packages/config/nmap/nmap.inc</item>
+ <item>https://packages.pfsense.org/packages/config/nmap/nmap.inc</item>
</additional_files_needed>
<fields>
<field>
@@ -120,6 +120,6 @@
nmap_custom_add_php_command();
</custom_add_php_command>
<custom_php_validation_command>
- nmap_custom_php_validation_command($_POST, &amp;$input_errors);
+ nmap_custom_php_validation_command($_POST, $input_errors);
</custom_php_validation_command>
</packagegui>
diff --git a/config/notes/notes.xml b/config/notes/notes.xml
index ae623493..513bf922 100644
--- a/config/notes/notes.xml
+++ b/config/notes/notes.xml
@@ -62,7 +62,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/notes/notes.inc</item>
+ <item>https://packages.pfsense.org/packages/config/notes/notes.inc</item>
</additional_files_needed>
<adddeleteeditpagefields>
<columnitem>
diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml
index 5b84b97f..8d65c97b 100644
--- a/config/nrpe2/nrpe2.xml
+++ b/config/nrpe2/nrpe2.xml
@@ -23,7 +23,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/nrpe2/nrpe2.inc</item>
+ <item>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.inc</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/ntop/ntop.xml b/config/ntop/ntop.xml
index b635ef1f..5a7cd47a 100644
--- a/config/ntop/ntop.xml
+++ b/config/ntop/ntop.xml
@@ -45,7 +45,7 @@
<additional_files_needed>
<prefix>/usr/local/lib/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/ntop/bin/librrd_th.so.2</item>
+ <item>https://packages.pfsense.org/packages/config/ntop/bin/librrd_th.so.2</item>
</additional_files_needed>
<menu>
<name>ntop Settings</name>
diff --git a/config/nut/nut.inc b/config/nut/nut.inc
index 46c5741e..11fb4b26 100644
--- a/config/nut/nut.inc
+++ b/config/nut/nut.inc
@@ -1,7 +1,7 @@
<?php
/*
nut.inc
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2007 Ryan Wagoner <rswagoner@gmail.com>.
All rights reserved.
@@ -97,7 +97,7 @@
return true;
}
- function before_form_nut($pkg) {
+ function before_form_nut(&$pkg) {
/* return available serial ports */
$serial_types = array("sio", "cua", "tty");
@@ -136,7 +136,7 @@
$field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]);
}
- function validate_form_nut($post, $input_errors) {
+ function validate_form_nut($post, &$input_errors) {
global $config;
/* monitor remote validation */
diff --git a/config/nut/nut.xml b/config/nut/nut.xml
index fcfbdfe6..210d7b82 100644
--- a/config/nut/nut.xml
+++ b/config/nut/nut.xml
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>nut</name>
- <version>2.6.4 pkg 2.0</version>
+ <version>2.6.5_1 pkg 2.0.1</version>
<title>Services: NUT</title>
<savetext>Change</savetext>
<aftersaveredirect>/status_nut.php</aftersaveredirect>
@@ -77,12 +77,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/nut/nut.inc</item>
+ <item>https://packages.pfsense.org/packages/config/nut/nut.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/nut/status_nut.php</item>
+ <item>https://packages.pfsense.org/packages/config/nut/status_nut.php</item>
</additional_files_needed>
<fields>
<field>
@@ -646,10 +646,10 @@
</field>
</fields>
<custom_php_command_before_form>
- before_form_nut(&amp;$pkg);
+ before_form_nut($pkg);
</custom_php_command_before_form>
<custom_php_validation_command>
- validate_form_nut($_POST, &amp;$input_errors);
+ validate_form_nut($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
sync_package_nut();
diff --git a/config/nut/status_nut.php b/config/nut/status_nut.php
index 3bee0ba0..0bb1145c 100644
--- a/config/nut/status_nut.php
+++ b/config/nut/status_nut.php
@@ -1,7 +1,7 @@
<?php
/*
status_nut.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2007 Ryan Wagoner <rswagoner@gmail.com>.
All rights reserved.
diff --git a/config/olsrd.xml b/config/olsrd.xml
index 9709392d..a1669a33 100644
--- a/config/olsrd.xml
+++ b/config/olsrd.xml
@@ -24,7 +24,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/olsrd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/olsrd.inc</item>
</additional_files_needed>
<!-- configpath gets expanded out automatically and config items will be
stored in that location -->
diff --git a/config/onatproto/onatproto.xml b/config/onatproto/onatproto.xml
index e4e4e8b9..46dd72c7 100644
--- a/config/onatproto/onatproto.xml
+++ b/config/onatproto/onatproto.xml
@@ -52,12 +52,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/onatproto/onatproto.inc</item>
+ <item>https://packages.pfsense.org/packages/config/onatproto/onatproto.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/onatproto/onatproto.patch</item>
+ <item>https://packages.pfsense.org/packages/config/onatproto/onatproto.patch</item>
</additional_files_needed>
<custom_php_install_command>
onatproto_install();
diff --git a/config/open-vm-tools/open-vm-tools.xml b/config/open-vm-tools/open-vm-tools.xml
index 40a8fc51..c705f0e9 100644
--- a/config/open-vm-tools/open-vm-tools.xml
+++ b/config/open-vm-tools/open-vm-tools.xml
@@ -47,7 +47,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/open-vm-tools/open-vm-tools.inc</item>
+ <item>https://packages.pfsense.org/packages/config/open-vm-tools/open-vm-tools.inc</item>
</additional_files_needed>
<custom_add_php_command>
</custom_add_php_command>
diff --git a/config/open-vm-tools_2/open-vm-tools.xml b/config/open-vm-tools_2/open-vm-tools.xml
index ad2b465b..02247242 100644
--- a/config/open-vm-tools_2/open-vm-tools.xml
+++ b/config/open-vm-tools_2/open-vm-tools.xml
@@ -47,7 +47,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/open-vm-tools_2/open-vm-tools.inc</item>
+ <item>https://packages.pfsense.org/packages/config/open-vm-tools_2/open-vm-tools.inc</item>
</additional_files_needed>
<custom_add_php_command>
</custom_add_php_command>
diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml
index 73bda244..ff40452a 100644
--- a/config/openbgpd/openbgpd.xml
+++ b/config/openbgpd/openbgpd.xml
@@ -54,27 +54,27 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd_status.php</item>
+ <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_status.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd_raw.php</item>
+ <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_raw.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd_groups.xml</item>
+ <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_groups.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openbgpd/openbgpd_neighbors.xml</item>
+ <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_neighbors.xml</item>
</additional_files_needed>
<menu>
<name>OpenBGPD</name>
diff --git a/config/openbgpd/openbgpd_raw.php b/config/openbgpd/openbgpd_raw.php
index 506a4475..ac6826b3 100644
--- a/config/openbgpd/openbgpd_raw.php
+++ b/config/openbgpd/openbgpd_raw.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
openbgpd_raw.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2009 Aarno Aukia (aarnoaukia@gmail.com)
All rights reserved.
diff --git a/config/openbgpd/openbgpd_status.php b/config/openbgpd/openbgpd_status.php
index 99076d12..58d63795 100644
--- a/config/openbgpd/openbgpd_status.php
+++ b/config/openbgpd/openbgpd_status.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
openbgpd_status.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com)
All rights reserved.
diff --git a/config/openospfd/openospfd.xml b/config/openospfd/openospfd.xml
index ab948e7a..9498100f 100644
--- a/config/openospfd/openospfd.xml
+++ b/config/openospfd/openospfd.xml
@@ -7,17 +7,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openospfd/openospfd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/openospfd/openospfd.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openospfd/openospfd_interfaces.xml</item>
+ <item>https://packages.pfsense.org/packages/config/openospfd/openospfd_interfaces.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openospfd/status_ospfd.php</item>
+ <item>https://packages.pfsense.org/packages/config/openospfd/status_ospfd.php</item>
</additional_files_needed>
<menu>
<name>OpenOSPFd</name>
diff --git a/config/openospfd/openospfd_interfaces.xml b/config/openospfd/openospfd_interfaces.xml
index 445eefea..61d36976 100644
--- a/config/openospfd/openospfd_interfaces.xml
+++ b/config/openospfd/openospfd_interfaces.xml
@@ -8,7 +8,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openospfd/openospfd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/openospfd/openospfd.inc</item>
</additional_files_needed>
<menu>
<name>OSPF</name>
diff --git a/config/openospfd/status_ospfd.php b/config/openospfd/status_ospfd.php
index 6fcca6bd..25f18d85 100644
--- a/config/openospfd/status_ospfd.php
+++ b/config/openospfd/status_ospfd.php
@@ -93,8 +93,8 @@ function doCmdT($title, $command) {
echo "</table>\n";
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
?>
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 4d6ded8f..1a34c260 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -236,7 +236,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
if (!empty($proxy)) {
if ($proxy['proxy_type'] == "http") {
- if ($proto == "udp") {
+
+ if (strtoupper(substr($settings['protocol'], 0, 3)) == "UDP") {
$input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy.";
return;
}
@@ -344,7 +345,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
$conf .= "management-hold{$nl}";
$conf .= "# query management channel for user/pass{$nl}";
$conf .= "management-query-passwords{$nl}";
- $conf .= "# disconnect VPN when managment program connection is closed{$nl}";
+ $conf .= "# disconnect VPN when management program connection is closed{$nl}";
$conf .= "management-signal{$nl}";
$conf .= "# forget password when management disconnects{$nl}";
$conf .= "management-forget-disconnect{$nl}";
@@ -629,7 +630,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle);
}
- $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", "", true, $openvpnmanager, $advancedoptions);
+ $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", $outpass, true, true, $openvpnmanager, $advancedoptions);
if (!$conf)
return false;
@@ -733,7 +734,10 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
} else {
if (!$interface)
$interface = "wan";
- $server_host = get_interface_ip($interface);
+ if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6")))
+ $server_host = get_interface_ipv6($interface);
+ else
+ $server_host = get_interface_ip($interface);
}
} else if ($useaddr == "serverhostname" || empty($useaddr)) {
$server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}.";
@@ -742,7 +746,10 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
$server_host = $useaddr;
$server_port = $settings['local_port'];
- $proto = (strtoupper($settings['protocol']) == 'UDP' ? 'udp' : "tcp-client");
+
+ $proto = strtolower($settings['protocol']);
+ if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp")
+ $proto .= "-client";
$cipher = $settings['crypto'];
$digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1";
@@ -837,7 +844,10 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac
} else {
if (!$interface || ($interface == "any"))
$interface = "wan";
- $server_host = get_interface_ip($interface);
+ if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6")))
+ $server_host = get_interface_ipv6($interface);
+ else
+ $server_host = get_interface_ip($interface);
}
} else if ($useaddr == "serverhostname" || empty($useaddr)) {
$server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}.";
@@ -845,7 +855,10 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac
} else
$server_host = $useaddr;
- $proto = (strtoupper($settings['protocol']) == 'UDP' ? 'udp' : "tcp");
+ $proto = strtolower($settings['protocol']);
+ if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp")
+ $proto .= "-client";
+
if (($expformat == "inlineios") && ($proto == "tcp-client"))
$proto = "tcp";
@@ -867,6 +880,9 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe
filter_generate_optcfg_array();
$destinations = array();
+ if (!is_array($config['nat']) || !is_array($config['nat']['rule']))
+ return $destinations;
+
foreach ($config['nat']['rule'] as $natent) {
$dest = array();
if (!isset($natent['disabled'])
diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml
index 0af838e9..a6a46649 100755
--- a/config/openvpn-client-export/openvpn-client-export.xml
+++ b/config/openvpn-client-export/openvpn-client-export.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
<name>OpenVPN Client Export</name>
- <version>1.2.4</version>
+ <version>1.2.9</version>
<title>OpenVPN Client Export</title>
<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
<backup_file></backup_file>
@@ -22,27 +22,27 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.inc</item>
+ <item>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://files.pfsense.com/packages/openvpn-client-export/openvpn-client-export.tgz</item>
+ <item>https://files.pfsense.org/packages/openvpn-client-export/openvpn-client-export.tgz</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openvpn-client-export/vpn_openvpn_export.php</item>
+ <item>https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openvpn-client-export/vpn_openvpn_export_shared.php</item>
+ <item>https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export_shared.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/etc/inc/priv/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openvpn-client-export/openvpnexport.inc</item>
+ <item>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpnexport.inc</item>
</additional_files_needed>
<custom_php_install_command>
openvpn_client_export_install();
diff --git a/config/openvpn-status/openvpn-status.xml b/config/openvpn-status/openvpn-status.xml
index 8ef27ded..cecd6952 100644
--- a/config/openvpn-status/openvpn-status.xml
+++ b/config/openvpn-status/openvpn-status.xml
@@ -57,7 +57,7 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openvpn-status/status_openvpn.php</item>
+ <item>https://packages.pfsense.org/packages/config/openvpn-status/status_openvpn.php</item>
</additional_files_needed>
<custom_php_deinstall_command>
<![CDATA[
diff --git a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml
index a9754610..ef498545 100644
--- a/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml
+++ b/config/openvpn_tapfix_20x/openvpn_tapfix_20x.xml
@@ -52,17 +52,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc</item>
+ <item>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch</item>
+ <item>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_20x.patch</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch</item>
+ <item>https://packages.pfsense.org/packages/config/openvpn_tapfix_20x/openvpn_tapfix_203.patch</item>
</additional_files_needed>
<custom_php_install_command>
openvpn_tapfix_20x_install();
diff --git a/config/ovpnenhance/ovpnenhance.xml b/config/ovpnenhance/ovpnenhance.xml
index 13f363d6..e6e5ad9d 100644
--- a/config/ovpnenhance/ovpnenhance.xml
+++ b/config/ovpnenhance/ovpnenhance.xml
@@ -12,27 +12,27 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/ovpnenhance/ovpnenhance.inc</item>
+ <item>https://packages.pfsense.org/packages/config/ovpnenhance/ovpnenhance.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn.inc_tls</item>
+ <item>https://packages.pfsense.org/packages/config/ovpnenhance/openvpn.inc_tls</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn.xml_tls</item>
+ <item>https://packages.pfsense.org/packages/config/ovpnenhance/openvpn.xml_tls</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn_cli.xml_tls</item>
+ <item>https://packages.pfsense.org/packages/config/ovpnenhance/openvpn_cli.xml_tls</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn_csc.xml_tls</item>
+ <item>https://packages.pfsense.org/packages/config/ovpnenhance/openvpn_csc.xml_tls</item>
</additional_files_needed>
<custom_php_install_command>
ovpnenhance_install();
diff --git a/config/packetcapturefix/packetcapturefix.xml b/config/packetcapturefix/packetcapturefix.xml
index 96386cf9..cea6f4d1 100644
--- a/config/packetcapturefix/packetcapturefix.xml
+++ b/config/packetcapturefix/packetcapturefix.xml
@@ -52,12 +52,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/packetcapturefix/packetcapturefix.inc</item>
+ <item>https://packages.pfsense.org/packages/config/packetcapturefix/packetcapturefix.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/packetcapturefix/packetcapturefix.patch</item>
+ <item>https://packages.pfsense.org/packages/config/packetcapturefix/packetcapturefix.patch</item>
</additional_files_needed>
<custom_php_install_command>
packetcapturefix_install();
diff --git a/config/pf-blocker/pfBlocker.widget.php b/config/pf-blocker/pfBlocker.widget.php
index 60b0c754..6550ff57 100644
--- a/config/pf-blocker/pfBlocker.widget.php
+++ b/config/pf-blocker/pfBlocker.widget.php
@@ -2,7 +2,7 @@
/*
Copyright 2011 Thomas Schaefer - Tomschaefer.org
Copyright 2011 Marcello Coutinho
- Part of pfSense widgets (www.pfsense.com)
+ Part of pfSense widgets (www.pfsense.org)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/pf-blocker/pfblocker.xml b/config/pf-blocker/pfblocker.xml
index b4da539c..44658bcb 100755
--- a/config/pf-blocker/pfblocker.xml
+++ b/config/pf-blocker/pfblocker.xml
@@ -53,62 +53,62 @@
<url>/pkg_edit.php?xml=pfblocker.xml</url>
</menu>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker.inc</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker.php</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/pfBlocker.widget.php</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/pfBlocker.widget.php</item>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_topspammers.xml</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker_topspammers.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_lists.xml</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker_lists.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/pfblocker_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker_sync.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/lists/Africa_cidr.txt</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/Africa_cidr.txt</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0555</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/lists/Asia_cidr.txt</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/Asia_cidr.txt</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0555</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/lists/Europe_cidr.txt</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/Europe_cidr.txt</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0555</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/lists/North_America_cidr.txt</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/North_America_cidr.txt</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0555</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/lists/Oceania_cidr.txt</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/Oceania_cidr.txt</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0555</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/pf-blocker/lists/South_America_cidr.txt</item>
+ <item>https://packages.pfsense.org/packages/config/pf-blocker/lists/South_America_cidr.txt</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0555</chmod>
</additional_files_needed>
@@ -224,13 +224,13 @@
<type>checkbox</type>
<description><![CDATA[Continent Lists are provided by <a target=_new href='http://www.countryipblocks.net/'>countryipblocks.net</a>.<br>
Dynamic rules can be found in <a target=_new href='http://www.iblocklist.com/'>I-Blocklist.com</a>.</br>
- Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a> and <a target=_new href='http://www.tomschaefer.org/pfsense'>TomSchaefer</a>.<br>]]></description>
+ Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a> and <a target=_new href='http://www.tomschaefer.org/pfsense'>TomSchaefer</a>.<br>]]></description>
</field>
<field>
<fielddescr>Donation</fielddescr>
<fieldname>donation</fieldname>
<type>checkbox</type>
- <description><![CDATA[If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br>
+ <description><![CDATA[If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br>
If you want your donation to go to these package developers, make a note on the donation forwarding it to us.<br>]]></description>
</field>
</fields>
diff --git a/config/pfflowd.xml b/config/pfflowd.xml
index f8552189..2470e2b2 100644
--- a/config/pfflowd.xml
+++ b/config/pfflowd.xml
@@ -1,6 +1,6 @@
<packagegui>
<name>pfflowd</name>
- <version>0.8</version>
+ <version>0.8.3 pkg v1.0.1</version>
<title>pfflowd: Settings</title>
<aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&amp;id=0</aftersaveredirect>
<menu>
@@ -109,7 +109,7 @@
config_unlock();
}
- function validate_form_pfflowd($post, $input_errors) {
+ function validate_form_pfflowd($post, &$input_errors) {
if(($post['host'] == "") || !is_ipaddr($post['host']))
$input_errors[] = 'You must specify a valid ip address in the \'Host\' field';
if(($post['port'] == "") || !is_port($post['port']))
@@ -135,7 +135,7 @@
sync_package_pfflowd();
</custom_php_resync_config_command>
<custom_php_validation_command>
- validate_form_pfflowd($_POST, &amp;$input_errors);
+ validate_form_pfflowd($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_command_before_form>
cleanup_config_pfflowd();
diff --git a/config/pfstat.xml b/config/pfstat.xml
index 29d52bc2..eb07f732 100644
--- a/config/pfstat.xml
+++ b/config/pfstat.xml
@@ -98,7 +98,7 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/pfstat.php</item>
+ <item>https://packages.pfsense.org/packages/config/pfstat.php</item>
</additional_files_needed>
<!-- modify system will modify a file and make sure the text needed to run the
package is in place. The following example edits /etc/crontab and adds the
diff --git a/config/phpservice/phpservice.xml b/config/phpservice/phpservice.xml
index 765dc8c7..44999496 100644
--- a/config/phpservice/phpservice.xml
+++ b/config/phpservice/phpservice.xml
@@ -73,22 +73,22 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/phpservice/phpservice.xml</item>
+ <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/phpservice/phpservice.inc</item>
+ <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/phpservice/phpservice_php.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/phpservice/phpservice_php.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/phpservice/phpservice_php_edit.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/phpservice/phpservice_php_edit.tmp</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/phpservice/phpservice_php.tmp b/config/phpservice/phpservice_php.tmp
index 45ecf425..55de1ae8 100644
--- a/config/phpservice/phpservice_php.tmp
+++ b/config/phpservice/phpservice_php.tmp
@@ -91,7 +91,7 @@ if ($config_change == 1) {
Is command line PHP designed to run PHP as a Service. The custom PHP code that is defined below is run over and over again inside a continuous loop. There are many possible uses such as monitoring CPU, Memory, File System Space, interacting with Snort, and many others uses that are yet to be discovered.
It can send events to the sylog that will can be viewed from the system log or remote syslog server. example: exec("logger This is a test");
<br /><br />
- For more information see: <a href='http://doc.pfsense.org/index.php/PHPService'>http://doc.pfsense.org/index.php/PHPService</a>
+ For more information see: <a href='https://doc.pfsense.org/index.php/PHPService'>https://doc.pfsense.org/index.php/PHPService</a>
</p></td>
</tr>
</table>
diff --git a/config/phpsysinfo/phpsysinfo.xml b/config/phpsysinfo/phpsysinfo.xml
index 116643a4..550c0785 100644
--- a/config/phpsysinfo/phpsysinfo.xml
+++ b/config/phpsysinfo/phpsysinfo.xml
@@ -70,12 +70,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/phpsysinfo/phpsysinfo.inc</item>
+ <item>https://packages.pfsense.org/packages/config/phpsysinfo/phpsysinfo.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://files.pfsense.org/packages/phpsysinfo-2.5.4.tar.gz</item>
+ <item>https://files.pfsense.org/packages/phpsysinfo-2.5.4.tar.gz</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/postfix/postfix.php b/config/postfix/postfix.php
index 78eb551d..774c7573 100644
--- a/config/postfix/postfix.php
+++ b/config/postfix/postfix.php
@@ -1,7 +1,7 @@
<?php
/*
postfix.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com>
based on varnish_view_config.
All rights reserved.
diff --git a/config/postfix/postfix.widget.php b/config/postfix/postfix.widget.php
index 70051c1d..b7fc7af9 100755
--- a/config/postfix/postfix.widget.php
+++ b/config/postfix/postfix.widget.php
@@ -1,7 +1,7 @@
<?php
/*
Copyright 2011 Marcello Coutinho
- Part of pfSense widgets (www.pfsense.com)
+ Part of pfSense widgets (www.pfsense.org)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/postfix/postfix.xml b/config/postfix/postfix.xml
index e9d2d953..59e58f41 100644
--- a/config/postfix/postfix.xml
+++ b/config/postfix/postfix.xml
@@ -71,84 +71,84 @@
<executable>master</executable>
</service>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix.inc</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_acl.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_domains.xml</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_domains.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.xml</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_recipients.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_antispam.xml</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_antispam.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_sync.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_view_config.php</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_view_config.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.php</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_recipients.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_search.php</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_search.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix.php</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix.widget.php</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix.widget.php</item>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_about.php</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_about.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix_queue.php</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix_queue.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/postfix.priv.inc</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/postfix.priv.inc</item>
<prefix>/etc/inc/priv/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/postfix/adexport.pl</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/adexport.pl</item>
<prefix>/usr/local/bin/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/postfix/pkg_postfix.inc</item>
+ <item>https://packages.pfsense.org/packages/config/postfix/pkg_postfix.inc</item>
</additional_files_needed>
<tabs>
<tab>
diff --git a/config/postfix/postfix_about.php b/config/postfix/postfix_about.php
index 56645646..87d0cf69 100755
--- a/config/postfix/postfix_about.php
+++ b/config/postfix/postfix_about.php
@@ -1,7 +1,7 @@
<?php
/*
postfix_about.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com>
based on varnish_view_config.
All rights reserved.
@@ -30,8 +30,8 @@
$shortcut_section = "postfix";
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Diagnostics: Search Mail";
@@ -78,11 +78,11 @@ include("head.inc");
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td>
- <td width="78%" class="vtable"><?=gettext("Package v2 Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td>
+ <td width="78%" class="vtable"><?=gettext("Package v2 Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td>
- <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br>
+ <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br>
If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td>
</tr>
</table>
diff --git a/config/postfix/postfix_queue.php b/config/postfix/postfix_queue.php
index f60ac83e..7afd8fe7 100755
--- a/config/postfix/postfix_queue.php
+++ b/config/postfix/postfix_queue.php
@@ -1,7 +1,7 @@
<?php
/*
postfix_view_config.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com>
based on varnish_view_config.
All rights reserved.
@@ -104,8 +104,8 @@ if ($_REQUEST['cmd']!=""){
get_cmd();
}
else{
- $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
- if(strstr($pfSversion, "1.2"))
+ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+ if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Status: Postfix Mail Queue";
diff --git a/config/postfix/postfix_search.php b/config/postfix/postfix_search.php
index 85648287..c29d8cf2 100755
--- a/config/postfix/postfix_search.php
+++ b/config/postfix/postfix_search.php
@@ -1,7 +1,7 @@
<?php
/*
postfix_search.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com>
based on varnish_view_config.
All rights reserved.
@@ -34,8 +34,8 @@ $uname=posix_uname();
if ($uname['machine']=='amd64')
ini_set('memory_limit', '250M');
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Diagnostics: Search Mail";
diff --git a/config/postfix/postfix_view_config.php b/config/postfix/postfix_view_config.php
index 59deb11e..24bfd575 100644
--- a/config/postfix/postfix_view_config.php
+++ b/config/postfix/postfix_view_config.php
@@ -1,7 +1,7 @@
<?php
/*
postfix_view_config.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com>
based on varnish_view_config.
All rights reserved.
@@ -57,7 +57,7 @@ if ($_REQUEST['file']!=""){
}
else{
$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
- if(strstr($pfSversion, "1.2"))
+ if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Services: Postfix View Configuration";
diff --git a/config/pre2upgrade/pre2upgrade.php b/config/pre2upgrade/pre2upgrade.php
index 79097002..c9112850 100644
--- a/config/pre2upgrade/pre2upgrade.php
+++ b/config/pre2upgrade/pre2upgrade.php
@@ -64,7 +64,7 @@ Config check output:
<?php endif; ?>
<br/><br/>
Before proceeding with the upgrade, you should look over the upgrade guide on the doc wiki, which can be found here:<br/>
-<a href="http://doc.pfsense.org/index.php/Upgrade_Guide">http://doc.pfsense.org/index.php/Upgrade_Guide</a>.
+<a href="https://doc.pfsense.org/index.php/Upgrade_Guide">https://doc.pfsense.org/index.php/Upgrade_Guide</a>.
</td></tr>
</table>
</div>
diff --git a/config/pre2upgrade/pre2upgrade.xml b/config/pre2upgrade/pre2upgrade.xml
index 0895c1cf..a0a26956 100644
--- a/config/pre2upgrade/pre2upgrade.xml
+++ b/config/pre2upgrade/pre2upgrade.xml
@@ -41,7 +41,7 @@
<title>Diagnostics: Pre-2.0 Upgrade Check</title>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
- <item>http://www.pfsense.com/packages/config/pre2upgrade/pre2upgrade.php</item>
+ <item>https://packages.pfsense.org/packages/config/pre2upgrade/pre2upgrade.php</item>
</additional_files_needed>
<menu>
<name>Pre-Upgrade Check</name>
diff --git a/config/pure-ftpd.xml b/config/pure-ftpd.xml
index 7d9a70d6..4bace5cf 100644
--- a/config/pure-ftpd.xml
+++ b/config/pure-ftpd.xml
@@ -78,7 +78,7 @@
</adddeleteeditpagefields>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/pure-ftpdsettings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/pure-ftpdsettings.xml</item>
</additional_files_needed>
<!-- fields gets invoked when the user adds or edits a item. the following items
diff --git a/config/quagga_ospfd/quagga_ospfd.xml b/config/quagga_ospfd/quagga_ospfd.xml
index 74ea76db..8edfcc3f 100644
--- a/config/quagga_ospfd/quagga_ospfd.xml
+++ b/config/quagga_ospfd/quagga_ospfd.xml
@@ -7,12 +7,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd_interfaces.xml</item>
+ <item>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd_interfaces.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
@@ -22,12 +22,12 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/quagga_ospfd/status_ospfd.php</item>
+ <item>https://packages.pfsense.org/packages/config/quagga_ospfd/status_ospfd.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>777</chmod>
- <item>http://www.pfsense.com/packages/config/quagga_ospfd/quaggactl</item>
+ <item>https://packages.pfsense.org/packages/config/quagga_ospfd/quaggactl</item>
</additional_files_needed>
<menu>
<name>Quagga OSPFd</name>
diff --git a/config/quagga_ospfd/quagga_ospfd_interfaces.xml b/config/quagga_ospfd/quagga_ospfd_interfaces.xml
index 6e82fff8..f9953112 100644
--- a/config/quagga_ospfd/quagga_ospfd_interfaces.xml
+++ b/config/quagga_ospfd/quagga_ospfd_interfaces.xml
@@ -7,7 +7,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd.inc</item>
</additional_files_needed>
<menu>
<name>OSPF</name>
diff --git a/config/rate/rate.xml b/config/rate/rate.xml
index 787ad815..a4aa4739 100644
--- a/config/rate/rate.xml
+++ b/config/rate/rate.xml
@@ -52,17 +52,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/rate/rate.inc</item>
+ <item>https://packages.pfsense.org/packages/config/rate/rate.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/rate/bandwidth_by_ip.php</item>
+ <item>https://packages.pfsense.org/packages/config/rate/bandwidth_by_ip.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/rate/status_graph.php</item>
+ <item>https://packages.pfsense.org/packages/config/rate/status_graph.php</item>
</additional_files_needed>
<custom_php_install_command>
rate_install();
diff --git a/config/routed/routed.xml b/config/routed/routed.xml
index b722a28d..8764b172 100644
--- a/config/routed/routed.xml
+++ b/config/routed/routed.xml
@@ -3,7 +3,7 @@
<copyright>
/* $Id$ */
/*
- part of pfSense (http://www.pfsense.org/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2006 Bill Marquette - bill.marquette@gmail.com.
All rights reserved.
@@ -36,7 +36,7 @@
<include_file>/usr/local/pkg/routed.inc</include_file>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/routed/routed.inc</item>
+ <item>https://packages.pfsense.org/packages/config/routed/routed.inc</item>
</additional_files_needed>
<!-- Menu is where this packages menu will appear -->
diff --git a/config/rrd-summary/rrd-summary.xml b/config/rrd-summary/rrd-summary.xml
index a4a7c90f..4b62272d 100644
--- a/config/rrd-summary/rrd-summary.xml
+++ b/config/rrd-summary/rrd-summary.xml
@@ -57,7 +57,7 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/rrd-summary/status_rrd_summary.php</item>
+ <item>https://packages.pfsense.org/packages/config/rrd-summary/status_rrd_summary.php</item>
</additional_files_needed>
<custom_php_deinstall_command>
<![CDATA[
diff --git a/config/sarg/sarg.xml b/config/sarg/sarg.xml
index cc11cad4..a0162e3b 100644
--- a/config/sarg/sarg.xml
+++ b/config/sarg/sarg.xml
@@ -53,62 +53,62 @@
<url>/pkg_edit.php?xml=sarg.xml</url>
</menu>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg.inc</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg_schedule.xml</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg_schedule.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg_sync.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg_users.xml</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg_users.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg_realtime.php</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg_realtime.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg_about.php</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg_about.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg.php</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg_reports.php</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg_reports.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg_frame.php</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg_frame.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg_sorttable.js</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg_sorttable.js</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg.template</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg.template</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/sarg/sarg.priv.inc</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg.priv.inc</item>
<prefix>/etc/inc/priv/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
diff --git a/config/sarg/sarg_about.php b/config/sarg/sarg_about.php
index 1321adf6..573dc5ee 100755
--- a/config/sarg/sarg_about.php
+++ b/config/sarg/sarg_about.php
@@ -1,7 +1,7 @@
<?php
/*
sarg_about.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com>
All rights reserved.
@@ -29,8 +29,8 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "About: Sarg Package";
@@ -80,11 +80,11 @@ include("head.inc");
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td>
- <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td>
+ <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td>
- <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br>
+ <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br>
If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td>
</tr>
</table>
diff --git a/config/sarg/sarg_frame.php b/config/sarg/sarg_frame.php
index 21638247..6f3c941e 100755
--- a/config/sarg/sarg_frame.php
+++ b/config/sarg/sarg_frame.php
@@ -1,7 +1,7 @@
<?php
/*
sarg_frame.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com>
based on varnish_view_config.
All rights reserved.
diff --git a/config/sarg/sarg_realtime.php b/config/sarg/sarg_realtime.php
index 76e89769..81ea0a79 100755
--- a/config/sarg/sarg_realtime.php
+++ b/config/sarg/sarg_realtime.php
@@ -1,7 +1,7 @@
<?php
/*
sarg_realtime.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com>
All rights reserved.
@@ -99,8 +99,8 @@ if ($_REQUEST['cmd']!=""){
}
else{
require("guiconfig.inc");
- $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
- if(strstr($pfSversion, "1.2"))
+ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+ if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Status: Sarg Realtime";
diff --git a/config/sarg/sarg_reports.php b/config/sarg/sarg_reports.php
index b156a4d7..f18eb80e 100755
--- a/config/sarg/sarg_reports.php
+++ b/config/sarg/sarg_reports.php
@@ -1,7 +1,7 @@
<?php
/*
sarg_reports.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com>
All rights reserved.
@@ -29,8 +29,8 @@
require("guiconfig.inc");
- $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
- if(strstr($pfSversion, "1.2"))
+ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+ if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Status: Sarg Reports";
diff --git a/config/sarg/sarg_schedule.xml b/config/sarg/sarg_schedule.xml
index 9e1ad709..07e24d5c 100644
--- a/config/sarg/sarg_schedule.xml
+++ b/config/sarg/sarg_schedule.xml
@@ -47,12 +47,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/sarg/sarg.inc</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/sarg/sarg_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/sarg/sarg_sync.xml</item>
</additional_files_needed>
<menu>
<name>sarg</name>
diff --git a/config/servicewatchdog/services_servicewatchdog.php b/config/servicewatchdog/services_servicewatchdog.php
index 920fd1bb..bd4d4442 100644
--- a/config/servicewatchdog/services_servicewatchdog.php
+++ b/config/servicewatchdog/services_servicewatchdog.php
@@ -56,8 +56,33 @@ if ($_GET['act'] == "del") {
servicewatchdog_cron_job();
write_config();
header("Location: services_servicewatchdog.php");
- exit;
+ return;
+ }
+}
+
+if (isset($_POST['Update'])) {
+ /* update selected services */
+ if (is_array($_POST['notifies']) && count($_POST['notifies'])) {
+ /* Check each service and set the notify flag only for those chosen, remove those that are unset. */
+ foreach ($a_pwservices as $idx => $thisservice) {
+ if (!is_array($thisservice))
+ continue;
+ if (in_array($idx, $_POST['notifies'])) {
+ $a_pwservices[$idx]['notify'] = true;
+ } else {
+ if (isset($a_pwservices[$idx]['notify']))
+ unset($a_pwservices[$idx]['notify']);
+ }
+ }
+ } else { /* No notifies selected, remove them all. */
+ foreach ($a_pwservices as $idx => $thisservice) {
+ unset($a_pwservices[$idx]['notify']);
+ }
}
+ servicewatchdog_cron_job();
+ write_config();
+ header("Location: services_servicewatchdog.php");
+ return;
}
if (isset($_POST['del_x'])) {
@@ -69,7 +94,7 @@ if (isset($_POST['del_x'])) {
servicewatchdog_cron_job();
write_config();
header("Location: services_servicewatchdog.php");
- exit;
+ return;
}
} else {
/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
@@ -141,6 +166,7 @@ include("head.inc");
</td></tr>
<tr id="frheader">
<td width="5%" class="list">&nbsp;</td>
+<td width="5%" class="listhdrr">Notify</td>
<td width="30%" class="listhdrr"><?=gettext("Service Name");?></td>
<td width="60%" class="listhdrr"><?=gettext("Description");?></td>
<td width="5%" class="list">
@@ -164,7 +190,8 @@ foreach ($a_pwservices as $thisservice):
?>
<tr valign="top" id="fr<?=$nservices;?>">
<td class="listt"><input type="checkbox" id="frc<?=$nservices;?>" name="pwservices[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nservices;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td>
- <td class="listlr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';">
+ <td class="listlr"><input type="checkbox" id="notify<?=$nservices;?>" name="notifies[]" value="<?=$i;?>" style="margin: 0; padding: 0; width: 15px; height: 15px;" <?PHP if (isset($thisservice['notify'])) echo 'checked="CHECKED"';?>/></td>
+ <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';">
<?=$thisservice['name'];?>
</td>
<td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';">
@@ -180,7 +207,7 @@ foreach ($a_pwservices as $thisservice):
</td></tr>
<?php $i++; $nservices++; endforeach; ?>
<tr>
- <td class="list" colspan="3"></td>
+ <td class="list" colspan="4"></td>
<td class="list" valign="middle" nowrap>
<table border="0" cellspacing="0" cellpadding="1" summary="add">
<tr>
@@ -199,7 +226,14 @@ foreach ($a_pwservices as $thisservice):
</table>
</td>
</tr>
- <tr><td></td><td colspan="3">
+ <tr><td></td><td colspan="4">
+ <?php echo gettext("Check Notify next to services to perform an e-mail notification when the service is restarted. Configure e-mail notifications to receive the alerts."); ?>
+ <br/>
+ <input name="Update" type="submit" class="formbtn" value="<?=gettext("Update Notification Settings"); ?>" />
+ <br/>
+ <br/>
+ </td><td></td></tr>
+ <tr><td></td><td colspan="4">
<?php echo gettext("Click to select a service and use the arrows to re-order them in the list. Higher services are checked first."); ?>
</td><td></td></tr>
</table>
diff --git a/config/servicewatchdog/servicewatchdog.inc b/config/servicewatchdog/servicewatchdog.inc
index 696e570e..5b638836 100644
--- a/config/servicewatchdog/servicewatchdog.inc
+++ b/config/servicewatchdog/servicewatchdog.inc
@@ -3,6 +3,7 @@ require_once("config.inc");
require_once("services.inc");
require_once("service-utils.inc");
require_once("util.inc");
+require_once("notices.inc");
function servicewatchdog_service_matches($svc1, $svc2) {
/* If the arrays are equal, it must be the same service. */
@@ -74,7 +75,10 @@ function servicewatchdog_check_services() {
foreach ($a_pwservices as $svc) {
if (!get_service_status($svc)) {
$descr = strlen($svc['description']) > 50 ? substr($svc['description'], 0, 50) . "..." : $svc['description'];
- log_error("Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})");
+ $error_message = "Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})";
+ log_error($error_message);
+ if (isset($svc['notify']))
+ notify_via_smtp($error_message);
service_control_start($svc['name'], $svc);
}
}
diff --git a/config/servicewatchdog/servicewatchdog.xml b/config/servicewatchdog/servicewatchdog.xml
index 3df25c3c..685ba997 100644
--- a/config/servicewatchdog/servicewatchdog.xml
+++ b/config/servicewatchdog/servicewatchdog.xml
@@ -40,7 +40,7 @@
<requirements>None</requirements>
<faq>Monitors for stopped services and restarts them.</faq>
<name>Service Watchdog</name>
- <version>1.5</version>
+ <version>1.6</version>
<title>Services: Service Watchdog</title>
<include_file>/usr/local/pkg/servicewatchdog.inc</include_file>
<menu>
@@ -52,22 +52,22 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/servicewatchdog/services_servicewatchdog.php</item>
+ <item>https://packages.pfsense.org/packages/config/servicewatchdog/services_servicewatchdog.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/servicewatchdog/services_servicewatchdog_add.php</item>
+ <item>https://packages.pfsense.org/packages/config/servicewatchdog/services_servicewatchdog_add.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog_cron.php</item>
+ <item>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog_cron.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.inc</item>
+ <item>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.inc</item>
</additional_files_needed>
<custom_php_install_command>
servicewatchdog_cron_job();
diff --git a/config/shellcmd/shellcmd.xml b/config/shellcmd/shellcmd.xml
index f478a6c2..ca472078 100644
--- a/config/shellcmd/shellcmd.xml
+++ b/config/shellcmd/shellcmd.xml
@@ -67,22 +67,22 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd.xml</item>
+ <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd_edit.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd_edit.tmp</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/siproxd.inc b/config/siproxd.inc
index a34f5b34..7e72c868 100644
--- a/config/siproxd.inc
+++ b/config/siproxd.inc
@@ -270,7 +270,7 @@ function sync_package_siproxd() {
}
-function validate_form_siproxd($post, $input_errors) {
+function validate_form_siproxd($post, &$input_errors) {
if ($post['port'] && !is_port($post['port']))
$input_errors[] = 'Invalid port entered for "Listening Port"';
if ($post['rtplower'] && !is_port($post['rtplower']))
diff --git a/config/siproxd.xml b/config/siproxd.xml
index 1e16a9ea..27d00f32 100644
--- a/config/siproxd.xml
+++ b/config/siproxd.xml
@@ -37,7 +37,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>siproxdsettings</name>
- <version>0.5.13_pfs2</version>
+ <version>0.8.0_2 pkg v1.0.1</version>
<title>siproxd: Settings</title>
<include_file>/usr/local/pkg/siproxd.inc</include_file>
<aftersaveredirect>/pkg_edit.php?xml=siproxd.xml&amp;id=0</aftersaveredirect>
@@ -70,17 +70,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/siproxdusers.xml</item>
+ <item>https://packages.pfsense.org/packages/config/siproxdusers.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/siproxd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/siproxd.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/siproxd_registered_phones.php</item>
+ <item>https://packages.pfsense.org/packages/config/siproxd_registered_phones.php</item>
</additional_files_needed>
<fields>
<field>
@@ -339,6 +339,6 @@
</custom_php_resync_config_command>
<filter_rules_needed>siproxd_generate_rules</filter_rules_needed>
<custom_php_validation_command>
- validate_form_siproxd($_POST, &amp;$input_errors);
+ validate_form_siproxd($_POST, $input_errors);
</custom_php_validation_command>
</packagegui>
diff --git a/config/snort-old/bin/barnyard2 b/config/snort-old/bin/barnyard2
deleted file mode 100644
index b942e87f..00000000
--- a/config/snort-old/bin/barnyard2
+++ /dev/null
Binary files differ
diff --git a/config/snort-old/bin/oinkmaster_contrib/README.contrib b/config/snort-old/bin/oinkmaster_contrib/README.contrib
deleted file mode 100644
index 6923fa26..00000000
--- a/config/snort-old/bin/oinkmaster_contrib/README.contrib
+++ /dev/null
@@ -1,84 +0,0 @@
-# $Id: README.contrib,v 1.21 2005/10/18 10:41:20 andreas_o Exp $ #
-
--------------------------------------------------------------------------------
-* oinkgui.pl by Andreas Östling <andreaso@it.su.se>
-
- A graphical front-end to Oinkmaster written in Perl/Tk.
- See README.gui for complete documentation.
--------------------------------------------------------------------------------
-
-
-
--------------------------------------------------------------------------------
-* addsid.pl by Andreas Östling <andreaso@it.su.se>
-
- A script that parses *.rules in all specified directories and adds a
- SID to (active) rules that don't have any. (Actually, rev and classtype
- are also added if missing, unless you edit addsid.pl and tune this.) The
- script first looks for the current highest SID (even in inactive rules)
- and starts at the next one, unless this value is below MIN_SID (defined
- inside addsid.pl). By default, this value is set to 1000001 since this
- is the lowest SID assigned for local usage. Handles multi-line rules.
--------------------------------------------------------------------------------
-
-
-
--------------------------------------------------------------------------------
-* create-sidmap.pl by Andreas Östling <andreaso@it.su.se>
-
- A script that parses all active rules in *.rules in all specified
- directories and creates a SID map. (Like Snort's regen-sidmap, but this
- one handles multi-line rules.) Result goes to standard output which can
- be redirected to a sid-msg.map file.
--------------------------------------------------------------------------------
-
-
-
--------------------------------------------------------------------------------
-* makesidex.pl, originally by Jerry Applebaum but later rewritten by
- Andreas Östling <andreaso@it.su.se> to handle multi-line rules and
- multiple rules directories.
-
- It reads *.rules in all specified directories, looks for all disabled
- rules and prints a "disablesid <sid> # <msg>" line for each disabled rule.
- The output can be appended to oinkmaster.conf.
- Useful to new Oinkmaster users.
--------------------------------------------------------------------------------
-
-
-
--------------------------------------------------------------------------------
-* addmsg.pl by Andreas Östling <andreaso@it.su.se>:
-
- A script that will parse your oinkmaster.conf for
- localsid/enablesid/disablesid lines and add their rule message as a #comment.
- If your oinkmaster.conf looks like this before addmsg.pl has been run:
-
- disablesid 286
- disablesid 287
- disablesid 288
-
- It will look something like this afterward:
-
- disablesid 286 # POP3 EXPLOIT x86 bsd overflow
- disablesid 287 # POP3 EXPLOIT x86 bsd overflow
- disablesid 288 # POP3 EXPLOIT x86 linux overflow
-
- addmsg.pl will not touch lines that already has a comment in them.
- It's not able to handle SID lists when written like this:
- disablesid 1,2,3, ...
- But it should handle them if written like this:
- disablesid \
- 1, \
- 2, \
- 3
-
- The new config file will be printed to standard output, so you
- probably want to redirect the output to a file, for example:
-
- ./addmsg.pl oinkmaster.conf rules/ > oinkmaster.conf.new
-
- If oinkmaster.conf.new looks ok, simply rename it to oinkmaster.conf.
- Do NOT redirect to the same file you read from, as this will destroy
- that file.
--------------------------------------------------------------------------------
diff --git a/config/snort-old/bin/oinkmaster_contrib/addmsg.pl b/config/snort-old/bin/oinkmaster_contrib/addmsg.pl
deleted file mode 100644
index e5866d6f..00000000
--- a/config/snort-old/bin/oinkmaster_contrib/addmsg.pl
+++ /dev/null
@@ -1,299 +0,0 @@
-#!/usr/bin/perl -w
-
-# $Id: addmsg.pl,v 1.19 2005/12/31 13:42:46 andreas_o Exp $ #
-
-# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the following
-# disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials
-# provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its
-# contributors may be used to endorse or promote products
-# derived from this software without specific prior written
-# permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-use strict;
-
-sub get_next_entry($ $ $ $ $ $);
-sub parse_singleline_rule($ $ $);
-
-
-my $USAGE = << "RTFM";
-
-Parse Oinkmaster configuration file and add the rule's "msg" string as a
-#comment for each disablesid/enablesid line.
-
-Usage: $0 <oinkmaster.conf> <rulesdir> [rulesdir2, ...]
-
-The new config file will be printed to standard output, so you
-probably want to redirect the output to a new file (*NOT* the same
-file you used as input, because that will destroy the file!).
-For example:
-
-$0 /etc/oinkmaster.conf /etc/rules/ > oinkmaster.conf.new
-
-If oinkmaster.conf.new looks ok, simply rename it to /etc/oinkmaster.conf.
-
-RTFM
-
-
-# Regexp to match the start of a multi-line rule.
-# %ACTIONS% will be replaced with content of $config{actions} later.
-my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.*\\\\\s*\n$'; # ';
-
-# Regexp to match a single-line rule.
-my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.+;\s*\)\s*$'; # ';
-
-
-my $config = shift || die($USAGE);
-
-my @rulesdirs = @ARGV;
-die($USAGE) unless ($#rulesdirs > -1);
-
-my $verbose = 1;
-my (%sidmsgmap, %config);
-
-$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic";
-
-$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-
-
-
-# Read in oinkmaster.conf.
-open(CONFIG, "<" , "$config") or die("could not open \"$config\" for reading: $!\n");
-my @config = <CONFIG>;
-close(CONFIG);
-
-
-# Read in *.rules in all rulesdirs and create %sidmsgmap ($sidmsgmap{sid} = msg).
-foreach my $rulesdir (@rulesdirs) {
- opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n");
-
- while (my $file = readdir(RULESDIR)) {
- next unless ($file =~ /\.rules$/);
-
- open(FILE, "<", "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n");
- my @file = <FILE>;
- close(FILE);
-
- my ($single, $multi, $nonrule, $msg, $sid);
-
- while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
- $sidmsgmap{$sid} = $msg
- if (defined($single));
- }
- }
-}
-
-
-# Print new oinkmaster.conf.
-while ($_ = shift(@config)) {
- if (/^\s*(?:disable|enable|local)sid\s+(\d+)\s*$/ || /^\s*(\d+)\s*,\s*\\$/ || /^\s*(\d+)\s*$/) {
- my $sid = $1;
- my $is_multiline = 0;
- chomp;
-
- if (/\\$/) {
- $is_multiline = 1;
- s/\\$//;
- }
-
- $_ = sprintf("%-25s", $_);
- if (exists($sidmsgmap{$sid})) {
- print "$_ # $sidmsgmap{$sid}";
- } else {
- print "$_";
- }
- print " \\" if ($is_multiline);
- print "\n";
- } else {
- print;
- }
-}
-
-
-
-# From oinkmaster.pl.
-sub get_next_entry($ $ $ $ $ $)
-{
- my $arr_ref = shift;
- my $single_ref = shift;
- my $multi_ref = shift;
- my $nonrule_ref = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- undef($$single_ref);
- undef($$multi_ref);
- undef($$nonrule_ref);
- undef($$msg_ref);
- undef($$sid_ref);
-
- my $line = shift(@$arr_ref) || return(0);
- my $disabled = 0;
- my $broken = 0;
-
- # Possible beginning of multi-line rule?
- if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
- $$single_ref = $line;
- $$multi_ref = $line;
-
- $disabled = 1 if ($line =~ /^\s*#/);
-
- # Keep on reading as long as line ends with "\".
- while (!$broken && $line =~ /\\\s*\n$/) {
-
- # Remove trailing "\" and newline for single-line version.
- $$single_ref =~ s/\\\s*\n//;
-
- # If there are no more lines, this can not be a valid multi-line rule.
- if (!($line = shift(@$arr_ref))) {
-
- warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
- if ($config{verbose});
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
-
- # Multi-line continuation.
- $$multi_ref .= $line;
-
- # If there are non-comment lines in the middle of a disabled rule,
- # mark the rule as broken to return as non-rule lines.
- if ($line !~ /^\s*#/ && $disabled) {
- $broken = 1;
- } elsif ($line =~ /^\s*#/ && !$disabled) {
- # comment line (with trailing slash) in the middle of an active rule - ignore it
- } else {
- $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
- $$single_ref .= $line;
- }
-
- } # while line ends with "\"
-
- # Single-line version should now be a valid rule.
- # If not, it wasn't a valid multi-line rule after all.
- if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
-
- $$single_ref =~ s/^\s*//; # remove leading whitespaces
- $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
- $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- $$multi_ref =~ s/^\s*//;
- $$multi_ref =~ s/\s*\n$/\n/;
- $$multi_ref =~ s/^#+\s*/#/;
-
- return (1); # return multi
- } else {
- warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
- if ($config{verbose} && $$multi_ref !~ /^\s*#/);
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
- } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
- $$single_ref = $line;
- $$single_ref =~ s/^\s*//;
- $$single_ref =~ s/^#+\s*/#/;
- $$single_ref =~ s/\s*\n$/\n/;
-
- return (1); # return single
- } else { # non-rule line
-
- # Do extra check and warn if it *might* be a rule anyway,
- # but that we just couldn't parse for some reason.
- warn("\nWARNING: line may be a rule but it could not be parsed ".
- "(missing sid or msg?): $line\n")
- if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
-
- $$nonrule_ref = $line;
- $$nonrule_ref =~ s/\s*\n$/\n/;
-
- return (1); # return non-rule
- }
-}
-
-
-
-# From oinkmaster.pl.
-sub parse_singleline_rule($ $ $)
-{
- my $line = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
-
- if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
- $$msg_ref = $1;
- } else {
- return (0);
- }
-
- if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
- $$sid_ref = $1;
- } else {
- return (0);
- }
-
- return (1);
- }
-
- return (0);
-}
diff --git a/config/snort-old/bin/oinkmaster_contrib/addsid.pl b/config/snort-old/bin/oinkmaster_contrib/addsid.pl
deleted file mode 100644
index 64255d22..00000000
--- a/config/snort-old/bin/oinkmaster_contrib/addsid.pl
+++ /dev/null
@@ -1,382 +0,0 @@
-#!/usr/bin/perl -w
-
-# $Id: addsid.pl,v 1.30 2005/12/31 13:42:46 andreas_o Exp $ #
-
-# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the following
-# disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials
-# provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its
-# contributors may be used to endorse or promote products
-# derived from this software without specific prior written
-# permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-use strict;
-
-
-sub get_next_entry($ $ $ $ $ $);
-sub parse_singleline_rule($ $ $);
-sub get_next_available_sid(@);
-
-
-# Set this to the default classtype you want to add, if missing.
-# Set to 0 or "" if you don't want to add a classtype.
-my $CLASSTYPE = "misc-attack";
-
-# If ADD_REV is set to 1, "rev: 1;" will be added to rule if it has no rev.
-# Set to 0 if you don't want to add it.
-my $ADD_REV = 1;
-
-# Minimum SID to add. Normally, the next available SID will be used,
-# unless it's below this value. Only SIDs >= 1000000 are reserved for
-# personal use.
-my $MIN_SID = 1000001;
-
-# Regexp to match the start of a multi-line rule.
-# %ACTIONS% will be replaced with content of $config{actions} later.
-my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.*\\\\\s*\n$'; # ';
-
-# Regexp to match a single-line rule.
-my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.+;\s*\)\s*$'; # ';
-
-
-my $USAGE = << "RTFM";
-
-Parse *.rules in one or more directories and add "sid:<sid>;" to
-active rules that don't have any "sid" entry, starting with the next
-available SID after parsing all rules files (but $MIN_SID at minumum).
-Also, "rev:1;" is added to rules without a "rev" entry, and
-"classtype:misc-attack;" is added to rules without a "classtype" entry
-(edit options at the top of $0 if you want to change this).
-
-Usage: $0 <rulesdir> [rulesdir2, ...]
-
-RTFM
-
-
-# Start in verbose mode.
-my $verbose = 1;
-
-my (%all_sids, %active_sids, %config);
-
-my @rulesdirs = @ARGV;
-
-die($USAGE) unless ($#rulesdirs > -1);
-
-$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic";
-
-$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-
-
-# Find out the next available SID.
-my $next_sid = get_next_available_sid(@rulesdirs);
-
-# Avoid seeing possible warnings about broken rules twice.
-$verbose = 0;
-
-# Add sid/rev/classtype to active rules that don't have any.
-foreach my $dir (@rulesdirs) {
- opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n");
-
- while (my $file = readdir(RULESDIR)) {
- next unless ($file =~ /\.rules$/);
-
- open(OLDFILE, "$dir/$file")
- or die("could not open \"$dir/$file\": $!\n");
- my @file = <OLDFILE>;
- close(OLDFILE);
-
- open(NEWFILE, ">", "$dir/$file")
- or die("could not open \"$dir/$file\" for writing: $!\n");
-
- my ($single, $multi, $nonrule, $msg, $sid);
- while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
-
- if (defined($nonrule)) {
- print NEWFILE "$nonrule";
- next;
- }
-
- $multi = $single unless (defined($multi));
-
- # Don't care about inactive rules.
- if ($single =~ /^\s*#/) {
- print NEWFILE "$multi";
- next;
- }
-
- my $added;
-
- # Add SID.
- if ($single !~ /sid\s*:\s*\d+\s*;/) {
- $added .= "SID $next_sid,";
- $multi =~ s/\)\s*\n/sid:$next_sid;)\n/;
- $next_sid++;
- }
-
- # Add revision.
- if ($ADD_REV && $single !~ /rev\s*:\s*\d+\s*;/) {
- $added .= "rev,";
- $multi =~ s/\)\s*\n/rev:1;)\n/;
- }
-
- # Add classtype.
- if ($CLASSTYPE && $single !~ /classtype\s*:\s*.+\s*;/) {
- $added .= "classtype $CLASSTYPE,";
- $multi =~ s/\)\s*\n/classtype:$CLASSTYPE;)\n/;
- }
-
- if (defined($added)) {
- $added =~ s/,$//;
- print "Adding $added to rule \"$msg\"\n"
- if (defined($added));
- }
-
- print NEWFILE "$multi";
- }
-
- close(NEWFILE);
- }
-
- closedir(RULESDIR);
-}
-
-
-
-# Read in *.rules in given directory and return highest SID.
-sub get_next_available_sid(@)
-{
- my @dirs = @_;
-
- foreach my $dir (@dirs) {
- opendir(RULESDIR, "$dir") or die("could not open \"$dir\": $!\n");
-
- # Only care about *.rules.
- while (my $file = readdir(RULESDIR)) {
- next unless ($file =~ /\.rules$/);
-
- open(OLDFILE, "<$dir/$file") or die("could not open \"$dir/$file\": $!\n");
- my @file = <OLDFILE>;
- close(OLDFILE);
-
- my ($single, $multi, $nonrule, $msg, $sid);
-
- while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
- if (defined($single) && defined($sid)) {
- $all_sids{$sid}++;
-
- # If this is an active rule add to %active_sids and
- # warn if it already exists.
- if ($single =~ /^\s*alert/) {
- print STDERR "WARNING: duplicate SID: $sid\n"
- if (exists($active_sids{$sid}));
- $active_sids{$sid}++
- }
- }
- }
- }
- }
-
- # Sort sids and use highest one + 1, unless it's below MIN_SID.
- @_ = sort {$a <=> $b} keys(%all_sids);
- my $sid = pop(@_);
-
- if (!defined($sid)) {
- $sid = $MIN_SID
- } else {
- $sid++;
- }
-
- # If it's below MIN_SID, use MIN_SID instead.
- $sid = $MIN_SID if ($sid < $MIN_SID);
-
- return ($sid)
-}
-
-
-
-sub get_next_entry($ $ $ $ $ $)
-{
- my $arr_ref = shift;
- my $single_ref = shift;
- my $multi_ref = shift;
- my $nonrule_ref = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- undef($$single_ref);
- undef($$multi_ref);
- undef($$nonrule_ref);
- undef($$msg_ref);
- undef($$sid_ref);
-
- my $line = shift(@$arr_ref) || return(0);
- my $disabled = 0;
- my $broken = 0;
-
- # Possible beginning of multi-line rule?
- if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
- $$single_ref = $line;
- $$multi_ref = $line;
-
- $disabled = 1 if ($line =~ /^\s*#/);
-
- # Keep on reading as long as line ends with "\".
- while (!$broken && $line =~ /\\\s*\n$/) {
-
- # Remove trailing "\" and newline for single-line version.
- $$single_ref =~ s/\\\s*\n//;
-
- # If there are no more lines, this can not be a valid multi-line rule.
- if (!($line = shift(@$arr_ref))) {
-
- warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
- if ($config{verbose});
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
-
- # Multi-line continuation.
- $$multi_ref .= $line;
-
- # If there are non-comment lines in the middle of a disabled rule,
- # mark the rule as broken to return as non-rule lines.
- if ($line !~ /^\s*#/ && $disabled) {
- $broken = 1;
- } elsif ($line =~ /^\s*#/ && !$disabled) {
- # comment line (with trailing slash) in the middle of an active rule - ignore it
- } else {
- $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
- $$single_ref .= $line;
- }
-
- } # while line ends with "\"
-
- # Single-line version should now be a valid rule.
- # If not, it wasn't a valid multi-line rule after all.
- if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
-
- $$single_ref =~ s/^\s*//; # remove leading whitespaces
- $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
- $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- $$multi_ref =~ s/^\s*//;
- $$multi_ref =~ s/\s*\n$/\n/;
- $$multi_ref =~ s/^#+\s*/#/;
-
- return (1); # return multi
- } else {
- warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
- if ($config{verbose} && $$multi_ref !~ /^\s*#/);
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
- } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
- $$single_ref = $line;
- $$single_ref =~ s/^\s*//;
- $$single_ref =~ s/^#+\s*/#/;
- $$single_ref =~ s/\s*\n$/\n/;
-
- return (1); # return single
- } else { # non-rule line
-
- # Do extra check and warn if it *might* be a rule anyway,
- # but that we just couldn't parse for some reason.
- warn("\nWARNING: line may be a rule but it could not be parsed ".
- "(missing sid or msg?): $line\n")
- if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
-
- $$nonrule_ref = $line;
- $$nonrule_ref =~ s/\s*\n$/\n/;
-
- return (1); # return non-rule
- }
-}
-
-
-
-# From oinkmaster.pl except that this version
-# has been modified so that the sid is *optional*.
-sub parse_singleline_rule($ $ $)
-{
- my $line = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
-
- if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
- $$msg_ref = $1;
- } else {
- return (0);
- }
-
- if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
- $$sid_ref = $1;
-# } else {
-# return (0);
- }
-
- return (1);
- }
-
- return (0);
-}
diff --git a/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl b/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl
deleted file mode 100644
index 26a9040c..00000000
--- a/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl
+++ /dev/null
@@ -1,280 +0,0 @@
-#!/usr/local/bin/perl -w
-
-# $Id: create-sidmap.pl,v 1.21 2005/12/31 13:42:46 andreas_o Exp $ #
-
-# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the following
-# disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials
-# provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its
-# contributors may be used to endorse or promote products
-# derived from this software without specific prior written
-# permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-use strict;
-
-sub get_next_entry($ $ $ $ $ $);
-sub parse_singleline_rule($ $ $);
-
-# Files to ignore.
-my %skipfiles = (
- 'deleted.rules' => 1,
-);
-
-# Regexp to match the start of a multi-line rule.
-# %ACTIONS% will be replaced with content of $config{actions} later.
-my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.*\\\\\s*\n$'; # ';
-
-# Regexp to match a single-line rule.
-my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.+;\s*\)\s*$'; # ';
-
-my $USAGE = << "RTFM";
-
-Parse active rules in *.rules in one or more directories and create a SID
-map. Result is sent to standard output, which can be redirected to a
-sid-msg.map file.
-
-Usage: $0 <rulesdir> [rulesdir2, ...]
-
-RTFM
-
-my $verbose = 1;
-
-my (%sidmap, %config);
-
-my @rulesdirs = @ARGV;
-
-die($USAGE) unless ($#rulesdirs > -1);
-
-$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic";
-
-$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-
-
-# Read in all rules from each rules file (*.rules) in each rules dir.
-# into %sidmap.
-foreach my $rulesdir (@rulesdirs) {
- opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n");
-
- while (my $file = readdir(RULESDIR)) {
- next unless ($file =~ /\.rules$/);
- next if ($skipfiles{$file});
-
- open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n");
- my @file = <FILE>;
- close(FILE);
-
- my ($single, $multi, $nonrule, $msg, $sid);
-
- while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
- if (defined($single)) {
-
- warn("WARNING: duplicate SID: $sid (discarding old)\n")
- if (exists($sidmap{$sid}));
-
- $sidmap{$sid} = "$sid || $msg";
-
- # Print all references. Borrowed from Brian Caswell's regen-sidmap script.
- my $ref = $single;
- while ($ref =~ s/(.*)reference\s*:\s*([^\;]+)(.*)$/$1 $3/) {
- $sidmap{$sid} .= " || $2"
- }
-
- $sidmap{$sid} .= "\n";
- }
- }
- }
-}
-
-# Print results.
-foreach my $sid (sort { $a <=> $b } keys(%sidmap)) {
- print "$sidmap{$sid}";
-}
-
-
-
-# Same as in oinkmaster.pl.
-sub get_next_entry($ $ $ $ $ $)
-{
- my $arr_ref = shift;
- my $single_ref = shift;
- my $multi_ref = shift;
- my $nonrule_ref = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- undef($$single_ref);
- undef($$multi_ref);
- undef($$nonrule_ref);
- undef($$msg_ref);
- undef($$sid_ref);
-
- my $line = shift(@$arr_ref) || return(0);
- my $disabled = 0;
- my $broken = 0;
-
- # Possible beginning of multi-line rule?
- if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
- $$single_ref = $line;
- $$multi_ref = $line;
-
- $disabled = 1 if ($line =~ /^\s*#/);
-
- # Keep on reading as long as line ends with "\".
- while (!$broken && $line =~ /\\\s*\n$/) {
-
- # Remove trailing "\" and newline for single-line version.
- $$single_ref =~ s/\\\s*\n//;
-
- # If there are no more lines, this can not be a valid multi-line rule.
- if (!($line = shift(@$arr_ref))) {
-
- warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
- if ($config{verbose});
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
-
- # Multi-line continuation.
- $$multi_ref .= $line;
-
- # If there are non-comment lines in the middle of a disabled rule,
- # mark the rule as broken to return as non-rule lines.
- if ($line !~ /^\s*#/ && $disabled) {
- $broken = 1;
- } elsif ($line =~ /^\s*#/ && !$disabled) {
- # comment line (with trailing slash) in the middle of an active rule - ignore it
- } else {
- $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
- $$single_ref .= $line;
- }
-
- } # while line ends with "\"
-
- # Single-line version should now be a valid rule.
- # If not, it wasn't a valid multi-line rule after all.
- if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
-
- $$single_ref =~ s/^\s*//; # remove leading whitespaces
- $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
- $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- $$multi_ref =~ s/^\s*//;
- $$multi_ref =~ s/\s*\n$/\n/;
- $$multi_ref =~ s/^#+\s*/#/;
-
- return (1); # return multi
- } else {
- warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
- if ($config{verbose} && $$multi_ref !~ /^\s*#/);
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
- } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
- $$single_ref = $line;
- $$single_ref =~ s/^\s*//;
- $$single_ref =~ s/^#+\s*/#/;
- $$single_ref =~ s/\s*\n$/\n/;
-
- return (1); # return single
- } else { # non-rule line
-
- # Do extra check and warn if it *might* be a rule anyway,
- # but that we just couldn't parse for some reason.
- warn("\nWARNING: line may be a rule but it could not be parsed ".
- "(missing sid or msg?): $line\n")
- if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
-
- $$nonrule_ref = $line;
- $$nonrule_ref =~ s/\s*\n$/\n/;
-
- return (1); # return non-rule
- }
-}
-
-
-
-# Same as in oinkmaster.pl.
-sub parse_singleline_rule($ $ $)
-{
- my $line = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
-
- if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
- $$msg_ref = $1;
- } else {
- return (0);
- }
-
- if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
- $$sid_ref = $1;
- } else {
- return (0);
- }
-
- return (1);
- }
-
- return (0);
-}
diff --git a/config/snort-old/bin/oinkmaster_contrib/makesidex.pl b/config/snort-old/bin/oinkmaster_contrib/makesidex.pl
deleted file mode 100644
index 80354735..00000000
--- a/config/snort-old/bin/oinkmaster_contrib/makesidex.pl
+++ /dev/null
@@ -1,261 +0,0 @@
-#!/usr/bin/perl -w
-
-# $Id: makesidex.pl,v 1.11 2005/12/31 13:42:46 andreas_o Exp $ #
-
-# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the following
-# disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials
-# provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its
-# contributors may be used to endorse or promote products
-# derived from this software without specific prior written
-# permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-use strict;
-
-sub get_next_entry($ $ $ $ $ $);
-sub parse_singleline_rule($ $ $);
-
-
-# Regexp to match the start of a multi-line rule.
-# %ACTIONS% will be replaced with content of $config{actions} later.
-my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.*\\\\\s*\n$'; # ';
-
-# Regexp to match a single-line rule.
-my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.+;\s*\)\s*$'; # ';
-
-my $USAGE = << "RTFM";
-
-Parse *.rules in one or more directories and look for all rules that are
-disabled (i.e. begin with "#") and print "disablesid <sid> # <msg>" to
-standard output for all those rules. This output can be redirected to a
-file, which will be understood by Oinkmaster.
-
-Usage: $0 <rulesdir> [rulesdir2, ...]
-
-RTFM
-
-my $verbose = 1;
-
-my (%disabled, %config);
-
-my @rulesdirs = @ARGV;
-
-die($USAGE) unless ($#rulesdirs > -1);
-
-$config{rule_actions} = "alert|drop|log|pass|reject|sdrop|activate|dynamic";
-
-$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-
-foreach my $rulesdir (@rulesdirs) {
- opendir(RULESDIR, "$rulesdir") or die("could not open \"$rulesdir\": $!\n");
-
- while (my $file = readdir(RULESDIR)) {
- next unless ($file =~ /\.rules$/);
-
- open(FILE, "$rulesdir/$file") or die("could not open \"$rulesdir/$file\": $!\n");
- my @file = <FILE>;
- close(FILE);
-
- my ($single, $multi, $nonrule, $msg, $sid);
-
- while (get_next_entry(\@file, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
- $single = $multi if (defined($multi));
- $disabled{$sid} = $msg
- if (defined($single) && $single =~ /^\s*#/);
- }
- }
-}
-
-# Print results.
-foreach my $sid (sort { $a <=> $b } keys(%disabled)) {
- printf("%-25s # %s\n", "disablesid $sid", $disabled{$sid});
-}
-
-
-
-# Same as in oinkmaster.pl.
-sub get_next_entry($ $ $ $ $ $)
-{
- my $arr_ref = shift;
- my $single_ref = shift;
- my $multi_ref = shift;
- my $nonrule_ref = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- undef($$single_ref);
- undef($$multi_ref);
- undef($$nonrule_ref);
- undef($$msg_ref);
- undef($$sid_ref);
-
- my $line = shift(@$arr_ref) || return(0);
- my $disabled = 0;
- my $broken = 0;
-
- # Possible beginning of multi-line rule?
- if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
- $$single_ref = $line;
- $$multi_ref = $line;
-
- $disabled = 1 if ($line =~ /^\s*#/);
-
- # Keep on reading as long as line ends with "\".
- while (!$broken && $line =~ /\\\s*\n$/) {
-
- # Remove trailing "\" and newline for single-line version.
- $$single_ref =~ s/\\\s*\n//;
-
- # If there are no more lines, this can not be a valid multi-line rule.
- if (!($line = shift(@$arr_ref))) {
-
- warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
- if ($config{verbose});
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
-
- # Multi-line continuation.
- $$multi_ref .= $line;
-
- # If there are non-comment lines in the middle of a disabled rule,
- # mark the rule as broken to return as non-rule lines.
- if ($line !~ /^\s*#/ && $disabled) {
- $broken = 1;
- } elsif ($line =~ /^\s*#/ && !$disabled) {
- # comment line (with trailing slash) in the middle of an active rule - ignore it
- } else {
- $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
- $$single_ref .= $line;
- }
-
- } # while line ends with "\"
-
- # Single-line version should now be a valid rule.
- # If not, it wasn't a valid multi-line rule after all.
- if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
-
- $$single_ref =~ s/^\s*//; # remove leading whitespaces
- $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
- $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- $$multi_ref =~ s/^\s*//;
- $$multi_ref =~ s/\s*\n$/\n/;
- $$multi_ref =~ s/^#+\s*/#/;
-
- return (1); # return multi
- } else {
- warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
- if ($config{verbose} && $$multi_ref !~ /^\s*#/);
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
- } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
- $$single_ref = $line;
- $$single_ref =~ s/^\s*//;
- $$single_ref =~ s/^#+\s*/#/;
- $$single_ref =~ s/\s*\n$/\n/;
-
- return (1); # return single
- } else { # non-rule line
-
- # Do extra check and warn if it *might* be a rule anyway,
- # but that we just couldn't parse for some reason.
- warn("\nWARNING: line may be a rule but it could not be parsed ".
- "(missing sid or msg?): $line\n")
- if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
-
- $$nonrule_ref = $line;
- $$nonrule_ref =~ s/\s*\n$/\n/;
-
- return (1); # return non-rule
- }
-}
-
-
-
-# Same as in oinkmaster.pl.
-sub parse_singleline_rule($ $ $)
-{
- my $line = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
-
- if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
- $$msg_ref = $1;
- } else {
- return (0);
- }
-
- if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
- $$sid_ref = $1;
- } else {
- return (0);
- }
-
- return (1);
- }
-
- return (0);
-}
diff --git a/config/snort-old/bin/oinkmaster_contrib/oinkgui.pl b/config/snort-old/bin/oinkmaster_contrib/oinkgui.pl
deleted file mode 100644
index 4e96f7db..00000000
--- a/config/snort-old/bin/oinkmaster_contrib/oinkgui.pl
+++ /dev/null
@@ -1,1046 +0,0 @@
-#!/usr/bin/perl -w
-
-# $Id: oinkgui.pl,v 1.52 2005/12/31 13:42:46 andreas_o Exp $ #
-
-# Copyright (c) 2004-2006 Andreas Östling <andreaso@it.su.se>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the following
-# disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials
-# provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its
-# contributors may be used to endorse or promote products
-# derived from this software without specific prior written
-# permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-use 5.006001;
-
-use strict;
-use File::Spec;
-use Tk;
-use Tk::Balloon;
-use Tk::BrowseEntry;
-use Tk::FileSelect;
-use Tk::NoteBook;
-use Tk::ROText;
-
-use constant CSIDL_DRIVES => 17;
-
-sub update_rules();
-sub clear_messages();
-sub create_cmdline($);
-sub fileDialog($ $ $ $);
-sub load_config();
-sub save_config();
-sub save_messages();
-sub update_file_label_color($ $ $);
-sub create_fileSelectFrame($ $ $ $ $ $);
-sub create_checkbutton($ $ $);
-sub create_radiobutton($ $ $);
-sub create_actionbutton($ $ $);
-sub execute_oinkmaster(@);
-sub logmsg($ $);
-
-
-my $version = 'Oinkmaster GUI v1.1';
-
-my @oinkmaster_conf = qw(
- /etc/oinkmaster.conf
- /usr/local/etc/oinkmaster.conf
-);
-
-# List of URLs that will show up in the URL BrowseEntry.
-my @urls = qw(
- http://www.bleedingsnort.com/bleeding.rules.tar.gz
- http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
- http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz
- http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.3.tar.gz
-);
-
-my %color = (
- background => 'Bisque3',
- button => 'Bisque2',
- label => 'Bisque1',
- notebook_bg => 'Bisque2',
- notebook_inact => 'Bisque3',
- file_label_ok => '#00e000',
- file_label_not_ok => 'red',
- out_frame_fg => 'white',
- out_frame_bg => 'black',
- entry_bg => 'white',
- button_active => 'white',
- button_bg => 'Bisque4',
-);
-
-my %config = (
- animate => 1,
- careful => 0,
- enable_all => 0,
- check_removed => 0,
- output_mode => 'normal',
- diff_mode => 'detailed',
- perl => $^X,
- oinkmaster => "",
- oinkmaster_conf => "",
- outdir => "",
- url => "",
- varfile => "",
- backupdir => "",
- editor => "",
-);
-
-my %help = (
-
- # File locations.
- oinkscript => 'Location of the executable Oinkmaster script (oinkmaster.pl).',
- oinkconf => 'The Oinkmaster configuration file to use.',
- outdir => 'Where to put the new rules. This should be the directory where you '.
- 'store your current rules.',
-
- url => 'Alternate location of rules archive to download/copy. '.
- 'Leave empty to use the location set in oinkmaster.conf.',
- varfile => 'Variables that exist in downloaded snort.conf but not in '.
- 'this file will be added to it. Leave empty to skip.',
- backupdir => 'Directory to put tarball of old rules before overwriting them. '.
- 'Leave empty to skip backup.',
- editor => 'Full path to editor to execute when pressing the "edit" button '.
- '(wordpad is recommended on Windows). ',
-
- # Checkbuttons.
- careful => 'In careful mode, Oinkmaster will just check for changes, '.
- 'not update anything.',
- enable => 'Some rules may be commented out by default (for a reason!). '.
- 'This option will make Oinkmaster enable those.',
- removed => 'Check for rules files that exist in the output directory but not '.
- 'in the downloaded rules archive.',
-
- # Action buttons.
- clear => 'Clear current output messages.',
- save => 'Save current output messages to file.',
- exit => 'Exit the GUI.',
- update => 'Execute Oinkmaster to update the rules.',
- test => 'Test current Oinkmaster configuration. ' .
- 'If there are no fatal errors, you are ready to update the rules.',
- version => 'Request version information from Oinkmaster.',
-);
-
-
-my $gui_config_file = "";
-my $use_fileop = 0;
-
-
-#### MAIN ####
-
-select STDERR;
-$| = 1;
-select STDOUT;
-$| = 1;
-
-# Find out if can use Win32::FileOp.
-if ($^O eq 'MSWin32') {
- BEGIN { $^W = 0 }
- $use_fileop = 1 if (eval "require Win32::FileOp");
-}
-
-# Find out which oinkmaster.pl file to default to.
-foreach my $dir (File::Spec->path()) {
- my $file = "$dir/oinkmaster";
- if (-f "$file" && (-x "$file" || $^O eq 'MSWin32')) {
- $config{oinkmaster} = $file;
- last;
- } elsif (-f "$file.pl" && (-x "$file" || $^O eq 'MSWin32')) {
- $config{oinkmaster} = "$file.pl";
- last;
- }
-}
-
-# Find out which oinkmaster config file to default to.
-foreach my $file (@oinkmaster_conf) {
- if (-e "$file") {
- $config{oinkmaster_conf} = $file;
- last;
- }
-}
-
-# Find out where the GUI config file is (it's not required).
-if ($ENV{HOME}) {
- $gui_config_file = "$ENV{HOME}/.oinkguirc"
-} elsif ($ENV{HOMEDRIVE} && $ENV{HOMEPATH}) {
- $gui_config_file = "$ENV{HOMEDRIVE}$ENV{HOMEPATH}\\.oinkguirc";
-}
-
-
-# Create main window.
-my $main = MainWindow->new(
- -background => "$color{background}",
- -title => "$version",
-);
-
-
-# Create scrolled frame with output messages.
-my $out_frame = $main->Scrolled('ROText',
- -setgrid => 'true',
- -scrollbars => 'e',
- -background => $color{out_frame_bg},
- -foreground => $color{out_frame_fg},
-);
-
-
-my $help_label = $main->Label(
- -relief => 'groove',
- -background => "$color{label}",
-);
-
-my $balloon = $main->Balloon(
- -statusbar => $help_label,
-);
-
-
-# Create notebook.
-my $notebook = $main->NoteBook(
- -ipadx => 6,
- -ipady => 6,
- -background => $color{notebook_bg},
- -inactivebackground => $color{notebook_inact},
- -backpagecolor => $color{background},
-);
-
-
-# Create tab with required files/dirs.
-my $req_tab = $notebook->add("required",
- -label => "Required files and directories",
- -underline => 0,
-);
-
-$req_tab->configure(-bg => "$color{notebook_inact}");
-
-
-# Create frame with oinkmaster.pl location.
-my $filetypes = [
- ['Oinkmaster script', 'oinkmaster.pl'],
- ['All files', '*' ]
-];
-
-my $oinkscript_frame =
- create_fileSelectFrame($req_tab, "oinkmaster.pl", 'EXECFILE',
- \$config{oinkmaster}, 'NOEDIT', $filetypes);
-
-$balloon->attach($oinkscript_frame, -statusmsg => $help{oinkscript});
-
-
-# Create frame with oinkmaster.conf location.
-$filetypes = [
- ['configuration files', '.conf'],
- ['All files', '*' ]
-];
-
-my $oinkconf_frame =
- create_fileSelectFrame($req_tab, "oinkmaster.conf", 'ROFILE',
- \$config{oinkmaster_conf}, 'EDIT', $filetypes);
-
-$balloon->attach($oinkconf_frame, -statusmsg => $help{oinkconf});
-
-
-# Create frame with output directory.
-my $outdir_frame =
- create_fileSelectFrame($req_tab, "output directory", 'WRDIR',
- \$config{outdir}, 'NOEDIT', undef);
-
-$balloon->attach($outdir_frame, -statusmsg => $help{outdir});
-
-
-
-# Create tab with optional files/dirs.
-my $opt_tab = $notebook->add("optional",
- -label => "Optional files and directories",
- -underline => 0,
-);
-
-$opt_tab->configure(-bg => "$color{notebook_inact}");
-
-# Create frame with alternate URL location.
-$filetypes = [
- ['compressed tar files', '.tar.gz']
-];
-
-my $url_frame =
- create_fileSelectFrame($opt_tab, "Alternate URL", 'URL',
- \$config{url}, 'NOEDIT', $filetypes);
-
-$balloon->attach($url_frame, -statusmsg => $help{url});
-
-
-# Create frame with variable file.
-$filetypes = [
- ['Snort configuration files', ['.conf', '.config']],
- ['All files', '*' ]
-];
-
-my $varfile_frame =
- create_fileSelectFrame($opt_tab, "Variable file", 'WRFILE',
- \$config{varfile}, 'EDIT', $filetypes);
-
-$balloon->attach($varfile_frame, -statusmsg => $help{varfile});
-
-
-# Create frame with backup dir location.
-my $backupdir_frame =
- create_fileSelectFrame($opt_tab, "Backup directory", 'WRDIR',
- \$config{backupdir}, 'NOEDIT', undef);
-
-$balloon->attach($backupdir_frame, -statusmsg => $help{backupdir});
-
-
-# Create frame with editor location.
-$filetypes = [
- ['executable files', ['.exe']],
- ['All files', '*' ]
-];
-
-my $editor_frame =
- create_fileSelectFrame($opt_tab, "Editor", 'EXECFILE',
- \$config{editor}, 'NOEDIT', $filetypes);
-
-$balloon->attach($editor_frame, -statusmsg => $help{editor});
-
-
-
-$notebook->pack(
- -expand => 'no',
- -fill => 'x',
- -padx => '5',
- -pady => '5',
- -side => 'top'
-);
-
-
-# Create the frame to the left.
-my $left_frame = $main->Frame(
- -background => "$color{label}",
- -border => '2',
-)->pack(
- -side => 'left',
- -fill => 'y',
-);
-
-
-# Create "GUI settings" label.
-$left_frame->Label(
- -text => "GUI settings:",
- -background => "$color{label}",
-)->pack(
- -side => 'top',
- -fill => 'x',
-);
-
-
-create_actionbutton($left_frame, "Load saved settings", \&load_config);
-create_actionbutton($left_frame, "Save current settings", \&save_config);
-
-
-# Create "options" label at the top of the left frame.
-$left_frame->Label(
- -text => "Options:",
- -background => "$color{label}",
-)->pack(-side => 'top',
- -fill => 'x',
-);
-
-
-# Create checkbuttons in the left frame.
-$balloon->attach(
- create_checkbutton($left_frame, "Careful mode", \$config{careful}),
- -statusmsg => $help{careful}
-);
-
-$balloon->attach(
- create_checkbutton($left_frame, "Enable all", \$config{enable_all}),
- -statusmsg => $help{enable}
-);
-
-$balloon->attach(
- create_checkbutton($left_frame, "Check for removed files", \$config{check_removed}),
- -statusmsg => $help{removed}
-);
-
-
-# Create "mode" label.
-$left_frame->Label(
- -text => "Output mode:",
- -background => "$color{label}",
-)->pack(
- -side => 'top',
- -fill => 'x',
-);
-
-# Create mode radiobuttons in the left frame.
-create_radiobutton($left_frame, "super-quiet", \$config{output_mode});
-create_radiobutton($left_frame, "quiet", \$config{output_mode});
-create_radiobutton($left_frame, "normal", \$config{output_mode});
-create_radiobutton($left_frame, "verbose", \$config{output_mode});
-
-# Create "Diff mode" label.
-$left_frame->Label(
- -text => "Diff mode:",
- -background => "$color{label}",
-)->pack(
- -side => 'top',
- -fill => 'x',
-);
-
-create_radiobutton($left_frame, "detailed", \$config{diff_mode});
-create_radiobutton($left_frame, "summarized", \$config{diff_mode});
-create_radiobutton($left_frame, "remove common", \$config{diff_mode});
-
-
-# Create "activity messages" label.
-$main->Label(
- -text => "Output messages:",
- -width => '130',
- -background => "$color{label}",
-)->pack(
- -side => 'top',
- -fill => 'x',
-);
-
-
-
-# Pack output frame.
-$out_frame->pack(
- -expand => 'yes',
- -fill => 'both',
-);
-
-
-# Pack help label below output window.
-$help_label->pack(
- -fill => 'x',
-);
-
-
-# Create "actions" label.
-$left_frame->Label(
- -text => "Actions:",
- -background => "$color{label}",
-)->pack(
- -side => 'top',
- -fill => 'x',
-);
-
-
-# Create action buttons.
-
-$balloon->attach(
- create_actionbutton($left_frame, "Update rules!", \&update_rules),
- -statusmsg => $help{update}
-);
-
-$balloon->attach(
- create_actionbutton($left_frame, "Clear output messages", \&clear_messages),
- -statusmsg => $help{clear}
-);
-
-$balloon->attach(
- create_actionbutton($left_frame, "Save output messages", \&save_messages),
- -statusmsg => $help{save}
-);
-
-$balloon->attach(
- create_actionbutton($left_frame, "Exit", \&exit),
- -statusmsg => $help{exit}
-);
-
-
-
-# Make the mousewheel scroll the output window. Taken from Mastering Perl/Tk.
-if ($^O eq 'MSWin32') {
- $out_frame->bind('<MouseWheel>' =>
- [ sub { $_[0]->yview('scroll', -($_[1] / 120) * 3, 'units')},
- Ev('D') ]
- );
-} else {
- $out_frame->bind('<4>' => sub {
- $_[0]->yview('scroll', -3, 'units') unless $Tk::strictMotif;
- });
-
- $out_frame->bind('<5>' => sub {
- $_[0]->yview('scroll', +3, 'units') unless $Tk::strictMotif;
- });
-}
-
-
-
-# Now the fun begins.
-if ($config{animate}) {
- foreach (split(//, "Welcome to $version")) {
- logmsg("$_", 'MISC');
- $out_frame->after(5);
- }
-} else {
- logmsg("Welcome to $version", 'MISC');
-}
-
-logmsg("\n\n", 'MISC');
-
-# Load gui settings into %config.
-load_config();
-
-
-# Warn if any required file/directory is not set.
-logmsg("No oinkmaster.pl set, please select one above!\n\n", 'ERROR')
- if ($config{oinkmaster} !~ /\S/);
-
-logmsg("No oinkmaster configuration file set, please select one above!\n\n", 'ERROR')
- if ($config{oinkmaster_conf} !~ /\S/);
-
-logmsg("Output directory is not set, please select one above!\n\n", 'ERROR')
- if ($config{outdir} !~ /\S/);
-
-
-MainLoop;
-
-
-
-#### END ####
-
-
-
-sub fileDialog($ $ $ $)
-{
- my $var_ref = shift;
- my $title = shift;
- my $type = shift;
- my $filetypes = shift;
- my $dirname;
-
- if ($type eq 'WRDIR') {
- if ($use_fileop) {
- $dirname = Win32::FileOp::BrowseForFolder("title", CSIDL_DRIVES);
- } else {
- my $fs = $main->FileSelect();
- $fs->configure(-verify => ['-d', '-w'], -title => $title);
- $dirname = $fs->Show;
- }
- $$var_ref = $dirname if ($dirname);
- } elsif ($type eq 'EXECFILE' || $type eq 'ROFILE' || $type eq 'WRFILE' || $type eq 'URL') {
- my $filename = $main->getOpenFile(-title => $title, -filetypes => $filetypes);
- $$var_ref = $filename if ($filename);
- } elsif ($type eq 'SAVEFILE') {
- my $filename = $main->getSaveFile(-title => $title, -filetypes => $filetypes);
- $$var_ref = $filename if ($filename);
- } else {
- logmsg("Unknown type ($type)\n", 'ERROR');
- }
-}
-
-
-
-sub update_file_label_color($ $ $)
-{
- my $label = shift;
- my $filename = shift;
- my $type = shift;
-
- $filename =~ s/^\s+//;
- $filename =~ s/\s+$//;
-
- unless ($filename) {
- $label->configure(-background => $color{file_label_not_ok});
- return (1);
- }
-
- if ($type eq "URL") {
- if ($filename =~ /^(?:http|ftp|scp):\/\/.+\.tar\.gz$/) {
- $label->configure(-background => $color{file_label_ok});
- } elsif ($filename =~ /^(?:file:\/\/)*(.+\.tar\.gz)$/) {
- my $file = $1;
- if (-f "$file" && -r "$file") {
- $label->configure(-background => $color{file_label_ok});
- } else {
- $label->configure(-background => $color{file_label_not_ok});
- }
- } else {
- $label->configure(-background => $color{file_label_not_ok});
- }
- } elsif ($type eq "ROFILE") {
- if (-f "$filename" && -r "$filename") {
- $label->configure(-background => $color{file_label_ok});
- } else {
- $label->configure(-background => $color{file_label_not_ok});
- }
- } elsif ($type eq "EXECFILE") {
- if (-f "$filename" && (-x "$filename" || $^O eq 'MSWin32')) {
- $label->configure(-background => $color{file_label_ok});
- } else {
- $label->configure(-background => $color{file_label_not_ok});
- }
- } elsif ($type eq "WRFILE") {
- if (-f "$filename" && -w "$filename") {
- $label->configure(-background => $color{file_label_ok});
- } else {
- $label->configure(-background => $color{file_label_not_ok});
- }
- } elsif ($type eq "WRDIR") {
- if (-d "$filename" && -w "$filename") {
- $label->configure(-background => $color{file_label_ok});
- } else {
- $label->configure(-background => $color{file_label_not_ok});
- }
- } else {
- print STDERR "incorrect type ($type)\n";
- exit;
- }
-
- return (1);
-}
-
-
-
-sub create_checkbutton($ $ $)
-{
- my $frame = shift;
- my $name = shift;
- my $var_ref = shift;
-
- my $button = $frame->Checkbutton(
- -text => $name,
- -background => $color{button},
- -activebackground => $color{button_active},
- -highlightbackground => $color{button_bg},
- -variable => $var_ref,
- -relief => 'raise',
- -anchor => 'w',
- )->pack(
- -fill => 'x',
- -side => 'top',
- -pady => '1',
- );
-
- return ($button);
-}
-
-
-
-sub create_actionbutton($ $ $)
-{
- my $frame = shift;
- my $name = shift;
- my $func_ref = shift;
-
- my $button = $frame->Button(
- -text => $name,
- -command => sub {
- &$func_ref;
- $out_frame->focus;
- },
- -background => $color{button},
- -activebackground => $color{button_active},
- -highlightbackground => $color{button_bg},
- )->pack(
- -fill => 'x',
- );
-
- return ($button);
-}
-
-
-
-sub create_radiobutton($ $ $)
-{
- my $frame = shift;
- my $name = shift;
- my $mode_ref = shift;
-
- my $button = $frame->Radiobutton(
- -text => $name,
- -highlightbackground => $color{button_bg},
- -background => $color{button},
- -activebackground => $color{button_active},
- -variable => $mode_ref,
- -relief => 'raised',
- -anchor => 'w',
- -value => $name,
- )->pack(
- -side => 'top',
- -pady => '1',
- -fill => 'x',
- );
-
- return ($button);
-}
-
-
-
-# Create <label><entry><browsebutton> in given frame.
-sub create_fileSelectFrame($ $ $ $ $ $)
-{
- my $win = shift;
- my $name = shift;
- my $type = shift; # FILE|DIR|URL
- my $var_ref = shift;
- my $edtype = shift; # EDIT|NOEDIT
- my $filetypes = shift;
-
- # Create frame.
- my $frame = $win->Frame(
- -bg => $color{background},
- )->pack(
- -padx => '2',
- -pady => '2',
- -fill => 'x'
- );
-
- # Create label.
- my $label = $frame->Label(
- -text => $name,
- -width => '16',
- -relief => 'raised',
- -background => "$color{file_label_not_ok}",
- )->pack(
- -side => 'left'
- );
-
- my $entry;
-
- if ($type eq 'URL') {
- $entry = $frame->BrowseEntry(
- -textvariable => $var_ref,
- -background => $color{entry_bg},
- -width => '80',
- -choices => \@urls,
- -validate => 'key',
- -validatecommand => sub { update_file_label_color($label, $_[0], $type) },
- )->pack(
- -side => 'left',
- -expand => 'yes',
- -fill => 'x'
- );
- } else {
- $entry = $frame->Entry(
- -textvariable => $var_ref,
- -background => $color{entry_bg},
- -width => '80',
- -validate => 'key',
- -validatecommand => sub { update_file_label_color($label, $_[0], $type) },
- )->pack(
- -side => 'left',
- -expand => 'yes',
- -fill => 'x'
- );
- }
-
- # Create edit-button if file is ediable.
- if ($edtype eq 'EDIT') {
- my $edit_but = $frame->Button(
- -text => "Edit",
- -background => "$color{button}",
- -command => sub {
- unless (-e "$$var_ref") {
- logmsg("Select an existing file first!\n\n", 'ERROR');
- return;
- }
-
- if ($config{editor}) {
- $main->Busy(-recurse => 1);
- logmsg("Launching " . $config{editor} .
- ", close it to continue the GUI.\n\n", 'MISC');
- sleep(2);
- system($config{editor}, $$var_ref); # MainLoop will be put on hold...
- $main->Unbusy;
- } else {
- logmsg("No editor set\n\n", 'ERROR');
- }
- }
- )->pack(
- -side => 'left',
- );
- }
-
- # Create browse-button.
- my $but = $frame->Button(
- -text => "browse ...",
- -background => $color{button},
- -command => sub {
- fileDialog($var_ref, $name, $type, $filetypes);
- }
- )->pack(
- -side => 'left',
- );
-
- return ($frame);
-}
-
-
-
-sub logmsg($ $)
-{
- my $text = shift;
- my $type = shift;
-
- return unless (defined($text));
-
- $out_frame->tag(qw(configure OUTPUT -foreground grey));
- $out_frame->tag(qw(configure ERROR -foreground red));
- $out_frame->tag(qw(configure MISC -foreground white));
- $out_frame->tag(qw(configure EXEC -foreground bisque2));
-
- $out_frame->insert('end', "$text", "$type");
- $out_frame->see('end');
- $out_frame->update;
-}
-
-
-
-
-sub execute_oinkmaster(@)
-{
- my @cmd = @_;
- my @obfuscated_cmd;
-
- # Obfuscate possible password in url.
- foreach my $line (@cmd) {
- if ($line =~ /^(\S+:\/\/.+?):.+?@(.+)/) {
- push(@obfuscated_cmd, "$1:*password*\@$2");
- } else {
- push(@obfuscated_cmd, $line);
- }
- }
-
- logmsg("@obfuscated_cmd:\n", 'EXEC');
-
- $main->Busy(-recurse => 1);
-
- if ($^O eq 'MSWin32') {
- open(OINK, "@cmd 2>&1|");
- while (<OINK>) {
- logmsg($_, 'OUTPUT');
- }
- close(OINK);
- } else {
- if (open(OINK,"-|")) {
- while (<OINK>) {
- logmsg($_, 'OUTPUT');
- }
- } else {
- open(STDERR, '>&STDOUT');
- exec(@cmd);
- }
- close(OINK);
- }
-
- $main->Unbusy;
- logmsg("done.\n\n", 'EXEC');
-}
-
-
-
-sub clear_messages()
-{
- $out_frame->delete('1.0','end');
- $out_frame->update;
-}
-
-
-
-sub save_messages()
-{
- my $text = $out_frame->get('1.0', 'end');
- my $title = 'Save output messages';
- my $filename;
-
- my $filetypes = [
- ['Log files', ['.log', '.txt']],
- ['All files', '*' ]
- ];
-
-
- if (length($text) > 1) {
- fileDialog(\$filename, $title, 'SAVEFILE', $filetypes);
- if (defined($filename)) {
-
- unless (open(LOG, ">", "$filename")) {
- logmsg("Could not open $filename for writing: $!\n\n", 'ERROR');
- return;
- }
-
- print LOG $text;
- close(LOG);
- logmsg("Successfully saved output messages to $filename\n\n", 'MISC');
- }
-
- } else {
- logmsg("Nothing to save.\n\n", 'ERROR');
- }
-}
-
-
-
-sub update_rules()
-{
- my @cmd;
-
- create_cmdline(\@cmd) || return;
- clear_messages();
- execute_oinkmaster(@cmd);
-}
-
-
-
-sub create_cmdline($)
-{
- my $cmd_ref = shift;
-
- my $oinkmaster = $config{oinkmaster};
- my $oinkmaster_conf = $config{oinkmaster_conf};
- my $outdir = $config{outdir};
- my $varfile = $config{varfile};
- my $url = $config{url};
- my $backupdir = $config{backupdir};
-
- # Assume file:// if url prefix is missing.
- if ($url) {
- $url = "file://$url" unless ($url =~ /(?:http|ftp|file|scp):\/\//);
- if ($url =~ /.+<oinkcode>.+/) {
- logmsg("You must replace <oinkcode> with your real oinkcode, see the FAQ!\n\n", 'ERROR');
- return (0);
- }
- }
-
- $oinkmaster = File::Spec->rel2abs($oinkmaster)
- if ($oinkmaster);
-
- $outdir = File::Spec->canonpath("$outdir");
- $backupdir = File::Spec->canonpath("$backupdir");
-
- # Clean leading/trailing whitespaces.
- foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir,
- \$varfile, \$url, \$backupdir) {
- $$var_ref =~ s/^\s+//;
- $$var_ref =~ s/\s+$//;
- }
-
- unless ($config{oinkmaster} && -f "$config{oinkmaster}" &&
- (-x "$config{oinkmaster}" || $^O eq 'MSWin32')) {
- logmsg("Location of oinkmaster.pl is not set correctly!\n\n", 'ERROR');
- return;
- }
-
- unless ($oinkmaster_conf && -f "$oinkmaster_conf") {
- logmsg("Location of configuration file is not set correctlyy!\n\n", 'ERROR');
- return (0);
- }
-
- unless ($outdir && -d "$outdir") {
- logmsg("Output directory is not set correctly!\n\n", 'ERROR');
- return (0);
- }
-
- # Add leading/trailing "" if win32.
- foreach my $var_ref (\$oinkmaster, \$oinkmaster_conf, \$outdir,
- \$varfile, \$url, \$backupdir) {
- if ($^O eq 'MSWin32' && $$var_ref) {
- $$var_ref = "\"$$var_ref\"";
- }
- }
-
- push(@$cmd_ref,
- "$config{perl}", "$oinkmaster",
- "-C", "$oinkmaster_conf",
- "-o", "$outdir");
-
- push(@$cmd_ref, "-c") if ($config{careful});
- push(@$cmd_ref, "-e") if ($config{enable_all});
- push(@$cmd_ref, "-r") if ($config{check_removed});
- push(@$cmd_ref, "-q") if ($config{output_mode} eq "quiet");
- push(@$cmd_ref, "-Q") if ($config{output_mode} eq "super-quiet");
- push(@$cmd_ref, "-v") if ($config{output_mode} eq "verbose");
- push(@$cmd_ref, "-m") if ($config{diff_mode} eq "remove common");
- push(@$cmd_ref, "-s") if ($config{diff_mode} eq "summarized");
- push(@$cmd_ref, "-U", "$varfile") if ($varfile);
- push(@$cmd_ref, "-b", "$backupdir") if ($backupdir);
-
- push(@$cmd_ref, "-u", "$url")
- if ($url);
-
- return (1);
-}
-
-
-
-# Load $config file into %config hash.
-sub load_config()
-{
- unless (defined($gui_config_file) && $gui_config_file) {
- logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR');
- return;
- }
-
- unless (-e "$gui_config_file") {
- logmsg("$gui_config_file does not exist, keeping current/default settings\n\n", 'MISC');
- return;
- }
-
- unless (open(RC, "<", "$gui_config_file")) {
- logmsg("Could not open $gui_config_file for reading: $!\n\n", 'ERROR');
- return;
- }
-
- while (<RC>) {
- next unless (/^(\S+)=(.*)/);
- $config{$1} = $2;
- }
-
- close(RC);
- logmsg("Successfully loaded GUI settings from $gui_config_file\n\n", 'MISC');
-}
-
-
-
-# Save %config into file $config.
-sub save_config()
-{
- unless (defined($gui_config_file) && $gui_config_file) {
- logmsg("Unable to determine config file location, is your \$HOME set?\n\n", 'ERROR');
- return;
- }
-
- unless (open(RC, ">", "$gui_config_file")) {
- logmsg("Could not open $gui_config_file for writing: $!\n\n", 'ERROR');
- return;
- }
-
- print RC "# Automatically created by Oinkgui. ".
- "Do not edit directly unless you have to.\n";
-
- foreach my $option (sort(keys(%config))) {
- print RC "$option=$config{$option}\n";
- }
-
- close(RC);
- logmsg("Successfully saved current GUI settings to $gui_config_file\n\n", 'MISC');
-}
diff --git a/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl b/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl
deleted file mode 100644
index f9c4d215..00000000
--- a/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl
+++ /dev/null
@@ -1,2754 +0,0 @@
-#!/usr/bin/perl -w
-
-# $Id: oinkmaster.pl,v 1.406 2006/02/10 13:02:44 andreas_o Exp $ #
-
-# Copyright (c) 2001-2006 Andreas Östling <andreaso@it.su.se>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or
-# without modification, are permitted provided that the following
-# conditions are met:
-#
-# 1. Redistributions of source code must retain the above
-# copyright notice, this list of conditions and the following
-# disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials
-# provided with the distribution.
-#
-# 3. Neither the name of the author nor the names of its
-# contributors may be used to endorse or promote products
-# derived from this software without specific prior written
-# permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-use 5.006001;
-
-use strict;
-use File::Basename;
-use File::Copy;
-use File::Path;
-use File::Spec;
-use Getopt::Long;
-use File::Temp qw(tempdir);
-
-sub show_usage();
-sub parse_cmdline($);
-sub read_config($ $);
-sub sanity_check();
-sub download_file($ $);
-sub unpack_rules_archive($ $ $);
-sub join_tmp_rules_dirs($ $ @);
-sub process_rules($ $ $ $ $ $);
-sub process_rule($ $ $ $ $ $ $ $);
-sub setup_rules_hash($ $);
-sub get_first_only($ $ $);
-sub print_changes($ $);
-sub print_changetype($ $ $ $);
-sub print_summary_change($ $);
-sub make_backup($ $);
-sub get_changes($ $ $);
-sub update_rules($ @);
-sub copy_rules($ $);
-sub is_in_path($);
-sub get_next_entry($ $ $ $ $ $);
-sub get_new_vars($ $ $ $);
-sub add_new_vars($ $);
-sub write_new_vars($ $);
-sub msdos_to_cygwin_path($);
-sub parse_mod_expr($ $ $ $);
-sub untaint_path($);
-sub approve_changes();
-sub parse_singleline_rule($ $ $);
-sub join_multilines($);
-sub minimize_diff($ $);
-sub catch_sigint();
-sub clean_exit($);
-
-
-my $VERSION = 'Oinkmaster v2.0, Copyright (C) 2001-2006 '.
- 'Andreas Östling <andreaso@it.su.se>';
-my $OUTFILE = 'snortrules.tar.gz';
-my $RULES_DIR = 'rules';
-
-my $PRINT_NEW = 1;
-my $PRINT_OLD = 2;
-my $PRINT_BOTH = 3;
-
-my %config = (
- careful => 0,
- check_removed => 0,
- config_test_mode => 0,
- enable_all => 0,
- interactive => 0,
- make_backup => 0,
- minimize_diff => 0,
- min_files => 1,
- min_rules => 1,
- quiet => 0,
- summary_output => 0,
- super_quiet => 0,
- update_vars => 0,
- use_external_bins => 1,
- verbose => 0,
- use_path_checks => 1,
- rule_actions => "alert|drop|log|pass|reject|sdrop|activate|dynamic",
- tmp_basedir => $ENV{TMP} || $ENV{TMPDIR} || $ENV{TEMPDIR} || '/tmp',
-);
-
-
-# Regexp to match the start of a multi-line rule.
-# %ACTIONS% will be replaced with content of $config{actions} later.
-# sid and msg will then be looked for in parse_singleline_rule().
-my $MULTILINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.*\\\\\s*\n$'; # ';
-
-# Regexp to match a single-line rule.
-# sid and msg will then be looked for in parse_singleline_rule().
-my $SINGLELINE_RULE_REGEXP = '^\s*#*\s*(?:%ACTIONS%)'.
- '\s.+;\s*\)\s*$'; # ';
-
-# Match var line where var name goes into $1.
-my $VAR_REGEXP = '^\s*var\s+(\S+)\s+(\S+)';
-
-# Allowed characters in misc paths/filenames, including the ones in the tarball.
-my $OK_PATH_CHARS = 'a-zA-Z\d\ _\(\)\[\]\.\-+:\\\/~@,=';
-
-# Default locations for configuration file.
-my @DEFAULT_CONFIG_FILES = qw(
- /etc/oinkmaster.conf
- /usr/local/etc/oinkmaster.conf
-);
-
-my @DEFAULT_DIST_VAR_FILES = qw(
- snort.conf
-);
-
-my (%loaded, $tmpdir);
-
-
-
-#### MAIN ####
-
-# No buffering.
-select(STDERR);
-$| = 1;
-select(STDOUT);
-$| = 1;
-
-
-my $start_date = scalar(localtime);
-
-# Assume the required Perl modules are available if we're on Windows.
-$config{use_external_bins} = 0 if ($^O eq "MSWin32");
-
-# Parse command line arguments and add at least %config{output_dir}.
-parse_cmdline(\%config);
-
-# If no config was specified on command line, look for one in default locations.
-if ($#{$config{config_files}} == -1) {
- foreach my $config (@DEFAULT_CONFIG_FILES) {
- if (-e "$config") {
- push(@{${config{config_files}}}, $config);
- last;
- }
- }
-}
-
-# If no dist var file was specified on command line, set to default file(s).
-if ($#{$config{dist_var_files}} == -1) {
- foreach my $var_file (@DEFAULT_DIST_VAR_FILES) {
- push(@{${config{dist_var_files}}}, $var_file);
- }
-}
-
-# If config is still not defined, we can't continue.
-if ($#{$config{config_files}} == -1) {
- clean_exit("configuration file not found in default locations\n".
- "(@DEFAULT_CONFIG_FILES)\n".
- "Put it there or use the \"-C <file>\" argument.");
-}
-
-read_config($_, \%config) for @{$config{config_files}};
-
-# Now substitute "%ACTIONS%" with $config{rule_actions}, which may have
-# been modified after reading the config file.
-$SINGLELINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-$MULTILINE_RULE_REGEXP =~ s/%ACTIONS%/$config{rule_actions}/;
-
-# If we're told not to use external binaries, load the Perl modules now.
-unless ($config{use_external_bins}) {
- print STDERR "Loading Perl modules.\n" if ($config{verbose});
-
- eval {
- require IO::Zlib;
- require Archive::Tar;
- require LWP::UserAgent;
- };
-
- clean_exit("failed to load required Perl modules:\n\n$@\n".
- "Install them or set use_external_bins to 1 ".
- "if you want to use external binaries instead.")
- if ($@);
-}
-
-
-# Do some basic sanity checking and exit if something fails.
-# A new PATH will be set.
-sanity_check();
-
-$SIG{INT} = \&catch_sigint;
-
-# Create temporary dir.
-$tmpdir = tempdir("oinkmaster.XXXXXXXXXX", DIR => File::Spec->rel2abs($config{tmp_basedir}))
- or clean_exit("could not create temporary directory in $config{tmp_basedir}: $!");
-
-# If we're in config test mode and have come this far, we're done.
-if ($config{config_test_mode}) {
- print "No fatal errors in configuration.\n";
- clean_exit("");
-}
-
-umask($config{umask}) if exists($config{umask});
-
-# Download and unpack all the rules archives into separate tmp dirs.
-my @url_tmpdirs;
-foreach my $url (@{$config{url}}) {
- my $url_tmpdir = tempdir("url.XXXXXXXXXX", DIR => $tmpdir)
- or clean_exit("could not create temporary directory in $tmpdir: $!");
- push(@url_tmpdirs, "$url_tmpdir/$RULES_DIR");
- if ($url =~ /^dir:\/\/(.+)/) {
- mkdir("$url_tmpdir/$RULES_DIR")
- or clean_exit("Could not create $url_tmpdir/$RULES_DIR");
- copy_rules($1, "$url_tmpdir/$RULES_DIR");
- } else {
- download_file($url, "$url_tmpdir/$OUTFILE");
- unpack_rules_archive("$url", "$url_tmpdir/$OUTFILE", $RULES_DIR);
- }
-}
-
-# Copy all rules files from the tmp dirs into $RULES_DIR in the tmp directory.
-# File matching 'skipfile' a directive will not be copied.
-# Filenames (with full path) will be stored as %new_files{filename}.
-# Will exit in case of duplicate filenames.
-my $num_files = join_tmp_rules_dirs("$tmpdir/$RULES_DIR", \my %new_files, @url_tmpdirs);
-
-# Make sure we have at least the minimum number of files.
-clean_exit("not enough rules files in downloaded rules archive(s).\n".
- "Number of rules files is $num_files but minimum is set to $config{min_files}.")
- if ($num_files < $config{min_files});
-
-# This is to read in possible 'localsid' rules.
-my %rh_tmp = setup_rules_hash(\%new_files, $config{output_dir});
-
-# Disable/modify/clean downloaded rules.
-my $num_rules = process_rules(\@{$config{sid_modify_list}},
- \%{$config{sid_disable_list}},
- \%{$config{sid_enable_list}},
- \%{$config{sid_local_list}},
- \%rh_tmp,
- \%new_files);
-
-# Make sure we have at least the minimum number of rules.
-clean_exit("not enough rules in downloaded archive(s).\n".
- "Number of rules is $num_rules but minimum is set to $config{min_rules}.")
- if ($num_rules < $config{min_rules});
-
-# Setup a hash containing the content of all processed rules files.
-my %rh = setup_rules_hash(\%new_files, $config{output_dir});
-
-# Compare the new rules to the old ones.
-my %changes = get_changes(\%rh, \%new_files, $RULES_DIR);
-
-# Check for variables that exist in dist snort.conf(s) but not in local snort.conf.
-get_new_vars(\%changes, \@{$config{dist_var_files}}, $config{varfile}, \@url_tmpdirs)
- if ($config{update_vars});
-
-
-# Find out if something had changed.
-my $something_changed = 0;
-
-$something_changed = 1
- if (keys(%{$changes{modified_files}}) ||
- keys(%{$changes{added_files}}) ||
- keys(%{$changes{removed_files}}) ||
- $#{$changes{new_vars}} > -1);
-
-
-# Update files listed in %changes{modified_files} (copy the new files
-# from the temporary directory into our output directory) and add new
-# variables to the local snort.conf if requested, unless we're running in
-# careful mode. Create backup first if running with -b.
-my $printed = 0;
-if ($something_changed) {
- if ($config{careful}) {
- print STDERR "Skipping backup since we are running in careful mode.\n"
- if ($config{make_backup} && (!$config{quiet}));
- } else {
- if ($config{interactive}) {
- print_changes(\%changes, \%rh);
- $printed = 1;
- }
-
- if (!$config{interactive} || ($config{interactive} && approve_changes)) {
- make_backup($config{output_dir}, $config{backup_dir})
- if ($config{make_backup});
-
- add_new_vars(\%changes, $config{varfile})
- if ($config{update_vars});
-
- update_rules($config{output_dir}, keys(%{$changes{modified_files}}));
- }
- }
-} else {
- print STDERR "No files modified - no need to backup old files, skipping.\n"
- if ($config{make_backup} && !$config{quiet});
-}
-
-print "\nOinkmaster is running in careful mode - not updating anything.\n"
- if ($something_changed && $config{careful});
-
-print_changes(\%changes, \%rh)
- if (!$printed && ($something_changed || !$config{quiet}));
-
-
-# Everything worked. Do a clean exit without any error message.
-clean_exit("");
-
-
-# END OF MAIN #
-
-
-
-# Show usage information and exit.
-sub show_usage()
-{
- my $progname = basename($0);
-
- print STDERR << "RTFM";
-
-$VERSION
-
-Usage: $progname -o <outdir> [options]
-
-<outdir> is where to put the new files.
-This should be the directory where you store your Snort rules.
-
-Options:
--b <dir> Backup your old rules into <dir> before overwriting them
--c Careful mode (dry run) - check for changes but do not update anything
--C <file> Use this configuration file instead of the default
- May be specified multiple times to load multiple files
--e Enable all rules that are disabled by default
--h Show this usage information
--i Interactive mode - you will be asked to approve the changes (if any)
--m Minimize diff when printing result by removing common parts in rules
--q Quiet mode - no output unless changes were found
--Q Super-quiet mode - like -q but even more quiet
--r Check for rules files that exist in the output directory
- but not in the downloaded rules archive
--s Leave out details in rules results, just print SID, msg and filename
--S <file> Look for new variables in this file in the downloaded archive instead
- of the default (@DEFAULT_DIST_VAR_FILES). Used in conjunction with -U.
- May be specified multiple times to search multiple files.
--T Config test - just check configuration file(s) for errors/warnings
--u <url> Download from this URL instead of URL(s) in the configuration file
- (http|https|ftp|file|scp:// ... .tar.gz|.gz, or dir://<dir>)
- May be specified multiple times to grab multiple rules archives
--U <file> Merge new variables from downloaded snort.conf(s) into <file>
--v Verbose mode (debug)
--V Show version and exit
-
-RTFM
- exit;
-}
-
-
-
-# Parse the command line arguments and exit if we don't like them.
-sub parse_cmdline($)
-{
- my $cfg_ref = shift;
-
- Getopt::Long::Configure("bundling");
-
- my $cmdline_ok = GetOptions(
- "b=s" => \$$cfg_ref{backup_dir},
- "c" => \$$cfg_ref{careful},
- "C=s" => \@{$$cfg_ref{config_files}},
- "e" => \$$cfg_ref{enable_all},
- "h" => \&show_usage,
- "i" => \$$cfg_ref{interactive},
- "m" => \$$cfg_ref{minimize_diff},
- "o=s" => \$$cfg_ref{output_dir},
- "q" => \$$cfg_ref{quiet},
- "Q" => \$$cfg_ref{super_quiet},
- "r" => \$$cfg_ref{check_removed},
- "s" => \$$cfg_ref{summary_output},
- "S=s" => \@{$$cfg_ref{dist_var_files}},
- "T" => \$$cfg_ref{config_test_mode},
- "u=s" => \@{$$cfg_ref{url}},
- "U=s" => \$$cfg_ref{varfile},
- "v" => \$$cfg_ref{verbose},
- "V" => sub {
- print "$VERSION\n";
- exit(0);
- }
- );
-
-
- show_usage unless ($cmdline_ok && $#ARGV == -1);
-
- $$cfg_ref{quiet} = 1 if ($$cfg_ref{super_quiet});
- $$cfg_ref{update_vars} = 1 if ($$cfg_ref{varfile});
-
- if ($$cfg_ref{backup_dir}) {
- $$cfg_ref{backup_dir} = File::Spec->canonpath($$cfg_ref{backup_dir});
- $$cfg_ref{make_backup} = 1;
- }
-
- # Cannot specify dist var files without specifying var target file.
- if (@{$$cfg_ref{dist_var_files}} && !$$cfg_ref{update_vars}) {
- clean_exit("You can not specify distribution variable file(s) without ".
- "also specifying local file to merge into");
- }
-
- # -o <dir> is the only required option in normal usage.
- if ($$cfg_ref{output_dir}) {
- $$cfg_ref{output_dir} = File::Spec->canonpath($$cfg_ref{output_dir});
- } else {
- warn("Error: no output directory specified.\n");
- show_usage();
- }
-
- # Mark that url was set on command line (so we don't override it later).
- $$cfg_ref{cmdline_url} = 1 if ($#{$config{url}} > -1);
-}
-
-
-
-# Read in stuff from the configuration file.
-sub read_config($ $)
-{
- my $config_file = shift;
- my $cfg_ref = shift;
- my $linenum = 0;
- my $multi;
- my %templates;
-
- $config_file = File::Spec->canonpath(File::Spec->rel2abs($config_file));
-
- clean_exit("configuration file \"$config_file\" does not exist.\n")
- unless (-e "$config_file");
-
- clean_exit("\"$config_file\" is not a file.\n")
- unless (-f "$config_file");
-
- print STDERR "Loading $config_file\n"
- unless ($config{quiet});
-
- # Avoid loading the same file multiple times to avoid infinite recursion etc.
- if ($^O eq "MSWin32") {
- clean_exit("attempt to load \"$config_file\" twice.")
- if ($loaded{$config_file}++);
- } else {
- my ($dev, $ino) = (stat($config_file))[0,1]
- or clean_exit("unable to stat $config_file: $!");
- clean_exit("attempt to load \"$config_file\" twice.")
- if ($loaded{$dev, $ino}++);
- }
-
- open(CONF, "<", "$config_file")
- or clean_exit("could not open configuration file \"$config_file\": $!");
- my @conf = <CONF>;
- close(CONF);
-
- LINE:while ($_ = shift(@conf)) {
- $linenum++;
-
- unless ($multi) {
- s/^\s*//;
- s/^#.*//;
- }
-
- # Multi-line start/continuation.
- if (/\\\s*\n$/) {
- s/\\\s*\n$//;
- s/^\s*#.*//;
-
- # Be strict about removing #comments in modifysid/define_template statements, as
- # they may contain other '#' chars.
- if (defined($multi) && ($multi =~ /^modifysid/i || $multi =~ /^define_template/i)) {
- s/#.*// if (/^\s*\d+[,\s\d]+#/);
- } else {
- s/\s*\#.*// unless (/^modifysid/i || /^define_template/i);
- }
-
- $multi .= $_;
- next LINE;
- }
-
- # Last line of multi-line directive.
- if (defined($multi)) {
- $multi .= $_;
- $_ = $multi;
- undef($multi);
- }
-
- # Remove traling whitespaces (*after* a possible multi-line is rebuilt).
- s/\s*$//;
-
- # Remove comments unless it's a modifysid/define_template line
- # (the "#" may be part of the modifysid expression).
- s/\s*\#.*// unless (/^modifysid/i || /^define_template/i);
-
- # Skip blank lines.
- next unless (/\S/);
-
- # Use a template and make $_ a "modifysid" line.
- if (/^use_template\s+(\S+)\s+(\S+[^"]*)\s*(".*")*(?:#.*)*/i) {
- my ($template_name, $sid, $args) = ($1, $2, $3);
-
- if (exists($templates{$template_name})) {
- my $template = $templates{$template_name}; # so we don't substitute %ARGx% globally
-
- # Evaluate each "%ARGx%" in the template to the corresponding value.
- if (defined($args)) {
- my @args = split(/"\s+"/, $args);
- foreach my $i (1 .. @args) {
- $args[$i - 1] =~ s/^"//;
- $args[$i - 1] =~ s/"$//;
- $template =~ s/%ARG$i%/$args[$i - 1]/g;
- }
- }
-
- # There should be no %ARGx% stuff left now.
- if ($template =~ /%ARG\d%/) {
- warn("WARNING: too few arguments for template \"$template_name\"\n");
- $_ = "error"; # so it will be reported as an invalid line later
- }
-
- unless ($_ eq "error") {
- $_ = "modifysid $sid $template\n";
- print STDERR "Template \"$template_name\" expanded to: $_"
- if ($config{verbose});
- }
-
- } else {
- warn("WARNING: template \"$template_name\" has not been defined\n");
- }
- }
-
- # new template definition.
- if (/^define_template\s+(\S+)\s+(".+"\s+\|\s+".*")\s*(?:#.*)*$/i) {
- my ($template_name, $template) = ($1, $2);
-
- if (exists($templates{$template_name})) {
- warn("WARNING: line $linenum in $config_file: ".
- "template \"$template_name\" already defined, keeping old\n");
- } else {
- $templates{$template_name} = $template;
- }
-
- # modifysid <SIDORFILE[,SIDORFILE, ...]> "substthis" | "withthis"
- } elsif (/^modifysids*\s+(\S+.*)\s+"(.+)"\s+\|\s+"(.*)"\s*(?:#.*)*$/i) {
- my ($sid_list, $subst, $repl) = ($1, $2, $3);
- warn("WARNING: line $linenum in $config_file is invalid, ignoring\n")
- unless(parse_mod_expr(\@{$$cfg_ref{sid_modify_list}},
- $sid_list, $subst, $repl));
-
- # disablesid <SID[,SID, ...]>
- } elsif (/^disablesids*\s+(\d.*)/i) {
- my $sid_list = $1;
- foreach my $sid (split(/\s*,\s*/, $sid_list)) {
- if ($sid =~ /^\d+$/) {
- $$cfg_ref{sid_disable_list}{$sid}++;
- } else {
- warn("WARNING: line $linenum in $config_file: ".
- "\"$sid\" is not a valid SID, ignoring\n");
- }
- }
-
- # localsid <SID[,SID, ...]>
- } elsif (/^localsids*\s+(\d.*)/i) {
- my $sid_list = $1;
- foreach my $sid (split(/\s*,\s*/, $sid_list)) {
- if ($sid =~ /^\d+$/) {
- $$cfg_ref{sid_local_list}{$sid}++;
- } else {
- warn("WARNING: line $linenum in $config_file: ".
- "\"$sid\" is not a valid SID, ignoring\n");
- }
- }
-
- # enablesid <SID[,SID, ...]>
- } elsif (/^enablesids*\s+(\d.*)/i) {
- my $sid_list = $1;
- foreach my $sid (split(/\s*,\s*/, $sid_list)) {
- if ($sid =~ /^\d+$/) {
- $$cfg_ref{sid_enable_list}{$sid}++;
- } else {
- warn("WARNING: line $linenum in $config_file: ".
- "\"$sid\" is not a valid SID, ignoring\n");
- }
- }
-
- # skipfile <file[,file, ...]>
- } elsif (/^skipfiles*\s+(.*)/i) {
- my $args = $1;
- foreach my $file (split(/\s*,\s*/, $args)) {
- if ($file =~ /^\S+$/) {
- $config{verbose} && print STDERR "Adding file to ignore list: $file.\n";
- $$cfg_ref{file_ignore_list}{$file}++;
- } else {
- warn("WARNING: line $linenum in $config_file is invalid, ignoring\n");
- }
- }
-
- } elsif (/^url\s*=\s*(.*)/i) {
- push(@{$$cfg_ref{url}}, $1)
- unless ($$cfg_ref{cmdline_url});
-
- } elsif (/^path\s*=\s*(.+)/i) {
- $$cfg_ref{path} = $1;
-
- } elsif (/^update_files\s*=\s*(.+)/i) {
- $$cfg_ref{update_files} = $1;
-
- } elsif (/^rule_actions\s*=\s*(.+)/i) {
- $$cfg_ref{rule_actions} = $1;
-
- } elsif (/^umask\s*=\s*([0-7]{4})$/i) {
- $$cfg_ref{umask} = oct($1);
-
- } elsif (/^min_files\s*=\s*(\d+)/i) {
- $$cfg_ref{min_files} = $1;
-
- } elsif (/^min_rules\s*=\s*(\d+)/i) {
- $$cfg_ref{min_rules} = $1;
-
- } elsif (/^tmpdir\s*=\s*(.+)/i) {
- $$cfg_ref{tmp_basedir} = $1;
-
- } elsif (/^use_external_bins\s*=\s*([01])/i) {
- $$cfg_ref{use_external_bins} = $1;
-
- } elsif (/^scp_key\s*=\s*(.+)/i) {
- $$cfg_ref{scp_key} = $1;
-
- } elsif (/^use_path_checks\s*=\s*([01])/i) {
- $$cfg_ref{use_path_checks} = $1;
-
- } elsif (/^user_agent\s*=\s*(.+)/i) {
- $$cfg_ref{user_agent} = $1;
-
- } elsif (/^include\s+(\S+.*)/i) {
- my $include = $1;
- read_config($include, $cfg_ref);
- } else {
- warn("WARNING: line $linenum in $config_file is invalid, ignoring\n");
- }
- }
-}
-
-
-
-# Make a few basic tests to make sure things look ok.
-# Will also set a new PATH as defined in the config file.
-sub sanity_check()
-{
- my @req_params = qw(path update_files); # required parameters in conf
- my @req_binaries = qw(gzip tar); # required binaries (unless we use modules)
-
- # Can't use both quiet mode and verbose mode.
- clean_exit("quiet mode and verbose mode at the same time doesn't make sense.")
- if ($config{quiet} && $config{verbose});
-
- # Can't use multiple output modes.
- clean_exit("can't use multiple output modes at the same time.")
- if ($config{minimize_diff} && $config{summary_output});
-
- # Make sure all required variables are defined in the config file.
- foreach my $param (@req_params) {
- clean_exit("the required parameter \"$param\" is not defined in the configuration file.")
- unless (exists($config{$param}));
- }
-
- # We now know a path was defined in the config, so set it.
- # If we're under cygwin and path was specified as msdos style, convert
- # it to cygwin style to avoid problems.
- if ($^O eq "cygwin" && $config{path} =~ /^[a-zA-Z]:[\/\\]/) {
- $ENV{PATH} = "";
- foreach my $path (split(/;/, $config{path})) {
- $ENV{PATH} .= "$path:" if (msdos_to_cygwin_path(\$path));
- }
- chop($ENV{PATH});
- } else {
- $ENV{PATH} = $config{path};
- }
-
- # Reset environment variables that may cause trouble.
- delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
-
- # Make sure $config{update_files} is a valid regexp.
- eval {
- "foo" =~ /$config{update_files}/;
- };
-
- clean_exit("update_files (\"$config{update_files}\") is not a valid regexp: $@")
- if ($@);
-
- # Make sure $config{rule_actions} is a valid regexp.
- eval {
- "foo" =~ /$config{rule_actions}/;
- };
-
- clean_exit("rule_actions (\"$config{rule_actions}\") is not a valid regexp: $@")
- if ($@);
-
- # If a variable file (probably local snort.conf) has been specified,
- # it must exist. It must also be writable unless we're in careful mode.
- if ($config{update_vars}) {
- $config{varfile} = untaint_path($config{varfile});
-
- clean_exit("variable file \"$config{varfile}\" does not exist.")
- unless (-e "$config{varfile}");
-
- clean_exit("variable file \"$config{varfile}\" is not a file.")
- unless (-f "$config{varfile}");
-
- clean_exit("variable file \"$config{varfile}\" is not writable by you.")
- if (!$config{careful} && !-w "$config{varfile}");
-
- # Make sure dist var files don't contain [back]slashes
- # (probably means user confused it with local var file).
- my %dist_var_files;
- foreach my $dist_var_file (@{${config{dist_var_files}}}) {
- clean_exit("variable file \"$dist_var_file\" specified multiple times")
- if (exists($dist_var_files{$dist_var_file}));
- $dist_var_files{$dist_var_file} = 1;
- clean_exit("variable file \"$dist_var_file\" contains slashes or backslashes ".
- "but it must be specified as a filename (without path) ".
- "that exists in the downloaded rules, e.g. \"snort.conf\"")
- if ($dist_var_file =~ /\// || $dist_var_file =~ /\\/);
- }
- }
-
- # Make sure all required binaries can be found, unless
- # we're used to use Perl modules instead.
- # Wget is only required if url is http[s] or ftp.
- if ($config{use_external_bins}) {
- foreach my $binary (@req_binaries) {
- clean_exit("$binary not found in PATH ($ENV{PATH}).")
- unless (is_in_path($binary));
- }
- }
-
- # Make sure $url is defined (either by -u <url> or url=... in the conf).
- clean_exit("URL not specified. Specify at least one \"url=<url>\" in the \n".
- "Oinkmaster configuration file or use the \"-u <url>\" argument")
- if ($#{$config{url}} == -1);
-
- # Make sure all urls look ok, and untaint them.
- my @urls = @{$config{url}};
- $#{$config{url}} = -1;
- foreach my $url (@urls) {
- clean_exit("incorrect URL: \"$url\"")
- unless ($url =~ /^((?:https*|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/
- || $url =~ /^(dir:\/\/.+)/);
- my $ok_url = $1;
-
- if ($ok_url =~ /^dir:\/\/(.+)/) {
- my $dir = untaint_path($1);
- clean_exit("\"$dir\" does not exist or is not a directory")
- unless (-d $dir);
-
- # Simple check if the output dir is specified as url (probably a mistake).
- if (File::Spec->canonpath(File::Spec->rel2abs($dir))
- eq File::Spec->canonpath(File::Spec->rel2abs($config{output_dir}))) {
- clean_exit("Download directory can not be same as output directory");
- }
- }
- push(@{$config{url}}, $ok_url);
- }
-
- # Wget must be found if url is http[s]:// or ftp://.
- if ($config{use_external_bins}) {
- clean_exit("wget not found in PATH ($ENV{PATH}).")
- if ($config{'url'} =~ /^(https*|ftp):/ && !is_in_path("wget"));
- }
-
- # scp must be found if scp://...
- clean_exit("scp not found in PATH ($ENV{PATH}).")
- if ($config{'url'} =~ /^scp:/ && !is_in_path("scp"));
-
- # ssh key must exist if specified and url is scp://...
- clean_exit("ssh key \"$config{scp_key}\" does not exist.")
- if ($config{'url'} =~ /^scp:/ && exists($config{scp_key})
- && !-e $config{scp_key});
-
- # Untaint output directory string.
- $config{output_dir} = untaint_path($config{output_dir});
-
- # Make sure the output directory exists and is readable.
- clean_exit("the output directory \"$config{output_dir}\" doesn't exist ".
- "or isn't readable by you.")
- if (!-d "$config{output_dir}" || !-x "$config{output_dir}");
-
- # Make sure the output directory is writable unless running in careful mode.
- clean_exit("the output directory \"$config{output_dir}\" isn't writable by you.")
- if (!$config{careful} && !-w "$config{output_dir}");
-
- # Make sure we have read permission on all rules files in the output dir,
- # and also write permission unless we're in careful mode.
- # This is to avoid bailing out in the middle of an execution if a copy
- # fails because of permission problem.
- opendir(OUTDIR, "$config{output_dir}")
- or clean_exit("could not open directory $config{output_dir}: $!");
-
- while ($_ = readdir(OUTDIR)) {
- next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}));
-
- if (/$config{update_files}/) {
- unless (-r "$config{output_dir}/$_") {
- closedir(OUTDIR);
- clean_exit("no read permission on \"$config{output_dir}/$_\"\n".
- "Read permission is required on all rules files ".
- "inside the output directory.\n")
- }
-
- if (!$config{careful} && !-w "$config{output_dir}/$_") {
- closedir(OUTDIR);
- clean_exit("no write permission on \"$config{output_dir}/$_\"\n".
- "Write permission is required on all rules files ".
- "inside the output directory.\n")
- }
- }
- }
-
- closedir(OUTDIR);
-
- # Make sure the backup directory exists and is writable if running with -b.
- if ($config{make_backup}) {
- $config{backup_dir} = untaint_path($config{backup_dir});
- clean_exit("the backup directory \"$config{backup_dir}\" doesn't exist or ".
- "isn't writable by you.")
- if (!-d "$config{backup_dir}" || !-w "$config{backup_dir}");
- }
-
- # Convert tmp_basedir to cygwin style if running cygwin and msdos style was specified.
- if ($^O eq "cygwin" && $config{tmp_basedir} =~ /^[a-zA-Z]:[\/\\]/) {
- msdos_to_cygwin_path(\$config{tmp_basedir})
- or clean_exit("could not convert temporary dir to cygwin style");
- }
-
- # Make sure temporary directory exists.
- clean_exit("the temporary directory \"$config{tmp_basedir}\" does not ".
- "exist or isn't writable by you.")
- if (!-d "$config{tmp_basedir}" || !-w "$config{tmp_basedir}");
-
- # Also untaint it.
- $config{tmp_basedir} = untaint_path($config{tmp_basedir});
-
- # Make sure stdin and stdout are ttys if we're running in interactive mode.
- clean_exit("you can not run in interactive mode when STDIN/STDOUT is not a TTY.")
- if ($config{interactive} && !(-t STDIN && -t STDOUT));
-}
-
-
-
-# Download the rules archive.
-sub download_file($ $)
-{
- my $url = shift;
- my $localfile = shift;
- my $log = "$tmpdir/wget.log";
- my $ret;
-
- # If there seems to be a password in the url, replace it with "*password*"
- # and use new string when printing the url to screen.
- my $obfuscated_url = $url;
- $obfuscated_url = "$1:*password*\@$2"
- if ($obfuscated_url =~ /^(\S+:\/\/.+?):.+?@(.+)/);
-
- # Ofbuscate oinkcode as well.
- $obfuscated_url = "$1*oinkcode*$2"
- if ($obfuscated_url =~ /^(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i);
-
- my @user_agent_opt;
- @user_agent_opt = ("-U", $config{user_agent}) if (exists($config{user_agent}));
-
- # Use wget if URL starts with "http[s]" or "ftp" and we use external binaries.
- if ($config{use_external_bins} && $url =~ /^(?:https*|ftp)/) {
- print STDERR "Downloading file from $obfuscated_url... "
- unless ($config{quiet});
-
- if ($config{verbose}) {
- print STDERR "\n";
- my @wget_cmd = ("wget", "-v", "-O", $localfile, $url, @user_agent_opt);
- clean_exit("could not download from $obfuscated_url")
- if (system(@wget_cmd));
-
- } else {
- my @wget_cmd = ("wget", "-v", "-o", $log, "-O", $localfile, $url, @user_agent_opt);
- if (system(@wget_cmd)) {
- my $log_output;
- open(LOG, "<", "$log")
- or clean_exit("could not open $log for reading: $!");
- # Sanitize oinkcode in wget's log (password is automatically sanitized).
- while (<LOG>) {
- $_ = "$1*oinkcode*$2"
- if (/(\S+:\/\/.+\.cgi\/)[0-9a-z]{32,64}(\/.+)/i);
- $log_output .= $_;
- }
- close(LOG);
- clean_exit("could not download from $obfuscated_url. ".
- "Output from wget follows:\n\n $log_output");
- }
- print STDERR "done.\n" unless ($config{quiet});
- }
-
- # Use LWP if URL starts with "http[s]" or "ftp" and use_external_bins=0.
- } elsif (!$config{use_external_bins} && $url =~ /^(?:https*|ftp)/) {
- print STDERR "Downloading file from $obfuscated_url... "
- unless ($config{quiet});
-
- my %lwp_opt;
- $lwp_opt{agent} = $config{user_agent} if (exists($config{user_agent}));
-
- my $ua = LWP::UserAgent->new(%lwp_opt);
- $ua->env_proxy;
- my $request = HTTP::Request->new(GET => $url);
- my $response = $ua->request($request, $localfile);
-
- clean_exit("could not download from $obfuscated_url: " . $response->status_line)
- unless $response->is_success;
-
- print "done.\n" unless ($config{quiet});
-
- # Grab file from local filesystem if file://...
- } elsif ($url =~ /^file/) {
- $url =~ s/^file:\/\///;
-
- clean_exit("the file $url does not exist.")
- unless (-e "$url");
-
- clean_exit("the file $url is empty.")
- unless (-s "$url");
-
- print STDERR "Copying file from $url... "
- unless ($config{quiet});
-
- copy("$url", "$localfile")
- or clean_exit("unable to copy $url to $localfile: $!");
-
- print STDERR "done.\n"
- unless ($config{quiet});
-
- # Grab file using scp if scp://...
- } elsif ($url =~ /^scp/) {
- $url =~ s/^scp:\/\///;
-
- my @cmd;
- push(@cmd, "scp");
- push(@cmd, "-i", "$config{scp_key}") if (exists($config{scp_key}));
- push(@cmd, "-q") if ($config{quiet});
- push(@cmd, "-v") if ($config{verbose});
- push(@cmd, "$url", "$localfile");
-
- print STDERR "Copying file from $url using scp:\n"
- unless ($config{quiet});
-
- clean_exit("scp returned error when trying to copy $url")
- if (system(@cmd));
-
- # Unknown download method.
- } else {
- clean_exit("unknown or unsupported download method\n");
- }
-
- # Make sure the downloaded file actually exists.
- clean_exit("failed to download $url: ".
- "local target file $localfile doesn't exist after download.")
- unless (-e "$localfile");
-
- # Also make sure it's at least non-empty.
- clean_exit("failed to download $url: local target file $localfile is empty ".
- "after download (perhaps you're out of diskspace or file in url is empty?)")
- unless (-s "$localfile");
-}
-
-
-
-# Copy all rules files from the tmp dirs (one for each url)
-# into a single directory inside the tmp dir, except for files
-# matching a 'skipfile' directive'.
-# Will exit in case of colliding filenames.
-sub join_tmp_rules_dirs($ $ @)
-{
- my $rules_dir = shift;
- my $new_files_ref = shift;
- my @url_tmpdirs = @_;
-
- my %rules_files;
-
- clean_exit("failed to create directory \"$rules_dir\": $!")
- unless (mkdir($rules_dir));
-
- foreach my $url_tmpdir (@url_tmpdirs) {
- opendir(URL_TMPDIR, "$url_tmpdir")
- or clean_exit("could not open directory \"$url_tmpdir\": $!");
-
- while ($_ = readdir(URL_TMPDIR)) {
- next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_}) || !/$config{update_files}/);
-
- if (exists($rules_files{$_})) {
- closedir(URL_TMPDIR);
- clean_exit("a file called \"$_\" exists in multiple rules archives")
- }
-
- # Make sure it's a regular file.
- unless (-f "$url_tmpdir/$_" && !-l "$url_tmpdir/$_") {
- closedir(URL_TMPDIR);
- clean_exit("downloaded \"$_\" is not a regular file.")
- }
-
- $rules_files{$_} = 1;
- $$new_files_ref{"$rules_dir/$_"} = 1;
-
- my $src_file = untaint_path("$url_tmpdir/$_");
- unless (copy("$src_file", "$rules_dir")) {
- closedir(URL_TMPDIR);
- clean_exit("could not copy \"$src_file\" to \"$rules_dir\": $!");
- }
- }
-
- closedir(URL_TMPDIR);
- }
-
- return (keys(%$new_files_ref));
-}
-
-
-
-# Make a few basic sanity checks on the rules archive and then
-# uncompress/untar it if everything looked ok.
-sub unpack_rules_archive($ $ $)
-{
- my $url = shift; # only used when printing warnings/errors
- my $archive = shift;
- my $rules_dir = shift;
-
- my ($tar, @tar_content);
-
- my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir()));
-
- my $dir = dirname($archive);
- chdir("$dir") or clean_exit("$url: could not change directory to \"$dir\": $!");
-
- if ($config{use_external_bins}) {
-
- # Run integrity check on the gzip file.
- clean_exit("$url: integrity check on gzip file failed (file transfer failed or ".
- "file in URL not in gzip format?).")
- if (system("gzip", "-t", "$archive"));
-
- # Decompress it.
- system("gzip", "-d", "$archive")
- and clean_exit("$url: unable to uncompress $archive.");
-
- # Suffix has now changed from .tar.gz|.tgz to .tar.
- $archive =~ s/\.gz$//;
-
- # Make sure the .tar file now exists.
- # (Gzip may not return an error if it was not a gzipped file...)
- clean_exit("$url: failed to unpack gzip file (file transfer failed or ".
- "file in URL not in tar'ed gzip format?).")
- unless (-e "$archive");
-
- my $stdout_file = "$tmpdir/tar_content.out";
-
- open(OLDOUT, ">&STDOUT") or clean_exit("could not dup STDOUT: $!");
- open(STDOUT, ">$stdout_file") or clean_exit("could not redirect STDOUT: $!");
-
- my $ret = system("tar", "tf", "$archive");
-
- close(STDOUT);
- open(STDOUT, ">&OLDOUT") or clean_exit("could not dup STDOUT: $!");
- close(OLDOUT);
-
- clean_exit("$url: could not list files in tar archive (is it broken?)")
- if ($ret);
-
- open(TAR, "$stdout_file") or clean_exit("failed to open $stdout_file: $!");
- @tar_content = <TAR>;
- close(TAR);
-
- # use_external_bins=0
- } else {
- $tar = Archive::Tar->new($archive, 1);
- clean_exit("$url: failed to read $archive (file transfer failed or ".
- "file in URL not in tar'ed gzip format?).")
- unless (defined($tar));
- @tar_content = $tar->list_files();
- }
-
- # Make sure we could grab some content from the tarball.
- clean_exit("$url: could not list files in tar archive (is it broken?)")
- if ($#tar_content < 0);
-
- # For each filename in the archive, do some basic sanity checks.
- foreach my $filename (@tar_content) {
- chomp($filename);
-
- # We don't want absolute filename.
- clean_exit("$url: rules archive contains absolute filename. ".
- "Offending file/line:\n$filename")
- if ($filename =~ /^\//);
-
- # We don't want to have any weird characters anywhere in the filename.
- clean_exit("$url: illegal character in filename in tar archive. Allowed are ".
- "$OK_PATH_CHARS\nOffending file/line:\n$filename")
- if ($config{use_path_checks} && $filename =~ /[^$OK_PATH_CHARS]/);
-
- # We don't want to unpack any "../../" junk (check is useless now though).
- clean_exit("$url: filename in tar archive contains \"..\".\n".
- "Offending file/line:\n$filename")
- if ($filename =~ /\.\./);
- }
-
- # Looks good. Now we can untar it.
- print STDERR "Archive successfully downloaded, unpacking... "
- unless ($config{quiet});
-
- if ($config{use_external_bins}) {
- clean_exit("failed to untar $archive.")
- if system("tar", "xf", "$archive");
- } else {
- mkdir("$rules_dir") or clean_exit("could not create \"$rules_dir\" directory: $!\n");
- foreach my $file ($tar->list_files) {
- next unless ($file =~ /^$rules_dir\/[^\/]+$/); # only ^rules/<file>$
-
- my $content = $tar->get_content($file);
-
- # Symlinks in the archive will make get_content return undef.
- clean_exit("could not get content from file \"$file\" in downloaded archive, ".
- "make sure it is a regular file\n")
- unless (defined($content));
-
- open(RULEFILE, ">", "$file")
- or clean_exit("could not open \"$file\" for writing: $!\n");
- print RULEFILE $content;
- close(RULEFILE);
- }
- }
-
- # Make sure that non-empty rules directory existed in archive.
- # We permit empty rules directory if min_files is set to 0 though.
- clean_exit("$url: no \"$rules_dir\" directory found in tar file.")
- unless (-d "$dir/$rules_dir");
-
- my $num_files = 0;
- opendir(RULESDIR, "$dir/$rules_dir")
- or clean_exit("could not open directory \"$dir/$rules_dir\": $!");
-
- while ($_ = readdir(RULESDIR)) {
- next if (/^\.\.?$/);
- $num_files++;
- }
-
- closedir(RULESDIR);
-
- clean_exit("$url: directory \"$rules_dir\" in unpacked archive is empty")
- if ($num_files == 0 && $config{min_files} != 0);
-
- chdir($old_dir)
- or clean_exit("could not change directory back to $old_dir: $!");
-
- print STDERR "done.\n"
- unless ($config{quiet});
-}
-
-
-
-# Open all rules files in the temporary directory and disable/modify all
-# rules/lines as requested in oinkmaster.conf, and then write back to the
-# same files. Also clean unwanted whitespaces and duplicate sids from them.
-sub process_rules($ $ $ $ $ $)
-{
- my $modify_sid_ref = shift;
- my $disable_sid_ref = shift;
- my $enable_sid_ref = shift;
- my $local_sid_ref = shift;
- my $rh_tmp_ref = shift;
- my $newfiles_ref = shift;
- my %sids;
-
- my %stats = (
- disabled => 0,
- enabled => 0,
- modified => 0,
- total => 0,
- );
-
- warn("WARNING: all rules that are disabled by default will be enabled\n")
- if ($config{enable_all} && !$config{quiet});
-
- print STDERR "Processing downloaded rules... "
- unless ($config{quiet});
-
- print STDERR "\n"
- if ($config{verbose});
-
- # Phase #1 - process all active rules and store in temporary hash.
- # In case of dups, we use the one with the highest rev.
- foreach my $file (sort(keys(%$newfiles_ref))) {
-
- open(INFILE, "<", "$file")
- or clean_exit("could not open $file for reading: $!");
- my @infile = <INFILE>;
- close(INFILE);
-
- my ($single, $multi, $nonrule, $msg, $sid);
-
- RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
-
- # We don't care about non-rules in this phase.
- next RULELOOP if (defined($nonrule));
-
- # Even if it was a single-line rule, we want a copy in $multi.
- $multi = $single unless (defined($multi));
-
- my %rule = (
- single => $single,
- multi => $multi,
- );
-
- # modify/disable/enable this rule as requested unless there is a matching
- # localsid statement. Possible verbose messages and warnings will be printed.
- unless (exists($$local_sid_ref{$sid})) {
- process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref,
- \%rule, $sid, \%stats, 1, basename($file));
- }
-
- $stats{total}++;
-
- $single = $rule{single};
- $multi = $rule{multi};
-
- # Only care about active rules in this phase (the rule may have been
- # disabled by a disablesid or a modifysid statement above, so we can't
- # do this check earlier).
- next RULELOOP if ($multi =~ /^#/);
-
- # Is it a dup? If so, see if this seems to be more recent (higher rev).
- if (exists($sids{$sid})) {
- warn("\nWARNING: duplicate SID in downloaded archive, SID=$sid, ".
- "only keeping rule with highest 'rev'\n")
- unless($config{super_quiet});
-
- my ($old_rev) = ($sids{$sid}{single} =~ /\brev\s*:\s*(\d+)\s*;/);
- my ($new_rev) = ($single =~ /\brev\s*:\s*(\d+)\s*;/);
-
- # This is so rules with a rev gets higher prio than
- # rules without any rev.
- $old_rev = -1 unless (defined($old_rev));
- $new_rev = -1 unless (defined($new_rev));
-
- # If this rev is higher than the one in the last stored rule with
- # this sid, replace rule with this one. This is also done if the
- # revs are equal because we assume the rule appearing last in the
- # rules file is the more recent rule.
- if ($new_rev >= $old_rev) {
- $sids{$sid}{single} = $single;
- $sids{$sid}{multi} = $multi;
- }
-
- # No dup.
- } else {
- $sids{$sid}{single} = $single;
- $sids{$sid}{multi} = $multi;
- }
- }
- }
-
- # Phase #2 - read all rules files again, but when writing active rules
- # back to the files, use the one stored in the sid hash (which is free of dups).
- foreach my $file (sort(keys(%$newfiles_ref))) {
-
- open(INFILE, "<", "$file")
- or clean_exit("could not open $file for reading: $!");
- my @infile = <INFILE>;
- close(INFILE);
-
- # Write back to the same file.
- open(OUTFILE, ">", "$file")
- or clean_exit("could not open $file for writing: $!");
-
- my ($single, $multi, $nonrule, $msg, $sid);
-
- RULELOOP:while (get_next_entry(\@infile, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
- if (defined($nonrule)) {
- print OUTFILE "$nonrule";
- next RULELOOP;
- }
-
- # Even if it was a single-line rule, we want a copy in $multi.
- $multi = $single unless (defined($multi));
-
- # If this rule is marked as localized and has not yet been written,
- # write the old version to the new rules file.
- if (exists($$local_sid_ref{$sid}) && !exists($sids{$sid}{printed})) {
-
- # Just ignore the rule in the downloaded file if it doesn't
- # exist in the same local file.
- unless(exists($$rh_tmp_ref{old}{rules}{basename($file)}{$sid})) {
- warn("WARNING: SID $sid is marked as local and exists in ".
- "downloaded " . basename($file) . " but the SID does not ".
- "exist in the local file, ignoring rule\n")
- if ($config{verbose});
-
- next RULELOOP;
- }
-
- print OUTFILE $$rh_tmp_ref{old}{rules}{basename($file)}{$sid};
- $sids{$sid}{printed} = 1;
-
- warn("SID $sid is marked as local, keeping your version from ".
- basename($file) . ".\n".
- "Your version: $$rh_tmp_ref{old}{rules}{basename($file)}{$sid}".
- "Downloaded version: $multi\n")
- if ($config{verbose});
-
- next RULELOOP;
- }
-
- my %rule = (
- single => $single,
- multi => $multi,
- );
-
- # modify/disable/enable this rule. Possible verbose messages and warnings
- # will not be printed (again) as this was done in the first phase.
- # We send the stats to a dummy var as this was collected on the
- # first phase as well.
- process_rule($modify_sid_ref, $disable_sid_ref, $enable_sid_ref,
- \%rule, $sid, \my %unused_stats, 0, basename($file));
-
- $single = $rule{single};
- $multi = $rule{multi};
-
- # Disabled rules are printed right back to the file, unless
- # there also is an active rule with the same sid. Als o make
- # sure we only print the sid once, even though it's disabled.
- if ($multi =~ /^#/ && !exists($sids{$sid}) && !exists($sids{$sid}{printed})) {
- print OUTFILE $multi;
- $sids{$sid}{printed} = 1;
- next RULELOOP;
- }
-
- # If this sid has not yet been printed and this is the place where
- # the sid with the highest rev was, print the rule to the file.
- # (There can be multiple totally different rules with the same sid
- # and we don't want to put the wrong rule in the wrong place.
- if (!exists($sids{$sid}{printed}) && $single eq $sids{$sid}{single}) {
- print OUTFILE $multi;
- $sids{$sid}{printed} = 1;
- }
- }
-
- close(OUTFILE);
- }
-
- print STDERR "disabled $stats{disabled}, enabled $stats{enabled}, ".
- "modified $stats{modified}, total=$stats{total}\n"
- unless ($config{quiet});
-
- # Print warnings on attempt at enablesid/disablesid/localsid on non-existent
- # rule if we're in verbose mode.
- if ($config{verbose}) {
- foreach my $sid (keys(%$enable_sid_ref)) {
- warn("WARNING: attempt to use \"enablesid\" on non-existent SID $sid\n")
- unless (exists($sids{$sid}));
- }
-
- foreach my $sid (keys(%$disable_sid_ref)) {
- warn("WARNING: attempt to use \"disablesid\" on non-existent SID $sid\n")
- unless (exists($sids{$sid}));
- }
-
- foreach my $sid (keys(%$local_sid_ref)) {
- warn("WARNING: attempt to use \"localsid\" on non-existent SID $sid\n")
- unless (exists($sids{$sid}));
- }
- }
-
- # Print warnings on attempt at modifysid'ing non-existent stuff, unless quiet mode.
- unless ($config{quiet}) {
- my %new_files;
- foreach my $file (sort(keys(%$newfiles_ref))) {
- $new_files{basename($file)} = 1;
- }
-
- my %mod_tmp;
- foreach my $mod_expr (@$modify_sid_ref) {
- my ($type, $arg) = ($mod_expr->[2], $mod_expr->[3]);
- $mod_tmp{$type}{$arg} = 1;
- }
-
- foreach my $sid (keys(%{$mod_tmp{sid}})) {
- warn("WARNING: attempt to use \"modifysid\" on non-existent SID $sid\n")
- unless (exists($sids{$sid}));
- }
-
- foreach my $file (keys(%{$mod_tmp{file}})) {
- warn("WARNING: attempt to use \"modifysid\" on non-existent file $file\n")
- unless(exists($new_files{$file}));
- }
- }
-
- # Return total number of valid rules.
- return ($stats{total});
-}
-
-
-
-# Process (modify/enable/disable) a rule as requested.
-sub process_rule($ $ $ $ $ $ $ $)
-{
- my $modify_sid_ref = shift;
- my $disable_sid_ref = shift;
- my $enable_sid_ref = shift;
- my $rule_ref = shift;
- my $sid = shift;
- my $stats_ref = shift;
- my $print_messages = shift;
- my $filename = shift;
-
- # Just for easier access.
- my $single = $$rule_ref{single};
- my $multi = $$rule_ref{multi};
-
- # Some rules may be commented out by default.
- # Enable them if -e is specified (both single-line and multi-line,
- # version, because we don't know which version one we're going to
- # use below.
- # Enable them if -e is specified.
- if ($multi =~ /^#/ && $config{enable_all}) {
- $multi =~ s/^#*//;
- $multi =~ s/\n#*/\n/g;
- $single =~ s/^#*//;
- $$stats_ref{enabled}++;
- }
-
- # Modify rule if requested. For disablesid/enablesid we work
- # on the multi-line version of the rule (if exists). For
- # modifysid that's no good since we don't know where in the
- # rule the trailing backslashes and newlines are going to be
- # and we don't want them to affect the regexp.
- MOD_EXP:foreach my $mod_expr (@$modify_sid_ref) {
- my ($subst, $repl, $type, $arg) =
- ($mod_expr->[0], $mod_expr->[1], $mod_expr->[2], $mod_expr->[3]);
-
- my $print_modify_warnings = 0;
- $print_modify_warnings = 1 if (!$config{super_quiet} && $print_messages && $type eq "sid");
-
- if ($type eq "wildcard" || ($type eq "sid" && $sid eq $arg) ||
- ($type eq "file" && $filename eq $arg)) {
-
- if ($single =~ /$subst/si) {
- print STDERR "Modifying rule, SID=$sid, filename=$filename, ".
- "match type=$type, subst=$subst, ".
- "repl=$repl\nBefore: $single"
- if ($print_messages && $config{verbose});
-
-
- # If user specified a backreference but the regexp did not set $1 - don't modify rule.
- if (!defined($1) && ($repl =~ /[^\\]\$\d+/ || $repl =~ /[^\\]\$\{\d+\}/
- || $repl =~ /^qq\/\$\d+/ || $repl =~ /^qq\/\$\{\d+\}/)) {
- warn("WARNING: SID $sid matches modifysid expression \"$subst\" but ".
- "backreference variable \$1 is undefined after match, ".
- "keeping original rule\n")
- if ($print_modify_warnings);
- next MOD_EXP;
- }
-
- # Do the substitution on the single-line version and put it
- # back in $multi.
- $single =~ s/$subst/$repl/eei;
- $multi = $single;
-
- print STDERR "After: $single\n"
- if ($print_messages && $config{verbose});
-
- $$stats_ref{modified}++;
- } else {
- if ($print_modify_warnings) {
- warn("WARNING: SID $sid does not match modifysid ".
- "expression \"$subst\", keeping original rule\n");
- }
- }
- }
- }
-
- # Disable rule if requested and it's not already disabled.
- if (exists($$disable_sid_ref{$sid}) && $multi !~ /^\s*#/) {
- $multi = "#$multi";
- $multi =~ s/\n([^#].+)/\n#$1/g;
- $$stats_ref{disabled}++;
- }
-
- # Enable rule if requested and it's not already enabled.
- if (exists($$enable_sid_ref{$sid}) && $multi =~ /^\s*#/) {
- $multi =~ s/^#+//;
- $multi =~ s/\n#+(.+)/\n$1/g;
- $$stats_ref{enabled}++;
- }
-
- $$rule_ref{single} = $single;
- $$rule_ref{multi} = $multi;
-}
-
-
-
-# Setup rules hash.
-# Format for rules will be: rh{old|new}{rules{filename}{sid} = single-line rule
-# Format for non-rules will be: rh{old|new}{other}{filename} = array of lines
-# List of added files will be stored as rh{added_files}{filename}
-sub setup_rules_hash($ $)
-{
- my $new_files_ref = shift;
- my $output_dir = shift;
-
- my (%rh, %old_sids);
-
- print STDERR "Setting up rules structures... "
- unless ($config{quiet});
-
- foreach my $file (sort(keys(%$new_files_ref))) {
- warn("\nWARNING: downloaded rules file $file is empty\n")
- if (!-s "$file" && $config{verbose});
-
- open(NEWFILE, "<", "$file")
- or clean_exit("could not open $file for reading: $!");
- my @newfile = <NEWFILE>;
- close(NEWFILE);
-
- # From now on we don't care about the path, so remove it.
- $file = basename($file);
-
- my ($single, $multi, $nonrule, $msg, $sid);
-
- while (get_next_entry(\@newfile, \$single, \$multi, \$nonrule, \$msg, \$sid)) {
- if (defined($single)) {
- $rh{new}{rules}{"$file"}{"$sid"} = $single;
- } else {
- push(@{$rh{new}{other}{"$file"}}, $nonrule);
- }
- }
-
- # Also read in old (aka local) file if it exists.
- # We do a sid dup check in these files.
- if (-f "$output_dir/$file") {
- open(OLDFILE, "<", "$output_dir/$file")
- or clean_exit("could not open $output_dir/$file for reading: $!");
- my @oldfile = <OLDFILE>;
- close(OLDFILE);
-
- while (get_next_entry(\@oldfile, \$single, \$multi, \$nonrule, undef, \$sid)) {
- if (defined($single)) {
- warn("\nWARNING: duplicate SID in your local rules, SID ".
- "$sid exists multiple times, you may need to fix this manually!\n")
- if (exists($old_sids{$sid}));
-
- $rh{old}{rules}{"$file"}{"$sid"} = $single;
- $old_sids{$sid}++;
- } else {
- push(@{$rh{old}{other}{"$file"}}, $nonrule);
- }
- }
- } else {
- $rh{added_files}{"$file"}++;
- }
- }
-
- print STDERR "done.\n"
- unless ($config{quiet});
-
- return (%rh);
-}
-
-
-
-# Return lines that exist only in first array but not in second one.
-sub get_first_only($ $ $)
-{
- my $first_only_ref = shift;
- my $first_arr_ref = shift;
- my $second_arr_ref = shift;
- my %arr_hash;
-
- @arr_hash{@$second_arr_ref} = ();
-
- foreach my $line (@$first_arr_ref) {
-
- # Skip blank lines and CVS Id tags.
- next unless ($line =~ /\S/);
- next if ($line =~ /^\s*#+\s*\$I\S:.+Exp\s*\$/);
-
- push(@$first_only_ref, $line)
- unless(exists($arr_hash{$line}));
- }
-}
-
-
-
-# Backup files in output dir matching $config{update_files} into the backup dir.
-sub make_backup($ $)
-{
- my $src_dir = shift; # dir with the rules to be backed up
- my $dest_dir = shift; # where to put the backup tarball
-
- my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5];
-
- my $date = sprintf("%4d%02d%02d-%02d%02d%02d",
- $year + 1900, $mon + 1, $mday, $hour, $min, $sec);
-
- my $backup_tarball = "rules-backup-$date.tar";
- my $backup_tmp_dir = File::Spec->catdir("$tmpdir", "rules-backup-$date");
- my $dest_file = File::Spec->catfile("$dest_dir", "$backup_tarball.gz");
-
- print STDERR "Creating backup of old rules..."
- unless ($config{quiet});
-
- mkdir("$backup_tmp_dir", 0700)
- or clean_exit("could not create temporary backup directory $backup_tmp_dir: $!");
-
- # Copy all rules files from the rules dir to the temporary backup dir.
- opendir(OLDRULES, "$src_dir")
- or clean_exit("could not open directory $src_dir: $!");
-
- while ($_ = readdir(OLDRULES)) {
- next if (/^\.\.?$/);
- if (/$config{update_files}/) {
- my $src_file = untaint_path("$src_dir/$_");
- copy("$src_file", "$backup_tmp_dir/")
- or warn("WARNING: could not copy $src_file to $backup_tmp_dir/: $!");
- }
- }
-
- closedir(OLDRULES);
-
- # Also backup the -U <file> (as "variable-file.conf") if specified.
- if ($config{update_vars}) {
- copy("$config{varfile}", "$backup_tmp_dir/variable-file.conf")
- or warn("WARNING: could not copy $config{varfile} to $backup_tmp_dir: $!")
- }
-
- my $old_dir = untaint_path(File::Spec->rel2abs(File::Spec->curdir()));
-
- # Change directory to $tmpdir (so we'll be right below the directory where
- # we have our rules to be backed up).
- chdir("$tmpdir") or clean_exit("could not change directory to $tmpdir: $!");
-
- if ($config{use_external_bins}) {
- clean_exit("tar command returned error when archiving backup files.\n")
- if (system("tar","cf","$backup_tarball","rules-backup-$date"));
-
- clean_exit("gzip command returned error when compressing backup file.\n")
- if (system("gzip","$backup_tarball"));
-
- $backup_tarball .= ".gz";
-
- } else {
- my $tar = Archive::Tar->new;
- opendir(RULES, "rules-backup-$date")
- or clean_exit("unable to open directory \"rules-backup-$date\": $!");
-
- while ($_ = readdir(RULES)) {
- next if (/^\.\.?$/);
- $tar->add_files("rules-backup-$date/$_");
- }
-
- closedir(RULES);
-
- $backup_tarball .= ".gz";
-
- # Write tarball. Print stupid error message if it fails as
- # we can't use $tar->error or Tar::error on all platforms.
- $tar->write("$backup_tarball", 1);
-
- clean_exit("could not create backup archive: tarball empty after creation\n")
- unless (-s "$backup_tarball");
- }
-
- # Change back to old directory (so it will work with -b <directory> as either
- # an absolute or a relative path.
- chdir("$old_dir")
- or clean_exit("could not change directory back to $old_dir: $!");
-
- copy("$tmpdir/$backup_tarball", "$dest_file")
- or clean_exit("unable to copy $tmpdir/$backup_tarball to $dest_file/: $!\n");
-
- print STDERR " saved as $dest_file.\n"
- unless ($config{quiet});
-}
-
-
-
-# Print the results.
-sub print_changes($ $)
-{
- my $ch_ref = shift;
- my $rh_ref = shift;
-
- my ($sec, $min, $hour, $mday, $mon, $year) = (localtime)[0 .. 5];
-
- my $date = sprintf("%4d%02d%02d %02d:%02d:%02d",
- $year + 1900, $mon + 1, $mday, $hour, $min, $sec);
-
- print "\n[***] Results from Oinkmaster started $date [***]\n";
-
- # Print new variables.
- if ($config{update_vars}) {
- if ($#{$$ch_ref{new_vars}} > -1) {
- print "\n[*] New variables: [*]\n";
- foreach my $var (@{$$ch_ref{new_vars}}) {
- print " $var";
- }
- } else {
- print "\n[*] New variables: [*]\n None.\n"
- unless ($config{super_quiet});
- }
- }
-
-
- # Print rules modifications.
- print "\n[*] Rules modifications: [*]\n None.\n"
- if (!keys(%{$$ch_ref{rules}}) && !$config{super_quiet});
-
- # Print added rules.
- if (exists($$ch_ref{rules}{added})) {
- print "\n[+++] Added rules: [+++]\n";
- if ($config{summary_output}) {
- print_summary_change(\%{$$ch_ref{rules}{added}}, $rh_ref);
- } else {
- print_changetype($PRINT_NEW, "Added to",
- \%{$$ch_ref{rules}{added}}, $rh_ref);
- }
- }
-
- # Print enabled rules.
- if (exists($$ch_ref{rules}{ena})) {
- print "\n[+++] Enabled rules: [+++]\n";
- if ($config{summary_output}) {
- print_summary_change(\%{$$ch_ref{rules}{ena}}, $rh_ref);
- } else {
- print_changetype($PRINT_NEW, "Enabled in",
- \%{$$ch_ref{rules}{ena}}, $rh_ref);
- }
- }
-
- # Print enabled + modified rules.
- if (exists($$ch_ref{rules}{ena_mod})) {
- print "\n[+++] Enabled and modified rules: [+++]\n";
- if ($config{summary_output}) {
- print_summary_change(\%{$$ch_ref{rules}{ena_mod}}, $rh_ref);
- } else {
- print_changetype($PRINT_BOTH, "Enabled and modified in",
- \%{$$ch_ref{rules}{ena_mod}}, $rh_ref);
- }
- }
-
- # Print modified active rules.
- if (exists($$ch_ref{rules}{mod_act})) {
- print "\n[///] Modified active rules: [///]\n";
-
- if ($config{summary_output}) {
- print_summary_change(\%{$$ch_ref{rules}{mod_act}}, $rh_ref);
- } else {
- print_changetype($PRINT_BOTH, "Modified active in",
- \%{$$ch_ref{rules}{mod_act}}, $rh_ref);
- }
- }
-
- # Print modified inactive rules.
- if (exists($$ch_ref{rules}{mod_ina})) {
- print "\n[///] Modified inactive rules: [///]\n";
- if ($config{summary_output}) {
- print_summary_change(\%{$$ch_ref{rules}{mod_ina}}, $rh_ref);
- } else {
- print_changetype($PRINT_BOTH, "Modified inactive in",
- \%{$$ch_ref{rules}{mod_ina}}, $rh_ref);
- }
- }
-
- # Print disabled + modified rules.
- if (exists($$ch_ref{rules}{dis_mod})) {
- print "\n[---] Disabled and modified rules: [---]\n";
- if ($config{summary_output}) {
- print_summary_change(\%{$$ch_ref{rules}{dis_mod}}, $rh_ref);
- } else {
- print_changetype($PRINT_BOTH, "Disabled and modified in",
- \%{$$ch_ref{rules}{dis_mod}}, $rh_ref);
- }
- }
-
- # Print disabled rules.
- if (exists($$ch_ref{rules}{dis})) {
- print "\n[---] Disabled rules: [---]\n";
- if ($config{summary_output}) {
- print_summary_change(\%{$$ch_ref{rules}{dis}}, $rh_ref);
- } else {
- print_changetype($PRINT_NEW, "Disabled in",
- \%{$$ch_ref{rules}{dis}}, $rh_ref);
- }
- }
-
- # Print removed rules.
- if (exists($$ch_ref{rules}{removed})) {
- print "\n[---] Removed rules: [---]\n";
- if ($config{summary_output}) {
- print_summary_change(\%{$$ch_ref{rules}{removed}}, $rh_ref);
- } else {
- print_changetype($PRINT_OLD, "Removed from",
- \%{$$ch_ref{rules}{removed}}, $rh_ref);
- }
- }
-
-
- # Print non-rule modifications.
- print "\n[*] Non-rule line modifications: [*]\n None.\n"
- if (!keys(%{$$ch_ref{other}}) && !$config{super_quiet});
-
- # Print added non-rule lines.
- if (exists($$ch_ref{other}{added})) {
- print "\n[+++] Added non-rule lines: [+++]\n";
- foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{added}}))) {
- my $num = $#{$$ch_ref{other}{added}{$file}} + 1;
- print "\n -> Added to $file ($num):\n";
- foreach my $line (@{$$ch_ref{other}{added}{$file}}) {
- print " $line";
- }
- }
- }
-
- # Print removed non-rule lines.
- if (keys(%{$$ch_ref{other}{removed}}) > 0) {
- print "\n[---] Removed non-rule lines: [---]\n";
- foreach my $file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{other}{removed}}))) {
- my $num = $#{$$ch_ref{other}{removed}{$file}} + 1;
- print "\n -> Removed from $file ($num):\n";
- foreach my $other (@{$$ch_ref{other}{removed}{$file}}) {
- print " $other";
- }
- }
- }
-
-
- # Print list of added files.
- if (keys(%{$$ch_ref{added_files}})) {
- print "\n[+] Added files (consider updating your snort.conf to include them if needed): [+]\n\n";
- foreach my $added_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{added_files}}))) {
- print " -> $added_file\n";
- }
- } else {
- print "\n[*] Added files: [*]\n None.\n"
- unless ($config{super_quiet} || $config{summary_output});
- }
-
- # Print list of possibly removed files if requested.
- if ($config{check_removed}) {
- if (keys(%{$$ch_ref{removed_files}})) {
- print "\n[-] Files possibly removed from the archive ".
- "(consider removing them from your snort.conf if needed): [-]\n\n";
- foreach my $removed_file (sort({uc($a) cmp uc($b)} keys(%{$$ch_ref{removed_files}}))) {
- print " -> $removed_file\n";
- }
- } else {
- print "\n[*] Files possibly removed from the archive: [*]\n None.\n"
- unless ($config{super_quiet} || $config{summary_output});
- }
- }
-
- print "\n";
-}
-
-
-
-# Helper for print_changes().
-sub print_changetype($ $ $ $)
-{
- my $type = shift; # $PRINT_OLD|$PRINT_NEW|$PRINT_BOTH
- my $string = shift; # string to print before filename
- my $ch_ref = shift; # reference to an entry in the rules changes hash
- my $rh_ref = shift; # reference to rules hash
-
- foreach my $file (sort({uc($a) cmp uc($b)} keys(%$ch_ref))) {
- my $num = keys(%{$$ch_ref{$file}});
- print "\n -> $string $file ($num):\n";
- foreach my $sid (keys(%{$$ch_ref{$file}})) {
- if ($type == $PRINT_OLD) {
- print " $$rh_ref{old}{rules}{$file}{$sid}"
- } elsif ($type == $PRINT_NEW) {
- print " $$rh_ref{new}{rules}{$file}{$sid}"
- } elsif ($type == $PRINT_BOTH) {
-
- my $old = $$rh_ref{old}{rules}{$file}{$sid};
- my $new = $$rh_ref{new}{rules}{$file}{$sid};
-
- if ($config{minimize_diff}) {
- my ($old, $new) = minimize_diff($old, $new);
- print "\n old SID $sid: $old";
- print " new SID $sid: $new";
- } else {
- print "\n old: $old";
- print " new: $new";
- }
- }
- }
- }
-}
-
-
-
-# Print changes in bmc style, i.e. only sid and msg, no full details.
-sub print_summary_change($ $)
-{
- my $ch_ref = shift; # reference to an entry in the rules changes hash
- my $rh_ref = shift; # reference to rules hash
-
- my (@sids, %sidmap);
-
- print "\n";
-
- # First get all the sids (may be spread across multiple files.
- foreach my $file (keys(%$ch_ref)) {
- foreach my $sid (keys(%{$$ch_ref{$file}})) {
- push(@sids, $sid);
- if (exists($$rh_ref{new}{rules}{$file}{$sid})) {
- $sidmap{$sid}{rule} = $$rh_ref{new}{rules}{$file}{$sid};
- } else {
- $sidmap{$sid}{rule} = $$rh_ref{old}{rules}{$file}{$sid};
- }
- $sidmap{$sid}{file} = $file;
- }
- }
-
- # Print rules, sorted by sid.
- foreach my $sid (sort {$a <=> $b} (@sids)) {
- my @rule = $sidmap{$sid}{rule};
- my $file = $sidmap{$sid}{file};
- get_next_entry(\@rule, undef, undef, undef, \(my $msg), undef);
- printf("%8d - %s (%s)\n", $sid, $msg, $file);
- }
-
- print "\n";
-}
-
-
-
-# Compare the new rules to the old ones.
-sub get_changes($ $ $)
-{
- my $rh_ref = shift;
- my $new_files_ref = shift;
- my $rules_dir = shift;
- my %changes;
-
- print STDERR "Comparing new files to the old ones... "
- unless ($config{quiet});
-
- # We have the list of added files (without full path) in $rh_ref{added_files}
- # but we'd rather want to have it in $changes{added_files} now.
- $changes{added_files} = $$rh_ref{added_files};
-
- # New files are also regarded as modified since we want to update
- # (i.e. add) those as well. Here we want them with full path.
- foreach my $file (keys(%{$changes{added_files}})) {
- $changes{modified_files}{"$tmpdir/$rules_dir/$file"}++;
- }
-
- # Add list of possibly removed files if requested.
- if ($config{check_removed}) {
- opendir(OLDRULES, "$config{output_dir}")
- or clean_exit("could not open directory $config{output_dir}: $!");
-
- while ($_ = readdir(OLDRULES)) {
- next if (/^\.\.?$/);
- $changes{removed_files}{"$_"} = 1
- if (/$config{update_files}/ &&
- !exists($config{file_ignore_list}{$_}) &&
- !-e "$tmpdir/$rules_dir/$_");
- }
-
- closedir(OLDRULES);
- }
-
- # For each new rules file...
- FILELOOP:foreach my $file_w_path (sort(keys(%$new_files_ref))) {
- my $file = basename($file_w_path);
-
- # Skip comparison if it's an added file.
- next FILELOOP if (exists($$rh_ref{added_files}{$file}));
-
- # For each sid in the new file...
- foreach my $sid (keys(%{$$rh_ref{new}{rules}{$file}})) {
- my $new_rule = $$rh_ref{new}{rules}{$file}{$sid};
-
- # Sid also exists in the old file?
- if (exists($$rh_ref{old}{rules}{$file}{$sid})) {
- my $old_rule = $$rh_ref{old}{rules}{$file}{$sid};
-
- # Are they identical?
- unless ($new_rule eq $old_rule) {
- $changes{modified_files}{$file_w_path}++;
-
- # Find out in which way the rules are different.
- if ("#$old_rule" eq $new_rule) {
- $changes{rules}{dis}{$file}{$sid}++;
- } elsif ($old_rule eq "#$new_rule") {
- $changes{rules}{ena}{$file}{$sid}++;
- } elsif ($old_rule =~ /^\s*#/ && $new_rule !~ /^\s*#/) {
- $changes{rules}{ena_mod}{$file}{$sid}++;
- } elsif ($old_rule !~ /^\s*#/ && $new_rule =~ /^\s*#/) {
- $changes{rules}{dis_mod}{$file}{$sid}++;
- } elsif ($old_rule =~ /^\s*#/ && $new_rule =~ /^\s*#/) {
- $changes{rules}{mod_ina}{$file}{$sid}++;
- } else {
- $changes{rules}{mod_act}{$file}{$sid}++;
- }
-
- }
- } else { # sid not found in old file, i.e. it's added
- $changes{modified_files}{$file_w_path}++;
- $changes{rules}{added}{$file}{$sid}++;
- }
- } # foreach sid
-
- # Check for removed rules, i.e. sids that exist in the old file but
- # not in the new one.
- foreach my $sid (keys(%{$$rh_ref{old}{rules}{$file}})) {
- unless (exists($$rh_ref{new}{rules}{$file}{$sid})) {
- $changes{modified_files}{$file_w_path}++;
- $changes{rules}{removed}{$file}{$sid}++;
- }
- }
-
- # Check for added non-rule lines.
- get_first_only(\my @added,
- \@{$$rh_ref{new}{other}{$file}},
- \@{$$rh_ref{old}{other}{$file}});
-
- if (scalar(@added)) {
- @{$changes{other}{added}{$file}} = @added;
- $changes{modified_files}{$file_w_path}++;
- }
-
- # Check for removed non-rule lines.
- get_first_only(\my @removed,
- \@{$$rh_ref{old}{other}{$file}},
- \@{$$rh_ref{new}{other}{$file}});
-
- if (scalar(@removed)) {
- @{$changes{other}{removed}{$file}} = @removed;
- $changes{modified_files}{$file_w_path}++;
- }
-
- } # foreach new file
-
- print STDERR "done.\n" unless ($config{quiet});
-
- return (%changes);
-}
-
-
-
-# Simply copy the modified rules files to the output directory.
-sub update_rules($ @)
-{
- my $dst_dir = shift;
- my @modified_files = @_;
-
- print STDERR "Updating local rules files... "
- if (!$config{quiet} || $config{interactive});
-
- foreach my $file_w_path (@modified_files) {
- copy("$file_w_path", "$dst_dir")
- or clean_exit("could not copy $file_w_path to $dst_dir: $!");
- }
-
- print STDERR "done.\n"
- if (!$config{quiet} || $config{interactive});
-}
-
-
-# Simply copy rules files from one dir to another.
-# Links are not allowed.
-sub copy_rules($ $)
-{
- my $src_dir = shift;
- my $dst_dir = shift;
-
- print STDERR "Copying rules from $src_dir... "
- if (!$config{quiet} || $config{interactive});
-
- opendir(SRC_DIR, $src_dir)
- or clean_exit("could not open directory $src_dir: $!");
-
- my $num_files = 0;
- while ($_ = readdir(SRC_DIR)) {
- next if (/^\.\.?$/ || exists($config{file_ignore_list}{$_})
- || !/$config{update_files}/);
-
- my $src_file = untaint_path("$src_dir/$_");
-
- # Make sure it's a regular file.
- unless (-f "$src_file" && !-l "$src_file") {
- closedir(SRC_DIR);
- clean_exit("\"$src_file\" is not a regular file.")
- }
-
- unless (copy($src_file, $dst_dir)) {
- closedir(SRC_DIR);
- clean_exit("could not copy \"$src_file\" to \"$dst_dir\"/: $!");
- }
- $num_files++;
- }
-
- closedir(SRC_DIR);
-
- print STDERR "$num_files files copied.\n"
- if (!$config{quiet} || $config{interactive});
-}
-
-
-
-# Return true if file is in PATH and is executable.
-sub is_in_path($)
-{
- my $file = shift;
-
- foreach my $dir (File::Spec->path()) {
- if ((-f "$dir/$file" && -x "$dir/$file")
- || (-f "$dir/$file.exe" && -x "$dir/$file.exe")) {
- print STDERR "Found $file binary in $dir\n"
- if ($config{verbose});
- return (1);
- }
- }
-
- return (0);
-}
-
-
-
-# get_next_entry() will parse the array referenced in the first arg
-# and return the next entry. The array should contain a rules file,
-# and the returned entry will be removed from the array.
-# An entry is one of:
-# - single-line rule (put in 2nd ref)
-# - multi-line rule (put in 3rd ref)
-# - non-rule line (put in 4th ref)
-# If the entry is a multi-line rule, its single-line version is also
-# returned (put in the 2nd ref).
-# If it's a rule, the msg string will be put in 4th ref and sid in 5th.
-sub get_next_entry($ $ $ $ $ $)
-{
- my $arr_ref = shift;
- my $single_ref = shift;
- my $multi_ref = shift;
- my $nonrule_ref = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- undef($$single_ref);
- undef($$multi_ref);
- undef($$nonrule_ref);
- undef($$msg_ref);
- undef($$sid_ref);
-
- my $line = shift(@$arr_ref) || return(0);
- my $disabled = 0;
- my $broken = 0;
-
- chomp($line);
- $line .= "\n";
-
- # Possible beginning of multi-line rule?
- if ($line =~ /$MULTILINE_RULE_REGEXP/oi) {
- $$single_ref = $line;
- $$multi_ref = $line;
-
- $disabled = 1 if ($line =~ /^\s*#/);
-
- # Keep on reading as long as line ends with "\".
- while (!$broken && $line =~ /\\\s*\n$/) {
-
- # Remove trailing "\" and newline for single-line version.
- $$single_ref =~ s/\\\s*\n//;
-
- # If there are no more lines, this can not be a valid multi-line rule.
- if (!($line = shift(@$arr_ref))) {
-
- warn("\nWARNING: got EOF while parsing multi-line rule: $$multi_ref\n")
- if ($config{verbose});
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
-
- # Multi-line continuation.
- $$multi_ref .= $line;
-
- # If there are non-comment lines in the middle of a disabled rule,
- # mark the rule as broken to return as non-rule lines.
- if ($line !~ /^\s*#/ && $disabled) {
- $broken = 1;
- } elsif ($line =~ /^\s*#/ && !$disabled) {
- # comment line (with trailing slash) in the middle of an active rule - ignore it
- } else {
- $line =~ s/^\s*#*\s*//; # remove leading # in single-line version
- $$single_ref .= $line;
- }
-
- } # while line ends with "\"
-
- # Single-line version should now be a valid rule.
- # If not, it wasn't a valid multi-line rule after all.
- if (!$broken && parse_singleline_rule($$single_ref, $msg_ref, $sid_ref)) {
-
- $$single_ref =~ s/^\s*//; # remove leading whitespaces
- $$single_ref =~ s/^#+\s*/#/; # remove whitespaces next to leading #
- $$single_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- $$multi_ref =~ s/^\s*//;
- $$multi_ref =~ s/\s*\n$/\n/;
- $$multi_ref =~ s/^#+\s*/#/;
-
- return (1); # return multi
-
- # Invalid multi-line rule.
- } else {
- warn("\nWARNING: invalid multi-line rule: $$single_ref\n")
- if ($config{verbose} && $$multi_ref !~ /^\s*#/);
-
- @_ = split(/\n/, $$multi_ref);
-
- undef($$multi_ref);
- undef($$single_ref);
-
- # First line of broken multi-line rule will be returned as a non-rule line.
- $$nonrule_ref = shift(@_) . "\n";
- $$nonrule_ref =~ s/\s*\n$/\n/; # remove trailing whitespaces
-
- # The rest is put back to the array again.
- foreach $_ (reverse((@_))) {
- unshift(@$arr_ref, "$_\n");
- }
-
- return (1); # return non-rule
- }
-
- # Check if it's a regular single-line rule.
- } elsif (parse_singleline_rule($line, $msg_ref, $sid_ref)) {
- $$single_ref = $line;
- $$single_ref =~ s/^\s*//;
- $$single_ref =~ s/^#+\s*/#/;
- $$single_ref =~ s/\s*\n$/\n/;
-
- return (1); # return single
-
- # Non-rule line.
- } else {
-
- # Do extra check and warn if it *might* be a rule anyway,
- # but that we just couldn't parse for some reason.
- warn("\nWARNING: line may be a rule but it could not be parsed ".
- "(missing sid?): $line\n")
- if ($config{verbose} && $line =~ /^\s*alert .+msg\s*:\s*".+"\s*;/);
-
- $$nonrule_ref = $line;
- $$nonrule_ref =~ s/\s*\n$/\n/;
-
- return (1); # return non-rule
- }
-}
-
-
-
-# Look for variables that exist in dist var files but not in local var file.
-sub get_new_vars($ $ $ $)
-{
- my $ch_ref = shift;
- my $dist_var_files_ref = shift;
- my $local_var_file = shift;
- my $url_tmpdirs_ref = shift;
-
- my %new_vars;
- my (%old_vars, %dist_var_files, %found_dist_var_files);
- my $confs_found = 0;
-
-
- # Warn in case we can't find a specified dist file.
- foreach my $dir (@$url_tmpdirs_ref) {
- foreach my $dist_var_file (@$dist_var_files_ref) {
- if (-e "$dir/$dist_var_file") {
- $found_dist_var_files{$dist_var_file} = 1;
- $confs_found++;
- }
- }
- }
-
- foreach my $dist_var_file (@$dist_var_files_ref) {
- unless (exists($found_dist_var_files{$dist_var_file})) {
- warn("WARNING: did not find variable file \"$dist_var_file\" in ".
- "downloaded archive(s)\n")
- unless($config{quiet});
- }
- }
-
- unless ($confs_found) {
- unless ($config{quiet}) {
- warn("WARNING: no variable files found in downloaded archive(s), ".
- "aborting check for new variables\n");
- return;
- }
- }
-
- # Read in variable names from old (target) var file.
- open(LOCAL_VAR_FILE, "<", "$local_var_file")
- or clean_exit("could not open $local_var_file for reading: $!");
-
- my @local_var_conf = <LOCAL_VAR_FILE>;
-
- foreach $_ (join_multilines(\@local_var_conf)) {
- $old_vars{lc($1)}++ if (/$VAR_REGEXP/i);
- }
-
- close(LOCAL_VAR_FILE);
-
- # Read in variables from new file(s).
- foreach my $dir (@$url_tmpdirs_ref) {
- foreach my $dist_var_file (@$dist_var_files_ref) {
- my $conf = "$dir/$dist_var_file";
- if (-e "$conf") {
- my $num_new = 0;
- print STDERR "Checking downloaded $dist_var_file for new variables... "
- unless ($config{quiet});
-
- open(DIST_CONF, "<", "$conf")
- or clean_exit("could not open $conf for reading: $!");
- my @dist_var_conf = <DIST_CONF>;
- close(DIST_CONF);
-
- foreach $_ (join_multilines(\@dist_var_conf)) {
- if (/$VAR_REGEXP/i && !exists($old_vars{lc($1)})) {
- my ($varname, $varval) = (lc($1), $2);
- if (exists($new_vars{$varname})) {
- warn("\nWARNING: new variable \"$varname\" is defined multiple ".
- "times in downloaded files\n");
- }
- s/^\s*//;
- push(@{$$ch_ref{new_vars}}, "$_\n");
- $new_vars{$varname} = $varval;
- $num_new++;
- }
- }
-
- close(DIST_CONF);
- print STDERR "$num_new new found.\n"
- unless ($config{quiet});
- }
- }
- }
-}
-
-
-
-# Add new variables to local snort.conf.
-sub add_new_vars($ $)
-{
- my $ch_ref = shift;
- my $varfile = shift;
- my $tmp_varfile = "$tmpdir/tmp_varfile.conf";
- my $new_content;
-
- return unless ($#{$changes{new_vars}} > -1);
-
- print STDERR "Adding new variables to $varfile... "
- unless ($config{quiet});
-
- open(OLD_LOCAL_CONF, "<", "$varfile")
- or clean_exit("could not open $varfile for reading: $!");
- my @old_content = <OLD_LOCAL_CONF>;
- close(OLD_LOCAL_CONF);
-
- open(NEW_LOCAL_CONF, ">", "$tmp_varfile")
- or clean_exit("could not open $tmp_varfile for writing: $!");
-
- my @old_vars = grep(/$VAR_REGEXP/i, @old_content);
-
-
- # If any vars exist in old file, put new vars right after them.
- if ($#old_vars > -1) {
- while ($_ = shift(@old_content)) {
- print NEW_LOCAL_CONF $_;
- last if ($_ eq $old_vars[$#old_vars]);
- }
- }
-
- print NEW_LOCAL_CONF @{$changes{new_vars}};
- print NEW_LOCAL_CONF @old_content;
-
- close(NEW_LOCAL_CONF);
-
- clean_exit("could not copy $tmp_varfile to $varfile: $!")
- unless (copy("$tmp_varfile", "$varfile"));
-
- print STDERR "done.\n"
- unless ($config{quiet});
-}
-
-
-
-# Convert msdos style path to cygwin style, e.g.
-# c:\foo => /cygdrive/c/foo
-sub msdos_to_cygwin_path($)
-{
- my $path_ref = shift;
-
- if ($$path_ref =~ /^([a-zA-Z]):[\/\\](.*)/) {
- my ($drive, $dir) = ($1, $2);
- $dir =~ s/\\/\//g;
- $$path_ref = "/cygdrive/$drive/$dir";
- return (1);
- }
-
- return (0);
-}
-
-
-
-# Parse and process a modifysid expression.
-# Return 1 if valid, or otherwise 0.
-sub parse_mod_expr($ $ $ $)
-{
- my $mod_list_ref = shift; # where to store valid entries
- my $sid_arg_list = shift; # comma-separated list of SIDs/files or wildcard
- my $subst = shift; # regexp to look for
- my $repl = shift; # regexp to replace it with
-
- my @tmp_mod_list;
-
- $sid_arg_list =~ s/\s+$//;
-
- foreach my $sid_arg (split(/\s*,\s*/, $sid_arg_list)) {
- my $type = "";
-
- $type = "sid" if ($sid_arg =~ /^\d+$/);
- $type = "file" if ($sid_arg =~ /^\S+.*\.\S+$/);
- $type = "wildcard" if ($sid_arg eq "*");
-
- return (0) unless ($type);
-
- # Sanity check to make sure user escaped at least all the "$" in $subst.
- if ($subst =~ /[^\\]\$./ || $subst =~ /^\$/) {
- warn("WARNING: unescaped \$ in expression \"$subst\", all special ".
- "characters must be escaped\n");
- return (0);
- }
-
- # Only allow backreference variables. The check should at least catch some user typos.
- if (($repl =~ /[^\\]\$(\D.)/ && $1 !~ /{\d/) || $repl =~ /[^\\]\$$/
- || ($repl =~ /^\$(\D.)/ && $1 !~ /{\d/)) {
- warn("WARNING: illegal replacement expression \"$repl\": unescaped \$ ".
- "that isn't a backreference\n");
- return (0);
- }
-
- # Don't permit unescaped @.
- if ($repl =~ /[^\\]\@/ || $repl =~ /^\@/) {
- warn("WARNING: illegal replacement expression \"$repl\": unescaped \@\n");
- return (0);
- }
-
- # Make sure the regexp is valid.
- my $repl_qq = "qq/$repl/";
- my $dummy = "foo";
-
- eval {
- $dummy =~ s/$subst/$repl_qq/ee;
- };
-
- # We should probably check for warnings as well as errors...
- if ($@) {
- warn("Invalid regexp: $@");
- return (0);
- }
-
- push(@tmp_mod_list, [$subst, $repl_qq, $type, $sid_arg]);
- }
-
- # If we come this far, all sids and the regexp were parsed successfully, so
- # append them to real mod list array.
- foreach my $mod_entry (@tmp_mod_list) {
- push(@$mod_list_ref, $mod_entry);
- }
-
- return (1);
-}
-
-
-
-# Untaint a path. Die if it contains illegal chars.
-sub untaint_path($)
-{
- my $path = shift;
- my $orig_path = $path;
-
- return $path unless ($config{use_path_checks});
-
- (($path) = $path =~ /^([$OK_PATH_CHARS]+)$/)
- or clean_exit("illegal character in path/filename ".
- "\"$orig_path\", allowed are $OK_PATH_CHARS\n".
- "Fix this or set use_path_checks=0 in oinkmaster.conf ".
- "to disable this check completely if it is too strict.\n");
-
- return ($path);
-}
-
-
-
-# Ask user to approve changes. Return 1 for yes, 0 for no.
-sub approve_changes()
-{
- my $answer = "";
-
- while ($answer !~ /^[yn]/i) {
- print "Do you approve these changes? [Yn] ";
- $answer = <STDIN>;
- $answer = "y" unless ($answer =~ /\S/);
- }
-
- return ($answer =~ /^y/i);
-}
-
-
-
-# Remove common leading and trailing stuff from two rules.
-sub minimize_diff($ $)
-{
- my $old_rule = shift;
- my $new_rule = shift;
-
- my $original_old = $old_rule;
- my $original_new = $new_rule;
-
- # Additional chars to print next to the diffing part.
- my $additional_chars = 20;
-
- # Remove the rev keyword from the rules, as it often
- # makes the whole diff minimizing useless.
- $old_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//;
- my $old_rev = $1;
-
- $new_rule =~ s/\s*\b(rev\s*:\s*\d+\s*;)\s*//;
- my $new_rev = $1;
-
- # If rev was the only thing that changed, we want to restore the rev
- # before continuing so we don't remove common stuff from rules that
- # are identical.
- if ($old_rule eq $new_rule) {
- $old_rule = $original_old;
- $new_rule = $original_new;
- }
-
- # Temporarily remove possible leading # so it works nicely
- # with modified rules that are also being either enabled or disabled.
- my $old_is_disabled = 0;
- my $new_is_disabled = 0;
-
- $old_is_disabled = 1 if ($old_rule =~ s/^#//);
- $new_is_disabled = 1 if ($new_rule =~ s/^#//);
-
- # Go forward char by char until they aren't equeal.
- # $i will bet set to the index where they diff.
- my @old = split(//, $old_rule);
- my @new = split(//, $new_rule);
-
- my $i = 0;
- while ($i <= $#old && $i <= $#new && $old[$i] eq $new[$i]) {
- $i++;
- }
-
- # Now same thing but backwards.
- # $j will bet set to the index where they diff.
- @old = reverse(split(//, $old_rule));
- @new = reverse(split(//, $new_rule));
-
- my $j = 0;
- while ($j <= $#old && $j <= $#new && $old[$j] eq $new[$j]) {
- $j++;
- }
-
- # Print some additional chars on either side, if there is room for it.
- $i -= $additional_chars;
- $i = 0 if ($i < 0);
-
- $j = -$j + $additional_chars;
- $j = 0 if ($j > -1);
-
- my ($old, $new);
-
- # Print entire rules (i.e. they can not be shortened).
- if (!$i && !$j) {
- $old = $old_rule;
- $new = $new_rule;
-
- # Leading and trailing stuff can be removed.
- } elsif ($i && $j) {
- $old = "..." . substr($old_rule, $i, $j) . "...";
- $new = "..." . substr($new_rule, $i, $j) . "...";
-
- # Trailing stuff can be removed.
- } elsif (!$i && $j) {
- $old = substr($old_rule, $i, $j) . "...";
- $new = substr($new_rule, $i, $j) . "...";
-
- # Leading stuff can be removed.
- } elsif ($i && !$j) {
- $old = "..." . substr($old_rule, $i);
- $new = "..." . substr($new_rule, $i);
- }
-
- chomp($old, $new);
- $old .= "\n";
- $new .= "\n";
-
- # Restore possible leading # now.
- $old = "#$old" if ($old_is_disabled);
- $new = "#$new" if ($new_is_disabled);
-
- return ($old, $new);
-}
-
-
-
-# Check a string and return 1 if it's a valid single-line snort rule.
-# Msg string is put in second arg, sid in third (those are the only
-# required keywords, besides the leading rule actions).
-sub parse_singleline_rule($ $ $)
-{
- my $line = shift;
- my $msg_ref = shift;
- my $sid_ref = shift;
-
- undef($$msg_ref);
- undef($$sid_ref);
-
- if ($line =~ /$SINGLELINE_RULE_REGEXP/oi) {
-
- if ($line =~ /\bmsg\s*:\s*"(.+?)"\s*;/i) {
- $$msg_ref = $1;
- } else {
- return (0);
- }
-
- if ($line =~ /\bsid\s*:\s*(\d+)\s*;/i) {
- $$sid_ref = $1;
- } else {
- return (0);
- }
-
- return (1);
- }
-
- return (0);
-}
-
-
-
-# Merge multiline directives in an array by simply removing traling backslashes.
-sub join_multilines($)
-{
- my $multiline_conf_ref = shift;
- my $joined_conf = "";
-
- foreach $_ (@$multiline_conf_ref) {
- s/\\\s*\n$//;
- $joined_conf .= $_;
- }
-
- return (split/\n/, $joined_conf);
-}
-
-
-
-# Catch SIGINT.
-sub catch_sigint()
-{
- $SIG{INT} = 'IGNORE';
- print STDERR "\nInterrupted, cleaning up.\n";
- sleep(1);
- clean_exit("interrupted by signal");
-}
-
-
-
-# Remove temporary directory and exit.
-# If a non-empty string is given as argument, it will be regarded
-# as an error message and we will use die() with the message instead
-# of just exit(0).
-sub clean_exit($)
-{
- my $err_msg = shift;
-
- $SIG{INT} = 'DEFAULT';
-
- if (defined($tmpdir) && -d "$tmpdir") {
- chdir(File::Spec->rootdir());
- rmtree("$tmpdir", 0, 1);
- undef($tmpdir);
- }
-
- if (!defined($err_msg) || $err_msg eq "") {
- exit(0);
- } else {
- chomp($err_msg);
- die("\n$0: Error: $err_msg\n\nOink, oink. Exiting...\n");
- }
-}
-
-
-
-#### EOF ####
diff --git a/config/snort-old/bin/snort2c b/config/snort-old/bin/snort2c
deleted file mode 100755
index fdc91ac8..00000000
--- a/config/snort-old/bin/snort2c
+++ /dev/null
Binary files differ
diff --git a/config/snort-old/pfsense_rules/local.rules b/config/snort-old/pfsense_rules/local.rules
deleted file mode 100644
index 83a05f1b..00000000
--- a/config/snort-old/pfsense_rules/local.rules
+++ /dev/null
@@ -1,7 +0,0 @@
-# ----------------
-# LOCAL RULES
-# ----------------
-# This file intentionally does not come with signatures. Put your local
-# additions here. Pfsense first install rule. Rule edit tabe fails with out this file.
-#
-# \ No newline at end of file
diff --git a/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5 b/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5
deleted file mode 100644
index 83d5bdae..00000000
--- a/config/snort-old/pfsense_rules/pfsense_rules.tar.gz.md5
+++ /dev/null
@@ -1 +0,0 @@
-10002 \ No newline at end of file
diff --git a/config/snort-old/pfsense_rules/rules/pfsense-voip.rules b/config/snort-old/pfsense_rules/rules/pfsense-voip.rules
deleted file mode 100644
index 12f2fdf2..00000000
--- a/config/snort-old/pfsense_rules/rules/pfsense-voip.rules
+++ /dev/null
@@ -1,10 +0,0 @@
-alert ip any any -> $HOME_NET $SIP_PROXY_PORTS (msg:"OPTIONS SIP scan"; content:"OPTIONS"; depth:7; threshold: type both , track by_src, count 30, seconds 3; sid:5000001; rev:1;)
-# Excessive number of SIP 4xx Responses Does not work
-#### alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Excessive number of SIP 4xx Responses - possible user or password guessing attack"; pcre:"/^SIP\/2.0 4\d{2}"; threshold: type both, track by_src, count 100, seconds 60; sid:5000002; rev:1;)
-alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"Ghost call attack"; content:"SIP/2.0 180"; depth:11; threshold: type both, track by_src, count 100, seconds 60; sid:5000003; rev:1;)
-# Rule for alerting of INVITE flood attack:
-alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"INVITE message flooding"; content:"INVITE"; depth:6; threshold: type both , track by_src, count 100, seconds 60; sid:5000004; rev:1;)
-# Rule for alerting of REGISTER flood attack:
-alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"REGISTER message flooding"; content:"REGISTER"; depth:8; threshold: type both , track by_src, count 100, seconds 60; sid:5000005; rev:1;)
-# Threshold rule for unauthorized responses:
-alert ip any any -> $SIP_PROXY_IP $SIP_PROXY_PORTS (msg:"INVITE message flooding"; content:"SIP/2.0 401 Unauthorized"; depth:24; threshold: type both, track by_src, count 100, seconds 60; sid:5000006; rev:1;)
diff --git a/config/snort-old/snort.inc b/config/snort-old/snort.inc
deleted file mode 100755
index 0ed53feb..00000000
--- a/config/snort-old/snort.inc
+++ /dev/null
@@ -1,1640 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort.inc
- Copyright (C) 2006 Scott Ullrich
- part of pfSense
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once("pfsense-utils.inc");
-
-// Needed on 2.0 because of get_vpns_list()
-require_once("filter.inc");
-
-/* Allow additional execution time 0 = no limit. */
-ini_set('max_execution_time', '9999');
-ini_set('max_input_time', '9999');
-
-/* define oinkid */
-if($config['installedpackages']['snort'])
- $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
-
-function sync_package_snort_reinstall()
-{
- global $config;
- if(!$config['installedpackages']['snort'])
- return;
-
- /* create snort configuration file */
- create_snort_conf();
-
- /* start snort service */
- start_service("snort");
-}
-function sync_package_snort()
-{
- global $config, $g;
- conf_mount_rw();
-
- mwexec("mkdir -p /var/log/snort/");
-
- if(!file_exists("/var/log/snort/alert"))
- touch("/var/log/snort/alert");
-
- /* snort -> advanced features */
- $bpfbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfbufsize'];
- $bpfmaxbufsize = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxbufsize'];
- $bpfmaxinsns = $config['installedpackages']['snortadvanced']['config'][0]['bpfmaxinsns'];
-
- /* set the snort performance model */
- if($config['installedpackages']['snort']['config'][0]['performance'])
- $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
- else
- $snort_performance = "ac-bnfa";
-
- /* create a few directories and ensure the sample files are in place */
- exec("/bin/mkdir -p /usr/local/etc/snort");
- exec("/bin/mkdir -p /var/log/snort");
- exec("/bin/mkdir -p /usr/local/etc/snort/rules");
- exec("/bin/rm /usr/local/etc/snort/snort.conf-sample");
- exec("/bin/rm /usr/local/etc/snort/threshold.conf-sample");
- exec("/bin/rm /usr/local/etc/snort/sid-msg.map-sample");
- exec("/bin/rm /usr/local/etc/snort/unicode.map-sample");
- exec("/bin/rm /usr/local/etc/snort/classification.config-sample");
- exec("/bin/rm /usr/local/etc/snort/generators-sample");
- exec("/bin/rm /usr/local/etc/snort/reference.config-sample");
- exec("/bin/rm /usr/local/etc/snort/gen-msg.map-sample");
- exec("/bin/rm /usr/local/etc/snort/sid");
- exec("/bin/rm -f /usr/local/etc/rc.d/snort");
-
- $first = 0;
- $snortInterfaces = array(); /* -gtm */
-
- $if_list = $config['installedpackages']['snort']['config'][0]['iface_array'];
- $if_array = split(',', $if_list);
- //print_r($if_array);
- if($if_array) {
- foreach($if_array as $iface) {
- $if = convert_friendly_interface_to_real_interface_name($iface);
-
- if($config['interfaces'][$iface]['ipaddr'] == "pppoe") {
- $if = "ng0";
- }
-
- /* build a list of user specified interfaces -gtm */
- if($if){
- array_push($snortInterfaces, $if);
- $first = 1;
- }
- }
-
- if (count($snortInterfaces) < 1) {
- log_error("Snort will not start. You must select an interface for it to listen on.");
- return;
- }
- }
- //print_r($snortInterfaces);
-
- /* create log directory */
- $start = "/bin/mkdir -p /var/log/snort\n";
-
- /* snort advanced features - bpf tuning */
- if($bpfbufsize)
- $start .= "sysctl net.bpf.bufsize={$bpfbufsize}\n";
- if($bpfmaxbufsize)
- $start .= "sysctl net.bpf.maxbufsize={$bpfmaxbufsize}\n";
- if($bpfmaxinsns)
- $start .= "sysctl net.bpf.maxinsns={$bpfmaxinsns}\n";
-
- /* go ahead and issue bpf changes */
- if($bpfbufsize)
- mwexec_bg("sysctl net.bpf.bufsize={$bpfbufsize}");
- if($bpfmaxbufsize)
- mwexec_bg("sysctl net.bpf.maxbufsize={$bpfmaxbufsize}");
- if($bpfmaxinsns)
- mwexec_bg("sysctl net.bpf.maxinsns={$bpfmaxinsns}");
-
- /* always stop barnyard2 before starting snort -gtm */
- $start .= "/usr/bin/killall barnyard2\n";
-
- /* start a snort process for each interface -gtm */
- /* Note the sleep delay. Seems to help getting mult interfaces to start -gtm */
- /* snort start options are; config file, log file, demon, interface, packet flow, alert type, quiet */
- /* TODO; get snort to start under nologin shell */
- foreach($snortInterfaces as $snortIf)
- {
- $start .= "sleep 4\n";
- $start .= "/usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -D -i {$snortIf} -q\n";
- /* define snortbarnyardlog_chk */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
- if ($snortbarnyardlog_info_chk == on)
- $start .= "\nsleep 4;/usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D -q\n";
- }
- $check_if_snort_runs = "\n\tif [ \"`ls -A /usr/local/etc/snort/rules`\" ] ; then\n\techo \"rules exist\"\n\telse\n\techo \"rules DONT exist\"\n\texit 2\n\tfi \n\n\tif [ \"`pgrep -x snort`\" = \"\" ] ; then\n\t/bin/rm /tmp/snort.sh.pid\n\tfi \n\n\tif [ \"`pgrep -x snort`\" != \"\" ] ; then\n\tlogger -p daemon.info -i -t SnortStartup \"Snort already running...\"\n\t/usr/local/bin/php -f /usr/local/pkg/pf/snort_dynamic_ip_reload.php &\n\texit 1\n\tfi\n\n";
- $if_snort_pid = "\nif ls /tmp/snort.sh.pid > /dev/null\nthen\n echo \"snort.sh is running\"\n exit 0\nelse\n echo \"snort.sh is not running\"\nfi\n";
- $echo_snort_sh_pid = "\necho \"snort.sh run\" > /tmp/snort.sh.pid\n";
- $echo_snort_sh_startup_log = "\necho \"snort.sh run\" >> /tmp/snort.sh_startup.log\n";
- $del_old_pids = "\nrm -f /var/run/snort_*\n";
- $sample_before = "BEFORE_MEM=`top | grep Wired | awk '{print \$12}'`\n";
- $sample_after = "\n\tAFTER_MEM=`top | grep Wired | awk '{print \$12}'`\n";
- if ($snort_performance == "ac-bnfa")
- $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=60\n";
- else
- $sleep_before_final = "\necho \"Sleeping before final memory sampling...\"\nWAITSECURE=300\n";
- $sleep_before_final .= "while [ \"\$MYSNORTLOG\" = \"\" -a \$WAITSECURE -gt 0 ] ; do\n\tsleep 2\n\tMYSNORTLOG=`/usr/sbin/clog /var/log/system.log | grep snort | tail | grep 'Snort initialization completed successfully'`\n\tWAITSECURE=`expr \$WAITSECURE - 1`\ndone\n";
- $total_used_after = "TOTAL_USAGE=`top | grep snort | grep -v grep | awk '{ print \$6 }'`\n";
- $echo_usage .= $sample_after . "\t" . $total_used_after . "\techo \"Ram free BEFORE starting Snort: \$BEFORE_MEM -- Ram free AFTER starting Snort: \$AFTER_MEM -- Mode " . $snort_performance . " -- Snort memory usage: \$TOTAL_USAGE\" | logger -p daemon.info -i -t SnortStartup\n\n";
-
- /* write out rc.d start/stop file */
- write_rcfile(array(
- "file" => "snort.sh",
- "start" => "{$check_if_snort_runs}{$if_snort_pid}{$echo_snort_sh_pid}{$echo_snort_sh_startup_log}{$del_old_pids}{$sample_before}{$start}{$sleep_before_final}{$echo_usage}",
- "stop" => "/usr/bin/killall snort; killall barnyard2"
- )
- );
-
- /* create snort configuration file */
- create_snort_conf();
-
-/* create barnyard2 configuration file */
-$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
-if ($snortbarnyardlog_info_chk == on)
- create_barnyard2_conf();
-
- /* snort will not start on install untill setting are set */
-if ($config['installedpackages']['snort']['config'][0]['autorulesupdate7'] != "") {
- /* start snort service */
- conf_mount_ro();
- start_service("snort");
- }
-}
-
-/* open barnyard2.conf for writing */
-function create_barnyard2_conf() {
- global $bconfig, $bg;
- /* write out barnyard2_conf */
- conf_mount_rw();
- $barnyard2_conf_text = generate_barnyard2_conf();
- $bconf = fopen("/usr/local/etc/barnyard2.conf", "w");
- if(!$bconf) {
- log_error("Could not open /usr/local/etc/barnyard2.conf for writing.");
- exit;
- }
- fwrite($bconf, $barnyard2_conf_text);
- fclose($bconf);
- conf_mount_ro();
-}
-/* open barnyard2.conf for writing" */
-function generate_barnyard2_conf() {
-
- global $config, $g;
- conf_mount_rw();
-
-/* define snortbarnyardlog */
-/* TODO add support for the other 5 output plugins */
-
-$snortbarnyardlog_database_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_database'];
-$snortbarnyardlog_hostname_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_hostname'];
-$snortbarnyardlog_interface_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_interface'];
-
-$barnyard2_conf_text = <<<EOD
-
-# barnyard2.conf
-# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
-
-# Copyright (C) 2006 Robert Zelaya
-# part of pfSense
-# All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-
-# 1. Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-# set the appropriate paths to the file(s) your Snort process is using
-config reference-map: /usr/local/etc/snort/reference.config
-config class-map: /usr/local/etc/snort/classification.config
-config gen-msg-map: /usr/local/etc/snort/gen-msg.map
-config sid-msg-map: /usr/local/etc/snort/sid-msg.map
-
-config hostname: $snortbarnyardlog_hostname_info_chk
-config interface: $snortbarnyardlog_interface_info_chk
-
-# Step 2: setup the input plugins
-input unified2
-
-# database: log to a variety of databases
-# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
-
-$snortbarnyardlog_database_info_chk
-
-EOD;
- conf_mount_rw();
- return $barnyard2_conf_text;
-
-}
-
-function create_snort_conf() {
- global $config, $g;
- /* write out snort.conf */
- $snort_conf_text = generate_snort_conf();
- conf_mount_rw();
- $conf = fopen("/usr/local/etc/snort/snort.conf", "w");
- if(!$conf) {
- log_error("Could not open /usr/local/etc/snort/snort.conf for writing.");
- exit;
- }
- fwrite($conf, $snort_conf_text);
- fclose($conf);
- conf_mount_ro();
-}
-
-function snort_deinstall() {
-
- global $config, $g;
- conf_mount_rw();
-
-
- /* remove custom sysctl */
- remove_text_from_file("/etc/sysctl.conf", "sysctl net.bpf.bufsize=20480");
- /* decrease bpf buffers back to 4096, from 20480 */
- exec("/sbin/sysctl net.bpf.bufsize=4096");
- exec("/usr/bin/killall snort");
- sleep(5);
- exec("/usr/bin/killall -9 snort");
- exec("rm -f /usr/local/etc/rc.d/snort*");
- exec("rm -rf /usr/local/etc/snort*");
- exec("cd /var/db/pkg && pkg_delete `ls | grep snort`");
- exec("cd /var/db/pkg && pkg_delete `ls | grep mysql-client`");
- exec("cd /var/db/pkg && pkg_delete `ls | grep libdnet`");
- exec("/usr/bin/killall -9 snort");
- exec("/usr/bin/killall snort");
-
- /* Remove snort cron entries Ugly code needs smoothness*/
-
- function snort_rm_blocked_deinstall_cron($should_install) {
- global $config, $g;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort2c")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- }
- configure_cron();
- }
- }
-
- function snort_rules_up_deinstall_cron($should_install) {
- global $config, $g;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- }
- configure_cron();
- }
- }
-
-snort_rm_blocked_deinstall_cron("");
-snort_rules_up_deinstall_cron("");
-
-/* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */
-/* Keep this as a last step */
-
-unset($config['installedpackages']['snort']);
-unset($config['installedpackages']['snortdefservers']);
-unset($config['installedpackages']['snortwhitelist']);
-unset($config['installedpackages']['snortthreshold']);
-unset($config['installedpackages']['snortadvanced']);
-
-
-write_config();
-conf_mount_ro();
-
-}
-
-function generate_snort_conf() {
-
- global $config, $g;
- conf_mount_rw();
- /* obtain external interface */
- /* XXX: make multi wan friendly */
- $snort_ext_int = $config['installedpackages']['snort']['config'][0]['iface_array'][0];
-
- $snort_config_pass_thru = $config['installedpackages']['snortadvanced']['config'][0]['configpassthru'];
-
-/* define snortalertlogtype */
-$snortalertlogtype = $config['installedpackages']['snortadvanced']['config'][0]['snortalertlogtype'];
-if ($snortalertlogtype == fast)
- $snortalertlogtype_type = "output alert_fast: alert";
-else
- $snortalertlogtype_type = "output alert_full: alert";
-
-/* define alertsystemlog */
-$alertsystemlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['alertsystemlog'];
-if ($alertsystemlog_info_chk == on)
- $alertsystemlog_type = "output alert_syslog: log_alert";
-
-/* define tcpdumplog */
-$tcpdumplog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['tcpdumplog'];
-if ($tcpdumplog_info_chk == on)
- $tcpdumplog_type = "output log_tcpdump: snorttcpd.log";
-
-/* define snortbarnyardlog_chk */
-$snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
-if ($snortbarnyardlog_info_chk == on)
- $snortbarnyardlog_type = "barnyard2 -c /usr/local/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -w /usr/local/etc/snort/barnyard2.waldo -D";
-
-/* define snortunifiedlog */
-$snortunifiedlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortunifiedlog'];
-if ($snortunifiedlog_info_chk == on)
- $snortunifiedlog_type = "output unified2: filename snort.u2, limit 128";
-
-/* define spoink */
-$spoink_info_chk = $config['installedpackages']['snort']['config'][0]['blockoffenders7'];
-if ($spoink_info_chk == on)
- $spoink_type = "output alert_pf: /var/db/whitelist,snort2c";
-
- /* define servers and ports snortdefservers */
-
-/* def DNS_SERVSERS */
-$def_dns_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_servers'];
-if ($def_dns_servers_info_chk == "")
- $def_dns_servers_type = "\$HOME_NET";
-else
- $def_dns_servers_type = "$def_dns_servers_info_chk";
-
-/* def DNS_PORTS */
-$def_dns_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_dns_ports'];
-if ($def_dns_ports_info_chk == "")
- $def_dns_ports_type = "53";
-else
- $def_dns_ports_type = "$def_dns_ports_info_chk";
-
-/* def SMTP_SERVSERS */
-$def_smtp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_servers'];
-if ($def_smtp_servers_info_chk == "")
- $def_smtp_servers_type = "\$HOME_NET";
-else
- $def_smtp_servers_type = "$def_smtp_servers_info_chk";
-
-/* def SMTP_PORTS */
-$def_smtp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_smtp_ports'];
-if ($def_smtp_ports_info_chk == "")
- $def_smtp_ports_type = "25";
-else
- $def_smtp_ports_type = "$def_smtp_ports_info_chk";
-
-/* def MAIL_PORTS */
-$def_mail_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mail_ports'];
-if ($def_mail_ports_info_chk == "")
- $def_mail_ports_type = "25,143,465,691";
-else
- $def_mail_ports_type = "$def_mail_ports_info_chk";
-
-/* def HTTP_SERVSERS */
-$def_http_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_servers'];
-if ($def_http_servers_info_chk == "")
- $def_http_servers_type = "\$HOME_NET";
-else
- $def_http_servers_type = "$def_http_servers_info_chk";
-
-/* def WWW_SERVSERS */
-$def_www_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_www_servers'];
-if ($def_www_servers_info_chk == "")
- $def_www_servers_type = "\$HOME_NET";
-else
- $def_www_servers_type = "$def_www_servers_info_chk";
-
-/* def HTTP_PORTS */
-$def_http_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_http_ports'];
-if ($def_http_ports_info_chk == "")
- $def_http_ports_type = "80";
-else
- $def_http_ports_type = "$def_http_ports_info_chk";
-
-/* def SQL_SERVSERS */
-$def_sql_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sql_servers'];
-if ($def_sql_servers_info_chk == "")
- $def_sql_servers_type = "\$HOME_NET";
-else
- $def_sql_servers_type = "$def_sql_servers_info_chk";
-
-/* def ORACLE_PORTS */
-$def_oracle_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_oracle_ports'];
-if ($def_oracle_ports_info_chk == "")
- $def_oracle_ports_type = "1521";
-else
- $def_oracle_ports_type = "$def_oracle_ports_info_chk";
-
-/* def MSSQL_PORTS */
-$def_mssql_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_mssql_ports'];
-if ($def_mssql_ports_info_chk == "")
- $def_mssql_ports_type = "1433";
-else
- $def_mssql_ports_type = "$def_mssql_ports_info_chk";
-
-/* def TELNET_SERVSERS */
-$def_telnet_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_servers'];
-if ($def_telnet_servers_info_chk == "")
- $def_telnet_servers_type = "\$HOME_NET";
-else
- $def_telnet_servers_type = "$def_telnet_servers_info_chk";
-
-/* def TELNET_PORTS */
-$def_telnet_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_telnet_ports'];
-if ($def_telnet_ports_info_chk == "")
- $def_telnet_ports_type = "23";
-else
- $def_telnet_ports_type = "$def_telnet_ports_info_chk";
-
-/* def SNMP_SERVSERS */
-$def_snmp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_servers'];
-if ($def_snmp_servers_info_chk == "")
- $def_snmp_servers_type = "\$HOME_NET";
-else
- $def_snmp_servers_type = "$def_snmp_servers_info_chk";
-
-/* def SNMP_PORTS */
-$def_snmp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_snmp_ports'];
-if ($def_snmp_ports_info_chk == "")
- $def_snmp_ports_type = "161";
-else
- $def_snmp_ports_type = "$def_snmp_ports_info_chk";
-
-/* def FTP_SERVSERS */
-$def_ftp_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_servers'];
-if ($def_ftp_servers_info_chk == "")
- $def_ftp_servers_type = "\$HOME_NET";
-else
- $def_ftp_servers_type = "$def_ftp_servers_info_chk";
-
-/* def FTP_PORTS */
-$def_ftp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ftp_ports'];
-if ($def_ftp_ports_info_chk == "")
- $def_ftp_ports_type = "21";
-else
- $def_ftp_ports_type = "$def_ftp_ports_info_chk";
-
-/* def SSH_SERVSERS */
-$def_ssh_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_servers'];
-if ($def_ssh_servers_info_chk == "")
- $def_ssh_servers_type = "\$HOME_NET";
-else
- $def_ssh_servers_type = "$def_ssh_servers_info_chk";
-
-/* if user has defined a custom ssh port, use it */
-if($config['system']['ssh']['port'])
- $ssh_port = $config['system']['ssh']['port'];
-else
- $ssh_port = "22";
-
-/* def SSH_PORTS */
-$def_ssh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssh_ports'];
-if ($def_ssh_ports_info_chk == "")
- $def_ssh_ports_type = "{$ssh_port}";
-else
- $def_ssh_ports_type = "$def_ssh_ports_info_chk";
-
-/* def POP_SERVSERS */
-$def_pop_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop_servers'];
-if ($def_pop_servers_info_chk == "")
- $def_pop_servers_type = "\$HOME_NET";
-else
- $def_pop_servers_type = "$def_pop_servers_info_chk";
-
-/* def POP2_PORTS */
-$def_pop2_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop2_ports'];
-if ($def_pop2_ports_info_chk == "")
- $def_pop2_ports_type = "109";
-else
- $def_pop2_ports_type = "$def_pop2_ports_info_chk";
-
-/* def POP3_PORTS */
-$def_pop3_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_pop3_ports'];
-if ($def_pop3_ports_info_chk == "")
- $def_pop3_ports_type = "110";
-else
- $def_pop3_ports_type = "$def_pop3_ports_info_chk";
-
-/* def IMAP_SERVSERS */
-$def_imap_servers_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_servers'];
-if ($def_imap_servers_info_chk == "")
- $def_imap_servers_type = "\$HOME_NET";
-else
- $def_imap_servers_type = "$def_imap_servers_info_chk";
-
-/* def IMAP_PORTS */
-$def_imap_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_imap_ports'];
-if ($def_imap_ports_info_chk == "")
- $def_imap_ports_type = "143";
-else
- $def_imap_ports_type = "$def_imap_ports_info_chk";
-
-/* def SIP_PROXY_IP */
-$def_sip_proxy_ip_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ip'];
-if ($def_sip_proxy_ip_info_chk == "")
- $def_sip_proxy_ip_type = "\$HOME_NET";
-else
- $def_sip_proxy_ip_type = "$def_sip_proxy_ip_info_chk";
-
-/* def SIP_PROXY_PORTS */
-$def_sip_proxy_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_sip_proxy_ports'];
-if ($def_sip_proxy_ports_info_chk == "")
- $def_sip_proxy_ports_type = "5060:5090,16384:32768";
-else
- $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
-
-/* def AUTH_PORTS */
-$def_auth_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_auth_ports'];
-if ($def_auth_ports_info_chk == "")
- $def_auth_ports_type = "113";
-else
- $def_auth_ports_type = "$def_auth_ports_info_chk";
-
-/* def FINGER_PORTS */
-$def_finger_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_finger_ports'];
-if ($def_finger_ports_info_chk == "")
- $def_finger_ports_type = "79";
-else
- $def_finger_ports_type = "$def_finger_ports_info_chk";
-
-/* def IRC_PORTS */
-$def_irc_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_irc_ports'];
-if ($def_irc_ports_info_chk == "")
- $def_irc_ports_type = "6665,6666,6667,6668,6669,7000";
-else
- $def_irc_ports_type = "$def_irc_ports_info_chk";
-
-/* def NNTP_PORTS */
-$def_nntp_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_nntp_ports'];
-if ($def_nntp_ports_info_chk == "")
- $def_nntp_ports_type = "119";
-else
- $def_nntp_ports_type = "$def_nntp_ports_info_chk";
-
-/* def RLOGIN_PORTS */
-$def_rlogin_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rlogin_ports'];
-if ($def_rlogin_ports_info_chk == "")
- $def_rlogin_ports_type = "513";
-else
- $def_rlogin_ports_type = "$def_rlogin_ports_info_chk";
-
-/* def RSH_PORTS */
-$def_rsh_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_rsh_ports'];
-if ($def_rsh_ports_info_chk == "")
- $def_rsh_ports_type = "514";
-else
- $def_rsh_ports_type = "$def_rsh_ports_info_chk";
-
-/* def SSL_PORTS */
-$def_ssl_ports_info_chk = $config['installedpackages']['snortdefservers']['config'][0]['def_ssl_ports'];
-if ($def_ssl_ports_info_chk == "")
- $def_ssl_ports_type = "25,443,465,636,993,995";
-else
- $def_ssl_ports_type = "$def_ssl_ports_info_chk";
-
- /* add auto update scripts to /etc/crontab */
-// $text_ww = "*/60\t* \t 1\t *\t *\t root\t /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php";
-// $filenamea = "/etc/crontab";
-// remove_text_from_file($filenamea, $text_ww);
-// add_text_to_file($filenamea, $text_ww);
-// exec("killall -HUP cron"); */
-
- /* should we install a automatic update crontab entry? */
- $automaticrulesupdate = $config['installedpackages']['snort']['config'][0]['automaticrulesupdate'];
-
- /* if user is on pppoe, we really want to use ng0 interface */
- if($config['interfaces'][$snort_ext_int]['ipaddr'] == "pppoe")
- $snort_ext_int = "ng0";
-
- /* set the snort performance model */
- if($config['installedpackages']['snort']['config'][0]['performance'])
- $snort_performance = $config['installedpackages']['snort']['config'][0]['performance'];
- else
- $snort_performance = "ac-bnfa";
-
- /* set the snort block hosts time IMPORTANT snort has trouble installing if snort_rm_blocked_info_ck != "" */
- $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "never_b")
- $snort_rm_blocked_false = "";
- else
- $snort_rm_blocked_false = "true";
-
-if ($snort_rm_blocked_info_ck != "") {
-function snort_rm_blocked_install_cron($should_install) {
- global $config, $g;
- conf_mount_rw();
- if ($g['booting']==true)
- return;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort2c")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- $snort_rm_blocked_info_ck = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
- if ($snort_rm_blocked_info_ck == "1h_b") {
- $snort_rm_blocked_min = "*/5";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "3600";
- }
- if ($snort_rm_blocked_info_ck == "3h_b") {
- $snort_rm_blocked_min = "*/15";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "10800";
- }
- if ($snort_rm_blocked_info_ck == "6h_b") {
- $snort_rm_blocked_min = "*/30";
- $snort_rm_blocked_hr = "*";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "21600";
- }
- if ($snort_rm_blocked_info_ck == "12h_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/1";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "43200";
- }
- if ($snort_rm_blocked_info_ck == "1d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/2";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "86400";
- }
- if ($snort_rm_blocked_info_ck == "4d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/8";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "345600";
- }
- if ($snort_rm_blocked_info_ck == "7d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "*/14";
- $snort_rm_blocked_mday = "*";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "604800";
- }
- if ($snort_rm_blocked_info_ck == "28d_b") {
- $snort_rm_blocked_min = "2";
- $snort_rm_blocked_hr = "0";
- $snort_rm_blocked_mday = "*/2";
- $snort_rm_blocked_month = "*";
- $snort_rm_blocked_wday = "*";
- $snort_rm_blocked_expire = "2419200";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rm_blocked_min";
- $cron_item['hour'] = "$snort_rm_blocked_hr";
- $cron_item['mday'] = "$snort_rm_blocked_mday";
- $cron_item['month'] = "$snort_rm_blocked_month";
- $cron_item['wday'] = "$snort_rm_blocked_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules");
- conf_mount_rw();
- configure_cron();
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- }
- break;
- }
- }
- snort_rm_blocked_install_cron("");
- snort_rm_blocked_install_cron($snort_rm_blocked_false);
-}
-
- /* set the snort rules update time */
- $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "never_up")
- $snort_rules_up_false = "";
- else
- $snort_rules_up_false = "true";
-
-if ($snort_rules_up_info_ck != "") {
-function snort_rules_up_install_cron($should_install) {
- global $config, $g;
- conf_mount_rw();
- if ($g['booting']==true)
- return;
-
- $is_installed = false;
-
- if(!$config['cron']['item'])
- return;
-
- $x=0;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- $snort_rules_up_info_ck = $config['installedpackages']['snort']['config'][0]['autorulesupdate7'];
- if ($snort_rules_up_info_ck == "6h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/6";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "12h_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "*/12";
- $snort_rules_up_mday = "*";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "1d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/1";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "4d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/4";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "7d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/7";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- if ($snort_rules_up_info_ck == "28d_up") {
- $snort_rules_up_min = "3";
- $snort_rules_up_hr = "0";
- $snort_rules_up_mday = "*/28";
- $snort_rules_up_month = "*";
- $snort_rules_up_wday = "*";
- }
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "$snort_rules_up_min";
- $cron_item['hour'] = "$snort_rules_up_hr";
- $cron_item['mday'] = "$snort_rules_up_mday";
- $cron_item['month'] = "$snort_rules_up_month";
- $cron_item['wday'] = "$snort_rules_up_wday";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort_check_for_rule_updates.php >> /usr/local/etc/snort_bkup/snort_update.log";
- $config['cron']['item'][] = $cron_item;
- write_config("Installed 15 minute filter reload for Time Based Rules");
- conf_mount_rw();
- configure_cron();
- }
- break;
- case false:
- if($is_installed == true) {
- if($x > 0) {
- unset($config['cron']['item'][$x]);
- write_config();
- conf_mount_rw();
- }
- configure_cron();
- }
- break;
- }
- }
- snort_rules_up_install_cron("");
- snort_rules_up_install_cron($snort_rules_up_false);
-}
- /* Be sure we're really rw before writing */
- conf_mount_rw();
- /* open snort2c's whitelist for writing */
- $whitelist = fopen("/var/db/whitelist", "w");
- if(!$whitelist) {
- log_error("Could not open /var/db/whitelist for writing.");
- return;
- }
-
- /* build an interface array list */
- $int_array = array('lan');
- for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++)
- if(isset($config['interfaces']['opt' . $j]['enable']))
- if(!$config['interfaces']['opt' . $j]['gateway'])
- $int_array[] = "opt{$j}";
-
- /* iterate through interface list and write out whitelist items
- * and also compile a home_net list for snort.
- */
- foreach($int_array as $int) {
- /* calculate interface subnet information */
- $ifcfg = $config['interfaces'][$int];
- $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
- $subnetmask = gen_subnet_mask($ifcfg['subnet']);
- if($subnet == "pppoe" or $subnet == "dhcp") {
- $subnet = find_interface_ip("ng0");
- if($subnet)
- $home_net .= "{$subnet} ";
- } else {
- if ($subnet)
- if($ifcfg['subnet'])
- $home_net .= "{$subnet}/{$ifcfg['subnet']} ";
- }
- }
-
- /* add all WAN ips to the whitelist */
- $wan_if = get_real_wan_interface();
- $ip = find_interface_ip($wan_if);
- if($ip)
- $home_net .= "{$ip} ";
-
- /* Add Gateway on WAN interface to whitelist (For RRD graphs) */
- $int = convert_friendly_interface_to_real_interface_name("WAN");
- $gw = get_interface_gateway($int);
- if($gw)
- $home_net .= "{$gw} ";
-
- /* Add DNS server for WAN interface to whitelist */
- $dns_servers = get_dns_servers();
- foreach($dns_servers as $dns) {
- if($dns)
- $home_net .= "{$dns} ";
- }
-
- /* Add loopback to whitelist (ftphelper) */
- $home_net .= "127.0.0.1 ";
-
- /* iterate all vips and add to whitelist */
- if($config['virtualip'])
- foreach($config['virtualip']['vip'] as $vip)
- if($vip['subnet'])
- $home_net .= $vip['subnet'] . " ";
-
- if($config['installedpackages']['snortwhitelist'])
- foreach($config['installedpackages']['snortwhitelist']['config'] as $snort)
- if($snort['ip'])
- $home_net .= $snort['ip'] . " ";
-
- /* write out whitelist, convert spaces to carriage returns */
- $whitelist_home_net = str_replace(" ", " ", $home_net);
- $whitelist_home_net = str_replace(" ", "\n", $home_net);
-
- /* make $home_net presentable to snort */
- $home_net = trim($home_net);
- $home_net = str_replace(" ", ",", $home_net);
- $home_net = "[{$home_net}]";
-
- /* foreach through whitelist, writing out to file */
- $whitelist_split = split("\n", $whitelist_home_net);
- foreach($whitelist_split as $wl)
- if(trim($wl))
- fwrite($whitelist, trim($wl) . "\n");
-
- /* should we whitelist vpns? */
- $whitelistvpns = $config['installedpackages']['snort']['config'][0]['whitelistvpns'];
-
- /* grab a list of vpns and whitelist if user desires added by nestorfish 954 */
- if($whitelistvpns) {
- $vpns_list = get_vpns_list();
- $whitelist_vpns = split(" ", $vpns_list);
- foreach($whitelist_vpns as $wl)
- if(trim($wl))
- fwrite($whitelist, trim($wl) . "\n");
- }
-
- /* close file */
- fclose($whitelist);
-
- /* Be sure we're really rw before writing */
- conf_mount_rw();
- /* open snort's threshold.conf for writing */
- $threshlist = fopen("/usr/local/etc/snort/threshold.conf", "w");
- if(!$threshlist) {
- log_error("Could not open /usr/local/etc/snort/threshold.conf for writing.");
- return;
- }
-
- /* list all entries to new lines */
- if($config['installedpackages']['snortthreshold'])
- foreach($config['installedpackages']['snortthreshold']['config'] as $snortthreshlist)
- if($snortthreshlist['threshrule'])
- $snortthreshlist_r .= $snortthreshlist['threshrule'] . "\n";
-
-
- /* foreach through threshlist, writing out to file */
- $threshlist_split = split("\n", $snortthreshlist_r);
- foreach($threshlist_split as $wl)
- if(trim($wl))
- fwrite($threshlist, trim($wl) . "\n");
-
- /* close snort's threshold.conf file */
- fclose($threshlist);
-
- /* generate rule sections to load */
- $enabled_rulesets = $config['installedpackages']['snort']['rulesets'];
- if($enabled_rulesets) {
- $selected_rules_sections = "";
- $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
- foreach($enabled_rulesets_array as $enabled_item)
- $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
- }
-
- conf_mount_ro();
-
- /* build snort configuration file */
- /* TODO; feed back from pfsense users to reduce false positives */
- $snort_conf_text = <<<EOD
-
-# snort configuration file
-# generated by the pfSense
-# package manager system
-# see /usr/local/pkg/snort.inc
-# for more information
-# snort.conf
-# Snort can be found at http://www.snort.org/
-
-# Copyright (C) 2006 Robert Zelaya
-# part of pfSense
-# All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-
-# 1. Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-#########################
- #
-# Define Local Network #
- #
-#########################
-
-var HOME_NET {$home_net}
-var EXTERNAL_NET !\$HOME_NET
-
-###################
- #
-# Define Servers #
- #
-###################
-
-var DNS_SERVERS [{$def_dns_servers_type}]
-var SMTP_SERVERS [{$def_smtp_servers_type}]
-var HTTP_SERVERS [{$def_http_servers_type}]
-var SQL_SERVERS [{$def_sql_servers_type}]
-var TELNET_SERVERS [{$def_telnet_servers_type}]
-var SNMP_SERVERS [{$def_snmp_servers_type}]
-var FTP_SERVERS [{$def_ftp_servers_type}]
-var SSH_SERVERS [{$def_ssh_servers_type}]
-var POP_SERVERS [{$def_pop_servers_type}]
-var IMAP_SERVERS [{$def_imap_servers_type}]
-var RPC_SERVERS \$HOME_NET
-var WWW_SERVERS [{$def_www_servers_type}]
-var SIP_PROXY_IP [{$def_sip_proxy_ip_type}]
-var AIM_SERVERS \
-[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
-
-########################
- #
-# Define Server Ports #
- #
-########################
-
-portvar HTTP_PORTS [{$def_http_ports_type}]
-portvar SHELLCODE_PORTS !80
-portvar ORACLE_PORTS [{$def_oracle_ports_type}]
-portvar AUTH_PORTS [{$def_auth_ports_type}]
-portvar DNS_PORTS [{$def_dns_ports_type}]
-portvar FINGER_PORTS [{$def_finger_ports_type}]
-portvar FTP_PORTS [{$def_ftp_ports_type}]
-portvar IMAP_PORTS [{$def_imap_ports_type}]
-portvar IRC_PORTS [{$def_irc_ports_type}]
-portvar MSSQL_PORTS [{$def_mssql_ports_type}]
-portvar NNTP_PORTS [{$def_nntp_ports_type}]
-portvar POP2_PORTS [{$def_pop2_ports_type}]
-portvar POP3_PORTS [{$def_pop3_ports_type}]
-portvar SUNRPC_PORTS [111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779]
-portvar RLOGIN_PORTS [{$def_rlogin_ports_type}]
-portvar RSH_PORTS [{$def_rsh_ports_type}]
-portvar SMB_PORTS [139,445]
-portvar SMTP_PORTS [{$def_smtp_ports_type}]
-portvar SNMP_PORTS [{$def_snmp_ports_type}]
-portvar SSH_PORTS [{$def_ssh_ports_type}]
-portvar TELNET_PORTS [{$def_telnet_ports_type}]
-portvar MAIL_PORTS [{$def_mail_ports_type}]
-portvar SSL_PORTS [{$def_ssl_ports_type}]
-portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}]
-
-# DCERPC NCACN-IP-TCP
-portvar DCERPC_NCACN_IP_TCP [139,445]
-portvar DCERPC_NCADG_IP_UDP [138,1024:]
-portvar DCERPC_NCACN_IP_LONG [135,139,445,593,1024:]
-portvar DCERPC_NCACN_UDP_LONG [135,1024:]
-portvar DCERPC_NCACN_UDP_SHORT [135,593,1024:]
-portvar DCERPC_NCACN_TCP [2103,2105,2107]
-portvar DCERPC_BRIGHTSTORE [6503,6504]
-
-#####################
- #
-# Define Rule Paths #
- #
-#####################
-
-var RULE_PATH /usr/local/etc/snort/rules
-# var PREPROC_RULE_PATH ./preproc_rules
-
-################################
- #
-# Configure the snort decoder #
- #
-################################
-
-config checksum_mode: all
-config disable_decode_alerts
-config disable_tcpopt_experimental_alerts
-config disable_tcpopt_obsolete_alerts
-config disable_ttcp_alerts
-config disable_tcpopt_alerts
-config disable_ipopt_alerts
-config disable_decode_drops
-
-###################################
- #
-# Configure the detection engine #
-# Use lower memory models #
- #
-###################################
-
-config detection: search-method {$snort_performance}
-config detection: max_queue_events 5
-config event_queue: max_queue 8 log 3 order_events content_length
-
-#Configure dynamic loaded libraries
-dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/
-dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
-dynamicdetection directory /usr/local/lib/snort/dynamicrules/
-
-###################
- #
-# Flow and stream #
- #
-###################
-
-preprocessor frag3_global: max_frags 8192
-preprocessor frag3_engine: policy windows
-preprocessor frag3_engine: policy linux
-preprocessor frag3_engine: policy first
-preprocessor frag3_engine: policy bsd detect_anomalies
-
-preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
-track_udp yes, track_icmp yes
-preprocessor stream5_tcp: bind_to any, policy windows
-preprocessor stream5_tcp: bind_to any, policy linux
-preprocessor stream5_tcp: bind_to any, policy vista
-preprocessor stream5_tcp: bind_to any, policy macos
-preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes
-preprocessor stream5_udp
-preprocessor stream5_icmp
-
-##########################
- #
-# NEW #
-# Performance Statistics #
- #
-##########################
-
-preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
-
-#################
- #
-# HTTP Inspect #
- #
-#################
-
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252
-
-preprocessor http_inspect_server: server default \
- ports { 80 8080 } \
- no_alerts \
- non_strict \
- non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
- flow_depth 0 \
- apache_whitespace yes \
- directory no \
- iis_backslash no \
- u_encode yes \
- ascii yes \
- chunk_length 500000 \
- bare_byte yes \
- double_decode yes \
- iis_unicode yes \
- iis_delimiter yes \
- multi_slash no
-
-##################
- #
-# Other preprocs #
- #
-##################
-
-preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
-preprocessor bo
-
-#####################
- #
-# ftp preprocessor #
- #
-#####################
-
-preprocessor ftp_telnet: global \
-inspection_type stateless
-
-preprocessor ftp_telnet_protocol: telnet \
- normalize \
- ayt_attack_thresh 200
-
-preprocessor ftp_telnet_protocol: \
- ftp server default \
- def_max_param_len 100 \
- ports { 21 } \
- ftp_cmds { USER PASS ACCT CWD SDUP SMNT QUIT REIN PORT PASV TYPE STRU MODE } \
- ftp_cmds { RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE RMD MKD PWD } \
- ftp_cmds { LIST NLST SITE SYST STAT HELP NOOP } \
- ftp_cmds { AUTH ADAT PROT PBSZ CONF ENC } \
- ftp_cmds { FEAT CEL CMD MACB } \
- ftp_cmds { MDTM REST SIZE MLST MLSD } \
- ftp_cmds { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- alt_max_param_len 0 { CDUP QUIT REIN PASV STOU ABOR PWD SYST NOOP } \
- alt_max_param_len 100 { MDTM CEL XCWD SITE USER PASS REST DELE RMD SYST TEST STAT MACB EPSV CLNT LPRT } \
- alt_max_param_len 200 { XMKD NLST ALLO STOU APPE RETR STOR CMD RNFR HELP } \
- alt_max_param_len 256 { RNTO CWD } \
- alt_max_param_len 400 { PORT } \
- alt_max_param_len 512 { SIZE } \
- chk_str_fmt { USER PASS ACCT CWD SDUP SMNT PORT TYPE STRU MODE } \
- chk_str_fmt { RETR STOR STOU APPE ALLO REST RNFR RNTO DELE RMD MKD } \
- chk_str_fmt { LIST NLST SITE SYST STAT HELP } \
- chk_str_fmt { AUTH ADAT PROT PBSZ CONF ENC } \
- chk_str_fmt { FEAT CEL CMD } \
- chk_str_fmt { MDTM REST SIZE MLST MLSD } \
- chk_str_fmt { XPWD XCWD XCUP XMKD XRMD TEST CLNT } \
- cmd_validity MODE < char ASBCZ > \
- cmd_validity STRU < char FRP > \
- cmd_validity ALLO < int [ char R int ] > \
- cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } > \
- cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
- cmd_validity PORT < host_port >
-
-preprocessor ftp_telnet_protocol: ftp client default \
- max_resp_len 256 \
- bounce yes \
- telnet_cmds yes
-
-#####################
- #
-# SMTP preprocessor #
- #
-#####################
-
-preprocessor SMTP: \
- ports { 25 465 691 } \
- inspection_type stateful \
- normalize cmds \
- valid_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN PIPELINING \
-CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
- normalize_cmds { MAIL RCPT HELP HELO ETRN EHLO EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET SEND SAML SOML AUTH TURN ETRN \
-PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
- max_header_line_len 1000 \
- max_response_line_len 512 \
- alt_max_command_line_len 260 { MAIL } \
- alt_max_command_line_len 300 { RCPT } \
- alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
- alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
- alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN PIPELINING CHUNKING DATA DSN RSET QUIT ONEX } \
- alt_max_command_line_len 246 { QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR } \
- alt_max_command_line_len 246 { XAUTH XCIR XEXCH50 XGEN XLICENSE XQUEU XSTA XTRN XUSR } \
- xlink2state { enable }
-
-################
- #
-# sf Portscan #
- #
-################
-
-preprocessor sfportscan: scan_type { all } \
- proto { all } \
- memcap { 10000000 } \
- sense_level { medium } \
- ignore_scanners { \$HOME_NET }
-
-############################
- #
-# OLD #
-# preprocessor dcerpc: \ #
-# autodetect \ #
-# max_frag_size 3000 \ #
-# memcap 100000 #
- #
-############################
-
-###############
- #
-# NEW #
-# DCE/RPC 2 #
- #
-###############
-
-preprocessor dcerpc2: memcap 102400, events [smb, co, cl]
-preprocessor dcerpc2_server: default, policy WinXP, \
- detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
- autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
- smb_max_chain 3
-
-####################
- #
-# DNS preprocessor #
- #
-####################
-
-preprocessor dns: \
- ports { 53 } \
- enable_rdata_overflow
-
-##############################
- #
-# NEW #
-# Ignore SSL and Encryption #
- #
-##############################
-
-preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 }, trustservers, noinspect_encrypted
-
-#####################
- #
-# Snort Output Logs #
- #
-#####################
-
-$snortalertlogtype_type
-$alertsystemlog_type
-$tcpdumplog_type
-$snortmysqllog_info_chk
-$snortunifiedlog_type
-$spoink_type
-
-#################
- #
-# Misc Includes #
- #
-#################
-
-include /usr/local/etc/snort/reference.config
-include /usr/local/etc/snort/classification.config
-include /usr/local/etc/snort/threshold.conf
-
-# Snort user pass through configuration
-{$snort_config_pass_thru}
-
-###################
- #
-# Rules Selection #
- #
-###################
-
-{$selected_rules_sections}
-
-EOD;
- conf_mount_ro();
- return $snort_conf_text;
-}
-
-/* check downloaded text from snort.org to make sure that an error did not occur
- * for example, if you are not a premium subscriber you can only download rules
- * so often, etc.
- */
-function check_for_common_errors($filename) {
- global $snort_filename, $snort_filename_md5, $console_mode;
- ob_flush();
- $contents = file_get_contents($filename);
- if(stristr($contents, "You don't have permission")) {
- if(!$console_mode) {
- update_all_status("An error occured while downloading {$filename}.");
- hide_progress_bar_status();
- } else {
- log_error("An error occured. Scroll down to inspect it's contents.");
- echo "An error occured. Scroll down to inspect it's contents.";
- }
- if(!$console_mode) {
- update_output_window(strip_tags("$contents"));
- } else {
- $contents = strip_tags($contents);
- log_error("Error downloading snort rules: {$contents}");
- echo "Error downloading snort rules: {$contents}";
- }
- scroll_down_to_bottom_of_page();
- exit;
- }
-}
-
-/* force browser to scroll all the way down */
-function scroll_down_to_bottom_of_page() {
- global $snort_filename, $console_mode;
- ob_flush();
- if(!$console_mode)
- echo "\n<script type=\"text/javascript\">parent.scrollTo(0,1500);\n</script>";
-}
-
-/* ensure downloaded file looks sane */
-function verify_downloaded_file($filename) {
- global $snort_filename, $snort_filename_md5, $console_mode;
- ob_flush();
- if(filesize($filename)<9500) {
- if(!$console_mode) {
- update_all_status("Checking {$filename}...");
- check_for_common_errors($filename);
- }
- }
- update_all_status("Verifying {$filename}...");
- if(!file_exists($filename)) {
- if(!$console_mode) {
- update_all_status("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.");
- hide_progress_bar_status();
- } else {
- log_error("Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.");
- echo "Could not fetch snort rules ({$filename}). Check oinkid key and dns and try again.";
- }
- exit;
- }
- update_all_status("Verifyied {$filename}.");
-}
-
-/* extract rules */
-function extract_snort_rules_md5($tmpfname) {
- global $snort_filename, $snort_filename_md5, $console_mode;
- ini_set("memory_limit","64M");
- conf_mount_rw();
- ob_flush();
- if(!$console_mode) {
- $static_output = gettext("Extracting snort rules...");
- update_all_status($static_output);
- }
- if(!is_dir("/usr/local/etc/snort/rules/"))
- mkdir("/usr/local/etc/snort/rules/");
- $cmd = "/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C /usr/local/etc/snort/ rules/";
- $handle = popen("{$cmd} 2>&1", 'r');
- while(!feof($handle)) {
- $buffer = fgets($handle);
- update_output_window($buffer);
- }
- pclose($handle);
-
- if(!$console_mode) {
- $static_output = gettext("Snort rules extracted.");
- update_all_status($static_output);
- } else {
- log_error("Snort rules extracted.");
- echo "Snort rules extracted.";
- }
- conf_mount_ro();
-}
-
-/* verify MD5 against downloaded item */
-function verify_snort_rules_md5($tmpfname) {
- global $snort_filename, $snort_filename_md5, $console_mode;
- ob_flush();
- if(!$console_mode) {
- $static_output = gettext("Verifying md5 signature...");
- update_all_status($static_output);
- }
-
- $md555 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
- $md5 = `/bin/echo "{$md555}" | /usr/bin/awk '{ print $4 }'`;
- $file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
- if($md5 == $file_md5_ondisk) {
- if(!$console_mode) {
- $static_output = gettext("snort rules: md5 signature of rules mismatch.");
- update_all_status($static_output);
- hide_progress_bar_status();
- } else {
- log_error("snort rules: md5 signature of rules mismatch.");
- echo "snort rules: md5 signature of rules mismatch.";
- }
- exit;
- }
-}
-
-/* hide progress bar */
-function hide_progress_bar_status() {
- global $snort_filename, $snort_filename_md5, $console_mode;
- ob_flush();
- if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
-}
-
-/* unhide progress bar */
-function unhide_progress_bar_status() {
- global $snort_filename, $snort_filename_md5, $console_mode;
- ob_flush();
- if(!$console_mode)
- echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='visible';\n</script>";
-}
-
-/* update both top and bottom text box during an operation */
-function update_all_status($status) {
- global $snort_filename, $snort_filename_md5, $console_mode;
- ob_flush();
- if(!$console_mode) {
- update_status($status);
- update_output_window($status);
- }
-}
-
-/* obtain alert description for an ip address */
-function get_snort_alert($ip) {
- global $snort_alert_file_split, $snort_config;
- if(!file_exists("/var/log/snort/alert"))
- return;
- if(!$snort_config)
- $snort_config = read_snort_config_cache();
- if($snort_config[$ip])
- return $snort_config[$ip];
- if(!$snort_alert_file_split)
- $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert"));
- foreach($snort_alert_file_split as $fileline) {
- if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
- $alert_title = $matches[2];
- if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches))
- $alert_ip = $matches[0];
- if($alert_ip == $ip) {
- if(!$snort_config[$ip])
- $snort_config[$ip] = $alert_title;
- return $alert_title;
- }
- }
- return "n/a";
-}
-
-function make_clickable($buffer) {
- global $config, $g;
- /* if clickable urls is disabled, simply return buffer back to caller */
- $clickablalerteurls = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
- if(!$clickablalerteurls)
- return $buffer;
- $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
- $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer);
- $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer);
- $buffer = eregi_replace("(^|[ \n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $buffer);
- $buffer = eregi_replace("(^|[ \n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"ftp://\\2\" target=\"_blank\">\\2</a>", $buffer);
-
- return $buffer;
-}
-
-function read_snort_config_cache() {
- global $g, $config, $snort_config;
- if($snort_config)
- return $snort_config;
- if(file_exists($g['tmp_path'] . '/snort_config.cache')) {
- $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache'));
- return $snort_config;
- }
- return;
-}
-
-function write_snort_config_cache($snort_config) {
- global $g, $config;
- conf_mount_rw();
- $configcache = fopen($g['tmp_path'] . '/snort_config.cache', "w");
- if(!$configcache) {
- log_error("Could not open {$g['tmp_path']}/snort_config.cache for writing.");
- return false;
- }
- fwrite($configcache, serialize($snort_config));
- fclose($configcache);
- conf_mount_ro();
- return true;
-}
-
-function snort_advanced() {
- global $g, $config;
- sync_package_snort();
-}
-
-function snort_define_servers() {
- global $g, $config;
- sync_package_snort();
-}
-
-?>
diff --git a/config/snort-old/snort.xml b/config/snort-old/snort.xml
deleted file mode 100644
index 3bc40fce..00000000
--- a/config/snort-old/snort.xml
+++ /dev/null
@@ -1,378 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.xml
- part of pfSense (http://www.pfsense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>Snort</name>
- <version>2.8.4.1_5</version>
- <title>Services: Snort 2.8.4.1_5 pkg v. 1.8</title>
- <include_file>/usr/local/pkg/snort.inc</include_file>
- <menu>
- <name>Snort</name>
- <tooltiptext>Setup snort specific settings</tooltiptext>
- <section>Services</section>
- <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
- </menu>
- <service>
- <name>snort</name>
- <rcfile>snort.sh</rcfile>
- <executable>snort</executable>
- <description>Snort is the most widely deployed IDS/IPS technology worldwide..</description>
- </service>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
- <active/>
- </tab>
- <tab>
- <text>Update Rules</text>
- <url>/snort_download_rules.php</url>
- </tab>
- <tab>
- <text>Categories</text>
- <url>/snort_rulesets.php</url>
- </tab>
- <tab>
- <text>Rules</text>
- <url>/snort_rules.php</url>
- </tab>
- <tab>
- <text>Servers</text>
- <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Blocked</text>
- <url>/snort_blocked.php</url>
- </tab>
- <tab>
- <text>Whitelist</text>
- <url>/pkg.php?xml=snort_whitelist.xml</url>
- </tab>
- <tab>
- <text>Threshold</text>
- <url>/pkg.php?xml=snort_threshold.xml</url>
- </tab>
- <tab>
- <text>Alerts</text>
- <url>/snort_alerts.php</url>
- </tab>
- <tab>
- <text>Advanced</text>
- <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
- </tab>
- </tabs>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/bin/barnyard2</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/bin/oinkmaster_contrib/create-sidmap.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/bin/oinkmaster_contrib/oinkmaster.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_download_rules.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_rules.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_rules_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_rulesets.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_whitelist.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_blocked.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_check_for_rule_updates.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_alerts.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/pf/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_dynamic_ip_reload.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_advanced.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_define_servers.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/snort_threshold.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-old/pfsense_rules/local.rules</item>
- </additional_files_needed>
- <fields>
- <field>
- <fielddescr>Interface</fielddescr>
- <fieldname>iface_array</fieldname>
- <description>Select the interface(s) Snort will listen on.</description>
- <type>interfaces_selection</type>
- <size>3</size>
- <value>lan</value>
- <multiple>true</multiple>
- </field>
- <field>
- <fielddescr>Memory Performance</fielddescr>
- <fieldname>performance</fieldname>
- <description>Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.</description>
- <type>select</type>
- <options>
- <option>
- <name>ac-bnfa</name>
- <value>ac-bnfa</value>
- </option>
- <option>
- <name>lowmem</name>
- <value>lowmem</value>
- </option>
- <option>
- <name>ac-std</name>
- <value>ac-std</value>
- </option>
- <option>
- <name>ac</name>
- <value>ac</value>
- </option>
- <option>
- <name>ac-banded</name>
- <value>ac-banded</value>
- </option>
- <option>
- <name>ac-sparsebands</name>
- <value>ac-sparsebands</value>
- </option>
- <option>
- <name>acs</name>
- <value>acs</value>
- </option>
- </options>
- </field>
- <field>
- <fielddescr>Oinkmaster code</fielddescr>
- <fieldname>oinkmastercode</fieldname>
- <description>Obtain a snort.org Oinkmaster code and paste here.</description>
- <type>input</type>
- <size>60</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Snort.org subscriber</fielddescr>
- <fieldname>subscriber</fieldname>
- <description>Check this box if you are a Snort.org subscriber (premium rules).</description>
- <type>checkbox</type>
- <size>60</size>
- </field>
- <field>
- <fielddescr>Block offenders</fielddescr>
- <fieldname>blockoffenders7</fieldname>
- <description>Checking this option will automatically block hosts that generate a snort alert.</description>
- <type>checkbox</type>
- <size>60</size>
- </field>
- <field>
- <fielddescr>Remove blocked hosts every</fielddescr>
- <fieldname>rm_blocked</fieldname>
- <description>Please select the amount of time hosts are blocked</description>
- <type>select</type>
- <options>
- <option>
- <name>never</name>
- <value>never_b</value>
- </option>
- <option>
- <name>1 hour</name>
- <value>1h_b</value>
- </option>
- <option>
- <name>3 hours</name>
- <value>3h_b</value>
- </option>
- <option>
- <name>6 hours</name>
- <value>6h_b</value>
- </option>
- <option>
- <name>12 hours</name>
- <value>12h_b</value>
- </option>
- <option>
- <name>1 day</name>
- <value>1d_b</value>
- </option>
- <option>
- <name>4 days</name>
- <value>4d_b</value>
- </option>
- <option>
- <name>7 days</name>
- <value>7d_b</value>
- </option>
- <option>
- <name>28 days</name>
- <value>28d_b</value>
- </option>
- </options>
- </field>
- <field>
- </field>
- <field>
- <fielddescr>Update rules automatically</fielddescr>
- <fieldname>autorulesupdate7</fieldname>
- <description>Please select the update times for rules.</description>
- <type>select</type>
- <options>
- <option>
- <name>never</name>
- <value>never_up</value>
- </option>
- <option>
- <name>6 hours</name>
- <value>6h_up</value>
- </option>
- <option>
- <name>12 hours</name>
- <value>12h_up</value>
- </option>
- <option>
- <name>1 day</name>
- <value>1d_up</value>
- </option>
- <option>
- <name>4 days</name>
- <value>4d_up</value>
- </option>
- <option>
- <name>7 days</name>
- <value>7d_up</value>
- </option>
- <option>
- <name>28 days</name>
- <value>28d_up</value>
- </option>
- </options>
- </field>
- <field>
- <fielddescr>Whitelist VPNs automatically</fielddescr>
- <fieldname>whitelistvpns</fieldname>
- <description>Checking this option will install whitelists for all VPNs.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Convert Snort alerts urls to clickable links</fielddescr>
- <fieldname>clickablalerteurls</fieldname>
- <description>Checking this option will automatically convert URLs in the Snort alerts tab to clickable links.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Associate events on Blocked tab</fielddescr>
- <fieldname>associatealertip</fieldname>
- <description>Checking this option will automatically associate the blocked reason from the snort alerts file.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Install emergingthreats rules.</fielddescr>
- <fieldname>emergingthreats</fieldname>
- <description>Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.</description>
- <type>checkbox</type>
- </field>
- </fields>
- <custom_php_resync_config_command>
- sync_package_snort();
- </custom_php_resync_config_command>
- <custom_add_php_command>
- </custom_add_php_command>
- <custom_php_install_command>
- sync_package_snort_reinstall();
- </custom_php_install_command>
- <custom_php_deinstall_command>
- snort_deinstall();
- </custom_php_deinstall_command>
-</packagegui>
diff --git a/config/snort-old/snort_advanced.xml b/config/snort-old/snort_advanced.xml
deleted file mode 100644
index 1fdddda2..00000000
--- a/config/snort-old/snort_advanced.xml
+++ /dev/null
@@ -1,196 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>SnortAdvanced</name>
- <version>none</version>
- <title>Services: Snort Advanced</title>
- <include_file>/usr/local/pkg/snort.inc</include_file>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Update Rules</text>
- <url>/snort_download_rules.php</url>
- </tab>
- <tab>
- <text>Categories</text>
- <url>/snort_rulesets.php</url>
- </tab>
- <tab>
- <text>Rules</text>
- <url>/snort_rules.php</url>
- </tab>
- <tab>
- <text>Servers</text>
- <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Blocked</text>
- <url>/snort_blocked.php</url>
- </tab>
- <tab>
- <text>Whitelist</text>
- <url>/pkg.php?xml=snort_whitelist.xml</url>
- </tab>
- <tab>
- <text>Threshold</text>
- <url>/pkg.php?xml=snort_threshold.xml</url>
- </tab>
- <tab>
- <text>Alerts</text>
- <url>/snort_alerts.php</url>
- </tab>
- <tab>
- <text>Advanced</text>
- <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
- <active/>
- </tab>
- </tabs>
- <fields>
- <field>
- <fielddescr>BPF Buffer size</fielddescr>
- <fieldname>bpfbufsize</fieldname>
- <description>Changing this option adjusts the system BPF buffer size. Leave blank if you do not know what this does. Default is 1024.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Maximum BPF buffer size</fielddescr>
- <fieldname>bpfmaxbufsize</fieldname>
- <description>Changing this option adjusts the system maximum BPF buffer size. Leave blank if you do not know what this does. Default is 524288. This value should never be set above hardware cache size. The best (optimal size) is 50% - 80% of the hardware cache size.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Maximum BPF inserts</fielddescr>
- <fieldname>bpfmaxinsns</fieldname>
- <description>Changing this option adjusts the system maximum BPF insert size. Leave blank if you do not know what this does. Default is 512.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Advanced configuration pass through</fielddescr>
- <fieldname>configpassthru</fieldname>
- <description>Add items to here will be automatically inserted into the running snort configuration</description>
- <type>textarea</type>
- <cols>40</cols>
- <rows>5</rows>
- </field>
- <field>
- <fielddescr>Snort signature info files.</fielddescr>
- <fieldname>signatureinfo</fieldname>
- <description>Snort signature info files will be installed during updates. At leats 500 mb of memory is needed.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Alerts Tab logging type.</fielddescr>
- <fieldname>snortalertlogtype</fieldname>
- <description>Please choose the type of Alert logging you will like see in the Alerts Tab. The options are Full descriptions or Fast short descriptions</description>
- <type>select</type>
- <options>
- <option>
- <name>fast</name>
- <value>fast</value>
- </option>
- <option>
- <name>full</name>
- <value>full</value>
- </option>
- </options>
- </field>
- <field>
- <fielddescr>Send alerts to main System logs.</fielddescr>
- <fieldname>alertsystemlog</fieldname>
- <description>Snort will send Alerts to the Pfsense system logs.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Log to a Tcpdump file.</fielddescr>
- <fieldname>tcpdumplog</fieldname>
- <description>Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by a wireshark type of application. WARNING: File may become large.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Enable Barnyard2.</fielddescr>
- <fieldname>snortbarnyardlog</fieldname>
- <description>This will enable barnyard2 in the snort package. You will also have to set the database credentials.</description>
- <type>checkbox</type>
- </field>
- <field>
- <fielddescr>Barnyard2 Log Mysql Database.</fielddescr>
- <fieldname>snortbarnyardlog_database</fieldname>
- <description>Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Barnyard2 Configure Hostname ID.</fielddescr>
- <fieldname>snortbarnyardlog_hostname</fieldname>
- <description>Example: pfsense.local</description>
- <type>input</type>
- <size>25</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Barnyard2 Configure Interface ID</fielddescr>
- <fieldname>snortbarnyardlog_interface</fieldname>
- <description>Example: vr0</description>
- <type>input</type>
- <size>25</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Log Alerts to a snort unified2 file.</fielddescr>
- <fieldname>snortunifiedlog</fieldname>
- <description>Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</description>
- <type>checkbox</type>
- </field>
- </fields>
- <custom_php_deinstall_command>
- snort_advanced();
- </custom_php_deinstall_command>
-</packagegui>
diff --git a/config/snort-old/snort_alerts.php b/config/snort-old/snort_alerts.php
deleted file mode 100644
index e67b9b5f..00000000
--- a/config/snort-old/snort_alerts.php
+++ /dev/null
@@ -1,124 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_alerts.php
- part of pfSense
-
- Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require("globals.inc");
-require("guiconfig.inc");
-require("/usr/local/pkg/snort.inc");
-
-$snort_logfile = "{$g['varlog_path']}/snort/alert";
-
-$nentries = $config['syslog']['nentries'];
-if (!$nentries)
- $nentries = 50;
-
-if ($_POST['clear']) {
- exec("killall syslogd");
- conf_mount_rw();
- exec("rm {$snort_logfile}; touch {$snort_logfile}");
- conf_mount_ro();
- system_syslogd_start();
- exec("/usr/bin/killall -HUP snort");
- exec("/usr/bin/killall snort2c");
- if ($config['installedpackages']['snort']['config'][0]['blockoffenders'] == 'on')
- exec("/usr/local/bin/snort2c -w /var/db/whitelist -a /var/log/snort/alert");
-}
-
-$pgtitle = "Services: Snort: Snort Alerts";
-include("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
-?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
-<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"),false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), true, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-?>
- </td></tr>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td colspan="2" class="listtopic">
- Last <?=$nentries;?> Snort Alert entries</td>
- </tr>
- <?php dump_log_file($snort_logfile, $nentries); ?>
- <tr><td><br><form action="snort_alerts.php" method="post">
- <input name="clear" type="submit" class="formbtn" value="Clear log"></td></tr>
- </table>
- </div>
- </form>
- </td>
- </tr>
-</table>
-<?php include("fend.inc"); ?>
-<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>">
-</body>
-</html>
-<!-- <?php echo $snort_logfile; ?> -->
-
-<?php
-
-function dump_log_file($logfile, $tail, $withorig = true, $grepfor = "", $grepinvert = "") {
- global $g, $config;
- $logarr = "";
- exec("cat {$logfile} | /usr/bin/tail -n {$tail}", $logarr);
- foreach ($logarr as $logent) {
- if(!logent)
- continue;
- $ww_logent = $logent;
- $ww_logent = str_replace("[", " [ ", $ww_logent);
- $ww_logent = str_replace("]", " ] ", $ww_logent);
- echo "<tr valign=\"top\">\n";
- echo "<td colspan=\"2\" class=\"listr\">" . make_clickable($ww_logent) . "&nbsp;</td>\n";
- echo "</tr>\n";
- }
-}
-
-?> \ No newline at end of file
diff --git a/config/snort-old/snort_blocked.php b/config/snort-old/snort_blocked.php
deleted file mode 100644
index ff158853..00000000
--- a/config/snort-old/snort_blocked.php
+++ /dev/null
@@ -1,174 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_blocked.php
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require("guiconfig.inc");
-require("/usr/local/pkg/snort.inc");
-
-if($_POST['todelete'] or $_GET['todelete']) {
- if($_POST['todelete'])
- $ip = $_POST['todelete'];
- if($_GET['todelete'])
- $ip = $_GET['todelete'];
- exec("/sbin/pfctl -t snort2c -T delete {$ip}");
-}
-
-$pgtitle = "Snort: Snort Blocked";
-include("head.inc");
-
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<?php include("fbegin.inc"); ?>
-
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
-?>
-
-<form action="snort_rulesets.php" method="post" name="iform" id="iform">
-<script src="/row_toggle.js" type="text/javascript"></script>
-<script src="/javascript/sorttable.js" type="text/javascript"></script>
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), true, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">Remove</td>
- <td class="listhdrr">IP</td>
- <td class="listhdrr">Alert Description</td>
- </tr>
-<?php
-
- $associatealertip = $config['installedpackages']['snort']['config'][0]['associatealertip'];
- $ips = `/sbin/pfctl -t snort2c -T show`;
- $ips_array = split("\n", $ips);
- $counter = 0;
- foreach($ips_array as $ip) {
- if(!$ip)
- continue;
- $ww_ip = str_replace(" ", "", $ip);
- $counter++;
- if($associatealertip)
- $alert_description = get_snort_alert($ww_ip);
- else
- $alert_description = "";
- echo "\n<tr>";
- echo "\n<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ww_ip)) . "'>";
- echo "\n<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>";
- echo "\n<td>&nbsp;{$ww_ip}</td>";
- echo "\n<td>&nbsp;{$alert_description}<!-- |{$ww_ip}| get_snort_alert($ww_ip); --></td>";
- echo "\n</tr>";
- }
- echo "\n<tr><td colspan='3'>&nbsp;</td></tr>";
- if($counter < 1)
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>";
- else
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>";
-
-?>
-
- </table>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-
-</form>
-
-<p>
-
-<?php
-
-$blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
- if ($blockedtab_msg_chk == "1h_b") {
- $blocked_msg = "hour";
- }
- if ($blockedtab_msg_chk == "3h_b") {
- $blocked_msg = "3 hours";
- }
- if ($blockedtab_msg_chk == "6h_b") {
- $blocked_msg = "6 hours";
- }
- if ($blockedtab_msg_chk == "12h_b") {
- $blocked_msg = "12 hours";
- }
- if ($blockedtab_msg_chk == "1d_b") {
- $blocked_msg = "day";
- }
- if ($blockedtab_msg_chk == "4d_b") {
- $blocked_msg = "4 days";
- }
- if ($blockedtab_msg_chk == "7d_b") {
- $blocked_msg = "7 days";
- }
- if ($blockedtab_msg_chk == "28d_b") {
- $blocked_msg = "28 days";
- }
-
-echo "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every $blocked_msg.";
-
-?>
-
-<?php include("fend.inc"); ?>
-
-</body>
-</html>
-
-<?php
-
-/* write out snort cache */
-write_snort_config_cache($snort_config);
-
-?> \ No newline at end of file
diff --git a/config/snort-old/snort_check_for_rule_updates.php b/config/snort-old/snort_check_for_rule_updates.php
deleted file mode 100644
index 8d308245..00000000
--- a/config/snort-old/snort_check_for_rule_updates.php
+++ /dev/null
@@ -1,634 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* Setup enviroment */
-$tmpfname = "/root/snort_rules_up";
-$snortdir = "/usr/local/etc/snort_bkup";
-$snortdir_wan = "/usr/local/etc/snort";
-$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
-$snort_filename = "snortrules-snapshot-2.8.tar.gz";
-$emergingthreats_filename_md5 = "version.txt";
-$emergingthreats_filename = "emerging.rules.tar.gz";
-$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
-$pfsense_rules_filename = "pfsense_rules.tar.gz";
-
-require("/usr/local/pkg/snort.inc");
-require_once("config.inc");
-
-?>
-
-
-<?php
-
-$up_date_time = date('l jS \of F Y h:i:s A');
-echo "";
-echo "#########################";
-echo "$up_date_time";
-echo "#########################";
-echo "";
-
-/* Begin main code */
-/* Set user agent to Mozilla */
-ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-ini_set("memory_limit","125M");
-
-/* send current buffer */
-ob_flush();
-
-/* define oinkid */
-if($config['installedpackages']['snort'])
- $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
-
-/* if missing oinkid exit */
-if(!$oinkid) {
- echo "Please add you oink code\n";
- exit;
-}
-
-/* premium_subscriber check */
-//unset($config['installedpackages']['snort']['config'][0]['subscriber']);
-//write_config(); // Will cause switch back to read-only on nanobsd
-//conf_mount_rw(); // Uncomment this if the previous line is uncommented
-$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-
-if ($premium_subscriber_chk === on) {
- $premium_subscriber = "_s";
-}else{
- $premium_subscriber = "";
-}
-
-$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-if ($premium_url_chk === on) {
- $premium_url = "sub-rules";
-}else{
- $premium_url = "reg-rules";
-}
-
-/* send current buffer */
-ob_flush();
-
-conf_mount_rw();
-/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}")) {
- exec("/bin/rm -r {$tmpfname}");
- apc_clear_cache();
-}
-
-/* send current buffer */
-ob_flush();
-
-/* If tmp dir does not exist create it */
-if (file_exists($tmpfname)) {
- echo "The directory tmp exists...\n";
-} else {
- mkdir("{$tmpfname}", 700);
-}
-
-/* download md5 sig from snort.org */
-if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
- echo "md5 temp file exists...\n";
-} else {
- echo "Downloading md5 file...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5");
- $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done. downloading md5\n";
-}
-
-/* download md5 sig from emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
-if ($emergingthreats_url_chk == on) {
- echo "Downloading md5 file...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $f = fopen("{$tmpfname}/version.txt", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done. downloading md5\n";
-}
-
-/* download md5 sig from pfsense.org */
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- echo "md5 temp file exists...\n";
-} else {
- echo "Downloading pfsense md5 file...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
- $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done. downloading md5\n";
-}
-
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snort']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snort']['last_rules_install'];
-
-/* If md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
- echo "Please wait... You may only check for New Rules every 15 minutes...\n";
- echo "Rules are released every month from snort.org. You may download the Rules at any time.\n";
- exit(0);
-}
-
-/* If emergingthreats md5 file is empty wait 15min exit not needed */
-
-/* If pfsense md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
- echo "Please wait... You may only check for New Pfsense Rules every 15 minutes...\n";
- echo "Rules are released to support Pfsense packages.\n";
- exit(0);
-}
-
-/* Check if were up to date snort.org */
-if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){
-$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
-$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-/* Write out time of last sucsessful md5 to cache */
-$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
-write_config(); // Will cause switch back to read-only on nanobsd
-conf_mount_rw();
-if ($md5_check_new == $md5_check_old) {
- echo "Your rules are up to date...\n";
- echo "You may start Snort now, check update.\n";
- $snort_md5_check_ok = on;
- }
-}
-
-/* Check if were up to date emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
-if ($emergingthreats_url_chk == on) {
-if (file_exists("{$snortdir}/version.txt")){
-$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
-$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
-$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-/* Write out time of last sucsessful md5 to cache */
-$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
-write_config(); // Will cause switch back to read-only on nanobsd
-conf_mount_rw();
-if ($emerg_md5_check_new == $emerg_md5_check_old) {
- echo "Your emergingthreats rules are up to date...\n";
- echo "You may start Snort now, check update.\n";
- $emerg_md5_check_chk_ok = on;
- }
- }
-}
-
-/* Check if were up to date pfsense.org */
-if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){
-$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
-$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-if ($pfsense_md5_check_new == $pfsense_md5_check_old) {
- $pfsense_md5_check_ok = on;
- }
-}
-
-/* Make Clean Snort Directory emergingthreats not checked */
-if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) {
- echo "Cleaning the snort Directory...\n";
- echo "removing...\n";
- exec("/bin/rm {$snortdir}/rules/emerging*\n");
- exec("/bin/rm {$snortdir}/version.txt");
- echo "Done making cleaning emrg direcory.\n";
-}
-
-/* Check if were up to date exits */
-if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) {
- echo "Your rules are up to date...\n";
- echo "You may start Snort now...\n";
- exit(0);
-}
-
-if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) {
- echo "Your rules are up to date...\n";
- echo "You may start Snort now...\n";
- exit(0);
-}
-
-/* You are Not Up to date, always stop snort when updating rules for low end machines */;
-echo "You are NOT up to date...\n";
-echo "Stopping Snort service...\n";
-$chk_if_snort_up = exec("pgrep -x snort");
-if ($chk_if_snort_up != "") {
- exec("/usr/bin/touch /tmp/snort_download_halt.pid");
- stop_service("snort");
- sleep(2);
-}
-
-/* download snortrules file */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
- echo "Snortrule tar file exists...\n";
-} else {
-
- echo "There is a new set of Snort rules posted. Downloading...\n";
- echo "May take 4 to 10 min...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz");
- $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done downloading rules file.\n";
- if (150000 > filesize("{$tmpfname}/$snort_filename")){
- echo "Error with the snort rules download...\n";
- echo "Snort rules file downloaded failed...\n";
- exit(0);
- }
- }
-}
-
-/* download emergingthreats rules file */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- echo "Emergingthreats tar file exists...\n";
-} else {
- echo "There is a new set of Emergingthreats rules posted. Downloading...\n";
- echo "May take 4 to 10 min...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz");
-// $image = @file_get_contents("http://www.emergingthreats.net/rules/emerging.rules.tar.gz");
- $f = fopen("{$tmpfname}/emerging.rules.tar.gz", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done downloading Emergingthreats rules file.\n";
- }
- }
- }
-
-/* download pfsense rules file */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- echo "Snortrule tar file exists...\n";
-} else {
-
- echo "There is a new set of Pfsense rules posted. Downloading...\n";
- echo "May take 4 to 10 min...\n";
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz");
- $f = fopen("{$tmpfname}/pfsense_rules.tar.gz", 'w');
- fwrite($f, $image);
- fclose($f);
- echo "Done downloading rules file.\n";
- }
-}
-
-/* Untar snort rules file individually to help people with low system specs */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
- echo "Extracting rules...\n";
- echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/");
- echo "Done extracting Rules.\n";
-} else {
- echo "The Download rules file missing...\n";
- echo "Error rules extracting failed...\n";
- exit(0);
- }
-}
-
-/* Untar emergingthreats rules to tmp */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- echo "Extracting rules...\n";
- echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
- }
-}
-
-/* Untar Pfsense rules to tmp */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- echo "Extracting Pfsense rules...\n";
- echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
- }
-}
-
-/* Untar snort signatures */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
-$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo'];
-if ($premium_url_chk == on) {
- echo "Extracting Signatures...\n";
- echo "May take a while...\n";
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- echo "Done extracting Signatures.\n";
- }
- }
-}
-
-/* Make Clean Snort Directory */
-//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) {
-//if (file_exists("{$snortdir}/rules")) {
-// echo "Cleaning the snort Directory...\n";
-// echo "removing...\n";
-// exec("/bin/mkdir -p {$snortdir}");
-// exec("/bin/mkdir -p {$snortdir}/rules");
-// exec("/bin/mkdir -p {$snortdir}/signatures");
-// exec("/bin/rm {$snortdir}/*");
-// exec("/bin/rm {$snortdir}/rules/*");
-// exec("/bin/rm {$snortdir_wan}/*");
-// exec("/bin/rm {$snortdir_wan}/rules/*");
-// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*");
-//} else {
-// echo "Making Snort Directory...\n";
-// echo "should be fast...\n";
-// exec("/bin/mkdir {$snortdir}");
-// exec("/bin/mkdir {$snortdir}/rules");
-// exec("/bin/rm {$snortdir_wan}/\*");
-// exec("/bin/rm {$snortdir_wan}/rules/*");
-// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*");
-// echo "Done making snort direcory.\n";
-// }
-//}
-
-/* Copy so_rules dir to snort lib dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
- echo "Copying so_rules...\n";
- echo "May take a while...\n";
- sleep(2);
- exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
- exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-misc.rules {$snortdir}/rules/web-misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- echo "Done copying so_rules.\n";
-} else {
- echo "Directory so_rules does not exist...\n";
- echo "Error copping so_rules...\n";
- exit(0);
- }
-}
-
-/* enable disable setting will carry over with updates */
-/* TODO carry signature changes with the updates */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
-
-if (!empty($config['installedpackages']['snort']['rule_sid_on'])) {
-$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on'];
-$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
-foreach($enabled_sid_on_array as $enabled_item_on)
-$selected_sid_on_sections .= "$enabled_item_on\n";
- }
-
-if (!empty($config['installedpackages']['snort']['rule_sid_off'])) {
-$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off'];
-$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
-foreach($enabled_sid_off_array as $enabled_item_off)
-$selected_sid_off_sections .= "$enabled_item_off\n";
- }
-
-$snort_sid_text = <<<EOD
-
-###########################################
-# #
-# this is auto generated on snort updates #
-# #
-###########################################
-
-path = /bin:/usr/bin:/usr/local/bin
-
-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-
-url = dir:///usr/local/etc/snort_bkup/rules
-
-$selected_sid_on_sections
-
-$selected_sid_off_sections
-
-EOD;
-
- /* open snort's threshold.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w");
-
- fwrite($oinkmasterlist, "$snort_sid_text");
-
- /* close snort's threshold.conf file */
- fclose($oinkmasterlist);
-
-}
-
-/* Copy configs to snort dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$snortdir}/etc/Makefile.am")) {
- echo "Copying configs to snort directory...\n";
- exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-} else {
- echo "The snort configs does not exist...\n";
- echo "Error copping config...\n";
- exit(0);
- }
-}
-
-/* Copy md5 sig to snort dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- echo "Copying md5 sig to snort directory...\n";
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
-} else {
- echo "The md5 file does not exist...\n";
- echo "Error copping config...\n";
- exit(0);
- }
-}
-
-/* Copy emergingthreats md5 sig to snort dir */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
- echo "Copying md5 sig to snort directory...\n";
- exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
-} else {
- echo "The emergingthreats md5 file does not exist...\n";
- echo "Error copping config...\n";
- exit(0);
- }
- }
-}
-
-/* Copy Pfsense md5 sig to snort dir */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- echo "Copying Pfsense md5 sig to snort directory...\n";
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
-} else {
- echo "The Pfsense md5 file does not exist...\n";
- echo "Error copping config...\n";
- exit(0);
- }
-}
-
-/* Copy signatures dir to snort dir */
-if ($snort_md5_check_ok != on) {
-$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo'];
-if ($premium_url_chk == on) {
-if (file_exists("{$snortdir}/doc/signatures")) {
- echo "Copying signatures...\n";
- echo "May take a while...\n";
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- echo "Done copying signatures.\n";
-} else {
- echo "Directory signatures exist...\n";
- echo "Error copping signature...\n";
- exit(0);
- }
- }
-}
-
-/* double make shure clean up emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) {
- apc_clear_cache();
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules");
-}
-
-if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
-}
-
-echo "Updating Alert Messages...\n";
-echo "Please Wait...\n";
-sleep(2);
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map");
-
-/* Run oinkmaster to snort_wan and cp configs */
-/* If oinkmaster is not needed cp rules normally */
-/* TODO add per interface settings here */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
-
- if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
-echo "Your first set of rules are being copied...\n";
-echo "May take a while...\n";
-
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
-
-} else {
- echo "Your enable and disable changes are being applied to your fresh set of rules...\n";
- echo "May take a while...\n";
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
-
- /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
- exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-
- }
-}
-
-/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}")) {
- echo "Cleaning up...\n";
- exec("/bin/rm -r /root/snort_rules_up");
-}
-
-/* php code to flush out cache some people are reportting missing files this might help */
-sleep(5);
-apc_clear_cache();
-exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
-
-/* if snort is running hardrestart, if snort is not running do nothing */
-if (file_exists("/tmp/snort_download_halt.pid")) {
- start_service("snort");
- echo "The Rules update finished...\n";
- echo "Snort has restarted with your new set of rules...\n";
- exec("/bin/rm /tmp/snort_download_halt.pid");
-} else {
- echo "The Rules update finished...\n";
- echo "You may start snort now...\n";
-}
-conf_mount_ro();
-
-?>
diff --git a/config/snort-old/snort_define_servers.xml b/config/snort-old/snort_define_servers.xml
deleted file mode 100644
index 7df880d0..00000000
--- a/config/snort-old/snort_define_servers.xml
+++ /dev/null
@@ -1,364 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>SnortDefServers</name>
- <version>none</version>
- <title>Services: Snort Define Servers</title>
- <include_file>/usr/local/pkg/snort.inc</include_file>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Update Rules</text>
- <url>/snort_download_rules.php</url>
- </tab>
- <tab>
- <text>Categories</text>
- <url>/snort_rulesets.php</url>
- </tab>
- <tab>
- <text>Rules</text>
- <url>/snort_rules.php</url>
- </tab>
- <tab>
- <text>Servers</text>
- <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
- <active/>
- </tab>
- <tab>
- <text>Blocked</text>
- <url>/snort_blocked.php</url>
- </tab>
- <tab>
- <text>Whitelist</text>
- <url>/pkg.php?xml=snort_whitelist.xml</url>
- </tab>
- <tab>
- <text>Threshold</text>
- <url>/pkg.php?xml=snort_threshold.xml</url>
- </tab>
- <tab>
- <text>Alerts</text>
- <url>/snort_alerts.php</url>
- </tab>
- <tab>
- <text>Advanced</text>
- <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
- </tab>
- </tabs>
- <fields>
- <field>
- <fielddescr>Define DNS_SERVERS</fielddescr>
- <fieldname>def_dns_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define DNS_PORTS</fielddescr>
- <fieldname>def_dns_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SMTP_SERVERS</fielddescr>
- <fieldname>def_smtp_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SMTP_PORTS</fielddescr>
- <fieldname>def_smtp_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define Mail_Ports</fielddescr>
- <fieldname>def_mail_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define HTTP_SERVERS</fielddescr>
- <fieldname>def_http_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define WWW_SERVERS</fielddescr>
- <fieldname>def_www_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define HTTP_PORTS</fielddescr>
- <fieldname>def_http_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SQL_SERVERS</fielddescr>
- <fieldname>def_sql_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define ORACLE_PORTS</fielddescr>
- <fieldname>def_oracle_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define MSSQL_PORTS</fielddescr>
- <fieldname>def_mssql_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define TELNET_SERVERS</fielddescr>
- <fieldname>def_telnet_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define TELNET_PORTS</fielddescr>
- <fieldname>def_telnet_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SNMP_SERVERS</fielddescr>
- <fieldname>def_snmp_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SNMP_PORTS</fielddescr>
- <fieldname>def_snmp_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define FTP_SERVERS</fielddescr>
- <fieldname>def_ftp_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define FTP_PORTS</fielddescr>
- <fieldname>def_ftp_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SSH_SERVERS</fielddescr>
- <fieldname>def_ssh_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SSH_PORTS</fielddescr>
- <fieldname>def_ssh_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define POP_SERVERS</fielddescr>
- <fieldname>def_pop_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define POP2_PORTS</fielddescr>
- <fieldname>def_pop2_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define POP3_PORTS</fielddescr>
- <fieldname>def_pop3_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define IMAP_SERVERS</fielddescr>
- <fieldname>def_imap_servers</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define IMAP_PORTS</fielddescr>
- <fieldname>def_imap_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SIP_PROXY_IP</fielddescr>
- <fieldname>def_sip_proxy_ip</fieldname>
- <description>Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks.</description>
- <type>input</type>
- <size>101</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SIP_PROXY_PORTS</fielddescr>
- <fieldname>def_sip_proxy_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define AUTH_PORTS</fielddescr>
- <fieldname>def_auth_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define FINGER_PORTS</fielddescr>
- <fieldname>def_finger_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define IRC_PORTS</fielddescr>
- <fieldname>def_irc_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define NNTP_PORTS</fielddescr>
- <fieldname>def_nntp_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define RLOGIN_PORTS</fielddescr>
- <fieldname>def_rlogin_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define RSH_PORTS</fielddescr>
- <fieldname>def_rsh_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- <field>
- <fielddescr>Define SSL_PORTS</fielddescr>
- <fieldname>def_ssl_ports</fieldname>
- <description>Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995.</description>
- <type>input</type>
- <size>43</size>
- <value></value>
- </field>
- </fields>
- <custom_php_deinstall_command>
- snort_define_servers();
- </custom_php_deinstall_command>
-</packagegui>
diff --git a/config/snort-old/snort_download_rules.php b/config/snort-old/snort_download_rules.php
deleted file mode 100644
index 9826ba2a..00000000
--- a/config/snort-old/snort_download_rules.php
+++ /dev/null
@@ -1,790 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich and Robert Zelaya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* Setup enviroment */
-$tmpfname = "/root/snort_rules_up";
-$snortdir = "/usr/local/etc/snort_bkup";
-$snortdir_wan = "/usr/local/etc/snort";
-$snort_filename_md5 = "snortrules-snapshot-2.8.tar.gz.md5";
-$snort_filename = "snortrules-snapshot-2.8.tar.gz";
-$emergingthreats_filename_md5 = "version.txt";
-$emergingthreats_filename = "emerging.rules.tar.gz";
-$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
-$pfsense_rules_filename = "pfsense_rules.tar.gz";
-
-require_once("guiconfig.inc");
-require_once("functions.inc");
-require_once("service-utils.inc");
-require("/usr/local/pkg/snort.inc");
-
-$pgtitle = "Services: Snort: Update Rules";
-
-include("/usr/local/www/head.inc");
-
-?>
-
-<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php include("/usr/local/www/fbegin.inc"); ?>
-
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
-?>
-
-<form action="snort_download_rules.php" method="post">
-<div id="inputerrors"></div>
-
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), true, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td align="center" valign="top">
- <!-- progress bar -->
- <table id="progholder" width='420' style='border-collapse: collapse; border: 1px solid #000000;' cellpadding='2' cellspacing='2'>
- <tr>
- <td>
- <img border='0' src='./themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif' width='280' height='23' name='progressbar' id='progressbar' alt='' />
- </td>
- </tr>
- </table>
- <br />
- <!-- status box -->
- <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
- <?=gettext("Initializing...");?>
- </textarea>
- <!-- command output box -->
- <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
- </textarea>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-</form>
-
-<?php include("fend.inc");?>
-
-<?php
-
-
-/* Begin main code */
-/* Set user agent to Mozilla */
-ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
-ini_set("memory_limit","125M");
-
-/* send current buffer */
-ob_flush();
-
-/* define oinkid */
-if($config['installedpackages']['snort'])
- $oinkid = $config['installedpackages']['snort']['config'][0]['oinkmastercode'];
-
-/* if missing oinkid exit */
-if(!$oinkid) {
- $static_output = gettext("You must obtain an oinkid from snort.org and set its value in the Snort settings tab.");
- update_all_status($static_output);
- hide_progress_bar_status();
- exit;
-}
-
-/* premium_subscriber check */
-//unset($config['installedpackages']['snort']['config'][0]['subscriber']);
-//write_config(); // Will cause switch back to read-only on nanobsd
-//conf_mount_rw(); // Uncomment this if the previous line is uncommented
-
-$premium_subscriber_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-
-if ($premium_subscriber_chk === on) {
- $premium_subscriber = "_s";
-}else{
- $premium_subscriber = "";
-}
-
-$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-if ($premium_url_chk === on) {
- $premium_url = "sub-rules";
-}else{
- $premium_url = "reg-rules";
-}
-
-/* hide progress bar */
-hide_progress_bar_status();
-
-/* send current buffer */
-ob_flush();
-
-conf_mount_rw();
-
-/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}")) {
- update_status(gettext("Removing old tmp files..."));
- exec("/bin/rm -r {$tmpfname}");
- apc_clear_cache();
-}
-
-/* Make shure snortdir exits */
-exec("/bin/mkdir -p {$snortdir}");
-exec("/bin/mkdir -p {$snortdir}/rules");
-exec("/bin/mkdir -p {$snortdir}/signatures");
-
-/* send current buffer */
-ob_flush();
-
-/* If tmp dir does not exist create it */
-if (file_exists($tmpfname)) {
- update_status(gettext("The directory tmp exists..."));
-} else {
- mkdir("{$tmpfname}", 700);
-}
-
-/* unhide progress bar and lets end this party */
-unhide_progress_bar_status();
-
-/* download md5 sig from snort.org */
-if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
- update_status(gettext("md5 temp file exists..."));
-} else {
- update_status(gettext("Downloading md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5?oink_code={$oinkid}");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz.md5");
- $f = fopen("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done. downloading md5"));
-}
-
-/* download md5 sig from emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
-if ($emergingthreats_url_chk == on) {
- update_status(gettext("Downloading md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.emergingthreats.net/version.txt");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $f = fopen("{$tmpfname}/version.txt", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done. downloading md5"));
-}
-
-/* download md5 sig from pfsense.org */
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
- update_status(gettext("md5 temp file exists..."));
-} else {
- update_status(gettext("Downloading pfsense md5 file..."));
- ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
- $image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
-// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
- $f = fopen("{$tmpfname}/pfsense_rules.tar.gz.md5", 'w');
- fwrite($f, $image);
- fclose($f);
- update_status(gettext("Done. downloading md5"));
-}
-
-/* Time stamps define */
-$last_md5_download = $config['installedpackages']['snort']['last_md5_download'];
-$last_rules_install = $config['installedpackages']['snort']['last_rules_install'];
-
-/* If md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/snortrules-snapshot-2.8.tar.gz.md5")){
- update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
- hide_progress_bar_status();
- /* Display last time of sucsessful md5 check from cache */
- echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
- echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
- echo "\n\n</body>\n</html>\n";
- exit(0);
-}
-
-/* If emergingthreats md5 file is empty wait 15min exit not needed */
-
-/* If pfsense md5 file is empty wait 15min exit */
-if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
- update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
- update_output_window(gettext("Rules are released to support Pfsense packages."));
- hide_progress_bar_status();
- /* Display last time of sucsessful md5 check from cache */
- echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
- echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
- echo "\n\n</body>\n</html>\n";
- exit(0);
-}
-
-/* Check if were up to date snort.org */
-if (file_exists("{$snortdir}/snortrules-snapshot-2.8.tar.gz.md5")){
-$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
-$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-/* Write out time of last sucsessful md5 to cache */
-$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
-write_config(); // Will cause switch back to read-only on nanobsd
-conf_mount_rw();
-if ($md5_check_new == $md5_check_old) {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now, check update."));
- hide_progress_bar_status();
- /* Timestamps to html */
- echo "\n<p align=center><b>You last checked for updates: </b>{$last_md5_download}</p>\n";
- echo "\n<p align=center><b>You last installed for rules: </b>{$last_rules_install}</p>\n";
-// echo "P is this code {$premium_subscriber}";
- echo "\n\n</body>\n</html>\n";
- $snort_md5_check_ok = on;
- }
-}
-
-/* Check if were up to date emergingthreats.net */
-$emergingthreats_url_chk = $config['installedpackages']['snort']['config'][0]['emergingthreats'];
-if ($emergingthreats_url_chk == on) {
-if (file_exists("{$snortdir}/version.txt")){
-$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/version.txt");
-$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/version.txt");
-$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-/* Write out time of last sucsessful md5 to cache */
-$config['installedpackages']['snort']['last_md5_download'] = date("Y-M-jS-h:i-A");
-write_config(); // Will cause switch back to read-only on nanobsd
-conf_mount_rw();
-if ($emerg_md5_check_new == $emerg_md5_check_old) {
- update_status(gettext("Your emergingthreats rules are up to date..."));
- update_output_window(gettext("You may start Snort now, check update."));
- hide_progress_bar_status();
- $emerg_md5_check_chk_ok = on;
- }
- }
-}
-
-/* Check if were up to date pfsense.org */
-if (file_exists("{$snortdir}/$pfsense_rules_filename_md5")){
-$pfsense_md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
-$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
-$pfsense_md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
-if ($pfsense_md5_check_new == $pfsense_md5_check_old) {
- $pfsense_md5_check_ok = on;
- }
-}
-
-/* Make Clean Snort Directory emergingthreats not checked */
-if ($snort_md5_check_ok == on && $emergingthreats_url_chk != on) {
- update_status(gettext("Cleaning the snort Directory..."));
- update_output_window(gettext("removing..."));
- exec("/bin/rm {$snortdir}/rules/emerging*");
- exec("/bin/rm {$snortdir}/version.txt");
- exec("/bin/rm {$snortdir_wan}/rules/emerging*");
- exec("/bin/rm {$snortdir_wan}/version.txt");
- update_status(gettext("Done making cleaning emrg direcory."));
-}
-
-/* Check if were up to date exits */
-if ($snort_md5_check_ok == on && $emerg_md5_check_chk_ok == on && $pfsense_md5_check_ok == on) {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- exit(0);
-}
-
-if ($snort_md5_check_ok == on && $pfsense_md5_check_ok == on && $emergingthreats_url_chk != on) {
- update_status(gettext("Your rules are up to date..."));
- update_output_window(gettext("You may start Snort now..."));
- exit(0);
-}
-
-/* You are Not Up to date, always stop snort when updating rules for low end machines */;
-update_status(gettext("You are NOT up to date..."));
-update_output_window(gettext("Stopping Snort service..."));
-$chk_if_snort_up = exec("pgrep -x snort");
-if ($chk_if_snort_up != "") {
- exec("/usr/bin/touch /tmp/snort_download_halt.pid");
- stop_service("snort");
- sleep(2);
-}
-
-/* download snortrules file */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
-} else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Snort rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
-// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://dl.snort.org/{$premium_url}/snortrules-snapshot-2.8{$premium_subscriber}.tar.gz?oink_code={$oinkid}", $tmpfname . "/{$snort_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- if (150000 > filesize("{$tmpfname}/$snort_filename")){
- update_status(gettext("Error with the snort rules download..."));
- update_output_window(gettext("Snort rules file downloaded failed..."));
- exit(0);
- }
- }
-}
-
-/* download emergingthreats rules file */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- update_status(gettext("Emergingthreats tar file exists..."));
-} else {
- update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
-// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://www.emergingthreats.net/rules/emerging.rules.tar.gz", $tmpfname . "/{$emergingthreats_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading Emergingthreats rules file."));
- }
- }
- }
-
-/* download pfsense rules file */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Snortrule tar file exists..."));
-} else {
- unhide_progress_bar_status();
- update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
- update_output_window(gettext("May take 4 to 10 min..."));
-// download_file_with_progress_bar("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
- download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}", "read_body_firmware");
- update_all_status($static_output);
- update_status(gettext("Done downloading rules file."));
- }
-}
-
-/* Compair md5 sig to file sig */
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk == on) {
-//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
-//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md5 == $file_md5_ondisk) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// exit(0);
-// }
-//}
-
-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
-//if ($premium_url_chk != on) {
-//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
-//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
-// if ($md55 == $file_md5_ondisk2) {
-// update_status(gettext("Valid md5 checksum pass..."));
-//} else {
-// update_status(gettext("The downloaded file does not match the md5 file...Not P"));
-// update_output_window(gettext("Error md5 Mismatch..."));
-// exit(0);
-// }
-//}
-
-/* Untar snort rules file individually to help people with low system specs */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
- exec("`/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/*`");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/chat.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/dos.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/exploit.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/imap.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/misc.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/multimedia.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/netbios.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/nntp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/p2p.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/smtp.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/sql.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-client.rules/");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/web-misc.rules/");
- update_status(gettext("Done extracting Rules."));
-} else {
- update_status(gettext("The Download rules file missing..."));
- update_output_window(gettext("Error rules extracting failed..."));
- exit(0);
- }
-}
-
-/* Untar emergingthreats rules to tmp */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
- update_status(gettext("Extracting rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
- }
- }
-}
-
-/* Untar Pfsense rules to tmp */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
- update_status(gettext("Extracting Pfsense rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
- }
-}
-
-/* Untar snort signatures */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/{$snort_filename}")) {
-$signature_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['signatureinfo'];
-if ($premium_url_chk == on) {
- update_status(gettext("Extracting Signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- update_status(gettext("Done extracting Signatures."));
- }
- }
-}
-
-/* Make Clean Snort Directory */
-//if ($snort_md5_check_ok != on && $emerg_md5_check_chk_ok != on && $pfsense_md5_check_ok != on) {
-//if (file_exists("{$snortdir}/rules")) {
-// update_status(gettext("Cleaning the snort Directory..."));
-// update_output_window(gettext("removing..."));
-// exec("/bin/mkdir -p {$snortdir}");
-// exec("/bin/mkdir -p {$snortdir}/rules");
-// exec("/bin/mkdir -p {$snortdir}/signatures");
-// exec("/bin/rm {$snortdir}/*");
-// exec("/bin/rm {$snortdir}/rules/*");
-// exec("/bin/rm {$snortdir_wan}/*");
-// exec("/bin/rm {$snortdir_wan}/rules/*");
-
-// exec("/bin/rm /usr/local/lib/snort/dynamicrules/*");
-//} else {
-// update_status(gettext("Making Snort Directory..."));
-// update_output_window(gettext("should be fast..."));
-// exec("/bin/mkdir -p {$snortdir}");
-// exec("/bin/mkdir -p {$snortdir}/rules");
-// exec("/bin/rm {$snortdir_wan}/*");
-// exec("/bin/rm {$snortdir_wan}/rules/*");
-// exec("/bin/rm /usr/local/lib/snort/dynamicrules/\*");
-// update_status(gettext("Done making snort direcory."));
-// }
-//}
-
-/* Copy so_rules dir to snort lib dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
- update_status(gettext("Copying so_rules..."));
- update_output_window(gettext("May take a while..."));
- exec("`/bin/cp -f {$snortdir}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/* /usr/local/lib/snort/dynamicrules/`");
- exec("/bin/cp {$snortdir}/so_rules/bad-traffic.rules {$snortdir}/rules/bad-traffic.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/chat.rules {$snortdir}/rules/chat.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/dos.rules {$snortdir}/rules/dos.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/exploit.rules {$snortdir}/rules/exploit.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/imap.rules {$snortdir}/rules/imap.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/misc.rules {$snortdir}/rules/misc.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/multimedia.rules {$snortdir}/rules/multimedia.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/netbios.rules {$snortdir}/rules/netbios.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/nntp.rules {$snortdir}/rules/nntp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/p2p.rules {$snortdir}/rules/p2p.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/smtp.rules {$snortdir}/rules/smtp.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/sql.rules {$snortdir}/rules/sql.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web-client.rules {$snortdir}/rules/web-client.so.rules");
- exec("/bin/cp {$snortdir}/so_rules/web.misc.rules {$snortdir}/rules/web.misc.so.rules");
- exec("/bin/rm -r {$snortdir}/so_rules");
- update_status(gettext("Done copying so_rules."));
-} else {
- update_status(gettext("Directory so_rules does not exist..."));
- update_output_window(gettext("Error copying so_rules..."));
- exit(0);
- }
-}
-
-/* enable disable setting will carry over with updates */
-/* TODO carry signature changes with the updates */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
-
-if (!empty($config['installedpackages']['snort']['rule_sid_on'])) {
-$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on'];
-$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
-foreach($enabled_sid_on_array as $enabled_item_on)
-$selected_sid_on_sections .= "$enabled_item_on\n";
- }
-
-if (!empty($config['installedpackages']['snort']['rule_sid_off'])) {
-$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off'];
-$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
-foreach($enabled_sid_off_array as $enabled_item_off)
-$selected_sid_off_sections .= "$enabled_item_off\n";
- }
-
-$snort_sid_text = <<<EOD
-
-###########################################
-# #
-# this is auto generated on snort updates #
-# #
-###########################################
-
-path = /bin:/usr/bin:/usr/local/bin
-
-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
-
-url = dir:///usr/local/etc/snort_bkup/rules
-
-$selected_sid_on_sections
-
-$selected_sid_off_sections
-
-EOD;
-
- /* open snort's threshold.conf for writing */
- $oinkmasterlist = fopen("/usr/local/etc/snort_bkup/oinkmaster.conf", "w");
-
- fwrite($oinkmasterlist, "$snort_sid_text");
-
- /* close snort's threshold.conf file */
- fclose($oinkmasterlist);
-
-}
-
-/* Copy configs to snort dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$snortdir}/etc/Makefile.am")) {
- update_status(gettext("Copying configs to snort directory..."));
- exec("/bin/cp {$snortdir}/etc/* {$snortdir}");
- exec("/bin/rm -r {$snortdir}/etc");
-
-} else {
- update_status(gettext("The snort config does not exist..."));
- update_output_window(gettext("Error copying config..."));
- exit(0);
- }
-}
-
-/* Copy md5 sig to snort dir */
-if ($snort_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$snort_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
-} else {
- update_status(gettext("The md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- exit(0);
- }
-}
-
-/* Copy emergingthreats md5 sig to snort dir */
-if ($emergingthreats_url_chk == on) {
-if ($emerg_md5_check_chk_ok != on) {
-if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) {
- update_status(gettext("Copying md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
-} else {
- update_status(gettext("The emergingthreats md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- exit(0);
- }
- }
-}
-
-/* Copy Pfsense md5 sig to snort dir */
-if ($pfsense_md5_check_ok != on) {
-if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
- update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
- exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
-} else {
- update_status(gettext("The Pfsense md5 file does not exist..."));
- update_output_window(gettext("Error copying config..."));
- exit(0);
- }
-}
-
-/* Copy signatures dir to snort dir */
-if ($snort_md5_check_ok != on) {
-$signature_info_chk = $config['installedpackages']['snort']['config'][0]['signatureinfo'];
-if ($premium_url_chk == on) {
-if (file_exists("{$snortdir}/doc/signatures")) {
- update_status(gettext("Copying signatures..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
- exec("/bin/rm -r {$snortdir}/doc/signatures");
- update_status(gettext("Done copying signatures."));
-} else {
- update_status(gettext("Directory signatures exist..."));
- update_output_window(gettext("Error copying signature..."));
- exit(0);
- }
- }
-}
-
-/* double make shure cleanup emerg rules that dont belong */
-if (file_exists("/usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules")) {
- apc_clear_cache();
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-botcc.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-compromised-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-drop-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-dshield-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-rbn-BLOCK.rules");
- exec("/bin/rm /usr/local/etc/snort_bkup/rules/emerging-tor-BLOCK.rules");
-}
-
-if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
- exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
-}
-
-/* create a msg-map for snort */
-update_status(gettext("Updating Alert Messages..."));
-update_output_window(gettext("Please Wait..."));
-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/sid-msg.map");
-
-/* Run oinkmaster to snort_wan and cp configs */
-/* If oinkmaster is not needed cp rules normally */
-/* TODO add per interface settings here */
-if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
-
- if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
- update_status(gettext("Your first set of rules are being copied..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
-
-} else {
- update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
- update_output_window(gettext("May take a while..."));
- exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
- exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
- exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
-
- /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
- /* might have to add a sleep for 3sec for flash drives or old drives */
- exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
- exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/##alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
- exec("/usr/local/bin/perl -pi -e 's/## alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
-
-
- }
-}
-
-/* remove old $tmpfname files */
-if (file_exists("{$tmpfname}")) {
- update_status(gettext("Cleaning up..."));
- exec("/bin/rm -r /root/snort_rules_up");
-// apc_clear_cache();
-}
-
-/* php code to flush out cache some people are reportting missing files this might help */
-sleep(2);
-apc_clear_cache();
-exec("/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync ;/bin/sync");
-
-/* if snort is running hardrestart, if snort is not running do nothing */
-if (file_exists("/tmp/snort_download_halt.pid")) {
- start_service("snort");
- update_status(gettext("The Rules update finished..."));
- update_output_window(gettext("Snort has restarted with your new set of rules..."));
- exec("/bin/rm /tmp/snort_download_halt.pid");
-} else {
- update_status(gettext("The Rules update finished..."));
- update_output_window(gettext("You may start snort now..."));
-}
-
-/* hide progress bar and lets end this party */
-hide_progress_bar_status();
-conf_mount_ro();
-?>
-
-<?php
-
-function read_body_firmware($ch, $string) {
- global $fout, $file_size, $downloaded, $counter, $version, $latest_version, $current_installed_pfsense_version;
- $length = strlen($string);
- $downloaded += intval($length);
- $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
- $downloadProgress = 100 - $downloadProgress;
- $a = $file_size;
- $b = $downloaded;
- $c = $downloadProgress;
- $text = " Snort download in progress\\n";
- $text .= "----------------------------------------------------\\n";
- $text .= " Downloaded : {$b}\\n";
- $text .= "----------------------------------------------------\\n";
- $counter++;
- if($counter > 150) {
- update_output_window($text);
- update_progress_bar($downloadProgress);
- flush();
- $counter = 0;
- }
- conf_mount_rw();
- fwrite($fout, $string);
- conf_mount_ro();
- return $length;
-}
-
-?>
-
-</body>
-</html>
diff --git a/config/snort-old/snort_dynamic_ip_reload.php b/config/snort-old/snort_dynamic_ip_reload.php
deleted file mode 100644
index 0fad085b..00000000
--- a/config/snort-old/snort_dynamic_ip_reload.php
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-
-/* $Id$ */
-/*
- snort_dynamic_ip_reload.php
- Copyright (C) 2006 Scott Ullrich and Robert Zeleya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* NOTE: this file gets included from the pfSense filter.inc plugin process */
-/* NOTE: file location /usr/local/pkg/pf, all files in pf dir get exec on filter reloads */
-
-require_once("/usr/local/pkg/snort.inc");
-require_once("service-utils.inc");
-require_once("config.inc");
-
-
-if($config['interfaces']['wan']['ipaddr'] == "pppoe" or
- $config['interfaces']['wan']['ipaddr'] == "dhcp") {
- create_snort_conf();
- exec("killall -HUP snort");
- /* define snortbarnyardlog_chk */
- $snortbarnyardlog_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog'];
- if ($snortbarnyardlog_info_chk == on)
- exec("killall -HUP barnyard2");
-}
-
-?> \ No newline at end of file
diff --git a/config/snort-old/snort_rules.php b/config/snort-old/snort_rules.php
deleted file mode 100644
index 94c99f0e..00000000
--- a/config/snort-old/snort_rules.php
+++ /dev/null
@@ -1,626 +0,0 @@
-<?php
-/* $Id$ */
-/*
- edit_snortrule.php
- Copyright (C) 2004, 2005 Scott Ullrich and Rober Zelaya
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-require("guiconfig.inc");
-require("config.inc");
-
-if(!is_dir("/usr/local/etc/snort/rules")) {
- conf_mount_rw();
- exec('mkdir /usr/local/etc/snort/rules/');
- conf_mount_ro();
-}
-
-/* Check if the rules dir is empy if so warn the user */
-/* TODO give the user the option to delete the installed rules rules */
-$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules');
-if ($isrulesfolderempty == "") {
-
-include("head.inc");
-include("fbegin.inc");
-
-echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-
-echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
-<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
-<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n";
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-
-echo "</td>\n
- </tr>\n
- <tr>\n
- <td>\n
- <div id=\"mainarea\">\n
- <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n
-# The rules directory is empty.\n
- </td>\n
- </tr>\n
- </table>\n
- </div>\n
- </td>\n
- </tr>\n
-</table>\n
-\n
-</form>\n
-\n
-<p>\n\n";
-
-echo "Please click on the Update Rules tab to install your selected rule sets.";
-include("fend.inc");
-
-echo "</body>";
-echo "</html>";
-
-exit(0);
-
-}
-
-function get_middle($source, $beginning, $ending, $init_pos) {
- $beginning_pos = strpos($source, $beginning, $init_pos);
- $middle_pos = $beginning_pos + strlen($beginning);
- $ending_pos = strpos($source, $ending, $beginning_pos);
- $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
- return $middle;
-}
-
-function write_rule_file($content_changed, $received_file)
-{
- conf_mount_rw();
-
- //read snort file with writing enabled
- $filehandle = fopen($received_file, "w");
-
- //delimiter for each new rule is a new line
- $delimiter = "\n";
-
- //implode the array back into a string for writing purposes
- $fullfile = implode($delimiter, $content_changed);
-
- //write data to file
- fwrite($filehandle, $fullfile);
-
- //close file handle
- fclose($filehandle);
-
- conf_mount_rw();
-}
-
-function load_rule_file($incoming_file)
-{
-
- //read snort file
- $filehandle = fopen($incoming_file, "r");
-
- //read file into string, and get filesize
- $contents = fread($filehandle, filesize($incoming_file));
-
- //close handler
- fclose ($filehandle);
-
- //string for populating category select
- $currentruleset = substr($file, 27);
-
- //delimiter for each new rule is a new line
- $delimiter = "\n";
-
- //split the contents of the string file into an array using the delimiter
- $splitcontents = explode($delimiter, $contents);
-
- return $splitcontents;
-
-}
-
-$ruledir = "/usr/local/etc/snort/rules/";
-$dh = opendir($ruledir);
-
-$message_reload = "The Snort rule configuration has been changed.<br>You must apply the changes in order for them to take effect.";
-
-while (false !== ($filename = readdir($dh)))
-{
- //only populate this array if its a rule file
- $isrulefile = strstr($filename, ".rules");
- if ($isrulefile !== false)
- {
- $files[] = $filename;
- }
-}
-
-sort($files);
-
-if ($_GET['openruleset'])
-{
- $file = $_GET['openruleset'];
-}
-else
-{
- $file = $ruledir.$files[0];
-
-}
-
-//Load the rule file
-$splitcontents = load_rule_file($file);
-
-if ($_POST)
-{
- if (!$_POST['apply']) {
- //retrieve POST data
- $post_lineid = $_POST['lineid'];
- $post_enabled = $_POST['enabled'];
- $post_src = $_POST['src'];
- $post_srcport = $_POST['srcport'];
- $post_dest = $_POST['dest'];
- $post_destport = $_POST['destport'];
-
- //clean up any white spaces insert by accident
- $post_src = str_replace(" ", "", $post_src);
- $post_srcport = str_replace(" ", "", $post_srcport);
- $post_dest = str_replace(" ", "", $post_dest);
- $post_destport = str_replace(" ", "", $post_destport);
-
- //copy rule contents from array into string
- $tempstring = $splitcontents[$post_lineid];
-
- //search string
- $findme = "# alert"; //find string for disabled alerts
-
- //find if alert is disabled
- $disabled = strstr($tempstring, $findme);
-
- //if find alert is false, then rule is disabled
- if ($disabled !== false)
- {
- //has rule been enabled
- if ($post_enabled == "yes")
- {
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("# alert", "alert", $tempstring);
- $counter2 = 1;
- }
- else
- {
- //rule is staying disabled
- $counter2 = 2;
- }
- }
- else
- {
- //has rule been disabled
- if ($post_enabled != "yes")
- {
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("alert", "# alert", $tempstring);
- $counter2 = 2;
- }
- else
- {
- //rule is staying enabled
- $counter2 = 1;
- }
- }
-
- //explode rule contents into an array, (delimiter is space)
- $rule_content = explode(' ', $tempstring);
-
- //insert new values
- $counter2++;
- $rule_content[$counter2] = $post_src;//source location
- $counter2++;
- $rule_content[$counter2] = $post_srcport;//source port location
- $counter2 = $counter2+2;
- $rule_content[$counter2] = $post_dest;//destination location
- $counter2++;
- $rule_content[$counter2] = $post_destport;//destination port location
-
- //implode the array back into string
- $tempstring = implode(' ', $rule_content);
-
- //copy string into file array for writing
- $splitcontents[$post_lineid] = $tempstring;
-
- //write the new .rules file
- write_rule_file($splitcontents, $file);
-
- //once file has been written, reload file
- $splitcontents = load_rule_file($file);
-
- $stopMsg = true;
- }
-
- if ($_POST['apply']) {
-// stop_service("snort");
-// sleep(2);
-// start_service("snort");
- $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab.";
- $stopMsg = false;
- }
-
-}
-else if ($_GET['act'] == "toggle")
-{
- $toggleid = $_GET['id'];
-
- //copy rule contents from array into string
- $tempstring = $splitcontents[$toggleid];
-
- //explode rule contents into an array, (delimiter is space)
- $rule_content = explode(' ', $tempstring);
-
- //search string
- $findme = "# alert"; //find string for disabled alerts
-
- //find if alert is disabled
- $disabled = strstr($tempstring, $findme);
-
- //if find alert is false, then rule is disabled
- if ($disabled !== false)
- {
- //rule has been enabled
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("# alert", "alert", $tempstring);
-
- }
- else
- {
- //has rule been disabled
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("alert", "# alert", $tempstring);
-
- }
-
- //copy string into array for writing
- $splitcontents[$toggleid] = $tempstring;
-
- //write the new .rules file
- write_rule_file($splitcontents, $file);
-
- //once file has been written, reload file
- $splitcontents = load_rule_file($file);
-
- $stopMsg = true;
-
- //write disable/enable sid to config.xml
- if ($disabled == false) {
- $string_sid = strstr($tempstring, 'sid:');
- $sid_pieces = explode(";", $string_sid);
- $sid_off_cut = $sid_pieces[0];
- // sid being turned off
- $sid_off = str_replace("sid:", "", $sid_off_cut);
- // rule_sid_on registers
- $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on'];
- // if off sid is the same as on sid remove it
- $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces");
- // write the replace sid back as empty
- $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old;
- // rule sid off registers
- $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off'];
- // if off sid is the same as off sid remove it
- $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces");
- // write the replace sid back as empty
- $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old;
- // add sid off registers to new off sid
- $config['installedpackages']['snort']['rule_sid_off'] = "||disablesid $sid_off" . $config['installedpackages']['snort']['rule_sid_off'];
- write_config();
- }
- else
- {
- $string_sid = strstr($tempstring, 'sid:');
- $sid_pieces = explode(";", $string_sid);
- $sid_on_cut = $sid_pieces[0];
- // sid being turned off
- $sid_on = str_replace("sid:", "", $sid_on_cut);
- // rule_sid_off registers
- $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off'];
- // if off sid is the same as on sid remove it
- $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces");
- // write the replace sid back as empty
- $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old;
- // rule sid on registers
- $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on'];
- // if on sid is the same as on sid remove it
- $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces");
- // write the replace sid back as empty
- $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old;
- // add sid on registers to new on sid
- $config['installedpackages']['snort']['rule_sid_on'] = "||enablesid $sid_on" . $config['installedpackages']['snort']['rule_sid_on'];
- write_config();
- }
-
-}
-
-
-$pgtitle = "Snort: Rules";
-require("guiconfig.inc");
-include("head.inc");
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
-?>
-<form action="snort_rules.php" method="post" name="iform" id="iform">
-<?php if ($savemsg){print_info_box($savemsg);} else if ($stopMsg){print_info_box_np($message_reload);}?>
-<br>
-</form>
-<script type="text/javascript" language="javascript" src="row_toggle.js">
- <script src="/javascript/sorttable.js" type="text/javascript">
-</script>
-
-<script language="javascript" type="text/javascript">
-<!--
-function go()
-{
- var agt=navigator.userAgent.toLowerCase();
- if (agt.indexOf("msie") != -1) {
- box = document.forms.selectbox;
- } else {
- box = document.forms[1].selectbox;
- }
- destination = box.options[box.selectedIndex].value;
- if (destination)
- location.href = destination;
-}
-// -->
-</script>
-
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="3%" class="list">&nbsp;</td>
- <td width="5%" class="listhdr">SID</td>
- <td width="6%" class="listhdrr">Proto</td>
- <td width="15%" class="listhdrr">Source</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="15%" class="listhdrr">Destination</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="32%" class="listhdrr">Message</td>
-
- </tr>
- <tr>
- <?php
-
- echo "<br>Category: ";
-
- //string for populating category select
- $currentruleset = substr($file, 27);
- ?>
- <form name="forms">
- <select name="selectbox" class="formfld" onChange="go()">
- <?php
- $i=0;
- foreach ($files as $value)
- {
- $selectedruleset = "";
- if ($files[$i] === $currentruleset)
- $selectedruleset = "selected";
- ?>
- <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>"
- <?php
- $i++;
-
- }
- ?>
- </select>
- </form>
- </tr>
- <?php
-
- $counter = 0;
- $printcounter = 0;
-
- foreach ( $splitcontents as $value )
- {
-
- $counter++;
- $disabled = "False";
- $comments = "False";
-
- $tempstring = $splitcontents[$counter];
- $findme = "# alert"; //find string for disabled alerts
-
- //find alert
- $disabled_pos = strstr($tempstring, $findme);
-
-
- //do soemthing, this rule is enabled
- $counter2 = 1;
-
- //retrieve sid value
- $sid = get_middle($tempstring, 'sid:', ';', 0);
-
- //check to see if the sid is numberical
- $is_sid_num = is_numeric($sid);
-
- //if SID is numerical, proceed
- if ($is_sid_num)
- {
-
- //if find alert is false, then rule is disabled
- if ($disabled_pos !== false){
- $counter2 = $counter2+1;
- $textss = "<span class=\"gray\">";
- $textse = "</span>";
- $iconb = "icon_block_d.gif";
- }
- else
- {
- $textss = $textse = "";
- $iconb = "icon_block.gif";
- }
-
- $rule_content = explode(' ', $tempstring);
-
- $protocol = $rule_content[$counter2];//protocol location
- $counter2++;
- $source = $rule_content[$counter2];//source location
- $counter2++;
- $source_port = $rule_content[$counter2];//source port location
- $counter2 = $counter2+2;
- $destination = $rule_content[$counter2];//destination location
- $counter2++;
- $destination_port = $rule_content[$counter2];//destination port location
-
- $message = get_middle($tempstring, 'msg:"', '";', 0);
-
- echo "<tr>";
- echo "<td class=\"listt\">";
- echo $textss;
- ?>
- <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
- <?php
- echo $textse;
- echo "</td>";
-
-
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $sid;
- echo $textse;
- echo "</td>";
-
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $protocol;
- $printcounter++;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $source;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $source_port;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $destination;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $destination_port;
- echo $textse;
- echo "</td>";
- ?>
- <td class="listbg"><font color="white">
- <?php
- echo $textss;
- echo $message;
- echo $textse;
- echo "</td>";
- ?>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- <?php
- }
- }
- echo " ";
- echo "There are ";
- echo $printcounter;
- echo " rules in this category. <br><br>";
- ?>
- </table>
- </td>
- </tr>
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
- <td>Rule Enabled</td>
- </tr>
- <tr>
- <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
- <td nowrap>Rule Disabled</td>
-
-
- </tr>
- <tr>
- <td colspan="10">
- <p>
- <!--<strong><span class="red">Warning:<br>
- </span></strong>Editing these r</p>-->
- </td>
- </tr>
- </table>
- </table>
-
- </td>
- </tr>
-</table>
-
-
-<?php include("fend.inc"); ?>
-</div></body>
-</html> \ No newline at end of file
diff --git a/config/snort-old/snort_rules_edit.php b/config/snort-old/snort_rules_edit.php
deleted file mode 100644
index cbabce73..00000000
--- a/config/snort-old/snort_rules_edit.php
+++ /dev/null
@@ -1,207 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_rules_edit.php
- Copyright (C) 2004, 2005 Scott Ullrich
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-function get_middle($source, $beginning, $ending, $init_pos) {
- $beginning_pos = strpos($source, $beginning, $init_pos);
- $middle_pos = $beginning_pos + strlen($beginning);
- $ending_pos = strpos($source, $ending, $beginning_pos);
- $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
- return $middle;
-}
-
-
-$file = $_GET['openruleset'];
-
-//read snort file
-$filehandle = fopen($file, "r");
-
-//get rule id
-$lineid = $_GET['id'];
-
-//read file into string, and get filesize
-$contents = fread($filehandle, filesize($file));
-
-//close handler
-fclose ($filehandle);
-
-//delimiter for each new rule is a new line
-$delimiter = "\n";
-
-//split the contents of the string file into an array using the delimiter
-$splitcontents = explode($delimiter, $contents);
-
-//copy rule contents from array into string
-$tempstring = $splitcontents[$lineid];
-
-//explode rule contents into an array, (delimiter is space)
-$rule_content = explode(' ', $tempstring);
-
-//search string
-$findme = "# alert"; //find string for disabled alerts
-
-//find if alert is disabled
-$disabled = strstr($tempstring, $findme);
-
-//get sid
-$sid = get_middle($tempstring, 'sid:', ';', 0);
-
-
-//if find alert is false, then rule is disabled
-if ($disabled !== false)
-{
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $counter2 = 2;
-}
-else
-{
- $counter2 = 1;
-}
-
-
-$protocol = $rule_content[$counter2];//protocol location
-$counter2++;
-$source = $rule_content[$counter2];//source location
-$counter2++;
-$source_port = $rule_content[$counter2];//source port location
-$counter2++;
-$direction = $rule_content[$counter2];
-$counter2++;
-$destination = $rule_content[$counter2];//destination location
-$counter2++;
-$destination_port = $rule_content[$counter2];//destination port location
-$message = get_middle($tempstring, 'msg:"', '";', 0);
-
-$content = get_middle($tempstring, 'content:"', '";', 0);
-$classtype = get_middle($tempstring, 'classtype:', ';', 0);
-$revision = get_middle($tempstring, 'rev:', ';',0);
-
-$pgtitle = "Snort: Edit Rule";
-require("guiconfig.inc");
-include("head.inc");
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php include("fbegin.inc"); ?>
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
-?>
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <form action="snort_rules.php?openruleset=<?=$file;?>&id=<?=$lineid;?>" target="" method="post" name="editform" id="editform">
- <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td class="listhdr" width="10%">Enabled: </td>
- <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if ($disabled === false) echo "checked";?>></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">SID: </td>
- <td class="listlr" width="30%"><?php echo $sid; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Protocol: </td>
- <td class="listlr" width="30%"><?php echo $protocol; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Source: </td>
- <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo $source;?>"></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Source Port: </td>
- <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo $source_port;?>"></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Direction:</td>
- <td class="listlr" width="30%"><?php echo $direction;?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Destination:</td>
- <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo $destination;?>"></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Destination Port: </td>
- <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo $destination_port;?>"></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Message: </td>
- <td class="listlr" width="30%"><?php echo $message; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Content: </td>
- <td class="listlr" width="30%"><?php echo $content; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Classtype: </td>
- <td class="listlr" width="30%"><?php echo $classtype; ?></td>
- </tr>
- <tr>
- <td class="listhdr" width="10%">Revision: </td>
- <td class="listlr" width="30%"><?php echo $revision; ?></td>
- </tr>
- <tr><td>&nbsp</td></tr>
- <tr>
- <td><input name="lineid" type="hidden" value="<?=$lineid;?>"></td>
- <td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">&nbsp&nbsp&nbsp<input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td>
- </tr>
- </table>
- </form>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-
-<?php include("fend.inc"); ?>
-</div></body>
-</html> \ No newline at end of file
diff --git a/config/snort-old/snort_rulesets.php b/config/snort-old/snort_rulesets.php
deleted file mode 100644
index d839ae7a..00000000
--- a/config/snort-old/snort_rulesets.php
+++ /dev/null
@@ -1,230 +0,0 @@
-<?php
-/* $Id$ */
-/*
- snort_rulesets.php
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require("guiconfig.inc");
-require_once("service-utils.inc");
-require("/usr/local/pkg/snort.inc");
-
-if(!is_dir("/usr/local/etc/snort/rules")) {
- conf_mount_rw();
- exec('mkdir /usr/local/etc/snort/rules/');
- conf_mount_ro();
-}
-
-/* Check if the rules dir is empy if so warn the user */
-/* TODO give the user the option to delete the installed rules rules */
-$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules');
-if ($isrulesfolderempty == "") {
-
-include("head.inc");
-include("fbegin.inc");
-
-echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-
-echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
-<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
-<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n";
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-
-echo "</td>\n
- </tr>\n
- <tr>\n
- <td>\n
- <div id=\"mainarea\">\n
- <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n
-# The rules directory is empty.\n
- </td>\n
- </tr>\n
- </table>\n
- </div>\n
- </td>\n
- </tr>\n
-</table>\n
-\n
-</form>\n
-\n
-<p>\n\n";
-
-echo "Please click on the Update Rules tab to install your selected rule sets.";
-include("fend.inc");
-
-echo "</body>";
-echo "</html>";
-
-exit(0);
-
-}
-
-if($_POST) {
- $enabled_items = "";
- $isfirst = true;
- foreach($_POST['toenable'] as $toenable) {
- if(!$isfirst)
- $enabled_items .= "||";
- $enabled_items .= "{$toenable}";
- $isfirst = false;
- }
- $config['installedpackages']['snort']['rulesets'] = $enabled_items;
- write_config();
- stop_service("snort");
- create_snort_conf();
- sleep(2);
- start_service("snort");
- $savemsg = "The snort ruleset selections have been saved.";
-}
-
-$enabled_rulesets = $config['installedpackages']['snort']['rulesets'];
-if($enabled_rulesets)
- $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
-
-$pgtitle = "Snort: Categories";
-include("head.inc");
-
-?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<?php include("fbegin.inc"); ?>
-
-<?php
-if(!$pgtitle_output)
- echo "<p class=\"pgtitle\"><?=$pgtitle?></p>";
-?>
-
-<form action="snort_rulesets.php" method="post" name="iform" id="iform">
-<script src="/row_toggle.js" type="text/javascript"></script>
-<script src="/javascript/sorttable.js" type="text/javascript"></script>
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<table width="99%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
-<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
- $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
- $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
- $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
-?>
- </td>
- </tr>
- <tr>
- <td>
- <div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="5%" class="listhdrr">Enabled</td>
- <td class="listhdrr">Ruleset: Rules that end with "so.rules" are shared object rules.</td>
- <!-- <td class="listhdrr">Description</td> -->
- </tr>
-<?php
- $dir = "/usr/local/etc/snort/rules/";
- $dh = opendir($dir);
- while (false !== ($filename = readdir($dh))) {
- $files[] = $filename;
- }
- sort($files);
- foreach($files as $file) {
- if(!stristr($file, ".rules"))
- continue;
- echo "<tr>";
- echo "<td align=\"center\" valign=\"top\">";
- if(is_array($enabled_rulesets_array))
- if(in_array($file, $enabled_rulesets_array)) {
- $CHECKED = " checked=\"checked\"";
- } else {
- $CHECKED = "";
- }
- else
- $CHECKED = "";
- echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />";
- echo "</td>";
- echo "<td>";
- echo "<a href='snort_rules.php?openruleset=/usr/local/etc/snort/rules/" . urlencode($file) . "'>{$file}</a>";
- echo "</td>";
- //echo "<td>";
- //echo "description";
- //echo "</td>";
- }
-
-?>
- </table>
- </td>
- </tr>
- <tr><td>&nbsp;</td></tr>
- <tr><td>Check the rulesets that you would like Snort to load at startup.</td></tr>
- <tr><td>&nbsp;</td></tr>
- <tr><td><input value="Save" type="submit" name="save" id="save" /></td></tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-
-</form>
-
-<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.
-
-<?php include("fend.inc"); ?>
-
-</body>
-</html>
-
-<?php
-
- function get_snort_rule_file_description($filename) {
- $filetext = file_get_contents($filename);
-
- }
-
-?> \ No newline at end of file
diff --git a/config/snort-old/snort_threshold.xml b/config/snort-old/snort_threshold.xml
deleted file mode 100644
index f9075d3d..00000000
--- a/config/snort-old/snort_threshold.xml
+++ /dev/null
@@ -1,129 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>snort-threshold</name>
- <version>0.1.0</version>
- <title>Snort: Alert Thresholding and Suppression</title>
- <include_file>/usr/local/pkg/snort.inc</include_file>
- <!-- Menu is where this packages menu will appear -->
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Update Rules</text>
- <url>/snort_download_rules.php</url>
- </tab>
- <tab>
- <text>Categories</text>
- <url>/snort_rulesets.php</url>
- </tab>
- <tab>
- <text>Rules</text>
- <url>/snort_rules.php</url>
- </tab>
- <tab>
- <text>Servers</text>
- <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Blocked</text>
- <url>/snort_blocked.php</url>
- </tab>
- <tab>
- <text>Whitelist</text>
- <url>/pkg.php?xml=snort_whitelist.xml</url>
- </tab>
- <tab>
- <text>Threshold</text>
- <url>/pkg.php?xml=snort_threshold.xml</url>
- <active/>
- </tab>
- <tab>
- <text>Alerts</text>
- <url>/snort_alerts.php</url>
- </tab>
- <tab>
- <text>Advanced</text>
- <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
- </tab>
- </tabs>
- <adddeleteeditpagefields>
- <columnitem>
- <fielddescr>Thresholding or Suppression Rule</fielddescr>
- <fieldname>threshrule</fieldname>
- </columnitem>
- <columnitem>
- <fielddescr>Description</fielddescr>
- <fieldname>description</fieldname>
- </columnitem>
- </adddeleteeditpagefields>
- <fields>
- <field>
- <fielddescr>Thresholding or Suppression Rule</fielddescr>
- <fieldname>threshrule</fieldname>
- <description>Enter the Rule. Example; "suppress gen_id 125, sig_id 4" or "threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60"</description>
- <type>input</type>
- <size>40</size>
- </field>
- <field>
- <fielddescr>Description</fielddescr>
- <fieldname>description</fieldname>
- <description>Enter the description for this item</description>
- <type>input</type>
- <size>60</size>
- </field>
- </fields>
- <custom_php_command_before_form>
- </custom_php_command_before_form>
- <custom_delete_php_command>
- </custom_delete_php_command>
- <custom_php_resync_config_command>
- create_snort_conf();
- </custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
diff --git a/config/snort-old/snort_whitelist.xml b/config/snort-old/snort_whitelist.xml
deleted file mode 100644
index 42769e4e..00000000
--- a/config/snort-old/snort_whitelist.xml
+++ /dev/null
@@ -1,129 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>snort-whitelist</name>
- <version>0.1.0</version>
- <title>Snort: Whitelist</title>
- <include_file>/usr/local/pkg/snort.inc</include_file>
- <!-- Menu is where this packages menu will appear -->
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=snort.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Update Rules</text>
- <url>/snort_download_rules.php</url>
- </tab>
- <tab>
- <text>Categories</text>
- <url>/snort_rulesets.php</url>
- </tab>
- <tab>
- <text>Rules</text>
- <url>/snort_rules.php</url>
- </tab>
- <tab>
- <text>Servers</text>
- <url>/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Blocked</text>
- <url>/snort_blocked.php</url>
- </tab>
- <tab>
- <text>Whitelist</text>
- <url>/pkg.php?xml=snort_whitelist.xml</url>
- <active/>
- </tab>
- <tab>
- <text>Threshold</text>
- <url>/pkg.php?xml=snort_threshold.xml</url>
- </tab>
- <tab>
- <text>Alerts</text>
- <url>/snort_alerts.php</url>
- </tab>
- <tab>
- <text>Advanced</text>
- <url>/pkg_edit.php?xml=snort_advanced.xml&amp;id=0</url>
- </tab>
- </tabs>
- <adddeleteeditpagefields>
- <columnitem>
- <fielddescr>Whitelisted IP</fielddescr>
- <fieldname>ip</fieldname>
- </columnitem>
- <columnitem>
- <fielddescr>Description</fielddescr>
- <fieldname>description</fieldname>
- </columnitem>
- </adddeleteeditpagefields>
- <fields>
- <field>
- <fielddescr>Whitelisted IP</fielddescr>
- <fieldname>ip</fieldname>
- <description>Enter the IP or network to whitelist from snort blocking. Network items should be expressed in CIDR notation. Example: 0.0.0.0/24 or 0.0.0.0/32</description>
- <type>input</type>
- <size>40</size>
- </field>
- <field>
- <fielddescr>Description</fielddescr>
- <fieldname>description</fieldname>
- <description>Enter the description for this item</description>
- <type>input</type>
- <size>60</size>
- </field>
- </fields>
- <custom_php_command_before_form>
- </custom_php_command_before_form>
- <custom_delete_php_command>
- </custom_delete_php_command>
- <custom_php_resync_config_command>
- create_snort_conf();
- </custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
diff --git a/config/snort-old/snort_xmlrpc_sync.php b/config/snort-old/snort_xmlrpc_sync.php
deleted file mode 100644
index db8b3f3e..00000000
--- a/config/snort-old/snort_xmlrpc_sync.php
+++ /dev/null
@@ -1,114 +0,0 @@
-<?php
-
-/* $Id$ */
-/*
- snort_xmlrpc_sync.php
- Copyright (C) 2006 Scott Ullrich
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* NOTE: this file gets included from the pfSense filter.inc plugin process */
-
-require_once("/usr/local/pkg/snort.inc");
-require_once("service-utils.inc");
-
-if(!$config) {
- log_error("\$config is not enabled!!");
-} else {
- if(!$g['booting'])
- snort_do_xmlrpc_sync();
-}
-
-function snort_do_xmlrpc_sync() {
-
- return; /* need to fix the bug which whipes out carp sync settings, etc */
-
- global $config, $g;
- $syncxmlrpc = $config['installedpackages']['snort']['config'][0]['syncxmlrpc'];
- /* option enabled? */
- if(!$syncxmlrpc)
- return;
-
- $carp = &$config['installedpackages']['carpsettings']['config'][0];
- $password = $carp['password'];
-
- if(!$carp['synchronizetoip'])
- return;
-
- log_error("[SNORT] snort_xmlrpc_sync.php is starting.");
- $xmlrpc_sync_neighbor = $carp['synchronizetoip'];
- if($config['system']['webgui']['protocol'] != "") {
- $synchronizetoip = $config['system']['webgui']['protocol'];
- $synchronizetoip .= "://";
- }
- $port = $config['system']['webgui']['port'];
- /* if port is empty lets rely on the protocol selection */
- if($port == "") {
- if($config['system']['webgui']['protocol'] == "http") {
- $port = "80";
- } else {
- $port = "443";
- }
- }
- $synchronizetoip .= $carp['synchronizetoip'];
-
- /* xml will hold the sections to sync */
- $xml = array();
- $xml['installedpackages']['snort'] = &$config['installedpackages']['snort'];
- $xml['installedpackages']['snortwhitelist'] = &$config['installedpackages']['snortwhitelist'];
-
- /* assemble xmlrpc payload */
- $params = array(
- XML_RPC_encode($password),
- XML_RPC_encode($xml)
- );
-
- /* set a few variables needed for sync code borrowed from filter.inc */
- $url = $synchronizetoip;
- $method = 'pfsense.restore_config_section';
-
- /* Sync! */
- log_error("Beginning Snort XMLRPC sync to {$url}:{$port}.");
- $msg = new XML_RPC_Message($method, $params);
- $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- if($g['debug'])
- $cli->setDebug(1);
- /* send our XMLRPC message and timeout after 240 seconds */
- $resp = $cli->send($msg, "999");
- if(!$resp) {
- $error = "A communications error occured while attempting Snort XMLRPC sync with {$url}:{$port}.";
- log_error($error);
- file_notice("sync_settings", $error, "Snort Settings Sync", "");
- } elseif($resp->faultCode()) {
- $error = "An error code was received while attempting Snort XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
- log_error($error);
- file_notice("sync_settings", $error, "Snort Settings Sync", "");
- } else {
- log_error("Snort XMLRPC sync successfully completed with {$url}:{$port}.");
- }
- log_error("[SNORT] snort_xmlrpc_sync.php is ending.");
-}
-
-?> \ No newline at end of file
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 847a0dba..c0c5756c 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -51,11 +51,13 @@ $snortver = array();
exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
$snort_version = $snortver[0];
if (empty($snort_version))
- $snort_version = "2.9.5.6";
+ $snort_version = "2.9.6.0";
-/* package version */
-$pfSense_snort_version = "3.0.4";
-$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}";
+/* Used to indicate latest version of this include file has been loaded */
+$pfSense_snort_version = "3.0.8";
+
+/* get installed package version for display */
+$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}";
// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version
$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
@@ -81,6 +83,7 @@ define("VRT_FILE_PREFIX", "snort_");
define("GPL_FILE_PREFIX", "GPLv2_");
define("ET_OPEN_FILE_PREFIX", "emerging-");
define("ET_PRO_FILE_PREFIX", "etpro-");
+define("IPREP_PATH", "/var/db/snort/iprep/");
/* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */
$rebuild_rules = false;
@@ -498,21 +501,18 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
return $valresult;
}
-/* checks to see if service is running yes/no and stop/start */
+/* checks to see if service is running */
function snort_is_running($snort_uuid, $if_real, $type = 'snort') {
global $config, $g;
- if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid"))
- return 'yes';
-
- return 'no';
+ return isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid");
}
function snort_barnyard_stop($snortcfg, $if_real) {
global $config, $g;
$snort_uuid = $snortcfg['uuid'];
- if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Barnyard2 STOP for {$snortcfg['descr']}({$if_real})...");
killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
}
@@ -522,7 +522,7 @@ function snort_stop($snortcfg, $if_real) {
global $config, $g;
$snort_uuid = $snortcfg['uuid'];
- if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Snort STOP for {$snortcfg['descr']}({$if_real})...");
killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
}
@@ -534,12 +534,13 @@ function snort_barnyard_start($snortcfg, $if_real) {
global $config, $g;
$snortdir = SNORTDIR;
+ $snortlogdir = SNORTLOGDIR;
$snort_uuid = $snortcfg['uuid'];
/* define snortbarnyardlog_chk */
- if ($snortcfg['barnyard_enable'] == 'on' && !empty($snortcfg['barnyard_mysql'])) {
+ if ($snortcfg['barnyard_enable'] == 'on') {
log_error("[Snort] Barnyard2 START for {$snortcfg['descr']}({$if_real})...");
- exec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q");
+ mwexec("/usr/local/bin/barnyard2 -r {$snort_uuid} -f \"snort_{$snort_uuid}_{$if_real}.u2\" --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q");
}
}
@@ -547,11 +548,12 @@ function snort_start($snortcfg, $if_real) {
global $config, $g;
$snortdir = SNORTDIR;
+ $snortlogdir = SNORTLOGDIR;
$snort_uuid = $snortcfg['uuid'];
if ($snortcfg['enable'] == 'on') {
log_error("[Snort] Snort START for {$snortcfg['descr']}({$if_real})...");
- exec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
+ mwexec("/usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}");
}
else
return;
@@ -575,64 +577,44 @@ function snort_reload_config($snortcfg, $signal="SIGHUP") {
$snortdir = SNORTDIR;
$snort_uuid = $snortcfg['uuid'];
- $if_real = snort_get_real_interface($snortcfg['interface']);
+ $if_real = get_real_interface($snortcfg['interface']);
/******************************************************/
/* Only send the SIGHUP if Snort is running and we */
/* can find a valid PID for the process. */
/******************************************************/
- if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
log_error("[Snort] Snort RELOAD CONFIG for {$snortcfg['descr']} ({$if_real})...");
- exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid 2>&1 &");
+ mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid");
}
}
-function snort_get_friendly_interface($interface) {
+function snort_barnyard_reload_config($snortcfg, $signal="HUP") {
- if (function_exists('convert_friendly_interface_to_friendly_descr'))
- $iface = convert_friendly_interface_to_friendly_descr($interface);
- else {
- if (!$interface || ($interface == "wan"))
- $iface = "WAN";
- else if(strtolower($interface) == "lan")
- $iface = "LAN";
- else if(strtolower($interface) == "pppoe")
- $iface = "PPPoE";
- else if(strtolower($interface) == "pptp")
- $iface = "PPTP";
- else
- $iface = strtoupper($interface);
- }
-
- return $iface;
-}
-
-/* get the real iface name of wan */
-function snort_get_real_interface($interface) {
- global $config;
+ /**************************************************************/
+ /* This function sends the passed SIGNAL to the Barnyard2 */
+ /* instance on the passed interface to cause Barnyard to */
+ /* reload and parse the running configuration without */
+ /* impacting packet processing. It also executes the reload */
+ /* as a background process and returns control immediately */
+ /* to the caller. */
+ /* */
+ /* $signal = HUP (default) parses and reloads config. */
+ /**************************************************************/
+ global $g;
- $lc_interface = strtolower($interface);
- if (function_exists('get_real_interface'))
- return get_real_interface($lc_interface);
- else {
- if ($lc_interface == "lan") {
- if ($config['inerfaces']['lan'])
- return $config['interfaces']['lan']['if'];
- return $interface;
- }
- if ($lc_interface == "wan")
- return $config['interfaces']['wan']['if'];
- $ifdescrs = array();
- for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
- $ifname = "opt{$j}";
- if(strtolower($ifname) == $lc_interface)
- return $config['interfaces'][$ifname]['if'];
- if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface))
- return $config['interfaces'][$ifname]['if'];
- }
- }
+ $snortdir = SNORTDIR;
+ $snort_uuid = $snortcfg['uuid'];
+ $if_real = get_real_interface($snortcfg['interface']);
- return $interface;
+ /******************************************************/
+ /* Only send the SIGHUP if Barnyard2 is running and */
+ /* we can find a valid PID for the process. */
+ /******************************************************/
+ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) {
+ log_error("[Snort] Barnyard2 CONFIG RELOAD initiated for {$snortcfg['descr']} ({$if_real})...");
+ mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid");
+ }
}
/*
@@ -650,7 +632,7 @@ function snort_post_delete_logs($snort_uuid = 0) {
foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
if ($value['uuid'] != $snort_uuid)
continue;
- $if_real = snort_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
$snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
if ($if_real != '') {
@@ -661,18 +643,14 @@ function snort_post_delete_logs($snort_uuid = 0) {
@unlink($file);
/* Clean-up packet capture files if any exist */
- $filelist = glob("{$snort_log_dir}/snort.log.*");
- foreach ($filelist as $file)
- @unlink($file);
+ unlink_if_exists("{$snort_log_dir}/snort.log.*");
- /* Clean-up stats files if they are enabled */
- if ($value['perform_stat'] == 'on') {
- $fd = fopen("{$snort_log_dir}/{$if_real}.stats", "w");
- if ($fd) {
- ftruncate($fd, 0);
- fclose($fd);
- }
- }
+ /* Clean-up Barnyard2 archived files if any exist */
+ unlink_if_exists("{$snort_log_dir}/barnyard2/archive/*");
+
+ /* Clean-up stats file if enabled */
+ if ($value['perform_stat'] == 'on')
+ @file_put_contents("{$snort_log_dir}/{$if_real}.stats", "");
}
}
}
@@ -686,62 +664,16 @@ function snort_Getdirsize($node) {
return substr( $blah, 0, strpos($blah, 9) );
}
-/* func for log dir size limit cron */
-function snort_snortloglimit_install_cron($should_install) {
- global $config, $g;
-
- if (!is_array($config['cron']['item']))
- $config['cron']['item'] = array();
+function snort_snortloglimit_install_cron($should_install=TRUE) {
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], 'snort_check_cron_misc.inc')) {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "*/5";
- $cron_item['hour'] = "*";
- $cron_item['mday'] = "*";
- $cron_item['month'] = "*";
- $cron_item['wday'] = "*";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc";
- $config['cron']['item'][] = $cron_item;
- }
- break;
- case false:
- if($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
- }
+ install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc", $should_install, "*/5");
}
-/* func for updating cron */
function snort_rm_blocked_install_cron($should_install) {
global $config, $g;
- if (!is_array($config['cron']['item']))
- $config['cron']['item'] = array();
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort2c")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
$snort_rm_blocked_info_ck = $config['installedpackages']['snortglobal']['rm_blocked'];
+
if ($snort_rm_blocked_info_ck == "15m_b") {
$snort_rm_blocked_min = "*/2";
$snort_rm_blocked_hr = "*";
@@ -822,27 +754,15 @@ function snort_rm_blocked_install_cron($should_install) {
$snort_rm_blocked_wday = "*";
$snort_rm_blocked_expire = "2419200";
}
- switch($should_install) {
- case true:
- $cron_item = array();
- $cron_item['minute'] = $snort_rm_blocked_min;
- $cron_item['hour'] = $snort_rm_blocked_hr;
- $cron_item['mday'] = $snort_rm_blocked_mday;
- $cron_item['month'] = $snort_rm_blocked_month;
- $cron_item['wday'] = $snort_rm_blocked_wday;
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
-
- /* Add cron job if not already installed, else just update the existing one */
- if (!$is_installed)
- $config['cron']['item'][] = $cron_item;
- elseif ($is_installed)
- $config['cron']['item'][$x] = $cron_item;
- break;
- case false:
- if ($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
+
+ // First remove any existing "expiretable" jobs for Snort.
+ install_cron_job("snort2c", false);
+
+ // Now either install the new or updated cron job,
+ // or return if "rm_blocked" is disabled
+ if ($should_install) {
+ $command = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
+ install_cron_job($command, $should_install, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root");
}
}
@@ -850,18 +770,6 @@ function snort_rm_blocked_install_cron($should_install) {
function snort_rules_up_install_cron($should_install) {
global $config, $g;
- if(!$config['cron']['item'])
- $config['cron']['item'] = array();
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "snort_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
$snort_rules_up_info_ck = $config['installedpackages']['snortglobal']['autorulesupdate7'];
/* See if a customized start time has been set for rule file updates */
@@ -924,28 +832,9 @@ function snort_rules_up_install_cron($should_install) {
$snort_rules_up_month = "*";
$snort_rules_up_wday = "*";
}
- switch($should_install) {
- case true:
- $cron_item = array();
- $cron_item['minute'] = $snort_rules_up_min;
- $cron_item['hour'] = $snort_rules_up_hr;
- $cron_item['mday'] = $snort_rules_up_mday;
- $cron_item['month'] = $snort_rules_up_month;
- $cron_item['wday'] = $snort_rules_up_wday;
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php";
-
- /* Add cron job if not already installed, else just update the existing one */
- if (!$is_installed)
- $config['cron']['item'][] = $cron_item;
- elseif ($is_installed)
- $config['cron']['item'][$x] = $cron_item;
- break;
- case false:
- if($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
- }
+
+ $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/snort/snort_check_for_rule_updates.php";
+ install_cron_job($command, $should_install, $snort_rules_up_min, $snort_rules_up_hr, $snort_rules_up_mday, $snort_rules_up_month, $snort_rules_up_wday, "root");
}
/* Only run when all ifaces needed to sync. Expects filesystem rw */
@@ -967,14 +856,14 @@ function sync_snort_package_config() {
$snortconf = $config['installedpackages']['snortglobal']['rule'];
foreach ($snortconf as $value) {
- $if_real = snort_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
/* create a snort.conf file for interface */
snort_generate_conf($value);
/* create barnyard2.conf file for interface */
if ($value['barnyard_enable'] == 'on')
- snort_create_barnyard2_conf($value, $if_real);
+ snort_generate_barnyard2_conf($value, $if_real);
}
/* create snort bootup file snort.sh only create once */
@@ -982,7 +871,7 @@ function sync_snort_package_config() {
$snortglob = $config['installedpackages']['snortglobal'];
- snort_snortloglimit_install_cron($snortglob['snortloglimit'] == 'on' ? true : false);
+ snort_snortloglimit_install_cron(true);
/* set the snort block hosts time IMPORTANT */
snort_rm_blocked_install_cron($snortglob['rm_blocked'] != "never_b" ? true : false);
@@ -1004,7 +893,19 @@ function snort_build_sid_msg_map($rules_path, $sid_file) {
/*************************************************************/
/* This function reads all the rules file in the passed */
/* $rules_path variable and produces a properly formatted */
- /* sid-msg.map file for use by Snort and/or barnyard2. */
+ /* sid-msg.map v2 file for use by Snort and/or barnyard2. */
+ /* */
+ /* This function produces the new v2 format sid-msg.map */
+ /* with the field layout as follows: */
+ /* */
+ /* GID || SID || REV || CLASSTYPE || PRI || MSG || REF ... */
+ /* */
+ /* On Entry: $rules_path --> array or directory of files */
+ /* or a single file containing */
+ /* the rules to read. */
+ /* $sid_file --> the complete destination path */
+ /* and filename for the output */
+ /* sid-msg.map file. */
/*************************************************************/
$sidMap = array();
@@ -1013,7 +914,7 @@ function snort_build_sid_msg_map($rules_path, $sid_file) {
/* First check if we were passed a directory, a single file */
/* or an array of filenames to read. Set our $rule_files */
/* variable accordingly. If we can't figure it out, return */
- /* and don't write a sid_msg_map file. */
+ /* and don't write a sid-msg.map file. */
if (is_string($rules_path)) {
if (is_dir($rules_path))
$rule_files = glob($rules_path . "*.rules");
@@ -1066,7 +967,11 @@ function snort_build_sid_msg_map($rules_path, $sid_file) {
$record = "";
/* Parse the rule to find sid and any references. */
+ $gid = '1'; // default to 1 for regular rules
$sid = '';
+ $rev = '';
+ $classtype = 'NOCLASS'; // required default for v2 format
+ $priority = '0'; // required default for v2 format
$msg = '';
$matches = '';
$sidEntry = '';
@@ -1074,23 +979,32 @@ function snort_build_sid_msg_map($rules_path, $sid_file) {
$msg = trim($matches[1]);
if (preg_match('/\bsid\s*:\s*(\d+)\s*;/i', $rule, $matches))
$sid = trim($matches[1]);
- if (!empty($sid) && !empty($msg)) {
- $sidEntry = $sid . ' || ' . $msg;
+ if (preg_match('/\bgid\s*:\s*(\d+)\s*;/i', $rule, $matches))
+ $gid = trim($matches[1]);
+ if (preg_match('/\brev\s*:\s*([^\;]+)/i', $rule, $matches))
+ $rev = trim($matches[1]);
+ if (preg_match('/\bclasstype\s*:\s*([^\;]+)/i', $rule, $matches))
+ $classtype = trim($matches[1]);
+ if (preg_match('/\bpriority\s*:\s*([^\;]+)/i', $rule, $matches))
+ $priority = trim($matches[1]);
+
+ if (!empty($gid) && !empty($sid) && !empty($msg)) {
+ $sidEntry = $gid . ' || ' . $sid . ' || ' . $rev . ' || ' . $classtype . ' || ';
+ $sidEntry .= $priority . ' || ' . $msg;
preg_match_all('/\breference\s*:\s*([^\;]+)/i', $rule, $matches);
foreach ($matches[1] as $ref)
$sidEntry .= " || " . trim($ref);
$sidEntry .= "\n";
- if (!is_array($sidMap[$sid]))
- $sidMap[$sid] = array();
- $sidMap[$sid] = $sidEntry;
+ $sidMap[] = $sidEntry;
}
}
}
- /* Sort the generated sid-msg map by sid */
- ksort($sidMap);
+ /* Sort the generated sid-msg map */
+ natcasesort($sidMap);
/* Now print the result to the supplied file */
- @file_put_contents($sid_file, array_values($sidMap));
+ @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Snort.\n\n");
+ @file_put_contents($sid_file, array_values($sidMap), FILE_APPEND);
}
function snort_merge_reference_configs($cfg_in, $cfg_out) {
@@ -1211,7 +1125,7 @@ function snort_load_rules_map($rules_path) {
* Read all the rules into the map array.
* The structure of the map array is:
*
- * map[gid][sid]['rule']['category']['disabled']['flowbits']
+ * map[gid][sid]['rule']['category']['disabled']['action']['flowbits']
*
* where:
* gid = Generator ID from rule, or 1 if general text
@@ -1221,6 +1135,7 @@ function snort_load_rules_map($rules_path) {
* category = File name of file containing the rule
* disabled = 1 if rule is disabled (commented out), 0 if
* rule is enabled
+ * action = alert|log|pass|drop|reject|sdrop
* flowbits = Array of applicable flowbits if rule contains
* flowbits options
***************************************************************/
@@ -1267,7 +1182,7 @@ function snort_load_rules_map($rules_path) {
/* Skip any non-rule lines unless we're in */
/* multiline mode. */
- if (!preg_match('/^\s*#*\s*(alert|drop|pass)/i', $rule) && !$b_Multiline)
+ if (!preg_match('/^\s*#*\s*(alert|log|pass|drop|reject|sdrop)/i', $rule) && !$b_Multiline)
continue;
/* Test for a multi-line rule; loop and reassemble */
@@ -1312,6 +1227,13 @@ function snort_load_rules_map($rules_path) {
else
$map_ref[$gid][$sid]['disabled'] = 0;
+ /* Grab the rule action (this is for a future option) */
+ $matches = array();
+ if (preg_match('/^\s*#*\s*(alert|log|pass|drop|reject|sdrop)/i', $rule, $matches))
+ $map_ref[$gid][$sid]['action'] = $matches[1];
+ else
+ $map_ref[$gid][$sid]['action'] = "";
+
/* Grab any associated flowbits from the rule. */
$map_ref[$gid][$sid]['flowbits'] = snort_get_flowbits($rule);
@@ -1715,7 +1637,7 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) {
/* If the $rule_map array is empty, then exit. */
if (empty($rule_map)) {
- file_put_contents($rule_file, "");
+ @file_put_contents($rule_file, "");
return;
}
@@ -1829,9 +1751,10 @@ function snort_create_rc() {
/* after any changes to snort.conf saved in the GUI. */
/*********************************************************/
- global $config, $g;
+ global $config, $g, $pfs_version;
$snortdir = SNORTDIR;
+ $snortlogdir = SNORTLOGDIR;
$rcdir = RCFILEPREFIX;
// If no interfaces are configured for Snort, exit
@@ -1845,36 +1768,37 @@ function snort_create_rc() {
$start_snort_iface_start = array();
$start_snort_iface_stop = array();
+ // If not using PBI package, then make sure Barnyard2 can
+ // find the latest MySQL shared libs in /usr/local/lib/mysql
+ if ($pfs_version < 2.1) {
+ $sql_lib_path = "\n# Ensure MySQL shared libs are in ldconfig search path\n";
+ $sql_lib_path .= "/sbin/ldconfig -m /usr/local/lib/mysql";
+ $start_snort_iface_start[] = $sql_lib_path;
+ }
+
// Loop thru each configured interface and build
// the shell script.
foreach ($snortconf as $value) {
+ // Skip disabled Snort interfaces
+ if ($value['enable'] <> 'on')
+ continue;
$snort_uuid = $value['uuid'];
- $if_real = snort_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
$start_barnyard = <<<EOE
if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
- pid=`/bin/pgrep -f "barnyard2 -r {$snort_uuid} "`
+ pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "`
else
pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid`
fi
if [ ! -z \$pid ]; then
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 STOP for {$value['descr']}({$snort_uuid}_{$if_real})..."
- /bin/pkill \$pid -a
- time=0 timeout=30
- while kill -0 \$pid 2>/dev/null; do
- sleep 1
- time=\$((time+1))
- if [ \$time -gt \$timeout ]; then
- break
- fi
- done
- if [ -f /var/run/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
- /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid
- fi
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /bin/pkill -HUP \$pid
+ else
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..."
+ /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d {$snortlogdir}/snort_{$if_real}{$snort_uuid} -D -q
fi
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Barnyard2 START for {$value['descr']}({$snort_uuid}_{$if_real})..."
- /usr/local/bin/barnyard2 -r {$snort_uuid} -f snort_{$snort_uuid}_{$if_real}.u2 --pid-path {$g['varrun_path']} --nolock-pidfile -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf -d /var/log/snort/snort_{$if_real}{$snort_uuid} -D -q
EOE;
$stop_barnyard2 = <<<EOE
@@ -1895,7 +1819,7 @@ EOE;
/bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid
fi
else
- pid=`/bin/pgrep -f "barnyard2 -r {$snort_uuid} "`
+ pid=`/bin/pgrep -fn "barnyard2 -r {$snort_uuid} "`
if [ ! -z \$pid ]; then
/bin/pkill -f "barnyard2 -r {$snort_uuid} "
time=0 timeout=30
@@ -1910,7 +1834,7 @@ EOE;
fi
EOE;
- if ($value['barnyard_enable'] == 'on' && !empty($value['barnyard_mysql']))
+ if ($value['barnyard_enable'] == 'on')
$start_barnyard2 = $start_barnyard;
else
$start_barnyard2 = $stop_barnyard2;
@@ -1920,7 +1844,7 @@ EOE;
###### For Each Iface
# Start snort and barnyard2
if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
- pid=`/bin/pgrep -f "snort -R {$snort_uuid} "`
+ pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "`
else
pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`
fi
@@ -1930,7 +1854,7 @@ EOE;
/bin/pkill -HUP \$pid
else
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..."
- /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+ /usr/local/bin/snort -R {$snort_uuid} -D -q -l {$snortlogdir}/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
fi
sleep 2
@@ -1956,10 +1880,10 @@ EOE;
/bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid
fi
else
- pid=`/bin/pgrep -f "snort -R {$snort_uuid} "`
+ pid=`/bin/pgrep -fn "snort -R {$snort_uuid} "`
if [ ! -z \$pid ]; then
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort STOP for {$value['descr']}({$snort_uuid}_{$if_real})..."
- /bin/pkill -f "snort -R {$snort_uuid} "
+ /bin/pkill -fn "snort -R {$snort_uuid} "
time=0 timeout=30
while kill -0 \$pid 2>/dev/null; do
sleep 1
@@ -2019,79 +1943,122 @@ EOD;
@chmod("{$rcdir}/snort.sh", 0755);
}
-/* open barnyard2.conf for writing */
-function snort_create_barnyard2_conf($snortcfg, $if_real) {
- global $config, $g;
-
- $snortdir = SNORTDIR;
- $snort_uuid = $snortcfg['uuid'];
-
- if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"))
- exec("/usr/bin/touch {$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf");
-
- if (!file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
- @touch("/var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo");
- mwexec("/bin/chmod 770 /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
- }
-
- $barnyard2_conf_text = snort_generate_barnyard2_conf($snortcfg, $if_real);
+function snort_generate_barnyard2_conf($snortcfg, $if_real) {
- /* write out barnyard2_conf */
- @file_put_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", $barnyard2_conf_text);
-}
+ /****************************************************/
+ /* This function creates the barnyard2.conf config */
+ /* file for the passed interface when Barnyard2 is */
+ /* enabled. */
+ /****************************************************/
-/* open barnyard2.conf for writing" */
-function snort_generate_barnyard2_conf($snortcfg, $if_real) {
global $config, $g;
- $snortdir = SNORTDIR;
$snort_uuid = $snortcfg['uuid'];
+ $snortdir = SNORTDIR;
+ $snortcfgdir = SNORTDIR . "/snort_{$snort_uuid}_{$if_real}";
+ $snortlogdir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
+
+ // Create required directories for barnyard2 if missing
+ if (!is_dir("{$snortlogdir}/barnyard2"))
+ safe_mkdir("{$snortlogdir}/barnyard2");
+ if (!is_dir("{$snortlogdir}/barnyard2/archive"))
+ safe_mkdir("{$snortlogdir}/barnyard2/archive");
+
+ // Create the barnyard2 waldo file if missing
+ if (!file_exists("{$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo")) {
+ @touch("{$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo");
+ mwexec("/bin/chmod 770 {$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo", true);
+ }
+
+ // If there is no gen-msg.map file present, create an
+ // empty one so Barnyard2 will at least start.
+ if (!file_exists("{$snortcfgdir}/gen-msg.map"))
+ @file_put_contents("{$snortcfgdir}/gen-msg.map", "");
+
+ $snortbarnyard_hostname_info = php_uname("n");
+
+ // Set general config parameters
+ $gen_configs = "config quiet\nconfig daemon\nconfig decode_data_link\nconfig alert_with_interface_name\nconfig event_cache_size: 8192";
+ if ($snortcfg['barnyard_show_year'] == 'on')
+ $gen_configs .= "\nconfig show_year";
+ if ($snortcfg['barnyard_obfuscate_ip'] == 'on')
+ $gen_configs .= "\nconfig obfuscate";
+ if ($snortcfg['barnyard_dump_payload'] == 'on')
+ $gen_configs .= "\nconfig dump_payload";
+ if ($snortcfg['barnyard_archive_enable'] == 'on')
+ $gen_configs .= "\nconfig archivedir: {$snortlogdir}/barnyard2/archive";
+
+ // Set output plugins
+ $snortbarnyardlog_output_plugins = "";
+ if ($snortcfg['barnyard_mysql_enable'] == 'on') {
+ $by2_dbpwd = base64_decode($snortcfg['barnyard_dbpwd']);
+ $snortbarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: log, mysql, ";
+ $snortbarnyardlog_output_plugins .= "user={$snortcfg['barnyard_dbuser']} password={$by2_dbpwd} ";
+ $snortbarnyardlog_output_plugins .= "dbname={$snortcfg['barnyard_dbname']} host={$snortcfg['barnyard_dbhost']}";
+ if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0)
+ $snortbarnyardlog_output_plugins .= " sensor_name={$snortcfg['barnyard_sensor_name']}";
+ if ($snortcfg['barnyard_disable_sig_ref_tbl'] == 'on')
+ $snortbarnyardlog_output_plugins .= " disable_signature_reference_table";
+ $snortbarnyardlog_output_plugins .= "\n\n";
+ }
+ if ($snortcfg['barnyard_syslog_enable'] == 'on') {
+ $snortbarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\noutput alert_syslog_full: ";
+ if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0)
+ $snortbarnyardlog_output_plugins .= "sensor_name {$snortcfg['barnyard_sensor_name']}, ";
+ else
+ $snortbarnyardlog_output_plugins .= "sensor_name {$snortbarnyard_hostname_info}, ";
+ if ($snortcfg['barnyard_syslog_local'] == 'on')
+ $snortbarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n\n";
+ else {
+ $snortbarnyardlog_output_plugins .= "server {$snortcfg['barnyard_syslog_rhost']}, protocol {$snortcfg['barnyard_syslog_proto']}, ";
+ $snortbarnyardlog_output_plugins .= "port {$snortcfg['barnyard_syslog_dport']}, operation_mode {$snortcfg['barnyard_syslog_opmode']}, ";
+ $snortbarnyardlog_output_plugins .= "log_facility {$snortcfg['barnyard_syslog_facility']}, log_priority {$snortcfg['barnyard_syslog_priority']}\n\n";
+ }
+ }
+ if ($snortcfg['barnyard_bro_ids_enable'] == 'on') {
+ $snortbarnyardlog_output_plugins .= "# alert_bro: log to a Bro-IDS receiver\n";
+ $snortbarnyardlog_output_plugins .= "output alert_bro: {$snortcfg['barnyard_bro_ids_rhost']}:{$snortcfg['barnyard_bro_ids_dport']}\n";
+ }
- /* TODO: add support for the other 5 output plugins */
- $snortbarnyardlog_database_info_chk = $snortcfg['barnyard_mysql'];
- $snortbarnyardlog_hostname_info_chk = php_uname("n");
- /* user add arguments */
+ // Trim leading and trailing newlines and spaces
+ $snortbarnyardlog_output_plugins = rtrim($snortbarnyardlog_output_plugins, "\n");
+
+ // User pass-through arguments
$snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($snortcfg['barnconfigpassthru']));
+ // Create the conf file as a text string
$barnyard2_conf_text = <<<EOD
-# barnyard2.conf
+# barnyard2.conf
# barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
#
-# set the appropriate paths to the file(s) your Snort process is using
-
-config reference_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/reference.config
-config classification_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/classification.config
-config gen_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/gen-msg.map
-config sid_file: {$snortdir}/snort_{$snort_uuid}_{$if_real}/sid-msg.map
-config hostname: $snortbarnyardlog_hostname_info_chk
-config interface: {$if_real}
-config decode_data_link
-config waldo_file: /var/log/snort/snort_{$if_real}{$snort_uuid}/barnyard2/{$snort_uuid}_{$if_real}.waldo
-
-# Show year in timestamps
-config show_year
+## General Barnyard2 settings ##
+{$gen_configs}
+config reference_file: {$snortcfgdir}/reference.config
+config classification_file: {$snortcfgdir}/classification.config
+config sid_file: {$snortcfgdir}/sid-msg.map
+config gen_file: {$snortcfgdir}/gen-msg.map
+config hostname: {$snortbarnyard_hostname_info}
+config interface: {$if_real}
+config waldo_file: {$snortlogdir}/barnyard2/{$snort_uuid}_{$if_real}.waldo
+config logdir: {$snortlogdir}
## START user pass through ##
-
- {$snortbarnyardlog_config_pass_thru}
-
+{$snortbarnyardlog_config_pass_thru}
## END user pass through ##
-# Step 2: setup the input plugins
+## Setup input plugins ##
input unified2
-config logdir: /var/log/snort/snort_{$if_real}{$snort_uuid}
-
-# database: log to a variety of databases
-# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
-
- $snortbarnyardlog_database_info_chk
+## Setup output plugins ##
+{$snortbarnyardlog_output_plugins}
EOD;
- return $barnyard2_conf_text;
+ /* Write out barnyard2_conf text string to disk */
+ @file_put_contents("{$snortcfgdir}/barnyard2.conf", $barnyard2_conf_text);
+ unset($barnyard2_conf_text);
}
function snort_deinstall() {
@@ -2103,6 +2070,7 @@ function snort_deinstall() {
$snortlogdir = SNORTLOGDIR;
$rcdir = RCFILEPREFIX;
$snort_rules_upd_log = RULES_UPD_LOGFILE;
+ $iprep_path = IPREP_PATH;
log_error(gettext("[Snort] Snort package uninstall in progress..."));
@@ -2115,7 +2083,7 @@ function snort_deinstall() {
mwexec('/usr/bin/killall -9 snort', true);
sleep(2);
// Delete any leftover snort PID files in /var/run
- array_map('@unlink', glob("/var/run/snort_*.pid"));
+ unlink_if_exists("/var/run/snort_*.pid");
/* Make sure all active Barnyard2 processes are terminated */
/* Log a message only if a running process is detected */
@@ -2126,38 +2094,48 @@ function snort_deinstall() {
mwexec('/usr/bin/killall -9 barnyard2', true);
sleep(2);
// Delete any leftover barnyard2 PID files in /var/run
- array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
+ unlink_if_exists("/var/run/barnyard2_*.pid");
/* Remove the snort user and group */
mwexec('/usr/sbin/pw userdel snort; /usr/sbin/pw groupdel snort', true);
- /* Remove snort cron entries Ugly code needs smoothness */
- if (!function_exists('snort_deinstall_cron')) {
- function snort_deinstall_cron($crontask) {
- global $config, $g;
-
- if(!is_array($config['cron']['item']))
- return;
+ /* Remove all the Snort cron jobs. */
+ install_cron_job("snort2c", false);
+ install_cron_job("snort_check_for_rule_updates.php", false);
+ install_cron_job("snort_check_cron_misc.inc", false);
+ configure_cron();
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], $crontask)) {
- $is_installed = true;
- break;
+ /* Remove our associated Dashboard widget config. If */
+ /* "save settings" is enabled, then save old widget */
+ /* container settings so we can restore them later. */
+ $widgets = $config['widgets']['sequence'];
+ if (!empty($widgets)) {
+ $widgetlist = explode(",", $widgets);
+ foreach ($widgetlist as $key => $widget) {
+ if (strstr($widget, "snort_alerts-container")) {
+ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
+ $config['installedpackages']['snortglobal']['dashboard_widget'] = $widget;
}
- $x++;
+ unset($widgetlist[$key]);
+ break;
}
- if ($is_installed == true)
- unset($config['cron']['item'][$x]);
}
+ $config['widgets']['sequence'] = implode(",", $widgetlist);
+ write_config("Snort pkg: remove Snort Dashboard Widget on package deinstall.");
}
- /* Remove all the Snort cron jobs. */
- snort_deinstall_cron("snort2c");
- snort_deinstall_cron("snort_check_for_rule_updates.php");
- snort_deinstall_cron("snort_check_cron_misc.inc");
- configure_cron();
+ /* See if we are to clear blocked hosts on uninstall */
+ if ($config['installedpackages']['snortglobal']['clearblocks'] == 'on') {
+ log_error(gettext("[Snort] Removing all blocked hosts from <snort2c> table..."));
+ mwexec("/sbin/pfctl -t snort2c -T flush");
+ }
+
+ /* See if we are to clear Snort log files on uninstall */
+ if ($config['installedpackages']['snortglobal']['clearlogs'] == 'on') {
+ log_error(gettext("[Snort] Clearing all Snort-related log files..."));
+ unlink_if_exists("{$snort_rules_upd_log}");
+ mwexec("/bin/rm -rf {$snortlogdir}");
+ }
/**********************************************************/
/* Test for existence of library backup tarballs in /tmp. */
@@ -2186,8 +2164,11 @@ function snort_deinstall() {
log_error(gettext("Not saving settings... all Snort configuration info and logs deleted..."));
unset($config['installedpackages']['snortglobal']);
unset($config['installedpackages']['snortsync']);
- @unlink("{$snort_rules_upd_log}");
+ unlink_if_exists("{$snort_rules_upd_log}");
+ log_error(gettext("[Snort] Flushing <snort2c> firewall table to remove addresses blocked by Snort..."));
+ mwexec("/sbin/pfctl -t snort2c -T flush");
mwexec("/bin/rm -rf {$snortlogdir}");
+ mwexec("/bin/rm -rf {$iprep_path}");
log_error(gettext("[Snort] The package has been removed from this system..."));
}
}
@@ -2220,7 +2201,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
return;
/* Log a message for rules rebuild in progress */
- log_error(gettext("[Snort] Updating rules configuration for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
+ log_error(gettext("[Snort] Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . " ..."));
/* Enable all, some or none of the SDF rules depending on setting. */
if ($snortcfg['sensitive_data'] == 'on' && $snortcfg['protect_preproc_rules'] != 'on') {
@@ -2230,7 +2211,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
$sd_tmp_new_file="";
foreach ($sd_tmp_file as $sd_tmp_line)
$sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : "";
- file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
+ @file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
}
}
elseif ($snortcfg['sensitive_data'] != 'on' && $snortcfg['protect_preproc_rules'] != 'on') {
@@ -2280,6 +2261,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
$enabled_rules[$k1][$k2]['rule'] = $v['rule'];
$enabled_rules[$k1][$k2]['category'] = $v['category'];
$enabled_rules[$k1][$k2]['disabled'] = $v['disabled'];
+ $enabled_rules[$k1][$k2]['action'] = $v['action'];
$enabled_rules[$k1][$k2]['flowbits'] = $v['flowbits'];
}
}
@@ -2302,6 +2284,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
$enabled_rules[$k1][$k2]['rule'] = $p['rule'];
$enabled_rules[$k1][$k2]['category'] = $p['category'];
$enabled_rules[$k1][$k2]['disabled'] = $p['disabled'];
+ $enabled_rules[$k1][$k2]['action'] = $p['action'];
$enabled_rules[$k1][$k2]['flowbits'] = $p['flowbits'];
}
}
@@ -2314,7 +2297,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Check for and disable any rules dependent upon disabled preprocessors if */
/* this option is enabled for the interface. */
if ($snortcfg['preproc_auto_rule_disable'] == "on") {
- log_error('[Snort] Checking for rules dependent on disabled preprocessors for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
+ log_error('[Snort] Checking for rules dependent on disabled preprocessors for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...');
snort_filter_preproc_rules($snortcfg, $enabled_rules);
}
@@ -2323,7 +2306,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* If auto-flowbit resolution is enabled, generate the dependent flowbits rules file. */
if ($snortcfg['autoflowbitrules'] == 'on') {
- log_error('[Snort] Enabling any flowbit-required rules for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
+ log_error('[Snort] Enabling any flowbit-required rules for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...');
$fbits = snort_resolve_flowbits($all_rules, $enabled_rules);
/* Check for and disable any flowbit-required rules the user has */
@@ -2333,7 +2316,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Check for and disable any flowbit-required rules dependent upon */
/* disabled preprocessors if this option is enabled for the interface. */
if ($snortcfg['preproc_auto_rule_disable'] == "on") {
- log_error('[Snort] Checking flowbit rules dependent on disabled preprocessors for: ' . snort_get_friendly_interface($snortcfg['interface']) . '...');
+ log_error('[Snort] Checking flowbit rules dependent on disabled preprocessors for: ' . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . '...');
snort_filter_preproc_rules($snortcfg, $fbits, true);
}
snort_write_flowbit_rules_file($fbits, "{$snortcfgdir}/rules/{$flowbit_rules_file}");
@@ -2356,11 +2339,11 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Log a warning if the interface has no rules defined or enabled */
if ($no_rules_defined)
- log_error(gettext("[Snort] Warning - no text rules or IPS-Policy selected for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
+ log_error(gettext("[Snort] Warning - no text rules or IPS-Policy selected for: " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . " ..."));
/* Build a new sid-msg.map file from the enabled */
/* rules and copy it to the interface directory. */
- log_error(gettext("[Snort] Building new sig-msg.map file for " . snort_get_friendly_interface($snortcfg['interface']) . "..."));
+ log_error(gettext("[Snort] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "..."));
snort_build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map");
}
@@ -2485,7 +2468,7 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa
/* when flowbit-required rules are being assessed after the */
/* primary enforcing rules have been evaluated. */
/***************************************************************/
- $iface = snort_get_friendly_interface($snortcfg['interface']);
+ $iface = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
$file = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log";
if ($persist_log)
$fp = fopen($file, 'a');
@@ -2551,7 +2534,7 @@ function snort_generate_conf($snortcfg) {
else
$protect_preproc_rules = "off";
- $if_real = snort_get_real_interface($snortcfg['interface']);
+ $if_real = get_real_interface($snortcfg['interface']);
$snort_uuid = $snortcfg['uuid'];
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
@@ -2611,8 +2594,18 @@ function snort_generate_conf($snortcfg) {
/* define snortunifiedlog */
$snortunifiedlog_type = "";
- if ($snortcfg['snortunifiedlog'] == "on")
- $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
+ if ($snortcfg['barnyard_enable'] == "on") {
+ if (isset($snortcfg['unified2_log_limit']))
+ $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}";
+ else
+ $u2_log_limit = "limit 128";
+
+ $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}";
+ if ($snortcfg['barnyard_log_vlan_events'] == 'on')
+ $snortunifiedlog_type .= ", vlan_event_types";
+ if ($snortcfg['barnyard_log_mpls_events'] == 'on')
+ $snortunifiedlog_type .= ", mpls_event_types";
+ }
/* define spoink */
$spoink_type = "";
@@ -2621,7 +2614,7 @@ function snort_generate_conf($snortcfg) {
if ($snortcfg['blockoffenderskill'] == "on")
$pfkill = "kill";
$spoink_wlist = snort_build_list($snortcfg, $snortcfg['whitelistname'], true);
- /* write whitelist */
+ /* write Pass List */
@file_put_contents("{$snortcfgdir}/{$snortcfg['whitelistname']}", implode("\n", $spoink_wlist));
$spoink_type = "output alert_pf: {$snortcfgdir}/{$snortcfg['whitelistname']},snort2c,{$snortcfg['blockoffendersip']},{$pfkill}";
}
@@ -3170,6 +3163,49 @@ preprocessor sensitive_data: \
EOD;
+ /* define IP Reputation preprocessor */
+ if (is_array($snortcfg['blist_files']['item'])) {
+ $blist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['blist_files']['item'] as $blist) {
+ if ($bIsFirst) {
+ $blist_files .= "blacklist " . IPREP_PATH . $blist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist;
+ }
+ }
+ if (is_array($snortcfg['wlist_files']['item'])) {
+ $wlist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['wlist_files']['item'] as $wlist) {
+ if ($bIsFirst) {
+ $wlist_files .= "whitelist " . IPREP_PATH . $wlist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist;
+ }
+ }
+ if (!empty($blist_files))
+ $ip_lists = $blist_files;
+ if (!empty($wlist_files))
+ $ip_lists .= ", \\ \n" . $wlist_files;
+ if ($snortcfg['iprep_scan_local'] == 'on')
+ $ip_lists .= ", \\ \n\tscan_local";
+
+ $reputation_preproc = <<<EOD
+# IP Reputation preprocessor #
+preprocessor reputation: \
+ memcap {$snortcfg['iprep_memcap']}, \
+ priority {$snortcfg['iprep_priority']}, \
+ nested_ip {$snortcfg['iprep_nested_ip']}, \
+ white {$snortcfg['iprep_white']}, \
+ {$ip_lists}
+
+EOD;
+
/* define servers as IP variables */
$snort_servers = array (
"dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET",
@@ -3200,11 +3236,11 @@ EOD;
"ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc"
);
$snort_preproc = array (
- "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc",
- "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc"
+ "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan",
+ "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc"
);
$default_disabled_preprocs = array(
- "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc"
+ "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat"
);
$snort_preprocessors = "";
foreach ($snort_preproc as $preproc) {
@@ -3517,7 +3553,7 @@ EOD;
// Check for and configure Host Attribute Table if enabled
$host_attrib_config = "";
if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribute_data'])) {
- file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data']));
+ @file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data']));
$host_attrib_config = "# Host Attribute Table #\n";
$host_attrib_config .= "attribute_table filename {$snortcfgdir}/host_attributes\n";
if (!empty($snortcfg['max_attribute_hosts']))
@@ -3754,14 +3790,7 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src
EOD;
// Write out snort.conf file
- $conf = fopen("{$snortcfgdir}/snort.conf", "w");
- if(!$conf) {
- log_error("Could not open {$snortcfgdir}/snort.conf for writing.");
- conf_mount_ro();
- return -1;
- }
- fwrite($conf, $snort_conf_text);
- fclose($conf);
+ @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text);
conf_mount_ro();
unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type);
unset($home_net, $external_net, $ipvardef, $portvardef);
diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc
index 795924ea..8db5408d 100644
--- a/config/snort/snort.priv.inc
+++ b/config/snort/snort.priv.inc
@@ -24,10 +24,9 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_edit.php*
$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_global.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_suppress_edit.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_interfaces_whitelist_edit.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_passlist.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_passlist_edit.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_list_view.php*";
-$priv_list['page-services-snort']['match'][] = "snort/snort_log_view.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_migrate_config.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_post_install.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_preprocessors.php*";
@@ -37,9 +36,14 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_rules_flowbits.php*"
$priv_list['page-services-snort']['match'][] = "snort/snort_rulesets.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_select_alias.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_stream5_engine.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_ip_list_mgmt.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_ip_reputation.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.php*";
+$priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*";
+$priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*";
+$priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*";
$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort_sync.xml*";
$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort/snort.xml*";
$priv_list['page-services-snort']['match'][] = "snort/snort_check_cron_misc.inc*";
$priv_list['page-services-snort']['match'][] = "snort/snort.inc*";
-
?> \ No newline at end of file
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index a2d14bf0..ca99accf 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -8,7 +8,7 @@
/* ========================================================================== */
/*
authng.xml
- part of pfSense (http://www.pfsense.com)
+ part of pfSense (https://www.pfsense.org)
Copyright (C) 2007 to whom it may belong
All rights reserved.
@@ -46,12 +46,12 @@
<requirements>None</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
- <version>2.9.5.6</version>
- <title>Services:2.9.5.6 pkg v3.0.4</title>
+ <version>2.9.6.0</version>
+ <title>Services:2.9.6.0 pkg v3.0.8</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
- <tooltiptext>Setup snort specific settings</tooltiptext>
+ <tooltiptext>Set up snort specific settings</tooltiptext>
<section>Services</section>
<url>/snort/snort_interfaces.php</url>
</menu>
@@ -66,177 +66,202 @@
<additional_files_needed>
<prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort.inc</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_check_cron_misc.inc</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_check_cron_misc.inc</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_migrate_config.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_migrate_config.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_post_install.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_post_install.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_barnyard.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_barnyard.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_blocked.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_define_servers.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_define_servers.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_download_rules.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_download_updates.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_download_updates.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_check_for_rule_updates.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_interfaces.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_global.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_global.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_rules.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_rules.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_rules_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_rules_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_rulesets.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_preprocessors.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_preprocessors.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_passlist.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_passlist_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_suppress.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_interfaces_suppress_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_log_view.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_list_view.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_list_view.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_rules_flowbits.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_rules_flowbits.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_edit_hat_data.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_edit_hat_data.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_frag3_engine.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_frag3_engine.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_stream5_engine.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_stream5_engine.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_httpinspect_engine.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_httpinspect_engine.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_ftp_client_engine.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_ftp_client_engine.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_ftp_server_engine.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_ftp_server_engine.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_import_aliases.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_import_aliases.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_select_alias.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <chmod>077</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort.priv.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_select_alias.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_ip_reputation.php</item>
</additional_files_needed>
<additional_files_needed>
- <prefix>/etc/inc/priv/</prefix>
+ <prefix>/usr/local/www/snort/</prefix>
+ <chmod>077</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_ip_list_mgmt.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/snort/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort.priv.inc</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_iprep_list_browser.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/javascript/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.js</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/widgets/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.widget.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/include/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/snort/widget-snort.inc</item>
</additional_files_needed>
<fields>
</fields>
@@ -244,13 +269,13 @@
</custom_add_php_command>
<custom_php_resync_config_command>
<![CDATA[
- if ($GLOBALS['pfSense_snort_version'] == "3.0.4")
+ if ($GLOBALS['pfSense_snort_version'] == "3.0.8")
sync_snort_package_config();
]]>
</custom_php_resync_config_command>
<custom_php_install_command>
<![CDATA[
- include_once("/usr/local/pkg/snort/snort_post_install.php");
+ include_once("/usr/local/www/snort/snort_post_install.php");
]]>
</custom_php_install_command>
<custom_php_deinstall_command>
diff --git a/config/snort/snort_alerts.js b/config/snort/snort_alerts.js
new file mode 100644
index 00000000..647eb1b1
--- /dev/null
+++ b/config/snort/snort_alerts.js
@@ -0,0 +1,115 @@
+
+var snorttimer;
+var snortisBusy = false;
+var snortisPaused = false;
+
+if (typeof getURL == 'undefined') {
+ getURL = function(url, callback) {
+ if (!url)
+ throw 'No URL for getURL';
+ try {
+ if (typeof callback.operationComplete == 'function')
+ callback = callback.operationComplete;
+ } catch (e) {}
+ if (typeof callback != 'function')
+ throw 'No callback function for getURL';
+ var http_request = null;
+ if (typeof XMLHttpRequest != 'undefined') {
+ http_request = new XMLHttpRequest();
+ }
+ else if (typeof ActiveXObject != 'undefined') {
+ try {
+ http_request = new ActiveXObject('Msxml2.XMLHTTP');
+ } catch (e) {
+ try {
+ http_request = new ActiveXObject('Microsoft.XMLHTTP');
+ } catch (e) {}
+ }
+ }
+ if (!http_request)
+ throw 'Both getURL and XMLHttpRequest are undefined';
+ http_request.onreadystatechange = function() {
+ if (http_request.readyState == 4) {
+ callback( { success : true,
+ content : http_request.responseText,
+ contentType : http_request.getResponseHeader("Content-Type") } );
+ }
+ }
+ http_request.open('GET', url, true);
+ http_request.send(null);
+ }
+}
+
+function snort_alerts_fetch_new_events_callback(callback_data) {
+ var data_split;
+ var new_data_to_add = Array();
+ var data = callback_data.content;
+ data_split = data.split("\n");
+
+ // Loop through rows and generate replacement HTML
+ for(var x=0; x<data_split.length-1; x++) {
+ row_split = data_split[x].split("||");
+ var line = '';
+ line = '<td class="' + snortWidgetColClass + '">' + row_split[0] + '<br/>' + row_split[1] + '</td>';
+ line += '<td class="' + snortWidgetColClass + '" style="overflow: hidden; text-overflow: ellipsis;" nowrap>';
+ line += '<div style="display:inline;" title="' + row_split[2] + '">' + row_split[2] + '</div><br/>';
+ line += '<div style="display:inline;" title="' + row_split[3] + '">' + row_split[3] + '</div></td>';
+ line += '<td class="' + snortWidgetColClass + '">' + 'Priority: ' + row_split[4] + ' ' + row_split[5] + '</td>';
+ new_data_to_add[new_data_to_add.length] = line;
+ }
+ snort_alerts_update_div_rows(new_data_to_add);
+ snortisBusy = false;
+}
+
+function snort_alerts_update_div_rows(data) {
+ if(snortisPaused)
+ return;
+
+ var rows = $$('#snort-alert-entries>tr');
+
+ // Number of rows to move by
+ var move = rows.length + data.length - snort_nentries;
+ if (move < 0)
+ move = 0;
+
+ for (var i = rows.length - 1; i >= move; i--) {
+ rows[i].innerHTML = rows[i - move].innerHTML;
+ }
+
+ var tbody = $$('#snort-alert-entries');
+ for (var i = data.length - 1; i >= 0; i--) {
+ if (i < rows.length) {
+ rows[i].innerHTML = data[i];
+ } else {
+ var newRow = document.getElementById('snort-alert-entries').insertRow(0);
+ newRow.innerHTML = data[i];
+ }
+ }
+
+ // Add the even/odd class to each of the rows now
+ // they have all been added.
+ rows = $$('#snort-alert-entries>tr');
+ for (var i = 0; i < rows.length; i++) {
+ rows[i].className = i % 2 == 0 ? snortWidgetRowOddClass : snortWidgetRowEvenClass;
+ }
+}
+
+function fetch_new_snortalerts() {
+ if(snortisPaused)
+ return;
+ if(snortisBusy)
+ return;
+ snortisBusy = true;
+ getURL('/widgets/widgets/snort_alerts.widget.php?getNewAlerts=' + new Date().getTime(), snort_alerts_fetch_new_events_callback);
+}
+
+function snort_alerts_toggle_pause() {
+ if(snortisPaused) {
+ snortisPaused = false;
+ fetch_new_snortalerts();
+ } else {
+ snortisPaused = true;
+ }
+}
+/* start local AJAX engine */
+snorttimer = setInterval('fetch_new_snortalerts()', snortupdateDelay);
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 804c6e8a..45443ec2 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -40,6 +40,7 @@ require_once("/usr/local/pkg/snort/snort.inc");
$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
$supplist = array();
+$snortlogdir = SNORTLOGDIR;
function snort_is_alert_globally_suppressed($list, $gid, $sid) {
@@ -98,11 +99,13 @@ function snort_add_supplist_entry($suppress) {
$a_suppress[] = $s_list;
$a_instance[$instanceid]['suppresslistname'] = $s_list['name'];
$found_list = true;
+ $list_name = $s_list['name'];
} else {
/* If we get here, a Suppress List is defined for the interface so see if we can find it */
foreach ($a_suppress as $a_id => $alist) {
if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) {
$found_list = true;
+ $list_name = $alist['name'];
if (!empty($alist['suppresspassthru'])) {
$tmplist = base64_decode($alist['suppresspassthru']);
$tmplist .= "\n{$suppress}";
@@ -120,7 +123,7 @@ function snort_add_supplist_entry($suppress) {
/* If we created a new list or updated an existing one, save the change, */
/* tell Snort to load it, and return true; otherwise return false. */
if ($found_list) {
- write_config();
+ write_config("Snort pkg: modified Suppress List {$list_name}.");
sync_snort_package_config();
snort_reload_config($a_instance[$instanceid]);
return true;
@@ -129,18 +132,18 @@ function snort_add_supplist_entry($suppress) {
return false;
}
-if ($_GET['instance'])
- $instanceid = $_GET['instance'];
-if ($_POST['instance'])
+if (isset($_POST['instance']) && is_numericint($_POST['instance']))
$instanceid = $_POST['instance'];
-if (empty($instanceid))
+elseif (isset($_GET['instance']) && is_numericint($_GET['instance']))
+ $instanceid = htmlspecialchars($_GET['instance']);
+if (empty($instanceid) || !is_numericint($instanceid))
$instanceid = 0;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_instance = &$config['installedpackages']['snortglobal']['rule'];
$snort_uuid = $a_instance[$instanceid]['uuid'];
-$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
+$if_real = get_real_interface($a_instance[$instanceid]['interface']);
// Load up the arrays of force-enabled and force-disabled SIDs
$enablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_on']);
@@ -167,69 +170,76 @@ if ($_POST['save']) {
$config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
- write_config();
+ write_config("Snort pkg: updated ALERTS tab settings.");
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
-if ($_POST['todelete'] || $_GET['todelete']) {
+if ($_POST['todelete']) {
$ip = "";
- if($_POST['todelete'])
- $ip = $_POST['todelete'];
- else if($_GET['todelete'])
- $ip = $_GET['todelete'];
- if (is_ipaddr($ip)) {
- exec("/sbin/pfctl -t snort2c -T delete {$ip}");
- $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table.");
+ if($_POST['ip']) {
+ $ip = $_POST['ip'];
+ if (is_ipaddr($_POST['ip'])) {
+ exec("/sbin/pfctl -t snort2c -T delete {$ip}");
+ $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Hosts Table.");
+ }
}
}
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}";
-
- /* Add the new entry to the Suppress List */
- if (snort_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
- else
- $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
-}
-
-if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip") && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if ($_GET['act'] == "addsuppress_srcip")
+if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ if ($_POST['addsuppress_srcip'])
$method = "by_src";
- else
+ elseif ($_POST['addsuppress_dstip'])
$method = "by_dst";
-
- /* Check for valid IP addresses, exit if not valid */
- if (is_ipaddr($_GET['ip']) || is_ipaddrv6($_GET['ip'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- }
- else {
- header("Location: /snort/snort_alerts.php?instance={$instanceid}");
- exit;
+ else
+ $method ="all";
+
+ // See which kind of Suppress Entry to create
+ switch ($method) {
+ case "all":
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}' has been added to the Suppress List.");
+ break;
+ case "by_src":
+ case "by_dst":
+ // Check for valid IP addresses, exit if not valid
+ if (is_ipaddr($_POST['ip'])) {
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}' has been added to the Suppress List.");
+ }
+ else {
+ $input_errors[] = gettext("An invalid IP address was passed as a Suppress List parameter.");
+ }
+ break;
+ default:
+ header("Location: /snort/snort_alerts.php?instance={$instanceid}");
+ exit;
}
- /* Add the new entry to the Suppress List */
- if (snort_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.");
- else
- /* We did not find the defined list, so notify the user with an error */
- $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
+ if (!$input_errors) {
+ /* Add the new entry to the Suppress List and signal Snort to reload config */
+ if (snort_add_supplist_entry($suppress)) {
+ snort_reload_config($a_instance[$instanceid]);
+ $savemsg = $success;
+ /* Give Snort a couple seconds to reload the configuration */
+ sleep(2);
+ }
+ else
+ $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
+ }
}
-if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gen_id'];
-
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['sidid'];
+if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ // Get the GID and SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gen_id'];
+ $sid= $_POST['sidid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it if present.
@@ -266,7 +276,7 @@ if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GE
unset($a_instance[$instanceid]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: modified state for rule {$gid}:{$sid}");
/*************************************************/
/* Update the snort.conf file and rebuild the */
@@ -279,16 +289,17 @@ if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GE
/* Soft-restart Snort to live-load the new rules */
snort_reload_config($a_instance[$instanceid]);
- $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 30 secs for the process to complete before toggling additional rules.");
+ /* Give Snort a couple seconds to reload the configuration */
+ sleep(2);
+
+ $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules.");
}
-if ($_GET['action'] == "clear" || $_POST['delete']) {
+if ($_POST['delete']) {
snort_post_delete_logs($snort_uuid);
- $fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+");
- if ($fd)
- fclose($fd);
+ file_put_contents("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert", "");
/* XXX: This is needed if snort is run as snort user */
- mwexec('/bin/chmod 660 /var/log/snort/*', true);
+ mwexec("/bin/chmod 660 {$snortlogdir}/*", true);
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
@@ -298,7 +309,7 @@ if ($_GET['action'] == "clear" || $_POST['delete']) {
if ($_POST['download']) {
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz";
- exec("cd /var/log/snort/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
+ exec("cd {$snortlogdir}/snort_{$if_real}{$snort_uuid} && /usr/bin/tar -czf /tmp/{$file_name} *");
if (file_exists("/tmp/{$file_name}")) {
ob_start(); //important or other posts will fail
@@ -338,16 +349,21 @@ include_once("fbegin.inc");
/* refresh every 60 secs */
if ($pconfig['arefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php?instance={$instanceid}\" />\n";
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
- if ($savemsg) {
- print_info_box($savemsg);
- }
+
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<form action="/snort/snort_alerts.php" method="post" id="formalert">
+<input type="hidden" name="instance" id="instance" value="<?=$instanceid;?>"/>
+<input type="hidden" name="sidid" id="sidid" value=""/>
+<input type="hidden" name="gen_id" id="gen_id" value=""/>
+<input type="hidden" name="ip" id="ip" value=""/>
+<input type="hidden" name="descr" id="descr" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -357,10 +373,11 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php?instance={$instanceid}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -372,13 +389,13 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
<tr>
<td width="22%" class="vncell"><?php echo gettext('Instance to inspect'); ?></td>
<td width="78%" class="vtable">
- <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='get';document.getElementById('formalert').submit()">
+ <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='post';document.getElementById('formalert').submit()">
<?php
foreach ($a_instance as $id => $instance) {
$selected = "";
if ($id == $instanceid)
$selected = "selected";
- echo "<option value='{$id}' {$selected}> (" . snort_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . ")&nbsp;{$instance['descr']}</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which instance alerts you want to inspect.'); ?>
@@ -386,22 +403,23 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
<tr>
<td width="22%" class="vncell"><?php echo gettext('Save or Remove Logs'); ?></td>
<td width="78%" class="vtable">
- <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' .
- 'log files will be saved.'); ?>&nbsp;&nbsp;<a href="/snort/snort_alerts.php?action=clear&instance=<?=$instanceid;?>">
+ <input name="download" type="submit" class="formbtns" value="Download"
+ title="<?=gettext("Download interface log files as a gzip archive");?>"/>
+ &nbsp;<?php echo gettext('All log files will be saved.');?>&nbsp;&nbsp;
<input name="delete" type="submit" class="formbtns" value="Clear"
- onclick="return confirm('Do you really want to remove all instance logs?')"></a>
- <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
+ onclick="return confirm('Do you really want to remove all instance logs?')" title="<?=gettext("Clear all interface log files");?>"/>
+ &nbsp;<span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
</td>
</tr>
<tr>
<td width="22%" class="vncell"><?php echo gettext('Auto Refresh and Log View'); ?></td>
<td width="78%" class="vtable">
- <input name="save" type="submit" class="formbtns" value="Save">
- <?php echo gettext('Refresh'); ?> <input name="arefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
- <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
- <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
- <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
+ <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
+ &nbsp;<?php echo gettext('Refresh');?>&nbsp;&nbsp;<input name="arefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/>
+ <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
+ <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/>
+ &nbsp;<?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
</td>
</tr>
<tr>
@@ -410,39 +428,39 @@ if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
</tr>
<tr>
<td width="100%" colspan="2">
- <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0">
+ <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="9%" align="center" axis="date">
- <col width="45" align="center" axis="number">
- <col width="65" align="center" axis="string">
+ <col width="10%" align="center" axis="date">
+ <col width="40" align="center" axis="number">
+ <col width="52" align="center" axis="string">
<col width="10%" axis="string">
<col width="13%" align="center" axis="string">
- <col width="8%" align="center" axis="string">
+ <col width="7%" align="center" axis="string">
<col width="13%" align="center" axis="string">
- <col width="8%" align="center" axis="string">
- <col width="9%" align="center" axis="number">
+ <col width="7%" align="center" axis="string">
+ <col width="10%" align="center" axis="number">
<col axis="string">
</colgroup>
<thead>
<tr>
- <th class="listhdrr" axis="date"><?php echo gettext("DATE"); ?></th>
- <th class="listhdrr" axis="number"><?php echo gettext("PRI"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("PROTO"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("CLASS"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("SRC"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("SPORT"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DST"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DPORT"); ?></th>
+ <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th>
+ <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Class"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Source"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("SPort"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Destination"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("DPort"); ?></th>
<th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DESCRIPTION"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Description"); ?></th>
</tr>
</thead>
<tbody>
<?php
/* make sure alert file exists */
-if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
- exec("tail -{$anentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
+if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) {
+ exec("tail -{$anentries} -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
if (file_exists("/tmp/alert_{$snort_uuid}")) {
$tmpblocked = array_flip(snort_get_blocked_ips());
$counter = 0;
@@ -450,7 +468,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
$fd = fopen("/tmp/alert_{$snort_uuid}", "r");
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 11)
+ if(count($fields) < 13)
continue;
/* Time */
@@ -482,9 +500,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
!isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) {
- $alert_ip_src .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_srcip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[6])) . "'>";
- $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'></a>";
+ $alert_ip_src .= "&nbsp;&nbsp;<input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[6]}','{$alert_descr}');\" ";
+ $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'>";
}
elseif (isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) {
$alert_ip_src .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -492,9 +510,8 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
}
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[6]])) {
- $alert_ip_src .= "&nbsp;";
- $alert_ip_src .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[6])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
+ $alert_ip_src .= "&nbsp;<input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[6]}';\" ";
+ $alert_ip_src .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>";
}
/* IP SRC Port */
$alert_src_p = $fields[7];
@@ -515,9 +532,9 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
!isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) {
- $alert_ip_dst .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_dstip&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[8])) . "'>";
- $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'></a>";
+ $alert_ip_dst .= "&nbsp;&nbsp;<input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','{$fields[8]}','{$alert_descr}');\" ";
+ $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>";
}
elseif (isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) {
$alert_ip_dst .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -525,18 +542,17 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
}
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[8]])) {
- $alert_ip_dst .= "&nbsp;";
- $alert_ip_dst .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[8])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
+ $alert_ip_dst .= "&nbsp;<input type='image' name='todelete[]' onClick=\"document.getElementById('ip').value='{$fields[8]}';\" ";
+ $alert_ip_dst .= "src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12'>";
}
/* IP DST Port */
$alert_dst_p = $fields[9];
/* SID */
$alert_sid_str = "{$fields[1]}:{$fields[2]}";
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2])) {
- $sidsupplink = "<a href='?instance={$instanceid}&act=addsuppress&sidid={$fields[2]}&gen_id={$fields[1]}&descr={$alert_descr_url}'>";
- $sidsupplink .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'></a>";
+ $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','{$alert_descr}');\" ";
+ $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>";
}
else {
$sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -544,31 +560,31 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
}
/* Add icon for toggling rule state */
if (isset($disablesid[$fields[1]][$fields[2]])) {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block_d.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>";
}
else {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Click to force-disable rule and remove from current rules set.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[1]}','{$fields[2]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>";
}
/* DESCRIPTION */
$alert_class = $fields[11];
+ /* Write out a table row */
echo "<tr>
<td class='listr' align='center'>{$alert_date}<br/>{$alert_time}</td>
<td class='listr' align='center'>{$alert_priority}</td>
<td class='listr' align='center'>{$alert_proto}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td>
- <td class='listr' align='center'>{$alert_ip_src}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[6]}'>{$alert_ip_src}</td>
<td class='listr' align='center'>{$alert_src_p}</td>
- <td class='listr' align='center'>{$alert_ip_dst}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[8]}'>{$alert_ip_dst}</td>
<td class='listr' align='center'>{$alert_dst_p}</td>
- <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
- <td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[2]}'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
+ <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td>
</tr>\n";
-
$counter++;
}
fclose($fd);
@@ -588,6 +604,21 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
<?php
include("fend.inc");
?>
-
+<script type="text/javascript">
+function encRuleSig(rulegid,rulesid,srcip,ruledescr) {
+
+ // This function stuffs the passed GID, SID
+ // and other values into hidden Form Fields
+ // for postback.
+ if (typeof srcipip == "undefined")
+ var srcipip = "";
+ if (typeof ruledescr == "undefined")
+ var ruledescr = "";
+ document.getElementById("sidid").value = rulesid;
+ document.getElementById("gen_id").value = rulegid;
+ document.getElementById("ip").value = srcip;
+ document.getElementById("descr").value = ruledescr;
+}
+</script>
</body>
</html>
diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php
new file mode 100644
index 00000000..0700ef2a
--- /dev/null
+++ b/config/snort/snort_alerts.widget.php
@@ -0,0 +1,246 @@
+<?php
+/*
+ snort_alerts.widget.php
+ Copyright (C) 2009 Jim Pingle
+ mod 24-07-2012
+ mod 28-02-2014 by Bill Meeks
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$nocsrf = true;
+
+require_once("guiconfig.inc");
+require_once("/usr/local/www/widgets/include/widget-snort.inc");
+
+global $config, $g;
+
+/* retrieve snort variables */
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+$a_instance = &$config['installedpackages']['snortglobal']['rule'];
+
+// Test pfSense version and set different CSS class variables
+// depending on version. 2.1 offers enhanced CSS styles.
+$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pfs_version > '2.0') {
+ $alertRowEvenClass = "listMReven";
+ $alertRowOddClass = "listMRodd";
+ $alertColClass = "listMRr";
+}
+else {
+ $alertRowEvenClass = "listr";
+ $alertRowOddClass = "listr";
+ $alertColClass = "listr";
+}
+
+/* check if Snort widget alert display lines value is set */
+$snort_nentries = $config['widgets']['widget_snort_display_lines'];
+if (!isset($snort_nentries) || $snort_nentries < 0)
+ $snort_nentries = 5;
+
+/* array sorting of the alerts */
+function sksort(&$array, $subkey="id", $sort_ascending=false) {
+ /* an empty array causes sksort to fail - this test alleviates the error */
+ if(empty($array))
+ return false;
+ if (count($array)) {
+ $temp_array[key($array)] = array_shift($array);
+ };
+ foreach ($array as $key => $val){
+ $offset = 0;
+ $found = false;
+ foreach ($temp_array as $tmp_key => $tmp_val) {
+ if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) {
+ $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset));
+ $found = true;
+ };
+ $offset++;
+ };
+ if (!$found) $temp_array = array_merge($temp_array, array($key => $val));
+ };
+
+ if ($sort_ascending) {
+ $array = array_reverse($temp_array);
+ } else $array = $temp_array;
+ /* below is the complement for empty array test */
+ return true;
+};
+
+// Called by Ajax to update the "snort-alert-entries" <tbody> table element's contents
+if (isset($_GET['getNewAlerts'])) {
+ $response = "";
+ $s_alerts = snort_widget_get_alerts();
+ $counter = 0;
+ foreach ($s_alerts as $a) {
+ $response .= $a['instanceid'] . " " . $a['dateonly'] . "||" . $a['timeonly'] . "||" . $a['src'] . "||";
+ $response .= $a['dst'] . "||" . $a['priority'] . "||" . $a['category'] . "\n";
+ $counter++;
+ if($counter >= $snort_nentries)
+ break;
+ }
+ echo $response;
+ return;
+}
+
+// See if saving new display line count value
+if(isset($_POST['widget_snort_display_lines'])) {
+ $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines'];
+ write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard");
+ header("Location: ../../index.php");
+}
+
+// Read "$snort_nentries" worth of alerts from the top of the alert.log file
+// of each configured interface, and then return the most recent '$snort_entries'
+// alerts in a sorted array (most recent alert first).
+function snort_widget_get_alerts() {
+
+ global $config, $a_instance, $snort_nentries;
+ $snort_alerts = array();
+ /* read log file(s) */
+ $counter=0;
+ foreach ($a_instance as $instanceid => $instance) {
+ $snort_uuid = $a_instance[$instanceid]['uuid'];
+ $if_real = get_real_interface($a_instance[$instanceid]['interface']);
+
+ /* make sure alert file exists, then "tail" the last '$snort_nentries' from it */
+ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
+ exec("tail -{$snort_nentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_snort{$snort_uuid}");
+
+ if (file_exists("/tmp/alert_snort{$snort_uuid}")) {
+
+ /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
+ /* File format: timestamp,generator_id,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
+ $fd = fopen("/tmp/alert_snort{$snort_uuid}", "r");
+ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
+ if(count($fields) < 13)
+ continue;
+
+ // Get the Snort interface this alert was received from
+ $snort_alerts[$counter]['instanceid'] = strtoupper($a_instance[$instanceid]['interface']);
+
+ // "fields[0]" is the complete timestamp in ASCII form. Convert
+ // to a UNIX timestamp so we can use it for various date and
+ // time formatting. Also extract the MM/DD/YY component and
+ // reverse its order to YY/MM/DD for proper sorting.
+ $fields[0] = trim($fields[0]); // remove trailing space before comma delimiter
+ $tstamp = strtotime(str_replace("-", " ", $fields[0])); // remove "-" between date and time components
+ $tmp = substr($fields[0],6,2) . '/' . substr($fields[0],0,2) . '/' . substr($fields[0],3,2);
+ $snort_alerts[$counter]['timestamp'] = str_replace(substr($fields[0],0,8),$tmp,$fields[0]);
+
+ $snort_alerts[$counter]['timeonly'] = date("H:i:s", $tstamp);
+ $snort_alerts[$counter]['dateonly'] = date("M d", $tstamp);
+ // Add square brackets around any any IPv6 address
+ if (strpos($fields[6], ":") === FALSE)
+ $snort_alerts[$counter]['src'] = trim($fields[6]);
+ else
+ $snort_alerts[$counter]['src'] = "[" . trim($fields[6]) . "]";
+ // Add the SRC PORT if not null
+ if (!empty($fields[7]))
+ $snort_alerts[$counter]['src'] .= ":" . trim($fields[7]);
+ // Add square brackets around any any IPv6 address
+ if (strpos($fields[8], ":") === FALSE)
+ $snort_alerts[$counter]['dst'] = trim($fields[8]);
+ else
+ $snort_alerts[$counter]['dst'] = "[" . trim($fields[8]) . "]";
+ // Add the DST PORT if not null
+ if (!empty($fields[9]))
+ $snort_alerts[$counter]['dst'] .= ":" . trim($fields[9]);
+ $snort_alerts[$counter]['priority'] = trim($fields[12]);
+ $snort_alerts[$counter]['category'] = trim($fields[11]);
+ $counter++;
+ };
+ fclose($fd);
+ @unlink("/tmp/alert_snort{$snort_uuid}");
+ };
+ };
+ };
+
+ /* sort the alerts array */
+ if (isset($config['syslog']['reverse'])) {
+ sksort($snort_alerts, 'timestamp', false);
+ } else {
+ sksort($snort_alerts, 'timestamp', true);
+ };
+
+ return $snort_alerts;
+}
+?>
+
+<input type="hidden" id="snort_alerts-config" name="snort_alerts-config" value="" />
+<div id="snort_alerts-settings" class="widgetconfigdiv" style="display:none;">
+ <form action="/widgets/widgets/snort_alerts.widget.php" method="post" name="iformd">
+ Enter number of recent alerts to display (default is 5)<br/>
+ <input type="text" size="5" name="widget_snort_display_lines" class="formfld unknown" id="widget_snort_display_lines" value="<?= $config['widgets']['widget_snort_display_lines'] ?>" />
+ &nbsp;&nbsp;<input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" />
+ </form>
+</div>
+
+<table id="snort-alert-tbl" width="100%" border="0" cellspacing="0" cellpadding="0" style="table-layout: fixed;">
+ <colgroup>
+ <col style="width: 24%;" />
+ <col style="width: 38%;" />
+ <col style="width: 38%;" />
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="widgetsubheader"><?=gettext("IF/Date");?></th>
+ <th class="widgetsubheader"><?=gettext("Src/Dst Address");?></th>
+ <th class="widgetsubheader"><?=gettext("Classification");?></th>
+ </tr>
+ </thead>
+ <tbody id="snort-alert-entries">
+ <?php
+ $snort_alerts = snort_widget_get_alerts();
+ $counter=0;
+ if (is_array($snort_alerts)) {
+ foreach ($snort_alerts as $alert) {
+ $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass;
+ echo(" <tr class='" . $alertRowClass . "'>
+ <td class='" . $alertColClass . "'>" . $alert['instanceid'] . "&nbsp;" . $alert['dateonly'] . "<br/>" . $alert['timeonly'] . "</td>
+ <td class='" . $alertColClass . "' style='overflow: hidden; text-overflow: ellipsis;' nowrap><div style='display:inline;' title='" . $alert['src'] . "'>" . $alert['src'] . "</div><br/><div style='display:inline;' title='" . $alert['dst'] . "'>" . $alert['dst'] . "</div></td>
+ <td class='" . $alertColClass . "'>Priority: " . $alert['priority'] . " " . $alert['category'] . "</td></tr>");
+ $counter++;
+ if($counter >= $snort_nentries)
+ break;
+ }
+ }
+ ?>
+ </tbody>
+</table>
+
+<script type="text/javascript">
+//<![CDATA[
+<!-- needed in the snort_alerts.js file code -->
+ var snortupdateDelay = 10000; // update every 10 seconds
+ var snort_nentries = <?=$snort_nentries;?>; // number of alerts to display (5 is default)
+ var snortWidgetRowEvenClass = "<?=$alertRowEvenClass;?>"; // allows alternating background on 2.1 and higher
+ var snortWidgetRowOddClass = "<?=$alertRowOddClass;?>"; // allows alternating background on 2.1 and higher
+ var snortWidgetColClass = "<?=$alertColClass;?>"; // sets column CSS style (different on 2.1 and higher)
+
+<!-- needed to display the widget settings menu -->
+ selectIntLink = "snort_alerts-configure";
+ textlink = document.getElementById(selectIntLink);
+ textlink.style.display = "inline";
+//]]>
+</script>
+
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 2457b573..902c1637 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -5,6 +5,7 @@
*
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,9 +35,11 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -47,63 +50,151 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$pconfig = array();
+
+// The keys in the $retentions array are the retention period
+// converted to hours.
+$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'),
+ '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'),
+ '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") );
+
+$log_sizes = array( '0' => gettext('NO LIMIT'), '8' => gettext('8 MB'), '16' => gettext('16 MB'), '32' => gettext('32 MB'),
+ '64' => gettext('64 MB'), '128' => gettext('128 MB'), '256' => gettext('256 MB') );
+
if (isset($id) && $a_nat[$id]) {
- /* old options */
$pconfig = $a_nat[$id];
if (!empty($a_nat[$id]['barnconfigpassthru']))
$pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
+ if (!empty($a_nat[$id]['barnyard_dbpwd']))
+ $pconfig['barnyard_dbpwd'] = base64_decode($a_nat[$id]['barnyard_dbpwd']);
+ if (empty($a_nat[$id]['barnyard_show_year']))
+ $pconfig['barnyard_show_year'] = "on";
+ if (empty($a_nat[$id]['unified2_log_limit']))
+ $pconfig['unified2_log_limit'] = "32";
+ if (empty($a_nat[$id]['barnyard_archive_enable']))
+ $pconfig['barnyard_archive_enable'] = "on";
+ if (empty($a_nat[$id]['u2_archived_log_retention']))
+ $pconfig['u2_archived_log_retention'] = "168";
+ if (empty($a_nat[$id]['barnyard_obfuscate_ip']))
+ $pconfig['barnyard_obfuscate_ip'] = "off";
+ if (empty($a_nat[$id]['barnyard_syslog_dport']))
+ $pconfig['barnyard_syslog_dport'] = "514";
+ if (empty($a_nat[$id]['barnyard_syslog_proto']))
+ $pconfig['barnyard_syslog_proto'] = "udp";
+ if (empty($a_nat[$id]['barnyard_syslog_opmode']))
+ $pconfig['barnyard_syslog_opmode'] = "default";
+ if (empty($a_nat[$id]['barnyard_syslog_facility']))
+ $pconfig['barnyard_syslog_facility'] = "LOG_USER";
+ if (empty($a_nat[$id]['barnyard_syslog_priority']))
+ $pconfig['barnyard_syslog_priority'] = "LOG_INFO";
+ if (empty($a_nat[$id]['barnyard_bro_ids_dport']))
+ $pconfig['barnyard_bro_ids_dport'] = "47760";
}
-if (isset($_GET['dup']))
- unset($id);
+if ($_POST['save']) {
+ // Check that at least one output plugin is enabled
+ if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' &&
+ $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on")
+ $input_errors[] = gettext("You must enable at least one output option when using Barnyard2.");
-if ($_POST) {
+ // Validate inputs if MySQL database loggging enabled
+ if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_dbhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the MySQL database host.");
+ if (empty($_POST['barnyard_dbname']))
+ $input_errors[] = gettext("You must provide a DB instance name when logging to a MySQL database.");
+ if (empty($_POST['barnyard_dbuser']))
+ $input_errors[] = gettext("You must provide a DB user login name when logging to a MySQL database.");
+ }
+
+ // Validate inputs if syslog output enabled
+ if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if ($_POST['barnyard_log_vlan_events'] == 'on' || $_POST['barnyard_log_mpls_events'] == 'on')
+ $input_errors[] = gettext("Logging of VLAN or MPLS events is not compatible with syslog output. You must disable VLAN and MPLS event type logging when using the syslog output option.");
+ }
+ if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_syslog_local'] <> 'on' &&
+ $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_syslog_dport']) || !is_numeric($_POST['barnyard_syslog_dport']))
+ $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Syslog Remote Port.");
+ if (empty($_POST['barnyard_syslog_rhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the Syslog Remote Host.");
+ }
- foreach ($a_nat as $natent) {
- if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
- continue;
- if ($natent['interface'] != $_POST['interface'])
- $input_error[] = "This interface has already an instance defined";
+ // Validate inputs if Bro-IDS output enabled
+ if ($_POST['barnyard_bro_ids_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_bro_ids_dport']) || !is_numeric($_POST['barnyard_bro_ids_dport']))
+ $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Bro-IDS Remote Port.");
+ if (empty($_POST['barnyard_bro_ids_rhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the Bro-IDS Remote Host.");
}
- /* if no errors write to conf */
+ // if no errors write to conf
if (!$input_errors) {
$natent = array();
/* repost the options already in conf */
$natent = $pconfig;
$natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off';
- if ($_POST['barnyard_mysql']) $natent['barnyard_mysql'] = $_POST['barnyard_mysql']; else unset($natent['barnyard_mysql']);
+ $natent['barnyard_show_year'] = $_POST['barnyard_show_year'] ? 'on' : 'off';
+ $natent['barnyard_archive_enable'] = $_POST['barnyard_archive_enable'] ? 'on' : 'off';
+ $natent['barnyard_dump_payload'] = $_POST['barnyard_dump_payload'] ? 'on' : 'off';
+ $natent['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip'] ? 'on' : 'off';
+ $natent['barnyard_log_vlan_events'] = $_POST['barnyard_log_vlan_events'] ? 'on' : 'off';
+ $natent['barnyard_log_mpls_events'] = $_POST['barnyard_log_mpls_events'] ? 'on' : 'off';
+ $natent['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'] ? 'on' : 'off';
+ $natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off';
+ $natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off';
+ $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off';
+ $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off';
+ $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
+ $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
+
+ if ($_POST['unified2_log_limit']) $natent['unified2_log_limit'] = $_POST['unified2_log_limit']; else unset($natent['unified2_log_limit']);
+ if ($_POST['u2_archived_log_retention']) $natent['u2_archived_log_retention'] = $_POST['u2_archived_log_retention']; else unset($natent['u2_archived_log_retention']);
+ if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']);
+ if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']);
+ if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']);
+ if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']);
+ if ($_POST['barnyard_dbpwd']) $natent['barnyard_dbpwd'] = base64_encode($_POST['barnyard_dbpwd']); else unset($natent['barnyard_dbpwd']);
+ if ($_POST['barnyard_syslog_rhost']) $natent['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost']; else unset($natent['barnyard_syslog_rhost']);
+ if ($_POST['barnyard_syslog_dport']) $natent['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; else $natent['barnyard_syslog_dport'] = '514';
+ if ($_POST['barnyard_syslog_facility']) $natent['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; else $natent['barnyard_syslog_facility'] = 'LOG_USER';
+ if ($_POST['barnyard_syslog_priority']) $natent['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; else $natent['barnyard_syslog_priority'] = 'LOG_INFO';
+ if ($_POST['barnyard_bro_ids_rhost']) $natent['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; else unset($natent['barnyard_bro_ids_rhost']);
+ if ($_POST['barnyard_bro_ids_dport']) $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; else $natent['barnyard_bro_ids_dport'] = '47760';
if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']);
- if ($_POST['barnyard_enable'] == "on")
- $natent['snortunifiedlog'] = 'on';
- else
- $natent['snortunifiedlog'] = 'off';
-
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
- else {
- $a_nat[] = $natent;
- }
- write_config();
+ $a_nat[$id] = $natent;
+ write_config("Snort pkg: modified Barnyard2 settings.");
- /* No need to rebuild rules if just toggling Barnyard2 on or off */
+ // No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
sync_snort_package_config();
- /* after click go to this page */
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: snort_barnyard.php?id=$id");
- exit;
+ // If disabling Barnyard2 on the interface, stop any
+ // currently running instance. If an instance is
+ // running, signal it to reload the configuration.
+ // If Barnyard2 is enabled but not running, notify the
+ // user to restart Snort to enable Unified2 output.
+ if ($a_nat[$id]['barnyard_enable'] == "off") {
+ snort_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
+ }
+ elseif ($a_nat[$id]['barnyard_enable'] == "on") {
+ if (snort_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2"))
+ snort_barnyard_reload_config($a_nat[$id], "HUP");
+ else {
+ // Notify user a Snort restart is required if enabling Barnyard2 for the first time
+ $savemsg = gettext("NOTE: you must restart Snort on this interface to activate unified2 logging for Barnyard2.");
+ }
+ }
+ $pconfig = $natent;
+ }
+ else {
+ // We had errors, so save previous field data to prevent retyping
+ $pconfig = $_POST;
}
}
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Barnyard2 Settings");
include_once("head.inc");
@@ -111,21 +202,6 @@ include_once("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<script language="JavaScript">
-<!--
-
-function enable_change(enable_change) {
- endis = !(document.iform.barnyard_enable.checked || enable_change);
- // make shure a default answer is called if this is envoked.
- endis2 = (document.iform.barnyard_enable);
-
- document.iform.barnyard_mysql.disabled = endis;
- document.iform.barnconfigpassthru.disabled = endis;
-}
-//-->
-</script>
<?php
@@ -138,10 +214,10 @@ function enable_change(enable_change) {
print_info_box($savemsg);
}
- ?>
+?>
-<form action="snort_barnyard.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="snort_barnyard.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>" /> </td>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -149,23 +225,25 @@ function enable_change(enable_change) {
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -178,46 +256,282 @@ function enable_change(enable_change) {
<tr>
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Enable"); ?></td>
<td width="78%" class="vtable">
- <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)">
+ <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"/>
<strong><?php echo gettext("Enable Barnyard2"); ?></strong><br/>
- <?php echo gettext("This will enable barnyard2 for this interface. You will also have to set the database credentials."); ?></td>
+ <?php echo gettext("This will enable barnyard2 for this interface. You will also to enable at least one logging destination below."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Show Year"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_show_year" type="checkbox" value="on" <?php if ($pconfig['barnyard_show_year'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable the year being shown in timestamps. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td>
+ <td width="78%" class="vtable"><select name="unified2_log_limit" class="formselect" id="unified2_log_limit">
+ <?php foreach ($log_sizes as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['unified2_log_limit']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;<?php echo gettext("Choose a Unified2 Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/><br/>
+ <?php echo gettext("This sets the maximum size for a Unified2 Log file before it is rotated and a new one created."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Archive Unified2 Logs"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_archive_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_archive_enable'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable the archiving of processed unified2 log files. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?><br/>
+ <?php echo gettext("Unified2 log files will be moved to an archive folder for subsequent cleanup when processed."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="vncell" width="22%" valign="top"><?=gettext("Unified2 Archived Log Retention Period");?></td>
+ <td width="78%" class="vtable"><select name="u2_archived_log_retention" class="formselect" id="u2_archived_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['u2_archived_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;<?=gettext("Choose retention period for archived Barnyard2 binary log files. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/>
+ <?=gettext("When Barnyard2 output is enabled, Snort writes event data to a binary format file that Barnyard2 reads and processes. ") .
+ gettext("When finished processing a file, Barnyard2 moves it to an archive folder. This setting determines how long files ") .
+ gettext("remain in the archive folder before they are automatically deleted.");?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Dump Payload"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dump_payload" type="checkbox" value="on" <?php if ($pconfig['barnyard_dump_payload'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable dumping of application data from unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Obfuscate IP Addresses"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_obfuscate_ip" type="checkbox" value="on" <?php if ($pconfig['barnyard_obfuscate_ip'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable obfuscation of logged IP addresses. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>
+ </td>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log VLAN Events"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_log_vlan_events" type="checkbox" value="on" <?php if ($pconfig['barnyard_log_vlan_events'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable logging of VLAN event types in unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log MPLS Events"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_log_mpls_events" type="checkbox" value="on" <?php if ($pconfig['barnyard_log_mpls_events'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable logging of MPLS event types in unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor Name"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_sensor_name" type="text" class="formfld unknown"
+ id="barnyard_sensor_name" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_name']);?>"/>
+ &nbsp;<?php echo gettext("Unique name for this sensor. Leave blank to use internal default."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Database Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable MySQL Database"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_mysql_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_mysql_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_mySQL()"/><?php echo gettext("Enable logging of alerts to a MySQL database instance"); ?><br/>
+ <?php echo gettext("You will also have to provide the database credentials in the fields below."); ?></td>
+ </tr>
+ <tbody id="mysql_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbhost" type="text" class="formfld host"
+ id="barnyard_dbhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of the MySQL database server"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Name"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbname" type="text" class="formfld unknown"
+ id="barnyard_dbname" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbname']);?>"/>
+ &nbsp;<?php echo gettext("Instance or DB name of the MySQL database"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Name"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbuser" type="text" class="formfld user"
+ id="barnyard_dbuser" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbuser']);?>"/>
+ &nbsp;<?php echo gettext("Username for the MySQL database"); ?>
+ </td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Settings"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Password"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbpwd" type="password" class="formfld pwd"
+ id="barnyard_dbpwd" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbpwd']);?>"/>
+ &nbsp;<?php echo gettext("Password for the MySQL database user"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Snort instances."); ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Syslog"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_syslog()"/>
+ <?php echo gettext("Enable logging of alerts to a syslog receiver"); ?><br/>
+ <?php echo gettext("This will send alert data to either a local or remote syslog receiver."); ?></td>
+ </tr>
+ <tbody id="syslog_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Operation Mode"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_default"
+ value="default" <?php if ($pconfig['barnyard_syslog_opmode'] == 'default') echo "checked";?>/>
+ <?php echo gettext("DEFAULT"); ?>&nbsp;<input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_complete"
+ value="complete" <?php if ($pconfig['barnyard_syslog_opmode'] == 'complete') echo "checked";?>/>
+ <?php echo gettext("COMPLETE"); ?>&nbsp;&nbsp;
+ <?php echo gettext("Select the level of detail to include when reporting"); ?><br/><br/>
+ <?php echo gettext("DEFAULT mode is compatible with the standard Snort syslog format. COMPLETE mode includes additional information such as the raw packet data (displayed in hex format)."); ?>
+ </td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Log to a MySQL Database"); ?></td>
- <td width="78%" class="vtable"><input name="barnyard_mysql"
- type="text" class="formfld unknown" id="barnyard_mysql" style="width:95%;" size="85"
- value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>"> <br/>
- <span class="vexpl"><?php echo gettext("Example: output database: alert, mysql, " .
- "dbname=snort user=snort host=localhost password=xyz"); ?><br/>
- <?php echo gettext("Example: output database: log, mysql, dbname=snort user=snort " .
- "host=localhost password=xyz"); ?></span></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Only"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_local" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_local'] == "on") echo "checked"; ?>
+ onClick="toggle_local_syslog()"/>
+ <?php echo gettext("Enable logging of alerts to the local system only"); ?><br/>
+ <?php echo gettext("This will send alert data to the local system only and overrides the host, port, protocol, facility and priority values below."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_rhost" type="text" class="formfld host"
+ id="barnyard_syslog_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_rhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of remote syslog host"); ?>
+ </td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_dport" type="text" class="formfld unknown"
+ id="barnyard_syslog_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_dport']);?>"/>
+ &nbsp;<?php echo gettext("Port number for syslog on remote host. Default is ") . "<strong>" . gettext("514") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Protocol"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_udp"
+ value="udp" <?php if ($pconfig['barnyard_syslog_proto'] == 'udp') echo "checked";?>/>
+ <?php echo gettext("UDP"); ?>&nbsp;<input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_tcp"
+ value="tcp" <?php if ($pconfig['barnyard_syslog_proto'] == 'tcp') echo "checked";?>/>
+ <?php echo gettext("TCP"); ?>&nbsp;&nbsp;
+ <?php echo gettext("Select IP protocol to use for remote reporting. Default is ") . "<strong>" . gettext("UDP") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="barnyard_syslog_facility" id="barnyard_syslog_facility" class="formselect">
+ <?php
+ $log_facility = array( "LOG_AUTH", "LOG_AUTHPRIV", "LOG_DAEMON", "LOG_KERN", "LOG_SYSLOG", "LOG_USER", "LOG_LOCAL1",
+ "LOG_LOCAL2", "LOG_LOCAL3", "LOG_LOCAL4", "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7" );
+ foreach ($log_facility as $facility) {
+ $selected = "";
+ if ($facility == $pconfig['barnyard_syslog_facility'])
+ $selected = " selected";
+ echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select Syslog Facility to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Priority"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="barnyard_syslog_priority" id="barnyard_syslog_priority" class="formselect">
+ <?php
+ $log_priority = array( "LOG_EMERG", "LOG_ALERT", "LOG_CRIT", "LOG_ERR", "LOG_WARNING", "LOG_NOTICE", "LOG_INFO" );
+ foreach ($log_priority as $priority) {
+ $selected = "";
+ if ($priority == $pconfig['barnyard_syslog_priority'])
+ $selected = " selected";
+ echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select Syslog Priority (Level) to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Bro-IDS Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Bro-IDS"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_bro_ids_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_bro_ids()"/>
+ <?php echo gettext("Enable logging of alerts to a Bro-IDS receiver"); ?><br/>
+ <?php echo gettext("This will send alert data to either a local or remote Bro-IDS receiver."); ?></td>
+ </tr>
+ <tbody id="bro_ids_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_rhost" type="text" class="formfld host"
+ id="barnyard_bro_ids_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_rhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of remote Bro-IDS host"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_dport" type="text" class="formfld unknown"
+ id="barnyard_bro_ids_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_dport']);?>"/>
+ &nbsp;<?php echo gettext("Port number for Bro-IDS instance on remote host. Default is ") . "<strong>" . gettext("47760") . "</strong>."; ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Advanced Settings"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration " .
- "pass through"); ?></td>
+ "pass-through"); ?></td>
<td width="78%" class="vtable"><textarea name="barnconfigpassthru" style="width:95%;"
cols="65" rows="7" id="barnconfigpassthru" ><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
<br/>
- <?php echo gettext("Arguments here will be automatically inserted into the running " .
+ <?php echo gettext("Arguments entered here will be automatically inserted into the running " .
"barnyard2 configuration."); ?></td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input name="id" type="hidden" value="<?=$id;?>"> </td>
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save Barnyard2 configuration");?>" />
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span></span>
<br/>
- <?php echo gettext("Please save your settings before you click start."); ?> </td>
+ <?php echo gettext("Remember to save your settings before you leave this tab."); ?> </td>
</tr>
</table>
</div>
@@ -225,10 +539,107 @@ function enable_change(enable_change) {
</tr>
</table>
</form>
+
<script language="JavaScript">
-<!--
+function toggle_mySQL() {
+ var endis = !document.iform.barnyard_mysql_enable.checked;
+
+ document.iform.barnyard_dbhost.disabled = endis;
+ document.iform.barnyard_dbname.disabled = endis;
+ document.iform.barnyard_dbuser.disabled = endis;
+ document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
+
+ if (endis)
+ document.getElementById("mysql_config_rows").style.display = "none";
+ else
+ document.getElementById("mysql_config_rows").style.display = "";
+}
+
+function toggle_syslog() {
+ var endis = !document.iform.barnyard_syslog_enable.checked;
+
+ document.iform.barnyard_syslog_opmode_default.disabled = endis;
+ document.iform.barnyard_syslog_opmode_complete.disabled = endis;
+ document.iform.barnyard_syslog_local.disabled = endis;
+ document.iform.barnyard_syslog_rhost.disabled = endis;
+ document.iform.barnyard_syslog_dport.disabled = endis;
+ document.iform.barnyard_syslog_proto_udp.disabled = endis;
+ document.iform.barnyard_syslog_proto_tcp.disabled = endis;
+ document.iform.barnyard_syslog_facility.disabled = endis;
+ document.iform.barnyard_syslog_priority.disabled = endis;
+
+ if (endis)
+ document.getElementById("syslog_config_rows").style.display = "none";
+ else
+ document.getElementById("syslog_config_rows").style.display = "";
+}
+
+function toggle_local_syslog() {
+ var endis = document.iform.barnyard_syslog_local.checked;
+
+ if (document.iform.barnyard_syslog_enable.checked) {
+ document.iform.barnyard_syslog_rhost.disabled = endis;
+ document.iform.barnyard_syslog_dport.disabled = endis;
+ document.iform.barnyard_syslog_proto_udp.disabled = endis;
+ document.iform.barnyard_syslog_proto_tcp.disabled = endis;
+ document.iform.barnyard_syslog_facility.disabled = endis;
+ document.iform.barnyard_syslog_priority.disabled = endis;
+ }
+}
+
+function toggle_bro_ids() {
+ var endis = !document.iform.barnyard_bro_ids_enable.checked;
+
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
+
+ if (endis)
+ document.getElementById("bro_ids_config_rows").style.display = "none";
+ else
+ document.getElementById("bro_ids_config_rows").style.display = "";
+}
+
+function enable_change(enable_change) {
+ endis = !(document.iform.barnyard_enable.checked || enable_change);
+ // make sure a default answer is called if this is invoked.
+ endis2 = (document.iform.barnyard_enable);
+ document.iform.unified2_log_limit.disabled = endis;
+ document.iform.barnyard_archive_enable.disabled = endis;
+ document.iform.u2_archived_log_retention.disabled = endis;
+ document.iform.barnyard_show_year.disabled = endis;
+ document.iform.barnyard_dump_payload.disabled = endis;
+ document.iform.barnyard_obfuscate_ip.disabled = endis;
+ document.iform.barnyard_log_vlan_events.disabled = endis;
+ document.iform.barnyard_log_mpls_events.disabled = endis;
+ document.iform.barnyard_sensor_name.disabled = endis;
+ document.iform.barnyard_mysql_enable.disabled = endis;
+ document.iform.barnyard_dbhost.disabled = endis;
+ document.iform.barnyard_dbname.disabled = endis;
+ document.iform.barnyard_dbuser.disabled = endis;
+ document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
+ document.iform.barnyard_syslog_enable.disabled = endis;
+ document.iform.barnyard_syslog_local.disabled = endis;
+ document.iform.barnyard_syslog_opmode_default.disabled = endis;
+ document.iform.barnyard_syslog_opmode_complete.disabled = endis;
+ document.iform.barnyard_syslog_rhost.disabled = endis;
+ document.iform.barnyard_syslog_dport.disabled = endis;
+ document.iform.barnyard_syslog_proto_udp.disabled = endis;
+ document.iform.barnyard_syslog_proto_tcp.disabled = endis;
+ document.iform.barnyard_syslog_facility.disabled = endis;
+ document.iform.barnyard_syslog_priority.disabled = endis;
+ document.iform.barnyard_bro_ids_enable.disabled = endis;
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
+ document.iform.barnconfigpassthru.disabled = endis;
+}
+
enable_change(false);
-//-->
+toggle_mySQL();
+toggle_syslog();
+toggle_local_syslog();
+toggle_bro_ids();
</script>
<?php include("fend.inc"); ?>
</body>
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 4fc470d3..76d5a9df 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -34,6 +34,8 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+$snortlogdir = SNORTLOGDIR;
+
// Grab pfSense version so we can refer to it later on this page
$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
@@ -48,14 +50,14 @@ if (empty($pconfig['blertnumber']))
else
$bnentries = $pconfig['blertnumber'];
-if ($_POST['todelete'] || $_GET['todelete']) {
+if ($_POST['todelete']) {
$ip = "";
- if($_POST['todelete'])
- $ip = $_POST['todelete'];
- else if($_GET['todelete'])
- $ip = $_GET['todelete'];
+ if ($_POST['ip'])
+ $ip = $_POST['ip'];
if (is_ipaddr($ip))
exec("/sbin/pfctl -t snort2c -T delete {$ip}");
+ else
+ $input_errors[] = gettext("An invalid IP address was provided as a parameter.");
}
if ($_POST['remove']) {
@@ -117,7 +119,7 @@ if ($_POST['save'])
$config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
- write_config();
+ write_config("Snort pkg: updated BLOCKED tab settings.");
header("Location: /snort/snort_blocked.php");
exit;
@@ -140,12 +142,19 @@ include_once("fbegin.inc");
/* refresh every 60 secs */
if ($pconfig['brefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_blocked.php\" />\n";
-?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+?>
-<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="/snort/snort_blocked.php" method="post">
+<input type="hidden" name="ip" id="ip" value=""/>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
@@ -156,10 +165,11 @@ if ($pconfig['brefresh'] == 'on')
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), true, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -172,22 +182,23 @@ if ($pconfig['brefresh'] == 'on')
<tr>
<td width="22%" class="vncell"><?php echo gettext("Save or Remove Hosts"); ?></td>
<td width="78%" class="vtable">
- <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext("All " .
- "blocked hosts will be saved."); ?>&nbsp;&nbsp;<input name="remove" type="submit"
- class="formbtns" value="Clear">&nbsp;<span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>
- <?php echo gettext("all hosts will be removed."); ?>
+ <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/>
+ &nbsp;<?php echo gettext("All blocked hosts will be saved."); ?>&nbsp;&nbsp;
+ <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>"
+ onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/>&nbsp;
+ <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>&nbsp;<?php echo gettext("all hosts will be removed."); ?>
</td>
</tr>
<tr>
<td width="22%" class="vncell"><?php echo gettext("Auto Refresh and Log View"); ?></td>
<td width="78%" class="vtable">
- <input name="save" type="submit" class="formbtns" value="Save"> <?php echo gettext("Refresh"); ?> <input
- name="brefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>>
- <?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;<input
- name="blertnumber" type="text" class="formfld unknown" id="blertnumber"
- size="5" value="<?=htmlspecialchars($bnentries);?>"> <?php printf(gettext("Enter the " .
- "number of blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
+ <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
+ &nbsp;&nbsp;<?php echo gettext("Refresh"); ?>&nbsp;<input name="brefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['snortglobal']['alertsblocks']['brefresh']=='') echo "checked"; ?>/>
+ &nbsp;<?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
+ <input name="blertnumber" type="text" class="formfld unknown" id="blertnumber"
+ size="5" value="<?=htmlspecialchars($bnentries);?>"/>&nbsp;<?php printf(gettext("Enter number of " .
+ "blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
</td>
</tr>
<tr>
@@ -225,13 +236,13 @@ if ($pconfig['brefresh'] == 'on')
if (!empty($blocked_ips_array)) {
$tmpblocked = array_flip($blocked_ips_array);
$src_ip_list = array();
- foreach (glob("/var/log/snort/*/alert") as $alertfile) {
+ foreach (glob("{$snortlogdir}/*/alert") as $alertfile) {
$fd = fopen($alertfile, "r");
if ($fd) {
/* 0 1 2 3 4 5 6 7 8 9 10 11 12
/* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 11)
+ if(count($fields) < 13)
continue;
if (isset($tmpblocked[$fields[6]])) {
@@ -280,8 +291,9 @@ if ($pconfig['brefresh'] == 'on')
<td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td>
<td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td>
<td valign=\"middle\" class=\"listr\">{$blocked_desc}</td>
- <td align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'>
- <img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\">
+ <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$blocked_ip}';\"
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td>
</tr>\n";
}
}
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index 038a11cd..a5b9e65e 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -1,10 +1,11 @@
<?php
/*
- * snort_chk_log_dir_size.php
+ * snort_check_cron_misc.inc
* part of pfSense
*
- * Modified for the Pfsense snort package v. 1.8+
+ * Modified for the pfSense snort package v. 1.8+
* Copyright (C) 2009-2010 Robert Zelaya Developer
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -31,68 +32,98 @@
require_once("/usr/local/pkg/snort/snort.inc");
-// 'B' => 1,
-// 'KB' => 1024,
-// 'MB' => 1024 * 1024,
-// 'GB' => 1024 * 1024 * 1024,
-// 'TB' => 1024 * 1024 * 1024 * 1024,
-// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024,
+$snortlogdir = SNORTLOGDIR;
+function snort_check_dir_size_limit($snortloglimitsize) {
-/* chk if snort log dir is full if so clear it */
-$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
-$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
+ /********************************************************
+ * This function checks the total size of the Snort *
+ * logging sub-directory structure and prunes the files *
+ * for all Snort interfaces if the size exceeds the *
+ * passed limit. *
+ * *
+ * On Entry: $snortloglimitsize = dir size limit in *
+ * in megabytes *
+ ********************************************************/
-if ($g['booting']==true)
- return;
+ global $g, $config;
-if ($snortloglimit == 'off')
- return;
+ // Convert Log Limit Size setting from MB to KB
+ $snortloglimitsizeKB = round($snortloglimitsize * 1024);
+ $snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR);
+ if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) {
+ log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated."));
+ conf_mount_rw();
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- return;
+ // Truncate the Rules Update Log file if it exists
+ if (file_exists(RULES_UPD_LOGFILE)) {
+ log_error(gettext("[Snort] Truncating the Rules Update Log file..."));
+ @file_put_contents(RULES_UPD_LOGFILE, "");
+ }
-/* Convert Log Limit Size setting from MB to KB */
-$snortloglimitsizeKB = round($snortloglimitsize * 1024);
-$snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR);
-if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) {
- log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated."));
- conf_mount_rw();
-
- /* Truncate the Rules Update Log file if it exists */
- if (file_exists(RULES_UPD_LOGFILE)) {
- log_error(gettext("[Snort] Truncating the Rules Update Log file..."));
- $fd = @fopen(RULES_UPD_LOGFILE, "w+");
- if ($fd)
- fclose($fd);
- }
+ // Clean-up the logs for each configured Snort instance
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $snort_uuid = $value['uuid'];
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
+ log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})..."));
+ snort_post_delete_logs($snort_uuid);
+
+ // Truncate the alert log file if it exists
+ if (file_exists("{$snort_log_dir}/alert")) {
+ @file_put_contents("{$snort_log_dir}/alert", "");
+ }
- /* Clean-up the logs for each configured Snort instance */
- foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
- $if_real = snort_get_real_interface($value['interface']);
- $snort_uuid = $value['uuid'];
- $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
- log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})..."));
- snort_post_delete_logs($snort_uuid);
-
- /* Truncate the alert log file if it exists */
- if (file_exists("{$snort_log_dir}/alert")) {
- $fd = @fopen("{$snort_log_dir}/alert", "w+");
- if ($fd)
- fclose($fd);
+ // This is needed if snort is run as snort user
+ mwexec('/bin/chmod 660 {$snort_log_dir}/*', true);
+
+ // Soft-restart Snort process to resync logging
+ if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})..."));
+ mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
+ }
}
+ conf_mount_ro();
+ log_error(gettext("[Snort] Automatic clean-up of Snort logs completed."));
+ }
+}
+
+/*************************
+ * Start of main code *
+ *************************/
+
+// If firewall is booting, do nothing
+if ($g['booting'] == true)
+ return;
- /* This is needed if snort is run as snort user */
- mwexec('/bin/chmod 660 /var/log/snort/*', true);
+// If no interfaces defined, there is nothing to clean up
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return;
- /* Soft-restart Snort process to resync logging */
- if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
- log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})..."));
- mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
+// Check unified2 archived log retention in the interface logging directories if enabled
+foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$value['uuid']}";
+ if (is_dir("{$snort_log_dir}/barnyard2/archive") && $value['u2_archived_log_retention'] > 0) {
+ $now = time();
+ $files = glob("{$snort_log_dir}/barnyard2/archive/snort_{$value['uuid']}_{$if_real}.u2.*");
+ $prune_count = 0;
+ foreach ($files as $f) {
+ if (($now - filemtime($f)) > ($value['u2_archived_log_retention'] * 3600)) {
+ $prune_count++;
+ unlink_if_exists($f);
+ }
}
+ unset($files);
+ if ($prune_count > 0)
+ log_error(gettext("[Snort] Barnyard2 archived logs cleanup job removed {$prune_count} file(s)..."));
}
- conf_mount_ro();
- log_error(gettext("[Snort] Automatic clean-up of Snort logs completed."));
}
+// Check the overall log directory limit (if enabled) and prune if necessary
+if ($config['installedpackages']['snortglobal']['snortloglimit'] == 'on')
+ snort_check_dir_size_limit($config['installedpackages']['snortglobal']['snortloglimitsize']);
+
+return;
+
?>
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index e13c3bef..667f4044 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -5,7 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009 Robert Zelaya
* Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -62,10 +62,13 @@ if (!defined("ET_OPEN_FILE_PREFIX"))
define("ET_OPEN_FILE_PREFIX", "emerging-");
if (!defined("ET_PRO_FILE_PREFIX"))
define("ET_PRO_FILE_PREFIX", "etpro-");
+if (!defined("IPREP_PATH"))
+ define("IPREP_PATH", "/var/db/snort/iprep/");
$snortdir = SNORTDIR;
$snortlibdir = SNORTLIBDIR;
$snortlogdir = SNORTLOGDIR;
+$snortiprepdir = IPREP_PATH;
$snort_rules_upd_log = RULES_UPD_LOGFILE;
/* Save the state of $pkg_interface so we can restore it */
@@ -95,7 +98,7 @@ exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26
// Save the version with decimal delimiters for use in extracting the rules
$snort_version = $snortver[0];
if (empty($snort_version))
- $snort_version = "2.9.5.6";
+ $snort_version = "2.9.6.0";
// Create a collapsed version string for use in the tarball filename
$snortver[0] = str_replace(".", "", $snortver[0]);
@@ -150,22 +153,54 @@ function snort_download_file_url($url, $file_out) {
global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update;
+ $rfc2616 = array(
+ 100 => "100 Continue",
+ 101 => "101 Switching Protocols",
+ 200 => "200 OK",
+ 201 => "201 Created",
+ 202 => "202 Accepted",
+ 203 => "203 Non-Authoritative Information",
+ 204 => "204 No Content",
+ 205 => "205 Reset Content",
+ 206 => "206 Partial Content",
+ 300 => "300 Multiple Choices",
+ 301 => "301 Moved Permanently",
+ 302 => "302 Found",
+ 303 => "303 See Other",
+ 304 => "304 Not Modified",
+ 305 => "305 Use Proxy",
+ 306 => "306 (Unused)",
+ 307 => "307 Temporary Redirect",
+ 400 => "400 Bad Request",
+ 401 => "401 Unauthorized",
+ 402 => "402 Payment Required",
+ 403 => "403 Forbidden",
+ 404 => "404 Not Found",
+ 405 => "405 Method Not Allowed",
+ 406 => "406 Not Acceptable",
+ 407 => "407 Proxy Authentication Required",
+ 408 => "408 Request Timeout",
+ 409 => "409 Conflict",
+ 410 => "410 Gone",
+ 411 => "411 Length Required",
+ 412 => "412 Precondition Failed",
+ 413 => "413 Request Entity Too Large",
+ 414 => "414 Request-URI Too Long",
+ 415 => "415 Unsupported Media Type",
+ 416 => "416 Requested Range Not Satisfiable",
+ 417 => "417 Expectation Failed",
+ 500 => "500 Internal Server Error",
+ 501 => "501 Not Implemented",
+ 502 => "502 Bad Gateway",
+ 503 => "503 Service Unavailable",
+ 504 => "504 Gateway Timeout",
+ 505 => "505 HTTP Version Not Supported"
+ );
+
// Initialize required variables for the pfSense "read_body()" function
$file_size = 1;
$downloaded = 1;
$first_progress_update = TRUE;
-
-
- // Array of message strings for HTTP Response Codes
- $http_resp_msg = array( 200 => "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content",
- 206 => "Partial Content", 301 => "Moved Permanently", 302 => "Found",
- 305 => "Use Proxy", 307 => "Temporary Redirect", 400 => "Bad Request",
- 401 => "Unauthorized", 402 => "Payment Required", 403 => "Forbidden",
- 404 => "Not Found", 405 => "Method Not Allowed", 407 => "Proxy Authentication Required",
- 408 => "Request Timeout", 410 => "Gone", 500 => "Internal Server Error",
- 501 => "Not Implemented", 502 => "Bad Gateway", 503 => "Service Unavailable",
- 504 => "Gateway Timeout", 505 => "HTTP Version Not Supported" );
-
$last_curl_error = "";
$fout = fopen($file_out, "wb");
@@ -215,8 +250,8 @@ function snort_download_file_url($url, $file_out) {
if ($rc === false)
$last_curl_error = curl_error($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- if (isset($http_resp_msg[$http_code]))
- $last_curl_error = $http_resp_msg[$http_code];
+ if (isset($rfc2616[$http_code]))
+ $last_curl_error = $rfc2616[$http_code];
curl_close($ch);
fclose($fout);
@@ -250,7 +285,7 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") {
/* error occurred. */
/**********************************************************/
- global $pkg_interface, $snort_rules_upd_log, $last_curl_error;
+ global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors;
$snortdir = SNORTDIR;
$filename_md5 = basename($file_dst);
@@ -292,9 +327,9 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") {
log_error(gettext("[Snort] {$desc} md5 download failed..."));
log_error(gettext("[Snort] Server returned error code {$rc}..."));
error_log(gettext("\t{$snort_err_msg}\n"), 3, $snort_rules_upd_log);
- if ($pkg_interface == "console")
- error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log);
+ $update_errors = true;
return false;
}
}
@@ -318,7 +353,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
/* FALSE if download was not successful. */
/**********************************************************/
- global $pkg_interface, $snort_rules_upd_log, $last_curl_error;
+ global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors;
$snortdir = SNORTDIR;
$filename = basename($file_dst);
@@ -348,6 +383,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $snort_rules_upd_log);
error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $snort_rules_upd_log);
error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $snort_rules_upd_log);
+ $update_errors = true;
return false;
}
return true;
@@ -357,9 +393,9 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
update_output_window(gettext("{$desc} file download failed..."));
log_error(gettext("[Snort] {$desc} file download failed... server returned error '{$rc}'..."));
error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, $snort_rules_upd_log);
- if ($pkg_interface == "console")
- error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
+ error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log);
error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log);
+ $update_errors = true;
return false;
}
@@ -371,25 +407,27 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
/* remove any old $tmpfname files */
if (is_dir("{$tmpfname}"))
- exec("/bin/rm -r {$tmpfname}");
+ exec("/bin/rm -rf {$tmpfname}");
/* Make sure required snortdirs exsist */
-exec("/bin/mkdir -p {$snortdir}/rules");
-exec("/bin/mkdir -p {$snortdir}/signatures");
-exec("/bin/mkdir -p {$snortdir}/preproc_rules");
-exec("/bin/mkdir -p {$tmpfname}");
-exec("/bin/mkdir -p {$snortlibdir}/dynamicrules");
-exec("/bin/mkdir -p {$snortlogdir}");
+safe_mkdir("{$snortdir}/rules");
+safe_mkdir("{$snortdir}/signatures");
+safe_mkdir("{$snortdir}/preproc_rules");
+safe_mkdir("{$tmpfname}");
+safe_mkdir("{$snortlibdir}/dynamicrules");
+safe_mkdir("{$snortlogdir}");
+safe_mkdir("{$snortiprepdir}");
/* See if we need to automatically clear the Update Log based on 1024K size limit */
if (file_exists($snort_rules_upd_log)) {
if (1048576 < filesize($snort_rules_upd_log))
- exec("/bin/rm -r {$snort_rules_upd_log}");
+ @unlink("{$snort_rules_upd_log}");
}
/* Log start time for this rules update */
error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $snort_rules_upd_log);
$last_curl_error = "";
+$update_errors = false;
/* Check for and download any new Snort VRT sigs */
if ($snortdownload == 'on') {
@@ -430,15 +468,17 @@ if ($emergingthreats == 'on') {
/* Untar Snort rules file to tmp and install the rules */
if ($snortdownload == 'on') {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
- /* Currently, only FreeBSD-8-1 and FreeBSD-9-0 precompiled SO rules exist from Snort.org */
- /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x */
+ /* Currently, only FreeBSD-8-1, FreeBSD-9-0 and FreeBSD-10-0 precompiled SO rules exist from Snort.org */
+ /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x or FreeBSD 10.x */
$freebsd_version_so = 'FreeBSD-8-1';
if (substr(php_uname("r"), 0, 1) == '9')
$freebsd_version_so = 'FreeBSD-9-0';
+ elseif (substr(php_uname("r"), 0, 2) == '10')
+ $freebsd_version_so = 'FreeBSD-10-0';
/* Remove the old Snort rules files */
$vrt_prefix = VRT_FILE_PREFIX;
- array_map('unlink', glob("{$snortdir}/rules/{$vrt_prefix}*.rules"));
+ unlink_if_exists("{$snortdir}/rules/{$vrt_prefix}*.rules");
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT rules..."));
@@ -487,7 +527,7 @@ if ($snortdownload == 'on') {
exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/dynamicrules/");
} else
$nosorules = true;
- exec("rm -r {$tmpfname}/so_rules");
+ exec("rm -rf {$tmpfname}/so_rules");
if ($nosorules == false) {
/* extract Shared Object stub rules, rename and copy to the rules folder. */
if ($pkg_interface <> "console")
@@ -498,7 +538,7 @@ if ($snortdownload == 'on') {
$newfile = basename($file, ".rules");
@copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}.so.rules");
}
- exec("rm -r {$tmpfname}/so_rules");
+ exec("rm -rf {$tmpfname}/so_rules");
}
/* extract base etc files */
if ($pkg_interface <> "console") {
@@ -556,7 +596,7 @@ if ($snortcommunityrules == 'on') {
update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed..."));
}
error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log);
- exec("rm -r {$tmpfname}/community");
+ exec("rm -rf {$tmpfname}/community");
}
}
@@ -574,10 +614,10 @@ if ($emergingthreats == 'on') {
/* Remove the old Emerging Threats rules files */
$eto_prefix = ET_OPEN_FILE_PREFIX;
$etpro_prefix = ET_PRO_FILE_PREFIX;
- array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*.rules"));
- array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*.rules"));
- array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*ips.txt"));
- array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*ips.txt"));
+ unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*.rules");
+ unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*.rules");
+ unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*ips.txt");
+ unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*ips.txt");
$files = glob("{$tmpfname}/emerging/rules/*.rules");
foreach ($files as $file) {
@@ -591,10 +631,14 @@ if ($emergingthreats == 'on') {
$files = glob("{$tmpfname}/emerging/rules/*ips.txt");
foreach ($files as $file) {
$newfile = basename($file);
- if ($etpro == "on")
+ if ($etpro == "on") {
+ @copy($file, IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}");
@copy($file, "{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "{$newfile}");
- else
+ }
+ else {
+ @copy($file, IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}");
@copy($file, "{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}");
+ }
}
/* base etc files for Emerging Threats rules */
foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
@@ -613,13 +657,13 @@ if ($emergingthreats == 'on') {
update_output_window(gettext("Installation of {$et_name} rules completed..."));
}
error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log);
- exec("rm -r {$tmpfname}/emerging");
+ exec("rm -rf {$tmpfname}/emerging");
}
}
function snort_apply_customizations($snortcfg, $if_real) {
- global $vrt_enabled;
+ global $vrt_enabled, $rebuild_rules;
$snortdir = SNORTDIR;
/* Update the Preprocessor rules from the master configuration for the interface if Snort */
@@ -632,7 +676,8 @@ function snort_apply_customizations($snortcfg, $if_real) {
}
}
- snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}");
+ if ($rebuild_rules == true)
+ snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}");
/* Copy the master config and map files to the interface directory */
@copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config");
@@ -688,11 +733,11 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
/* Create configuration for each active Snort interface */
foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
- $if_real = snort_get_real_interface($value['interface']);
- $tmp = "Updating rules configuration for: " . snort_get_friendly_interface($value['interface']) . " ...";
+ $if_real = get_real_interface($value['interface']);
+ $tmp = "Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($value['interface']) . " ...";
if ($pkg_interface <> "console"){
update_status(gettext($tmp));
- update_output_window(gettext("Please wait while Snort interface files are being updated..."));
+ update_output_window(gettext("Please wait while Snort interface files are updated..."));
}
// Make sure the interface subdirectory and required sub-directories exists.
@@ -713,7 +758,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
$tmp = "\t" . $tmp . "\n";
if ($value['protect_preproc_rules'] == 'on') {
$tmp .= gettext("\tPreprocessor text rules flagged as protected and not updated for ");
- $tmp .= snort_get_friendly_interface($value['interface']) . "...\n";
+ $tmp .= convert_friendly_interface_to_friendly_descr($value['interface']) . "...\n";
}
error_log($tmp, 3, $snort_rules_upd_log);
}
@@ -729,13 +774,6 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
/* Clear the rebuild rules flag. */
$rebuild_rules = false;
- /* remove old $tmpfname files */
- if (is_dir("{$tmpfname}")) {
- if ($pkg_interface <> "console")
- update_status(gettext("Cleaning up after rules extraction..."));
- exec("/bin/rm -r {$tmpfname}");
- }
-
/* Restart snort if already running and we are not rebooting to pick up the new rules. */
if (is_process_running("snort") && !$g['booting']) {
if ($pkg_interface <> "console") {
@@ -755,6 +793,11 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
}
}
+/* remove $tmpfname files */
+if (is_dir("{$tmpfname}")) {
+ exec("/bin/rm -rf {$tmpfname}");
+}
+
if ($pkg_interface <> "console")
update_status(gettext("The Rules update has finished..."));
log_error(gettext("[Snort] The Rules update has finished."));
@@ -764,4 +807,11 @@ conf_mount_ro();
/* Restore the state of $pkg_interface */
$pkg_interface = $pkg_interface_orig;
+/* Save this update status to the configuration file */
+if ($update_errors)
+ $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("failed");
+else
+ $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("success");
+$config['installedpackages']['snortglobal']['last_rule_upd_time'] = time();
+write_config("Snort pkg: updated status for updated rules package(s) check.");
?>
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index 7c057b19..4d1b3c2e 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -5,6 +5,7 @@
*
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -35,12 +36,14 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
@@ -87,20 +90,20 @@ $snort_ports = array(
);
// Sort our SERVERS and PORTS arrays to make values
-// easier to locate by the the user.
+// easier to locate for the user.
ksort($snort_servers);
ksort($snort_ports);
$pconfig = $a_nat[$id];
/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
/* alert file */
$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
-if ($_POST) {
+if ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -131,7 +134,7 @@ if ($_POST) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: modified settings for VARIABLES tab.");
/* Update the snort conf file for this interface. */
$rebuild_rules = false;
@@ -149,9 +152,11 @@ if ($_POST) {
header("Location: snort_define_servers.php?id=$id");
exit;
}
+ else
+ $pconfig = $_POST;
}
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} Variables - Servers and Ports");
include_once("head.inc");
@@ -160,7 +165,6 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display Alert message */
if ($input_errors)
print_input_errors($input_errors); // TODO: add checks
@@ -180,23 +184,25 @@ if ($savemsg)
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), true, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -256,7 +262,7 @@ if ($savemsg)
<tr>
<td width="30%" valign="top">&nbsp;</td>
<td width="70%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="save" type="submit" class="formbtn" value="Save">
<input name="id" type="hidden" value="<?=$id;?>">
</td>
</tr>
@@ -276,9 +282,6 @@ if ($savemsg)
if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
foreach($config['aliases']['alias'] as $alias_name) {
if ($alias_name['type'] == "host" || $alias_name['type'] == "network") {
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
if($addrisfirst == 1) $aliasesaddr .= ",";
$aliasesaddr .= "'" . $alias_name['name'] . "'";
$addrisfirst = 1;
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index 562a6b36..f35341f1 100755
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -91,7 +91,7 @@ include("head.inc");
<?php
$snort_gui_include = true;
-include("/usr/local/pkg/snort/snort_check_for_rule_updates.php");
+include("/usr/local/www/snort/snort_check_for_rule_updates.php");
/* hide progress bar and lets end this party */
echo "\n<script type=\"text/javascript\">document.progressbar.style.visibility='hidden';\n</script>";
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 5c9b8210..ecc1e5b5 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -39,7 +39,6 @@ require_once("/usr/local/pkg/snort/snort.inc");
/* Define some locally required variables from Snort constants */
$snortdir = SNORTDIR;
$snort_rules_upd_log = RULES_UPD_LOGFILE;
-$log = $snort_rules_upd_log;
/* Grab the Snort binary version programmatically and */
/* use it to construct the proper Snort VRT rules */
@@ -52,38 +51,71 @@ if (empty($snortver[0]))
$snortver[0] = str_replace(".", "", $snortver[0]);
$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz";
-//$snort_rules_file = VRT_DNLD_FILENAME;
$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
-/* load only javascript that is needed */
-$snort_load_jquery = 'yes';
-$snort_load_jquery_colorbox = 'yes';
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+/* Get last update information if available */
+if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_time']))
+ $last_rule_upd_time = date('M-d Y H:i', $config['installedpackages']['snortglobal']['last_rule_upd_time']);
+else
+ $last_rule_upd_time = gettext("Unknown");
+if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_status']))
+ $last_rule_upd_status = htmlspecialchars($config['installedpackages']['snortglobal']['last_rule_upd_status']);
+else
+ $last_rule_upd_status = gettext("Unknown");
+
if ($etpro == "on") {
$emergingthreats_filename = ETPRO_DNLD_FILENAME;
- $et_name = "EMERGING THREATS PRO RULES";
+ $et_name = "Emerging Threats Pro Rules";
}
else {
$emergingthreats_filename = ET_DNLD_FILENAME;
- $et_name = "EMERGING THREATS RULES";
+ $et_name = "Emerging Threats Open Rules";
}
-/* quick md5s chk */
-$snort_org_sig_chk_local = 'N/A';
-if (file_exists("{$snortdir}/{$snort_rules_file}.md5"))
+/* quick md5 chk of downloaded rules */
+if ($snortdownload == 'on') {
+ $snort_org_sig_chk_local = 'Not Downloaded';
+ $snort_org_sig_date = 'Not Downloaded';
+}
+else {
+ $snort_org_sig_chk_local = 'Not Enabled';
+ $snort_org_sig_date = 'Not Enabled';
+}
+if (file_exists("{$snortdir}/{$snort_rules_file}.md5") && $snortdownload == 'on') {
$snort_org_sig_chk_local = file_get_contents("{$snortdir}/{$snort_rules_file}.md5");
+ $snort_org_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_rules_file}.md5"));
+}
-$emergingt_net_sig_chk_local = 'N/A';
-if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5"))
+if ($etpro == "on" || $emergingthreats == "on") {
+ $emergingt_net_sig_chk_local = 'Not Downloaded';
+ $emergingt_net_sig_date = 'Not Downloaded';
+}
+else {
+ $emergingt_net_sig_chk_local = 'Not Enabled';
+ $emergingt_net_sig_date = 'Not Enabled';
+}
+if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5") && ($etpro == "on" || $emergingthreats == "on")) {
$emergingt_net_sig_chk_local = file_get_contents("{$snortdir}/{$emergingthreats_filename}.md5");
+ $emergingt_net_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$emergingthreats_filename}.md5"));
+}
-$snort_community_sig_chk_local = 'N/A';
-if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5"))
+if ($snortcommunityrules == 'on') {
+ $snort_community_sig_chk_local = 'Not Downloaded';
+ $snort_community_sig_sig_date = 'Not Downloaded';
+}
+else {
+ $snort_community_sig_chk_local = 'Not Enabled';
+ $snort_community_sig_sig_date = 'Not Enabled';
+}
+if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5") && $snortcommunityrules == 'on') {
$snort_community_sig_chk_local = file_get_contents("{$snortdir}/{$snort_community_rules_filename}.md5");
+ $snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_community_rules_filename}.md5"));
+}
/* Check for postback to see if we should clear the update log file. */
if (isset($_POST['clear'])) {
@@ -91,7 +123,27 @@ if (isset($_POST['clear'])) {
mwexec("/bin/rm -f {$snort_rules_upd_log}");
}
-if (isset($_POST['update'])) {
+if (isset($_POST['check'])) {
+ header("Location: /snort/snort_download_rules.php");
+ exit;
+}
+
+if ($_POST['force']) {
+ // Mount file system R/W since we need to remove files
+ conf_mount_rw();
+
+ // Remove the existing MD5 signature files to force a download
+ if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5"))
+ @unlink("{$snortdir}/{$emergingthreats_filename}.md5");
+ if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5"))
+ @unlink("{$snortdir}/{$snort_community_rules_filename}.md5");
+ if (file_exists("{$snortdir}/{$snort_rules_file}.md5"))
+ @unlink("{$snortdir}/{$snort_rules_file}.md5");
+
+ // Revert file system to R/O.
+ conf_mount_ro();
+
+ // Go download the updates
header("Location: /snort/snort_download_rules.php");
exit;
}
@@ -101,6 +153,15 @@ $snort_rules_upd_logfile_chk = 'no';
if (file_exists("{$snort_rules_upd_log}"))
$snort_rules_upd_logfile_chk = 'yes';
+if ($_POST['view']&& $snort_rules_upd_logfile_chk == 'yes') {
+ $contents = @file_get_contents($snort_rules_upd_log);
+ if (empty($contents))
+ $input_errors[] = gettext("Unable to read log file: {$snort_rules_upd_log}");
+}
+
+if ($_POST['hide'])
+ $contents = "";
+
$pgtitle = gettext("Snort: Updates");
include_once("head.inc");
?>
@@ -108,25 +169,6 @@ include_once("head.inc");
<body link="#000000" vlink="#000000" alink="#000000">
<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<script language="javascript" type="text/javascript">
-function wopen(url, name, w, h)
-{
-// Fudge factors for window decoration space.
-// In my tests these work well on all platforms & browsers.
-w += 32;
-h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
<form action="snort_download_updates.php" method="post" name="iform" id="iform">
@@ -139,111 +181,134 @@ h += 96;
$tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
<td>
<div id="mainarea">
<table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr align="center">
- <td>
- <br/>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURE");?></td>
+ </tr>
+ <tr>
+ <td align="center"><br/>
+ <table width="95%" border="0" cellpadding="2" cellspacing="2">
+ <thead>
+ <tr>
+ <th class="listhdrr"><?=gettext("Rule Set Name/Publisher");?></th>
+ <th class="listhdrr"><?=gettext("MD5 Signature Hash");?></th>
+ <th class="listhdrr"><?=gettext("MD5 Signature Date");?></th>
+ </tr>
+ </thead>
<tr>
- <td id="download_rules_td" style="background-color: #eeeeee">
- <div height="32" width="725px" style="background-color: #eeeeee">
- <p style="text-align: left; margin-left: 225px;">
- <font color="#777777" size="2.5px">
- <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/>
- <font color="#FF850A" size="1px"><b>SNORT VRT RULES&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br/>
- <font color="#FF850A" size="1px"><b><?=$et_name;?>&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br/>
- <font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_community_sig_chk_local; ?></font><br/>
- </p>
- </div>
- </td>
+ <td align="center" class="vncell vexpl"><b>Snort VRT Rules</b></td>
+ <td align="center" class="vncell vexpl"><? echo trim($snort_org_sig_chk_local);?></td>
+ <td align="center" class="vncell vexpl"><?php echo gettext($snort_org_sig_date);?></td>
</tr>
- </table>
- <br/>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
<tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
- <p style="text-align: left; margin-left: 225px;">
- <font color='#777777' size='2.5px'><b><?php echo gettext("UPDATE YOUR RULESET"); ?></b></font><br/>
- <br/>
-
- <?php
-
- if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on') {
- echo '
- <button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/>
- <p style="text-align:left; margin-left:150px;">
- <font color="#fc3608" size="2px"><b>' . gettext("WARNING:") . '</b></font><font size="1px" color="#000000">&nbsp;&nbsp;' . gettext('No rule types have been selected for download. ') .
- gettext('Visit the ') . '<a href="snort_interfaces_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br/>';
-
- echo '</p>' . "\n";
- } else {
-
- echo '
- <input type="submit" value="' . gettext("Update Rules") . '" name="update" id="Submit" class="formbtn" /><br/>' . "\n";
-
- }
-
- ?> <br/>
- </p>
- </div>
- </td>
+ <td align="center" class="vncell vexpl"><b>Snort GPLv2 Community Rules</b></td>
+ <td align="center" class="vncell vexpl"><? echo trim($snort_community_sig_chk_local);?></td>
+ <td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_sig_date);?></td>
</tr>
- </table>
- <br/>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
<tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
- <p style="text-align: left; margin-left: 225px;">
- <font color='#777777' size='2.5px'><b><?php echo gettext("VIEW UPDATE LOG"); ?></b></font><br/>
- <br>
- <?php
-
- if ($snort_rules_upd_logfile_chk == 'yes') {
- echo "
- <button class=\"formbtn\" onclick=\"wopen('snort_log_view.php?logfile={$log}', 'LogViewer', 800, 600)\"><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>";
- echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" value=\"Clear Log\" name=\"clear\" id=\"Submit\" class=\"formbtn\" />\n";
- }else{
- echo "
- <button disabled='disabled'><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>&nbsp;&nbsp;&nbsp;" . gettext("Log is empty.") . "\n";
- }
- echo '<br><br>' . gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded.");
- ?>
- <br/>
- </p>
- </div>
- </td>
+ <td align="center" class="vncell vexpl"><b><?=$et_name;?></b></td>
+ <td align="center" class="vncell vexpl"><? echo trim($emergingt_net_sig_chk_local);?></td>
+ <td align="center" class="vncell vexpl"><?php echo gettext($emergingt_net_sig_date);?></td>
</tr>
- </table>
-
- <br/>
+ </table><br/>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("UPDATE YOUR RULE SET");?></td>
+ </tr>
+ <tr>
+ <td align="center">
+ <table width="45%" border="0" cellpadding="0" cellspacing="0">
+ <tbody>
+ <tr>
+ <td class="list" align="right"><strong><?php echo gettext("Last Update:");?></strong></td>
+ <td class="list" align="left"><?php echo $last_rule_upd_time;?></td>
+ </tr>
+ <tr>
+ <td class="list" align="right"><strong><?php echo gettext("Result:");?></strong></td>
+ <td class="list" align="left"><?php echo $last_rule_upd_status;?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td align="center">
+ <?php if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on'): ?>
+ <br/><button disabled="disabled"><?=gettext("Check");?></button>&nbsp;&nbsp;&nbsp;&nbsp;
+ <button disabled="disabled"><?=gettext("Force");?></button>
+ <br/>
+ <p style="text-align:center;" class="vexpl">
+ <font class="red"><b><?php echo gettext("WARNING:");?></b></font>&nbsp;
+ <?php echo gettext('No rule types have been selected for download. ') .
+ gettext('Visit the ') . '<a href="/snort/snort_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?>
+ <br/></p>
+ <?php else: ?>
+ <br/>
+ <input type="submit" value="<?=gettext("Check");?>" name="check" id="check" class="formbtn"
+ title="<?php echo gettext("Check for new updates to enabled rule sets"); ?>"/>&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" value="<?=gettext("Force");?>" name="force" id="force" class="formbtn"
+ title="<?=gettext("Force an update of all enabled rule sets");?>"
+ onclick="return confirm('<?=gettext("This will zero-out the MD5 hashes to force a fresh download of enabled rule sets. Click OK to continue or CANCEL to quit");?>');"/>
+ <br/><br/>
+ <?php endif; ?>
+ </td>
+ </tr>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'><span class="vexpl">
- <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
- &nbsp;&nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
- gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" .
- gettext(" will go down from time to time. Please be patient."); ?></span>
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("MANAGE RULE SET LOG");?></td>
+ </tr>
+ <tr>
+ <td align="center" valign="middle" class="vexpl">
+ <?php if ($snort_rules_upd_logfile_chk == 'yes'): ?>
+ <br/>
+ <?php if (!empty($contents)): ?>
+ <input type="submit" value="<?php echo gettext("Hide"); ?>" name="hide" id="hide" class="formbtn"
+ title="<?php echo gettext("Hide rules update log"); ?>"/>
+ <?php else: ?>
+ <input type="submit" value="<?php echo gettext("View"); ?>" name="view" id="view" class="formbtn"
+ title="<?php echo gettext("View rules update log"); ?>"/>
+ <?php endif; ?>
+ &nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" value="<?php echo gettext("Clear"); ?>" name="clear" id="clear" class="formbtn"
+ title="<?php echo gettext("Clear rules update log"); ?>" onClick="return confirm('Are you sure you want to delete the log contents?\nOK to confirm, or CANCEL to quit');"/>
+ <br/>
+ <?php else: ?>
+ <br/>
+ <button disabled='disabled'><?php echo gettext("View Log"); ?></button><br/><?php echo gettext("Log is empty."); ?><br/>
+ <?php endif; ?>
+ <br/><?php echo gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); ?><br/><br/>
+ </td>
+ </tr>
+ <?php if (!empty($contents)): ?>
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("RULE SET UPDATE LOG");?></td>
+ </tr>
+ <tr>
+ <td align="center">
+ <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea style="width:100%; height:100%;" readonly wrap="off" rows="24" cols="80" name="logtext"><?=$contents;?></textarea>
</div>
- </td>
- </tr>
- </table>
-
+ </td>
+ </tr>
+ <?php endif; ?>
+ <tr>
+ <td align="center">
+ <span class="vexpl"><br/>
+ <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
+ &nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
+ gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" .
+ gettext(" will go down from time to time. Please be patient."); ?></span><br/>
</td>
</tr>
</table>
@@ -252,7 +317,6 @@ h += 96;
</td>
</tr>
</table>
-<!-- end of final table -->
</form>
<?php include("fend.inc"); ?>
</body>
diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php
index f6d00b0b..a5ec0aad 100644
--- a/config/snort/snort_edit_hat_data.php
+++ b/config/snort/snort_edit_hat_data.php
@@ -3,6 +3,7 @@
* snort_edit_hat_data.php
* Copyright (C) 2004 Scott Ullrich
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* originially part of m0n0wall (http://m0n0.ch/wall)
@@ -47,9 +48,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -62,24 +65,27 @@ else
if ($_POST['clear']) {
unset($a_nat[$id]['host_attribute_data']);
- write_config();
+ $a_nat[$id]['host_attribute_table'] = 'off';
+ write_config("Snort pkg: cleared Host Attribute Table data for {$a_nat[$id]['interface']}.");
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
- header("Location: /snort/snort_edit_hat_data.php?id={$id}");
- exit;
+ $pconfig['host_attribute_data'] = "";
}
-if ($_POST['host_attribute_data']) {
+if ($_POST['save']) {
$a_nat[$id]['host_attribute_data'] = base64_encode($_POST['host_attribute_data']);
- write_config();
+ if (strlen($_POST['host_attribute_data']) > 0)
+ $a_nat[$id]['host_attribute_table'] = 'on';
+ else
+ $a_nat[$id]['host_attribute_table'] = 'off';
+ write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}.");
$rebuild_rules = false;
snort_generate_conf($a_nat[$id]);
- header("Location: /snort/snort_preprocessors.php?id={$id}");
- exit;
+ $pconfig['host_attribute_data'] = $_POST['host_attribute_data'];
}
-$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Host Attribute Table Data");
include_once("head.inc");
@@ -89,8 +95,8 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
@@ -106,11 +112,11 @@ if ($savemsg)
<tr>
<td>
<input type='hidden' name='id' value='<?=$id;?>'>
- <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=$pconfig['host_attribute_data'];?></textarea></td>
+ <textarea wrap="off" cols="80" rows="35" name="host_attribute_data" id="host_attribute_data" style="width:99%; height:100%;"><?=htmlspecialchars($pconfig['host_attribute_data']);?></textarea></td>
</tr>
<tr>
<td>
- <input name="Submit" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/>&nbsp;&nbsp;
+ <input name="save" type="submit" class="formbtn" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save Host Attribute data"); ?>"/>&nbsp;&nbsp;
<input type="button" class="formbtn" value=" <?php echo gettext("Return"); ?>" onclick="parent.location='snort_preprocessors.php?id=<?=$id;?>'" title="<?php echo gettext("Return to Preprocessors tab"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all Host Attribute data for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all Host Attribute data"); ?>"/>
</td>
diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php
index 89a21dc8..9489bf16 100644
--- a/config/snort/snort_frag3_engine.php
+++ b/config/snort/snort_frag3_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_frag3_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,12 +34,15 @@ global $g;
$snortdir = SNORTDIR;
// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
@@ -90,10 +93,10 @@ if ($_POST['Cancel']) {
// Check for returned "selected alias" if action is import
if ($_GET['act'] == "import") {
if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
/* Grab all the POST values and save in new temp array */
$engine = array();
@@ -182,14 +185,14 @@ if ($_POST['Submit']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified frag3 engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} Frag3 Preprocessor Engine");
include_once("head.inc");
@@ -324,7 +327,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save Frag3 engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php
index b039df5b..f462efa8 100644
--- a/config/snort/snort_ftp_client_engine.php
+++ b/config/snort/snort_ftp_client_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_ftp_client_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,12 +33,15 @@ global $g;
$snortdir = SNORTDIR;
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -84,7 +87,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "bounce_to_net" || $_GET['varname'] == "bounce_to_port")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['ftp_client_import']))
$_SESSION['ftp_client_import'] = array();
@@ -112,7 +115,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -213,14 +216,14 @@ if ($_POST['Submit']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified ftp_telnet_client engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Client Engine");
include_once("head.inc");
@@ -353,7 +356,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save ftp engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php
index e70033e7..cb9abc9c 100644
--- a/config/snort/snort_ftp_server_engine.php
+++ b/config/snort/snort_ftp_server_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_ftp_server_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,12 +34,15 @@ global $g;
$snortdir = SNORTDIR;
// Grab any QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -85,7 +88,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['ftp_server_import']))
$_SESSION['ftp_server_import'] = array();
@@ -109,7 +112,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -184,14 +187,14 @@ if ($_POST['Submit']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: modified ftp_telnet_server engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Server Engine");
include_once("head.inc");
@@ -316,7 +319,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save ftp engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php
index 94d3364f..c7680892 100644
--- a/config/snort/snort_httpinspect_engine.php
+++ b/config/snort/snort_httpinspect_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_httpinspect_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013-2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,12 +33,15 @@ global $g;
$snortdir = SNORTDIR;
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
if (is_null($id)) {
// Clear and close out any session variable we created
@@ -137,7 +140,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
$_SESSION['http_inspect_import'] = array();
$_SESSION['http_inspect_import'][$_GET['varname']] = $_GET['varvalue'];
@@ -160,7 +163,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
@@ -293,14 +296,14 @@ if ($_POST['Submit']) {
}
// Now write the new engine array to conf
- write_config();
+ write_config("Snort pkg: modified http_inspect engine settings.");
header("Location: /snort/snort_preprocessors.php?id={$id}#httpinspect_row");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: {$if_friendly} - HTTP_Inspect Preprocessor Engine");
include_once("head.inc");
@@ -637,7 +640,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save httpinspect engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php
index 77cd5490..80b3bb1d 100644
--- a/config/snort/snort_import_aliases.php
+++ b/config/snort/snort_import_aliases.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
snort_import_aliases.php
- Copyright (C) 2013 Bill Meeks
+ Copyright (C) 2013, 2014 Bill Meeks
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -32,12 +32,15 @@ require_once("functions.inc");
require_once("/usr/local/pkg/snort/snort.inc");
// Retrieve any passed QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng = $_GET['eng'];
if (isset($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (isset($_POST['eng']))
$eng = $_POST['eng'];
+elseif (isset($_GET['eng']))
+ $eng = htmlspecialchars($_GET['eng']);
// Make sure we have a valid rule ID and ENGINE name, or
// else bail out to top-level menu.
@@ -46,7 +49,10 @@ if (is_null($id) || is_null($eng)) {
exit;
}
-// Used to track if any selectable Aliases are found
+// Used to track if any selectable Aliases are found. Selectable
+// means aliases matching the requirements of the configuration
+// engine we are importing into (e.g., single IP only or
+// multiple IP alias).
$selectablealias = false;
// Initialize required array variables as necessary
@@ -89,7 +95,7 @@ switch ($eng) {
break;
case "stream5_tcp_engine":
$anchor = "#stream5_row";
- $multi_ip = true;
+ $multi_ip = false;
$title = "Stream5 TCP Engine";
break;
case "ftp_server_engine":
@@ -200,7 +206,7 @@ if ($_POST['save']) {
}
// Now write the new engine array to conf and return
- write_config();
+ write_config("Snort pkg: imported new host or network alias.");
header("Location: /snort/snort_preprocessors.php?id={$id}{$anchor}");
exit;
@@ -269,7 +275,7 @@ include("head.inc");
?>
<?php if ($disable): ?>
<tr title="<?=$tooltip;?>">
- <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
+ <td class="listlr" align="center" sorttable_customkey=""><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height="11" border="0"/>
<?php else: ?>
<tr>
<td class="listlr" align="center"><input type="checkbox" name="toimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 15d9addc..c82ec57e 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -28,60 +29,43 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-$nocsrf = true;
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
$snortdir = SNORTDIR;
+$snortlogdir = SNORTLOGDIR;
$rcdir = RCFILEPREFIX;
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+// Calculate the index of the next added Snort interface
$id_gen = count($config['installedpackages']['snortglobal']['rule']);
if (isset($_POST['del_x'])) {
- /* delete selected rules */
+ /* Delete selected Snort interfaces */
if (is_array($_POST['rule'])) {
conf_mount_rw();
foreach ($_POST['rule'] as $rulei) {
- /* convert fake interfaces to real */
- $if_real = snort_get_real_interface($a_nat[$rulei]['interface']);
+ $if_real = get_real_interface($a_nat[$rulei]['interface']);
$snort_uuid = $a_nat[$rulei]['uuid'];
snort_stop($a_nat[$rulei], $if_real);
- exec("/bin/rm -r /var/log/snort/snort_{$if_real}{$snort_uuid}");
+ exec("/bin/rm -r {$snortlogdir}/snort_{$if_real}{$snort_uuid}");
exec("/bin/rm -r {$snortdir}/snort_{$snort_uuid}_{$if_real}");
- // If interface had auto-generated Suppress List, then
- // delete that along with the interface
- $autolist = "{$a_nat[$rulei]['interface']}" . "suppress";
- if (is_array($config['installedpackages']['snortglobal']['suppress']) &&
- is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
- $a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
- foreach ($a_suppress as $k => $i) {
- if ($i['name'] == $autolist) {
- unset($config['installedpackages']['snortglobal']['suppress']['item'][$k]);
- break;
- }
- }
- }
-
// Finally delete the interface's config entry entirely
unset($a_nat[$rulei]);
}
conf_mount_ro();
- /* If all the Snort interfaces are removed, then unset the config array. */
+ /* If all the Snort interfaces are removed, then unset the interfaces config array. */
if (empty($a_nat))
unset($a_nat);
- write_config();
+ write_config("Snort pkg: deleted one or more Snort interfaces.");
sleep(2);
/* if there are no ifaces remaining do not create snort.sh */
@@ -106,13 +90,13 @@ if (isset($_POST['del_x'])) {
}
-/* start/stop snort */
-if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
- $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id];
- $if_real = snort_get_real_interface($snortcfg['interface']);
- $if_friendly = snort_get_friendly_interface($snortcfg['interface']);
+/* start/stop barnyard2 */
+if ($_POST['bartoggle'] && is_numericint($_POST['id'])) {
+ $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']];
+ $if_real = get_real_interface($snortcfg['interface']);
+ $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
- if (snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2') == 'no') {
+ if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) {
log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})...");
sync_snort_package_config();
snort_barnyard_start($snortcfg, $if_real);
@@ -120,27 +104,18 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})...");
snort_barnyard_stop($snortcfg, $if_real);
}
-
sleep(3); // So the GUI reports correctly
- header("Location: /snort/snort_interfaces.php");
- exit;
}
/* start/stop snort */
-if ($_GET['act'] == 'toggle' && is_numeric($id)) {
- $snortcfg = $config['installedpackages']['snortglobal']['rule'][$id];
- $if_real = snort_get_real_interface($snortcfg['interface']);
- $if_friendly = snort_get_friendly_interface($snortcfg['interface']);
+if ($_POST['toggle'] && is_numericint($_POST['id'])) {
+ $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']];
+ $if_real = get_real_interface($snortcfg['interface']);
+ $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']);
- if (snort_is_running($snortcfg['uuid'], $if_real) == 'yes') {
+ if (snort_is_running($snortcfg['uuid'], $if_real)) {
log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})...");
snort_stop($snortcfg, $if_real);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
} else {
log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})...");
@@ -149,16 +124,8 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
sync_snort_package_config();
$rebuild_rules = false;
snort_start($snortcfg, $if_real);
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
}
sleep(3); // So the GUI reports correctly
- header("Location: /snort/snort_interfaces.php");
- exit;
}
$pgtitle = "Services: $snort_package_version";
@@ -169,34 +136,18 @@ include_once("head.inc");
<?php
include_once("fbegin.inc");
-if ($pfsense_stable == 'yes')
- echo '<p class="pgtitle">' . $pgtitle . '</p>';
-?>
-<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
-<?php
/* Display Alert message */
if ($input_errors)
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
-
- //if (file_exists($d_snortconfdirty_path)) {
- if ($d_snortconfdirty_path_ls != '') {
- echo '<p>';
-
- if($savemsg)
- print_info_box_np("{$savemsg}");
- else {
- print_info_box_np(gettext(
- 'The Snort configuration has changed for one or more interfaces.<br>' .
- 'You must apply the changes in order for them to take effect.<br>'
- ));
- }
- }
?>
+<form action="snort_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input type="hidden" name="id" id="id" value="">
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
@@ -207,10 +158,11 @@ if ($pfsense_stable == 'yes')
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -257,11 +209,10 @@ if ($pfsense_stable == 'yes')
<?php
/* convert fake interfaces to real and check if iface is up */
- /* There has to be a smarter way to do this */
- $if_real = snort_get_real_interface($natent['interface']);
- $natend_friendly= snort_get_friendly_interface($natent['interface']);
+ $if_real = get_real_interface($natent['interface']);
+ $natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']);
$snort_uuid = $natent['uuid'];
- if (snort_is_running($snort_uuid, $if_real) == 'no'){
+ if (!snort_is_running($snort_uuid, $if_real)){
$iconfn = 'block';
$iconfn_msg1 = 'Snort is not running on ';
$iconfn_msg2 = '. Click to start.';
@@ -271,7 +222,7 @@ if ($pfsense_stable == 'yes')
$iconfn_msg1 = 'Snort is running on ';
$iconfn_msg2 = '. Click to stop.';
}
- if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no'){
+ if (!snort_is_running($snort_uuid, $if_real, 'barnyard2')){
$biconfn = 'block';
$biconfn_msg1 = 'Barnyard2 is not running on ';
$biconfn_msg2 = '. Click to start.';
@@ -312,14 +263,13 @@ if ($pfsense_stable == 'yes')
<?php
$check_snort_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['enable'];
if ($check_snort_info == "on") {
- echo strtoupper("enabled");
- echo "<a href='?act=toggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" ";
+ echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>";
echo ($no_rules) ? "&nbsp;<img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : "";
} else
- echo strtoupper("disabled");
+ echo gettext("DISABLED");
?>
</td>
<td class="listr"
@@ -353,13 +303,11 @@ if ($pfsense_stable == 'yes')
<?php
$check_snortbarnyardlog_info = $config['installedpackages']['snortglobal']['rule'][$nnats]['barnyard_enable'];
if ($check_snortbarnyardlog_info == "on") {
- echo strtoupper("enabled");
- echo "<a href='?act=bartoggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>";
} else
- echo strtoupper("disabled");
+ echo gettext("DISABLED");
?>
</td>
<td class="listbg"
@@ -393,8 +341,7 @@ if ($pfsense_stable == 'yes')
src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
width="17" height="17" " border="0">
<?php else: ?>
- <input name="del" type="image"
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
width="17" height="17" title="<?php echo gettext("Delete selected Snort interface mapping(s)"); ?>"
onclick="return intf_del()">
<?php endif; ?></td>
@@ -420,12 +367,8 @@ if ($pfsense_stable == 'yes')
</td>
</tr>
<tr>
- <td colspan="3" class="vexpl"><br>
- </td>
- </tr>
- <tr>
- <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br>
- <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong>
+ <td colspan="3" class="vexpl">
+ <?php echo gettext("New settings will not take effect until interface restart."); ?>
</td>
</tr>
<tr>
@@ -484,9 +427,9 @@ function intf_del() {
}
}
if (isSelected)
- return confirm('Do you really want to delete the selected Snort mapping?');
+ return confirm('Do you really want to delete the selected Snort interface mapping(s)?');
else
- alert("There is no Snort mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete.");
+ alert("There is no Snort interface mapping selected for deletion. Click the checkbox beside the Snort mapping(s) you wish to delete.");
}
</script>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 72aa82e2..4c868844 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,6 +34,9 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
+$snortdir = SNORTDIR;
+$snortlogdir = SNORTLOGDIR;
+
if (!is_array($config['installedpackages']['snortglobal']))
$config['installedpackages']['snortglobal'] = array();
$snortglob = $config['installedpackages']['snortglobal'];
@@ -41,9 +45,11 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_rule = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -63,13 +69,7 @@ else {
$snort_uuid = $pconfig['uuid'];
// Get the physical configured interfaces on the firewall
-if (function_exists('get_configured_interface_with_descr'))
- $interfaces = get_configured_interface_with_descr();
-else {
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
-}
+$interfaces = get_configured_interface_with_descr();
// See if interface is already configured, and use its values
if (isset($id) && $a_rule[$id]) {
@@ -89,6 +89,8 @@ elseif (isset($id) && !isset($a_rule[$id])) {
foreach ($ifaces as $i) {
if (!in_array($i, $ifrules)) {
$pconfig['interface'] = $i;
+ $pconfig['descr'] = strtoupper($i);
+ $pconfig['enable'] = 'on';
break;
}
}
@@ -99,19 +101,26 @@ elseif (isset($id) && !isset($a_rule[$id])) {
}
}
-if (isset($_GET['dup']))
- unset($id);
-
// Set defaults for empty key parameters
if (empty($pconfig['blockoffendersip']))
$pconfig['blockoffendersip'] = "both";
if (empty($pconfig['performance']))
$pconfig['performance'] = "ac-bnfa";
-if ($_POST["Submit"]) {
- if (!$_POST['interface'])
+if ($_POST["save"]) {
+ if (!isset($_POST['interface']))
$input_errors[] = "Interface is mandatory";
+ /* See if assigned interface is already in use */
+ if (isset($_POST['interface'])) {
+ foreach ($a_rule as $k => $v) {
+ if (($v['interface'] == $_POST['interface']) && ($id <> $k)) {
+ $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Snort instance.");
+ break;
+ }
+ }
+ }
+
/* if no errors write to conf */
if (!$input_errors) {
$natent = $a_rule[$id];
@@ -136,6 +145,8 @@ if ($_POST["Submit"]) {
if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']);
if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']);
if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']);
+ if ($_POST['alert_log_limit']) $natent['alert_log_limit'] = $_POST['alert_log_limit']; else unset($natent['alert_log_limit']);
+ if ($_POST['alert_log_retention']) $natent['alert_log_retention'] = $_POST['alert_log_retention']; else unset($natent['alert_log_retention']);
if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']);
if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']);
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
@@ -145,14 +156,20 @@ if ($_POST["Submit"]) {
if ($_POST['fpm_search_optimize'] == "on") { $natent['fpm_search_optimize'] = 'on'; }else{ $natent['fpm_search_optimize'] = 'off'; }
if ($_POST['fpm_no_stream_inserts'] == "on") { $natent['fpm_no_stream_inserts'] = 'on'; }else{ $natent['fpm_no_stream_inserts'] = 'off'; }
- $if_real = snort_get_real_interface($natent['interface']);
+ $if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id]) {
+ // See if moving an existing Snort instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
- $oif_real = snort_get_real_interface($a_rule[$id]['interface']);
- snort_stop($a_rule[$id], $oif_real);
- exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']);
+ $oif_real = get_real_interface($a_rule[$id]['interface']);
+ if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) {
+ snort_stop($a_rule[$id], $oif_real);
+ $snort_start = true;
+ }
+ else
+ $snort_start = false;
+ exec("mv -f {$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']} {$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}");
conf_mount_rw();
- exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ exec("mv -f {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real} {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}");
conf_mount_ro();
}
$a_rule[$id] = $natent;
@@ -256,7 +273,7 @@ if ($_POST["Submit"]) {
snort_stop($natent, $if_real);
/* Save configuration changes */
- write_config();
+ write_config("Snort pkg: modified interface configuration for {$natent['interface']}.");
/* Most changes don't require a rules rebuild, so default to "off" */
$rebuild_rules = false;
@@ -264,6 +281,10 @@ if ($_POST["Submit"]) {
/* Update snort.conf and snort.sh files for this interface */
sync_snort_package_config();
+ /* See if we need to restart Snort after an interface re-assignment */
+ if ($snort_start == true)
+ snort_start($natent, $if_real);
+
/*******************************************************/
/* Signal Snort to reload configuration if we changed */
/* HOME_NET, EXTERNAL_NET or Suppress list values. */
@@ -284,21 +305,18 @@ if ($_POST["Submit"]) {
$pconfig = $_POST;
}
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings");
include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<?php include("fbegin.inc");
-<?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
if ($savemsg) {
@@ -306,7 +324,8 @@ include_once("head.inc");
}
?>
-<form action="snort_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform">
+<form action="snort_interfaces_edit.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -314,12 +333,13 @@ include_once("head.inc");
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -328,9 +348,10 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -345,7 +366,7 @@ include_once("head.inc");
if ($pconfig['enable'] == "on")
$checked = "checked";
echo "
- <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\">
+ <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\"/>
&nbsp;&nbsp;" . gettext("Enable or Disable") . "\n";
?>
<br/>
@@ -368,15 +389,15 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td>
<td width="78%" class="vtable"><input name="descr" type="text"
- class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"> <br/>
+ class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"/><br/>
<span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
-</tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Logs"); ?></td>
- <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>>
+ <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/>
<?php echo gettext("Snort will send Alerts to the firewall's system logs."); ?></td>
</tr>
<tr>
@@ -384,14 +405,14 @@ include_once("head.inc");
<td width="78%" class="vtable">
<input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on"
<?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?>
- onClick="enable_blockoffenders()">
+ onClick="enable_blockoffenders();" />
<?php echo gettext("Checking this option will automatically block hosts that generate a " .
"Snort alert."); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Kill States"); ?></td>
<td width="78%" class="vtable">
- <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>>
+ <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>/>
<?php echo gettext("Checking this option will kill firewall states for the blocked IP"); ?>
</td>
</tr>
@@ -410,12 +431,12 @@ include_once("head.inc");
?>
</select>&nbsp;&nbsp;
<?php echo gettext("Select which IP extracted from the packet you wish to block"); ?><br/>
- <span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td>
+ <span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?><br/>
</td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td>
-</tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Search Method"); ?></td>
<td width="78%" class="vtable">
@@ -442,7 +463,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Split ANY-ANY"); ?></td>
<td width="78%" class="vtable">
- <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>>
+ <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>/>
<?php echo gettext("Enable splitting of ANY-ANY port group.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") .
"<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/>
<br/><?php echo gettext("This setting is a memory/performance trade-off. It reduces memory footprint by not " .
@@ -454,7 +475,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Search Optimize"); ?></td>
<td width="78%" class="vtable">
- <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>>
+ <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>/>
<?php echo gettext("Enable search optimization.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") .
"<strong>" . gettext("Checked") . "</strong>"; ?>.<br/>
<br/><?php echo gettext("This setting optimizes fast pattern memory when used with search-methods AC or AC-SPLIT " .
@@ -465,7 +486,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Stream Inserts"); ?></td>
<td width="78%" class="vtable">
- <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>>
+ <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>/>
<?php echo gettext("Do not evaluate stream inserted packets against the detection engine.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") .
"<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/>
<br/><?php echo gettext("This is a potential performance improvement based on the idea the stream rebuilt packet " .
@@ -475,15 +496,14 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Checksum Check Disable"); ?></td>
<td width="78%" class="vtable">
- <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>>
+ <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>/>
<?php echo gettext("Disable checksum checking within Snort to improve performance."); ?>
<br><span class="red"><?php echo gettext("Hint: ") . "</span>" .
gettext("Most of this is already done at the firewall/filter level, so it is usually safe to check this box."); ?>
</td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks " .
- "Snort should inspect and whitelist."); ?></td>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks Snort should inspect and whitelist"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td>
@@ -545,11 +565,11 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td>
<td width="78%" class="vtable">
<select name="whitelistname" class="formselect" id="whitelistname">
<?php
- /* find whitelist names and filter by type, make sure to track by uuid */
+ /* find whitelist (Pass List) names and filter by type, make sure to track by uuid */
echo "<option value='default' >default</option>\n";
if (is_array($snortglob['whitelist']['item'])) {
foreach ($snortglob['whitelist']['item'] as $value) {
@@ -562,19 +582,19 @@ include_once("head.inc");
}
?>
</select>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')"
- id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','passlist')"
+ id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/>
<br/>
- <span class="vexpl"><?php echo gettext("Choose the whitelist you want this interface to " .
+ <span class="vexpl"><?php echo gettext("Choose the Pass List you want this interface to " .
"use."); ?> </span><br/><br/>
<span class="red"><?php echo gettext("Note:"); ?></span>&nbsp;<?php echo gettext("This option will only be used when block offenders is on."); ?><br/>
- <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("Default " .
- "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
+ <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("The default " .
+ "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
</td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired."); ?></td>
-</tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired"); ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Alert Suppression and Filtering"); ?></td>
<td width="78%" class="vtable">
@@ -602,29 +622,28 @@ include_once("head.inc");
gettext("Default option disables suppression and filtering."); ?>
</td>
</tr>
-<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " .
- "be automatically inserted into the Snort configuration."); ?></td>
-</tr>
-<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td>
- <td width="78%" class="vtable">
- <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
- </td>
-</tr>
-<tr>
- <td width="22%" valign="top"></td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " .
+ "be automatically inserted into the Snort configuration."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td>
+ <td width="78%" class="vtable">
+ <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"></td>
+ <td width="78%"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Click to save settings and exit"); ?>"/>
- <input name="id" type="hidden" value="<?=$id;?>"/>
- </td>
-</tr>
-<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
- gettext("Please save your settings before you attempt to start Snort."); ?>
- </td>
-</tr>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
+ gettext("Please save your settings before you attempt to start Snort."); ?>
+ </td>
+ </tr>
</table>
</div>
</td></tr>
@@ -684,11 +703,12 @@ function getSelectedValue(elemID) {
function viewList(id, elemID, elemType) {
if (typeof elemType == "undefined") {
- elemType = "whitelist";
+ elemType = "passlist";
}
var url = "snort_list_view.php?id=" + id + "&wlist=";
url = url + getSelectedValue(elemID) + "&type=" + elemType;
- wopen(url, 'WhitelistViewer', 640, 480);
+ url = url + "&time=" + new Date().getTime();
+ wopen(url, 'PassListViewer', 640, 480);
}
enable_change(false);
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index b22a6934..69a182bd 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -5,6 +5,7 @@
*
* Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Copyright (C) 2008-2009 Robert Zelaya
@@ -42,23 +43,26 @@ global $g;
$snortdir = SNORTDIR;
/* make things short */
-$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
+$pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off';
$pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code'];
-$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
-$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
+$pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off';
+$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off';
$pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit'];
$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize'];
$pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7'];
$pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime'];
-$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'];
-$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+$pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off';
+$pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off';
+$pconfig['clearlogs'] = $config['installedpackages']['snortglobal']['clearlogs'] == "on" ? 'on' : 'off';
+$pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off';
+/* Set sensible values for any empty default params */
if (empty($pconfig['snortloglimit']))
$pconfig['snortloglimit'] = 'on';
-if (empty($pconfig['rule_update_starttime']))
- $pconfig['rule_update_starttime'] = '00:30';
+if (!isset($pconfig['rule_update_starttime']))
+ $pconfig['rule_update_starttime'] = '00:05';
if ($_POST['rule_update_starttime']) {
if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['rule_update_starttime']))
@@ -73,12 +77,14 @@ if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code']))
/* if no errors move foward with save */
if (!$input_errors) {
- if ($_POST["Submit"]) {
+ if ($_POST["save"]) {
$config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off';
+ $config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off';
// If any rule sets are being turned off, then remove them
// from the active rules section of each interface. Start
@@ -145,7 +151,7 @@ if (!$input_errors) {
/* create whitelist and homenet file then sync files */
sync_snort_package_config();
- write_config();
+ write_config("Snort pkg: modified global settings.");
/* forces page to reload new settings */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -187,10 +193,11 @@ if ($input_errors)
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -268,7 +275,7 @@ if ($input_errors)
<tr>
<td>&nbsp;</td>
<td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . "&nbsp;" .
- gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td>
+ gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are automatically disabled when the ETPro rules are selected."); ?></td>
</tr>
</table>
<table id="etpro_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0">
@@ -310,11 +317,11 @@ if ($input_errors)
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td>
<td width="78%" class="vtable"><input type="text" class="formfld time" name="rule_update_starttime" id="rule_update_starttime" size="4"
- maxlength="5" value="<?=$pconfig['rule_update_starttime'];?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl">&nbsp;&nbsp;
+ maxlength="5" value="<?=htmlspecialchars($pconfig['rule_update_starttime']);?>" <?php if ($pconfig['autorulesupdate7'] == "never_up") {echo "disabled";} ?>><span class="vexpl">&nbsp;&nbsp;
<?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). ") . "<strong>" .
- gettext("Default") . "&nbsp;</strong>" . gettext("is ") . "<strong>" . gettext("00:03") . "</strong></span>"; ?>.<br/><br/>
+ gettext("Default") . "&nbsp;</strong>" . gettext("is ") . "<strong>" . gettext("00:05") . "</strong></span>"; ?>.<br/><br/>
<?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " .
- "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:03 and 12:03 each day."); ?></td>
+ "start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:05 and 12:05 each day."); ?></td>
</tr>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
@@ -322,7 +329,7 @@ if ($input_errors)
<tr>
<?php $snortlogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " .
- "Limit"); ?><br/>
+ "Limit"); ?><br/><br/>
<br/>
<br/>
<span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/>
@@ -368,6 +375,18 @@ if ($input_errors)
<?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts After Deinstall"); ?></td>
+ <td width="78%" class="vtable"><input name="clearblocks" id="clearblocks" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['clearblocks']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("All blocked hosts added by Snort will be removed during package deinstallation."); ?></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Snort Log Files After Deinstall"); ?></td>
+ <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['snortglobal']['clearlogs']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("All Snort log files will be removed during package deinstallation."); ?></td>
+</tr>
+<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Snort Settings After Deinstall"); ?></td>
<td width="78%" class="vtable"><input name="forcekeepsettings"
id="forcekeepsettings" type="checkbox" value="yes"
@@ -377,7 +396,7 @@ if ($input_errors)
<tr>
<td width="22%" valign="top">
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" >
+ <input name="save" type="submit" class="formbtn" value="Save" >
</td>
</tr>
<tr>
diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php
index e42b7f8c..ecbd04a7 100644
--- a/config/snort/snort_interfaces_suppress.php
+++ b/config/snort/snort_interfaces_suppress.php
@@ -46,7 +46,6 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
$id_gen = count($config['installedpackages']['snortglobal']['suppress']['item']);
-
function snort_suppresslist_used($supplist) {
/****************************************************************/
@@ -69,15 +68,15 @@ function snort_suppresslist_used($supplist) {
return false;
}
-if ($_GET['act'] == "del") {
- if ($a_suppress[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
- if (snort_suppresslist_used($a_suppress[$_GET['id']]['name'])) {
- $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to an interface and cannot be removed!");
+if ($_POST['del']) {
+ if ($a_suppress[$_POST['list_id']] && is_numericint($_POST['list_id'])) {
+ /* make sure list is not being referenced by any Snort interfaces */
+ if (snort_suppresslist_used($a_suppress[$_POST['list_id']]['name'])) {
+ $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to a Snort interface and cannot be removed! Unassign it from all Snort interfaces first.");
}
else {
- unset($a_suppress[$_GET['id']]);
- write_config();
+ unset($a_suppress[$_POST['list_id']]);
+ write_config("Snort pkg: deleted a Suppress List.");
header("Location: /snort/snort_interfaces_suppress.php");
exit;
}
@@ -93,14 +92,16 @@ include_once("head.inc");
<?php
include_once("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
if ($input_errors) {
print_input_errors($input_errors);
}
+if ($savemsg)
+ print_info_box($savemsg);
?>
-<form action="/snort/snort_interfaces_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<form action="/snort/snort_interfaces_suppress.php" method="post">
+<input type="hidden" name="list_id" id="list_id" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -110,10 +111,11 @@ if ($input_errors) {
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -137,15 +139,13 @@ if ($input_errors) {
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
- <td valign="middle"><a
- href="snort_interfaces_suppress_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td>
- <td><a
- href="/snort/snort_interfaces_suppress.php?act=del&id=<?=$i;?>"
- onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td>
+ <td valign="middle"><a href="snort_interfaces_suppress_edit.php?id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Edit Suppress List"); ?>"></a></td>
+ <td><input type="image" name="del[]"
+ onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this Suppress List?");?>');"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete Suppress List");?>"/></td>
</tr>
</table>
</td>
@@ -160,7 +160,7 @@ if ($input_errors) {
<td valign="middle"><a
href="snort_interfaces_suppress_edit.php?id=<?php echo $id_gen;?> "><img
src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
+ width="17" height="17" border="0" title="<?php echo gettext("Add a new list"); ?>"></a></td>
</tr>
</table>
</td>
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index 3d703987..986bfc38 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -10,6 +10,7 @@
*
* modified for the pfsense snort package
* Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -37,7 +38,6 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-
if (!is_array($config['installedpackages']['snortglobal']))
$config['installedpackages']['snortglobal'] = array();
$snortglob = $config['installedpackages']['snortglobal'];
@@ -48,9 +48,16 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
$config['installedpackages']['snortglobal']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+/* Should never be called without identifying list index, so bail */
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces_suppress.php");
+ exit;
+}
/* returns true if $name is a valid name for a whitelist file name or ip */
function is_validwhitelistname($name) {
@@ -77,7 +84,7 @@ if (isset($id) && $a_suppress[$id]) {
$pconfig['uuid'] = uniqid();
}
-if ($_POST['submit']) {
+if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
@@ -102,7 +109,6 @@ if ($_POST['submit']) {
}
}
-
if (!$input_errors) {
$s_list = array();
$s_list['name'] = $_POST['name'];
@@ -118,7 +124,7 @@ if ($_POST['submit']) {
else
$a_suppress[] = $s_list;
- write_config();
+ write_config("Snort pkg: modified Suppress List {$s_list['name']}.");
sync_snort_package_config();
header("Location: /snort/snort_interfaces_suppress.php");
@@ -135,14 +141,14 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
<form action="/snort/snort_interfaces_suppress_edit.php" name="iform" id="iform" method="post">
+<input name="id" type="hidden" value="<?=$id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -152,10 +158,11 @@ if ($savemsg)
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), true, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=/snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -204,11 +211,10 @@ if ($savemsg)
</td>
</tr>
<tr>
- <td colspan="2"><input id="submit" name="submit" type="submit"
+ <td colspan="2"><input id="save" name="save" type="submit"
class="formbtn" value="Save" />&nbsp;&nbsp;<input id="cancelbutton"
name="cancelbutton" type="button" class="formbtn" value="Cancel"
- onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>"/> <?php endif; ?>
+ onclick="history.back();"/>
</td>
</tr>
</table>
diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php
deleted file mode 100644
index 9391eb85..00000000
--- a/config/snort/snort_interfaces_whitelist.php
+++ /dev/null
@@ -1,177 +0,0 @@
-<?php
-/*
- * snort_interfaces_whitelist.php
- *
- * Copyright (C) 2004 Scott Ullrich
- * Copyright (C) 2011-2012 Ermal Luci
- * All rights reserved.
- *
- * originially part of m0n0wall (http://m0n0.ch/wall)
- * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- * All rights reserved.
- *
- * modified for the pfsense snort package
- * Copyright (C) 2009-2010 Robert Zelaya.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
- $config['installedpackages']['snortglobal']['whitelist'] = array();
-if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
- $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-
-if (isset($config['installedpackages']['snortglobal']['whitelist']['item']))
- $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
-else
- $id_gen = '0';
-
-if ($_GET['act'] == "del") {
- if ($a_whitelist[$_GET['id']]) {
- /* make sure rule is not being referenced by any nat or filter rules */
- unset($a_whitelist[$_GET['id']]);
- write_config();
- sync_snort_package_config();
- header("Location: /snort/snort_interfaces_whitelist.php");
- exit;
- }
-}
-
-$pgtitle = gettext("Snort: Whitelists");
-include_once("head.inc");
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
-<?php
-include_once("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($savemsg) print_info_box($savemsg);
-?>
-
-<form action="/snort/snort_interfaces_whitelist.php" method="post">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr><td>
-<?php
- $tab_array = array();
- $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
- $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
- $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
- $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
-?>
- </td>
-</tr>
-<tr>
- <td><div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td width="20%" class="listhdrr">File Name</td>
- <td width="40%" class="listhdrr">Values</td>
- <td width="40%" class="listhdr">Description</td>
- <td width="10%" class="list"></td>
- </tr>
- <?php foreach ($a_whitelist as $i => $list): ?>
- <tr>
- <td class="listlr"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?></td>
- <td class="listr"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <?php
- $addresses = implode(", ", array_slice(explode(" ", $list['address']), 0, 10));
- echo $addresses;
- if(count($addresses) < 10) {
- echo " ";
- } else {
- echo "...";
- }
- ?></td>
- <td class="listbg"
- ondblclick="document.location='snort_interfaces_whitelist_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
- </td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a
- href="snort_interfaces_whitelist_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext("edit whitelist"); ?>"></a></td>
- <td><a
- href="/snort/snort_interfaces_whitelist.php?act=del&id=<?=$i;?>"
- onclick="return confirm('<?php echo gettext("Do you really want to delete this whitelist? All elements that still use it will become invalid (e.g. snort rules will fall back to the default whitelist)!"); ?>')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("delete whitelist"); ?>"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php endforeach; ?>
- <tr>
- <td class="list" colspan="3"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17">&nbsp;</td>
- <td valign="middle"><a
- href="snort_interfaces_whitelist_edit.php?id=<?php echo $id_gen;?> "><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
-</table>
-<br>
-<table width="100%" border="0" cellpadding="1"
- cellspacing="1">
- <tr>
- <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span>
- <p><?php echo gettext("Here you can create whitelist files for your " .
- "snort package rules."); ?><br>
- <?php echo gettext("Please add all the ips or networks you want to protect against snort " .
- "block decisions."); ?><br>
- <?php echo gettext("Remember that the default whitelist only includes local networks."); ?><br>
- <?php echo gettext("Be careful, it is very easy to get locked out of your system."); ?></p></span></td>
- </tr>
- <tr>
- <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td>
- </tr>
-</table>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php
new file mode 100644
index 00000000..ae4a1032
--- /dev/null
+++ b/config/snort/snort_ip_list_mgmt.php
@@ -0,0 +1,275 @@
+<?php
+/*
+ * Copyright (C) 2004 Scott Ullrich
+ * Copyright (C) 2011-2012 Ermal Luci
+ * All rights reserved.
+ *
+ * originially part of m0n0wall (http://m0n0.ch/wall)
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * All rights reserved.
+ *
+ * modified for the pfsense snort package
+ * Copyright (C) 2009-2010 Robert Zelaya.
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+
+// Hard-code the path where IP Lists are stored
+// and disregard any user-supplied path element.
+$iprep_path = IPREP_PATH;
+
+// Set default to not show IP List editor controls
+$iplist_edit_style = "display: none;";
+
+function snort_is_iplist_active($iplist) {
+
+ /***************************************************
+ * This function checks all the configured Snort *
+ * interfaces to see if the passed IP List is used *
+ * as a whitelist or blacklist by an interface. *
+ * *
+ * Returns: TRUE if IP List is in use *
+ * FALSE if IP List is not in use *
+ ***************************************************/
+
+ global $g, $config;
+
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return FALSE;
+
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $rule) {
+ if (is_array($rule['wlist_files']['item'])) {
+ foreach ($rule['wlist_files']['item'] as $file) {
+ if ($file == $iplist)
+ return TRUE;
+ }
+ }
+ if (is_array($rule['blist_files']['item'])) {
+ foreach ($rule['blist_files']['item'] as $file) {
+ if ($file == $iplist)
+ return TRUE;
+ }
+ }
+ }
+ return FALSE;
+}
+
+
+if (isset($_POST['upload'])) {
+ if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) {
+ $tmp_name = $_FILES["iprep_fileup"]["tmp_name"];
+ $name = $_FILES["iprep_fileup"]["name"];
+ move_uploaded_file($tmp_name, "{$iprep_path}{$name}");
+ }
+ else
+ $input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}");
+}
+
+if (isset($_POST['iplist_delete']) && isset($_POST['iplist_fname'])) {
+ if (!snort_is_iplist_active($_POST['iplist_fname']))
+ unlink_if_exists("{$iprep_path}{$_POST['iplist_fname']}");
+ else
+ $input_errors[] = gettext("This IP List is currently assigned as a Whitelist or Blackist for an interface and cannot be deleted.");
+}
+
+if (isset($_POST['iplist_edit']) && isset($_POST['iplist_fname'])) {
+ $file = $iprep_path . basename($_POST['iplist_fname']);
+ $data = file_get_contents($file);
+ if ($data !== FALSE) {
+ $iplist_data = htmlspecialchars($data);
+ $iplist_edit_style = "display: table-row-group;";
+ $iplist_name = basename($_POST['iplist_fname']);
+ unset($data);
+ }
+ else {
+ $input_errors[] = gettext("An error occurred reading the file.");
+ }
+}
+
+if (isset($_POST['save']) && isset($_POST['iplist_data'])) {
+ if (strlen(basename($_POST['iplist_name'])) > 0) {
+ $file = $iprep_path . basename($_POST['iplist_name']);
+ $data = str_replace("\r\n", "\n", $_POST['iplist_data']);
+ file_put_contents($file, $data);
+ unset($data);
+ }
+ else {
+ $input_errors[] = gettext("You must provide a valid filename for the IP List.");
+ $iplist_edit_style = "display: table-row-group;";
+ }
+}
+
+// Get all files in the IP Lists sub-directory as an array
+// Leave this as the last thing before spewing the page HTML
+// so we can pick up any changes made to files in code above.
+$ipfiles = return_dir_as_array($iprep_path);
+
+$pgtitle = gettext("Snort: IP Reputation Lists");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+
+if ($savemsg)
+ print_info_box($savemsg);
+?>
+
+<form action="/snort/snort_ip_list_mgmt.php" enctype="multipart/form-data" method="post">
+<input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
+<input type="hidden" name="iplist_fname" id="iplist_fname" value=""/>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("IP Lists"), true, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
+?>
+</td>
+</tr>
+<tbody id="uploader" style="display: none;" class="tabcont">
+ <tr>
+ <td colspan="4" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td>
+ </tr>
+ <tr>
+ <td colspan="4" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" />
+ &nbsp;&nbsp;<input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>"
+ title="<?=gettext("Upload selected IP list to firewall");?>"/>&nbsp;&nbsp;<input type="button"
+ value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td>
+ <td class="list"></td>
+ </tr>
+</tbody>
+<tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <colgroup>
+ <col style="width: 50%;">
+ <col style="width: 25%;">
+ <col style="width: 15%;">
+ <col style="width: 10%;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("IP List File Name"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Last Modified Time"); ?></th>
+ <th class="listhdrr"><?php echo gettext("File Size"); ?></th>
+ <th class="list" align="left"><img style="cursor:pointer;" name="iplist_new" id="iplist_new"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Create a new IP List');?>"
+ onClick="document.getElementById('iplist_data').value=''; document.getElementById('iplist_name').value=''; document.getElementById('iplist_editor').style.display='table-row-group'; document.getElementById('iplist_name').focus();" />
+ <img style="cursor:pointer;" name="iplist_import" id="iplist_import"
+ onClick="document.getElementById('uploader').style.display='table-row-group';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Import/Upload an IP List');?>"/></th>
+ </tr>
+ </thead>
+ <?php foreach ($ipfiles as $file): ?>
+ <tr>
+ <td class="listr"><?php echo gettext($file); ?></td>
+ <td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td>
+ <td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td>
+ <td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]"
+ onClick="document.getElementById('iplist_fname').value='<?=$file;?>';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/>
+ <input type="image" name="iplist_delete[]" id="iplist_delete[]"
+ onClick="document.getElementById('iplist_fname').value='<?=$file;?>';
+ return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file? Click OK to continue or CANCEL to quit.");?>');"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td>
+ </tr>
+ <?php endforeach; ?>
+ <tbody id="iplist_editor" style="<?=$iplist_edit_style;?>">
+ <tr>
+ <td colspan="4">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="4"><strong><?=gettext("File Name: ");?></strong><input type="text" size="45" class="formfld file" id="iplist_name" name="iplist_name" value="<?=$iplist_name;?>" />
+ &nbsp;&nbsp;<input type="submit" id="save" name="save" value="<?=gettext(" Save ");?>" title="<?=gettext("Save changes and close editor");?>" />
+ &nbsp;&nbsp;<input type="button" id="cancel" name="cancel" value="<?=gettext("Cancel");?>" onClick="document.getElementById('iplist_editor').style.display='none';"
+ title="<?=gettext("Abandon changes and quit editor");?>" /></td>
+ </tr>
+ <tr>
+ <td colspan="4">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="4"><textarea wrap="off" cols="80" rows="20" name="iplist_data" id="iplist_data"
+ style="width:95%; height:100%;"><?=$iplist_data;?></textarea>
+ </td>
+ </tr>
+ </tbody>
+
+ <tr>
+ <td colspan="3" class="vexpl"><br/><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span>
+ <br/><?php echo gettext("1. IP Lists are used by the IP Reputation Preprocessor and are text files formatted " .
+ "with one IP address (or CIDR network) per line."); ?></td>
+ <td class="list"></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl" style="height: 20px; vertical-align: middle;"><?php echo gettext("2. IP Lists are stored as local files on the firewall and their contents are " .
+ "not saved as part of the firewall configuration file."); ?></td>
+ <td class="list"></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl"><br/><strong><?php echo gettext("IP List Controls:"); ?></strong><br/><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the editor window to create a new IP List. You must provide a valid filename before saving.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the file upload control for uploading a new IP List from your local machine.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the IP List in a text edit control for viewing or editing its contents.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Deletes the IP List from the file system after confirmation.");?></td>
+ <td class="list"></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+</tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php
new file mode 100644
index 00000000..3de8c661
--- /dev/null
+++ b/config/snort/snort_ip_reputation.php
@@ -0,0 +1,506 @@
+<?php
+/*
+ * snort_ip_reputation.php
+ * part of pfSense
+ *
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+global $g, $rebuild_rules;
+
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
+}
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['wlist_files']['item'])) {
+ $config['installedpackages']['snortglobal']['rule'][$id]['wlist_files']['item'] = array();
+}
+if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['blist_files']['item'])) {
+ $config['installedpackages']['snortglobal']['rule'][$id]['blist_files']['item'] = array();
+}
+
+$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+
+$pconfig = $a_nat[$id];
+$iprep_path = IPREP_PATH;
+$if_real = get_real_interface($a_nat[$id]['interface']);
+$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid'];
+
+// Set sensible defaults for any empty parameters
+if (empty($pconfig['iprep_memcap']))
+ $pconfig['iprep_memcap'] = '500';
+if (empty($pconfig['iprep_priority']))
+ $pconfig['iprep_priority'] = 'whitelist';
+if (empty($pconfig['iprep_nested_ip']))
+ $pconfig['iprep_nested_ip'] = 'inner';
+if (empty($pconfig['iprep_white']))
+ $pconfig['iprep_white'] = 'unblack';
+
+if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) {
+ $pconfig = $_POST;
+
+ // Test the supplied IP List file to see if it exists
+ if (file_exists($_POST['iplist'])) {
+ // See if the file is already assigned to the interface
+ foreach ($a_nat[$id]['blist_files']['item'] as $f) {
+ if ($f == basename($_POST['iplist'])) {
+ $input_errors[] = gettext("The file {$f} is already assigned as a blacklist file.");
+ break;
+ }
+ }
+ if (!$input_errors) {
+ $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']);
+ write_config("Snort pkg: added new blacklist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ }
+ }
+ else
+ $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+}
+
+if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) {
+ $pconfig = $_POST;
+
+ // Test the supplied IP List file to see if it exists
+ if (file_exists($_POST['iplist'])) {
+ // See if the file is already assigned to the interface
+ foreach ($a_nat[$id]['wlist_files']['item'] as $f) {
+ if ($f == basename($_POST['iplist'])) {
+ $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file.");
+ break;
+ }
+ }
+ if (!$input_errors) {
+ $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']);
+ write_config("Snort pkg: added new whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ }
+ }
+ else
+ $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+}
+
+if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) {
+ $pconfig = $_POST;
+ unset($a_nat[$id]['blist_files']['item'][$_POST['list_id']]);
+ write_config("Snort pkg: deleted blacklist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+}
+
+if ($_POST['wlist_del'] && is_numericint($_POST['list_id'])) {
+ $pconfig = $_POST;
+ unset($a_nat[$id]['wlist_files']['item'][$_POST['list_id']]);
+ write_config("Snort pkg: deleted whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('snort_iprep');
+ $pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
+ $pconfig['blist_files'] = $a_nat[$id]['blist_files'];
+}
+
+if ($_POST['save'] || $_POST['apply']) {
+
+ $natent = array();
+ $natent = $pconfig;
+
+ if (!is_numericint($_POST['iprep_memcap']) || strval($_POST['iprep_memcap']) < 1 || strval($_POST['iprep_memcap']) > 4095)
+ $input_errors[] = gettext("The value for Memory Cap must be an integer between 1 and 4095.");
+
+ // if no errors write to conf
+ if (!$input_errors) {
+
+ $natent['reputation_preproc'] = $_POST['reputation_preproc'] ? 'on' : 'off';
+ $natent['iprep_scan_local'] = $_POST['iprep_scan_local'] ? 'on' : 'off';
+ $natent['iprep_memcap'] = $_POST['iprep_memcap'];
+ $natent['iprep_priority'] = $_POST['iprep_priority'];
+ $natent['iprep_nested_ip'] = $_POST['iprep_nested_ip'];
+ $natent['iprep_white'] = $_POST['iprep_white'];
+
+ $a_nat[$id] = $natent;
+
+ write_config("Snort pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}.");
+
+ // Update the snort conf file for this interface
+ $rebuild_rules = false;
+ snort_generate_conf($a_nat[$id]);
+
+ // Soft-restart Snort to live-load new variables
+ snort_reload_config($a_nat[$id]);
+ $pconfig = $natent;
+
+ // We have saved changes and done a soft restart, so clear "dirty" flag
+ clear_subsystem_dirty('snort_iprep');
+ }
+ else
+ $pconfig = $_POST;
+}
+
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
+$pgtitle = gettext("Snort: Interface {$if_friendly} IP Reputation Preprocessor");
+include_once("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include("fbegin.inc");
+/* Display Alert message */
+if ($input_errors)
+ print_input_errors($input_errors);
+if ($savemsg)
+ print_info_box($savemsg);
+?>
+
+<form action="snort_ip_reputation.php" method="post" name="iform" id="iform" >
+<input name="id" type="hidden" value="<?=$id;?>" />
+<input type="hidden" id="mode" name="mode" value="" />
+<input name="iplist" id="iplist" type="hidden" value="" />
+<input name="list_id" id="list_id" type="hidden" value="" />
+
+<?php if (is_subsystem_dirty('snort_iprep')): ?><p>
+<?php print_info_box_np(gettext("A change has been made to blacklist or whitelist file assignments.") . "<br/>" . gettext("You must apply the changes in order for them to take effect."));?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
+ echo '</td></tr>';
+ echo '<tr><td class="tabnavtbl">';
+ $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext(" Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), true, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Reputation Preprocessor Configuration"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Enable"); ?>
+ </td>
+ <td width="78%" class="vtable"><input name="reputation_preproc" type="checkbox" value="on" <?php if ($pconfig['reputation_preproc'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Use IP Reputation Lists on this interface. Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell"><?php echo gettext("Memory Cap"); ?></td>
+ <td class="vtable"><input name="iprep_memcap" type="text" class="formfld unknown"
+ id="http_inspect_memcap" size="9"
+ value="<?=htmlspecialchars($pconfig['iprep_memcap']);?>">&nbsp;
+ <?php echo gettext("Maximum memory in megabytes (MB) supported for IP Reputation Lists. Default is ") . "<strong>" .
+ gettext("500.") . "</strong><br/>" . gettext("The Minimum value is ") .
+ "<strong>" . gettext("1 MB") . "</strong>" . gettext(" and the Maximum is ") . "<strong>" .
+ gettext("4095 MB.") . "</strong>&nbsp;" . gettext("Enter an integer value between 1 and 4095."); ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Scan Local"); ?>
+ </td>
+ <td width="78%" class="vtable"><input name="iprep_scan_local" type="checkbox" value="on" <?php if ($pconfig['iprep_scan_local'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Scan RFC 1918 addresses on this interface. Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?><br/>
+ <?php echo gettext("When checked, Snort will inspect addresses in the 10/8, 172.16/12 and 192.168/16 ranges defined in RFC 1918.");?><br/><br/>
+ <span class="red"><strong><?=gettext("Hint: ");?></strong></span><?=gettext("if these address ranges are used in your internal network, and this instance ") .
+ gettext("is on an internal interface, this option should usually be enabled (checked).");?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Nested IP"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_inner"
+ value="inner" <?php if ($pconfig['iprep_nested_ip'] == 'inner') echo "checked";?>/>
+ <?php echo gettext("Inner"); ?>&nbsp;<input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_outer"
+ value="outer" <?php if ($pconfig['iprep_nested_ip'] == 'outer') echo "checked";?>/>
+ <?php echo gettext("Outer"); ?>&nbsp;<input name="iprep_nested_ip" type="radio" id="iprep_nested_ip_both"
+ value="both" <?php if ($pconfig['iprep_nested_ip'] == 'both') echo "checked";?>/>
+ <?php echo gettext("Both"); ?><br/>
+ <?php echo gettext("Specify which IP address to use for whitelist/blacklist matching when there is IP encapsulation. Default is ") . "<strong>" . gettext("Inner") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Priority"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="iprep_priority" type="radio" id="iprep_priority_blacklist"
+ value="blacklist" <?php if ($pconfig['iprep_priority'] == 'blacklist') echo "checked";?>/>
+ <?php echo gettext("Blacklist"); ?>&nbsp;<input name="iprep_priority" type="radio" id="iprep_priority"
+ value="whitelist" <?php if ($pconfig['iprep_priority'] == 'whitelist') echo "checked";?>/>
+ <?php echo gettext("Whitelist"); ?><br/>
+ <?php echo gettext("Specify which list has priority when source/destination is on blacklist while destination/source is on whitelist.") .
+ "<br/>" . gettext("Default is ") . "<strong>" . gettext("Whitelist") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist Meaning"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="iprep_white" type="radio" id="iprep_white_unblack"
+ value="unblack" <?php if ($pconfig['iprep_white'] == 'unblack') echo "checked";?>/>
+ <?php echo gettext("Unblack"); ?>&nbsp;<input name="iprep_white" type="radio" id="iprep_white_trust"
+ value="trust" <?php if ($pconfig['iprep_white'] == 'trust') echo "checked";?>/>
+ <?php echo gettext("Trust"); ?><br/>
+ <?php echo gettext("Specify the meaning of whitelist. \"Unblack\" unblacks blacklisted IP addresses and routes them for further inspection. \"Trust\" means the packet bypasses all further Snort detection. ") .
+ gettext("Default is ") . "<strong>" . gettext("Unblack") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">&nbsp;</td>
+ <td width="78%" class="vtable">
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save IP Reputation configuration");?>" />
+ &nbsp;&nbsp;<?=gettext("Click to save configuration settings and live-reload the running Snort configuration.");?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Assign Blacklists/Whitelists to IP Reputation Preprocessor"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Blacklist Files"); ?>
+ </td>
+ <td width="78%" class="vtable">
+ <!-- blist_chooser -->
+ <div id="blistChooser" name="blistChooser" style="display:none; border:1px dashed gray; width:98%;"></div>
+ <table width="95%" border="0" cellpadding="2" cellspacing="0">
+ <colgroup>
+ <col style="text-align:left;">
+ <col style="width: 30%; text-align:left;">
+ <col style="width: 17px;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("Blacklist Filename"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th>
+ <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="blist_add" id="blist_add"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Assign a blacklist file');?>"/></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php foreach($pconfig['blist_files']['item'] as $k => $f):
+ $class = "listr";
+ if (!file_exists("{$iprep_path}{$f}")) {
+ $filedate = gettext("Unknown -- file missing");
+ $class .= " red";
+ }
+ else
+ $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$f}"));
+ ?>
+ <tr>
+ <td class="<?=$class;?>"><?=htmlspecialchars($f);?></td>
+ <td class="<?=$class;?>" align="center"><?=$filedate;?></td>
+ <td class="list"><input type="image" name="blist_del[]" id="blist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17"
+ border="0" title="<?php echo gettext('Remove this blacklist file');?>"/></td>
+ </tr>
+ <?php endforeach; ?>
+ <tr>
+ <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span>
+ <?=gettext("changes to blacklist assignments are immediately saved.");?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Whitelist Files"); ?>
+ </td>
+ <td width="78%" class="vtable">
+ <table width="95%" border="0" cellpadding="2" cellspacing="0">
+ <!-- wlist_chooser -->
+ <div id="wlistChooser" name="wlistChooser" style="display:none; border:1px dashed gray; width:98%;"></div>
+ <colgroup>
+ <col style="text-align:left;">
+ <col style="width: 30%; text-align:left;">
+ <col style="width: 17px;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("Whitelist Filename"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th>
+ <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="wlist_add" id="wlist_add"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17"
+ border="0" title="<?php echo gettext('Assign a whitelist file');?>"/></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php foreach($pconfig['wlist_files']['item'] as $k => $f):
+ $class = "listr";
+ if (!file_exists("{$iprep_path}{$f}")) {
+ $filedate = gettext("Unknown -- file missing");
+ $class .= " red";
+ }
+ else
+ $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$f}"));
+ ?>
+ <tr>
+ <td class="<?=$class;?>"><?=htmlspecialchars($f);?></td>
+ <td class="<?=$class;?>" align="center"><?=$filedate;?></td>
+ <td class="list"><input type="image" name="wlist_del[]" id="wlist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17"
+ border="0" title="<?php echo gettext('Remove this whitelist file');?>"/></td>
+ </tr>
+ <?php endforeach; ?>
+ <tr>
+ <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span>
+ <?=gettext("changes to whitelist assignments are immediately saved.");?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+<script type="text/javascript">
+Event.observe(
+ window, "load",
+ function() {
+ Event.observe(
+ "blist_add", "click",
+ function() {
+ Effect.Appear("blistChooser", { duration: 0.25 });
+ blistChoose();
+ }
+ );
+
+ Event.observe(
+ "wlist_add", "click",
+ function() {
+ Effect.Appear("wlistChooser", { duration: 0.25 });
+ wlistChoose();
+ }
+ );
+ }
+);
+
+function blistChoose() {
+ Effect.Appear("blistChooser", { duration: 0.25 });
+ if($("fbCurrentDir"))
+ $("fbCurrentDir").innerHTML = "Loading ...";
+
+ new Ajax.Request(
+ "/snort/snort_iprep_list_browser.php?container=blistChooser&target=iplist&val=" + new Date().getTime(),
+ { method: "get", onComplete: blistComplete }
+ );
+}
+
+function wlistChoose() {
+ Effect.Appear("wlistChooser", { duration: 0.25 });
+ if($("fbCurrentDir"))
+ $("fbCurrentDir").innerHTML = "Loading ...";
+
+ new Ajax.Request(
+ "/snort/snort_iprep_list_browser.php?container=wlistChooser&target=iplist&val=" + new Date().getTime(),
+ { method: "get", onComplete: wlistComplete }
+ );
+}
+
+function blistComplete(req) {
+ $("blistChooser").innerHTML = req.responseText;
+
+ var actions = {
+ fbClose: function() { $("blistChooser").hide(); },
+ fbFile: function() { $("iplist").value = this.id;
+ $("mode").value = 'blist_add';
+ document.getElementById('iform').submit();
+ }
+ }
+
+ for(var type in actions) {
+ var elem = $("blistChooser");
+ var list = elem.getElementsByClassName(type);
+ for (var i=0; i<list.length; i++) {
+ Event.observe(list[i], "click", actions[type]);
+ list[i].style.cursor = "pointer";
+ }
+ }
+}
+
+function wlistComplete(req) {
+ $("wlistChooser").innerHTML = req.responseText;
+
+ var actions = {
+ fbClose: function() { $("wlistChooser").hide(); },
+ fbFile: function() { $("iplist").value = this.id;
+ $("mode").value = 'wlist_add';
+ document.getElementById('iform').submit();
+ }
+ }
+
+ for(var type in actions) {
+ var elem = $("wlistChooser");
+ var list = elem.getElementsByClassName(type);
+ for (var i=0; i<list.length; i++) {
+ Event.observe(list[i], "click", actions[type]);
+ list[i].style.cursor = "pointer";
+ }
+ }
+}
+
+</script>
+
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_iprep_list_browser.php b/config/snort/snort_iprep_list_browser.php
new file mode 100644
index 00000000..3e4d6b6a
--- /dev/null
+++ b/config/snort/snort_iprep_list_browser.php
@@ -0,0 +1,99 @@
+<?php
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+// Fetch a list of files inside a given directory
+function get_content($dir) {
+ $files = array();
+
+ clearstatcache();
+ $fd = @opendir($dir);
+ while($entry = @readdir($fd)) {
+ if($entry == ".") continue;
+ if($entry == "..") continue;
+
+ if(is_dir("{$dir}/{$entry}"))
+ continue;
+ else
+ array_push($files, $entry);
+ }
+ @closedir($fd);
+ natsort($files);
+ return $files;
+}
+
+$path = IPREP_PATH;
+$container = htmlspecialchars($_GET['container']);
+$target = htmlspecialchars($_GET['target']);
+
+// ----- header -----
+?>
+<table width="100%">
+ <tr>
+ <td width="25px" align="left">
+ <img src="/filebrowser/images/icon_home.gif" alt="Home" title="Home" />
+ </td>
+ <td><b><?=$path;?></b></td>
+ <td class="fbClose" align="right">
+ <img onClick="$('<?=$container;?>').hide();" border="0" src="/filebrowser/images/icon_cancel.gif" alt="Close" title="Close" />
+ </td>
+ </tr>
+ <tr>
+ <td id="fbCurrentDir" colspan="3" class="vexpl" align="left">
+ </td>
+ </tr>
+<?php
+$files = get_content($path);
+
+// ----- files -----
+foreach($files as $file):
+ $ext = strrchr($file, ".");
+
+ if($ext == ".css" ) $type = "code";
+ elseif($ext == ".html") $type = "code";
+ elseif($ext == ".xml" ) $type = "code";
+ elseif($ext == ".rrd" ) $type = "database";
+ elseif($ext == ".gif" ) $type = "image";
+ elseif($ext == ".jpg" ) $type = "image";
+ elseif($ext == ".png" ) $type = "image";
+ elseif($ext == ".js" ) $type = "js";
+ elseif($ext == ".pdf" ) $type = "pdf";
+ elseif($ext == ".inc" ) $type = "php";
+ elseif($ext == ".php" ) $type = "php";
+ elseif($ext == ".conf") $type = "system";
+ elseif($ext == ".pid" ) $type = "system";
+ elseif($ext == ".sh" ) $type = "system";
+ elseif($ext == ".bz2" ) $type = "zip";
+ elseif($ext == ".gz" ) $type = "zip";
+ elseif($ext == ".tgz" ) $type = "zip";
+ elseif($ext == ".zip" ) $type = "zip";
+ else $type = "generic";
+
+ $fqpn = "{$path}/{$file}";
+
+ if(is_file($fqpn)) {
+ $fqpn = realpath($fqpn);
+ $size = sprintf("%.2f KiB", filesize($fqpn) / 1024);
+ }
+ else
+ $size = "";
+?>
+ <tr>
+ <td></td>
+ <td class="fbFile vexpl" id="<?=$fqpn;?>" align="left">
+ <?php $filename = str_replace("//","/", "{$path}/{$file}"); ?>
+ <div onClick="$('<?=$target;?>').value='<?=$filename?>'; $('<?=$container;?>').hide();">
+ <img src="/filebrowser/images/file_<?=$type;?>.gif" alt="" title="">
+ &nbsp;<?=$file;?>
+ </div>
+ </td>
+ <td align="right" class="vexpl">
+ <?=$size;?>
+ </td>
+ </tr>
+<?php
+endforeach;
+?>
+</table>
+
diff --git a/config/snort/snort_list_view.php b/config/snort/snort_list_view.php
index 856367ef..8c3d0134 100644
--- a/config/snort/snort_list_view.php
+++ b/config/snort/snort_list_view.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2004, 2005 Scott Ullrich
* Copyright (C) 2011 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
@@ -41,23 +42,29 @@ global $g, $config;
$contents = '';
-$id = $_GET['id'];
-$wlist = $_GET['wlist'];
-$type = $_GET['type'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+$wlist = htmlspecialchars($_GET['wlist']);
+$type = htmlspecialchars($_GET['type']);
+$title = "List";
if (isset($id) && isset($wlist)) {
$a_rule = $config['installedpackages']['snortglobal']['rule'][$id];
if ($type == "homenet") {
$list = snort_build_list($a_rule, $wlist);
$contents = implode("\n", $list);
+ $title = "HOME_NET";
}
- elseif ($type == "whitelist") {
+ elseif ($type == "passlist") {
$list = snort_build_list($a_rule, $wlist, true);
$contents = implode("\n", $list);
+ $title = "Pass List";
}
elseif ($type == "suppress") {
$list = snort_find_list($wlist, $type);
$contents = str_replace("\r", "", base64_decode($list['suppresspassthru']));
+ $title = "Suppress List";
}
else
$contents = gettext("\n\nERROR -- Requested List Type entity is not valid!");
@@ -65,35 +72,32 @@ if (isset($id) && isset($wlist)) {
else
$contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!");
-$pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer"));
+$pgtitle = array(gettext("Snort"), gettext($title . " Viewer"));
?>
<?php include("head.inc");?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php // include("fbegin.inc");?>
-<form action="snort_whitelist_view.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
<table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
<tr>
- <td class="pgtitle" colspan="2">Snort: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td>
+ <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td>
</tr>
<tr>
<td align="left" width="20%">
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
<td align="right">
- <b><?php echo gettext(ucfirst($type) . ": ") . '</b>&nbsp;' . $_GET['wlist']; ?>&nbsp;&nbsp;&nbsp;&nbsp;
+ <b><?php echo gettext($title . ": ") . '</b>&nbsp;' . htmlspecialchars($_GET['wlist']); ?>&nbsp;&nbsp;&nbsp;&nbsp;
</td>
</tr>
<tr>
<td colspan="2" valign="top" class="label">
<div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea>
+ <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea>
</div>
</td>
</tr>
@@ -101,7 +105,5 @@ $pgtitle = array(gettext("Snort"), gettext(ucfirst($type) . " Viewer"));
</td>
</tr>
</table>
-</form>
-<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php
deleted file mode 100644
index beec1aa7..00000000
--- a/config/snort/snort_log_view.php
+++ /dev/null
@@ -1,93 +0,0 @@
-<?php
-/*
- * snort_log_view.php
- *
- * Copyright (C) 2004, 2005 Scott Ullrich
- * Copyright (C) 2011 Ermal Luci
- * All rights reserved.
- *
- * Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
- * Copyright (C) 2006-2009 Volker Theile
- *
- * Adapted for Pfsense Snort package by Robert Zelaya
- * Copyright (C) 2008-2009 Robert Zelaya
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/snort/snort.inc");
-
-$contents = '';
-
-// Read the contents of the argument passed to us.
-// Is it a fully qualified path and file?
-$logfile = htmlspecialchars($_GET['logfile'], ENT_QUOTES | ENT_HTML401);
-if (file_exists($logfile))
- if (substr(realpath($logfile), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
- $contents = gettext("\n\nERROR -- File: {$logfile} can not be viewed!");
- else
- $contents = file_get_contents($logfile);
-// It is not something we can display, so print an error.
-else
- $contents = gettext("\n\nERROR -- File: {$logfile} not found!");
-
-$pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
-?>
-
-<?php include("head.inc");?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php // include("fbegin.inc");?>
-
-<form action="snort_log_view.php" method="post">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
- <td class="tabcont">
- <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
- <tr>
- <td class="pgtitle" colspan="2">Snort: Log File Viewer</td>
- </tr>
- <tr>
- <td align="left" width="20%">
- <input type="button" class="formbtn" value="Return" onclick="window.close()">
- </td>
- <td align="right">
- <b><?php echo gettext("Log File: ") . '</b>&nbsp;' . $logfile; ?>&nbsp;&nbsp;&nbsp;&nbsp;
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="label">
- <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea style="width:100%; height:100%;" readonly wrap="off" rows="33" cols="80" name="code2"><?=$contents;?></textarea>
- </div>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</form>
-<?php // include("fend.inc");?>
-</body>
-</html>
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index 218237ab..d483ba47 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -322,6 +322,41 @@ foreach ($rule as &$r) {
}
}
+ // Migrate any Barnyard2 settings to the new advanced fields.
+ // Parse the old DB connect string and find the "host", "user",
+ // "dbname" and "password" values and save them in the new
+ // MySQL field names in the config file.
+ if (!empty($pconfig['barnyard_mysql'])) {
+ if (preg_match_all('/(dbname|host|user|password)\s*\=\s*([^\s]*)/i', $pconfig['barnyard_mysql'], $matches)) {
+ foreach ($matches[1] as $k => $p) {
+ if (strcasecmp($p, 'dbname') == 0)
+ $pconfig['barnyard_dbname'] = $matches[2][$k];
+ elseif (strcasecmp($p, 'host') == 0)
+ $pconfig['barnyard_dbhost'] = $matches[2][$k];
+ elseif (strcasecmp($p, 'user') == 0)
+ $pconfig['barnyard_dbuser'] = $matches[2][$k];
+ elseif (strcasecmp($p, 'password') == 0)
+ $pconfig['barnyard_dbpwd'] = base64_encode($matches[2][$k]);
+ }
+ $pconfig['barnyard_mysql_enable'] = 'on';
+ unset($pconfig['barnyard_mysql']);
+ }
+ // Since Barnyard2 was enabled, configure the new archived log settings
+ $pconfig['u2_archived_log_retention'] = '168';
+ $pconfig['barnyard_archive_enable'] = 'on';
+ $pconfig['unified2_log_limit'] = '32';
+ $updated_cfg = true;
+ }
+
+ // This setting is deprecated and replaced
+ // by 'barnyard_enable' since any Barnyard2
+ // chaining requires unified2 logging.
+ if (isset($pconfig['snortunifiedlog'])) {
+ unset($pconfig['snortunifiedlog']);
+ $pconfig['barnyard_enable'] = 'on';
+ $updated_cfg = true;
+ }
+
// Save the new configuration data into the $config array pointer
$r = $pconfig;
}
@@ -330,9 +365,9 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.4";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8";
log_error("[Snort] Saving configuration settings in new format...");
- write_config();
+ write_config("Snort pkg: migrate existing settings to new format as part of package upgrade.");
log_error("[Snort] Settings successfully migrated to new configuration format...");
}
else
diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php
new file mode 100644
index 00000000..2cac9cd4
--- /dev/null
+++ b/config/snort/snort_passlist.php
@@ -0,0 +1,205 @@
+<?php
+/*
+ * snort_passlist.php
+ *
+ * Copyright (C) 2004 Scott Ullrich
+ * Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * originially part of m0n0wall (http://m0n0.ch/wall)
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * All rights reserved.
+ *
+ * modified for the pfsense snort package
+ * Copyright (C) 2009-2010 Robert Zelaya.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
+ $config['installedpackages']['snortglobal']['whitelist'] = array();
+if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $config['installedpackages']['snortglobal']['whitelist']['item'] = array();
+$a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+
+// Calculate the next Pass List index ID
+if (isset($config['installedpackages']['snortglobal']['whitelist']['item']))
+ $id_gen = count($config['installedpackages']['snortglobal']['whitelist']['item']);
+else
+ $id_gen = '0';
+
+function snort_is_passlist_used($list) {
+
+ /**********************************************
+ * This function tests the provided Pass List *
+ * to determine if it is assigned to an *
+ * interface. *
+ * *
+ * On Entry: $list -> Pass List name to test *
+ * *
+ * Returns: TRUE if Pass List is in use or *
+ * FALSE if not in use *
+ **********************************************/
+
+ global $config;
+
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ return FALSE;
+
+ foreach($config['installedpackages']['snortglobal']['rule'] as $v) {
+ if (isset($v['whitelistname']) && $v['whitelistname'] == $list)
+ return TRUE;
+ }
+ return FALSE;
+}
+
+if ($_POST['del'] && is_numericint($_POST['list_id'])) {
+ if ($a_passlist[$_POST['list_id']]) {
+ /* make sure list is not being referenced by any interface */
+ if (snort_is_passlist_used($a_passlist[$_POST['list_id']]['name'])) {
+ $input_errors[] = gettext("This Pass List is currently assigned to a Snort interface and cannot be deleted. Unassign it from all Snort interfaces first.");
+ }
+ if (!$input_errors) {
+ unset($a_passlist[$_POST['list_id']]);
+ write_config("Snort pkg: deleted PASS LIST.");
+ sync_snort_package_config();
+ header("Location: /snort/snort_passlist.php");
+ exit;
+ }
+ }
+}
+
+$pgtitle = gettext("Snort: Pass Lists");
+include_once("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include_once("fbegin.inc");
+
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+?>
+
+<form action="/snort/snort_passlist.php" method="post">
+<input type="hidden" name="list_id" id="list_id" value=""/>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
+ $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+ $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+ $tab_array[5] = array(gettext("Pass Lists"), true, "/snort/snort_passlist.php");
+ $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
+?>
+ </td>
+</tr>
+<tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="25%" class="listhdrr">List Name</td>
+ <td width="30%" class="listhdrr">Assigned Alias</td>
+ <td class="listhdr">Description</td>
+ <td width="40px" class="list"></td>
+ </tr>
+ <?php foreach ($a_passlist as $i => $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='snort_passlist_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listr"
+ ondblclick="document.location='snort_passlist_edit.php?id=<?=$i;?>';"
+ title="<?=filter_expand_alias($list['address']);?>">
+ <?php echo gettext($list['address']);?></td>
+ <td class="listbg"
+ ondblclick="document.location='snort_passlist_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="snort_passlist_edit.php?id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit pass list"); ?>"></a>
+ </td>
+ <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this pass list? Click OK to continue or CANCEL to quit.)!");?>');"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete pass list"); ?>"/>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a href="snort_passlist_edit.php?id=<?php echo $id_gen;?> ">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("add a new pass list"); ?>"/></a>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+<br>
+<table width="100%" border="0" cellpadding="1"
+ cellspacing="1">
+ <tr>
+ <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span>
+ <p><?php echo gettext("1. Here you can create Pass List files for your Snort package rules. Hosts on a Pass List are never blocked by Snort."); ?><br/>
+ <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Snort block decisions."); ?><br/>
+ <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/>
+ <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td>
+ </tr>
+ <tr>
+ <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td>
+ </tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_passlist_edit.php
index 882c2b6f..3be776f4 100644
--- a/config/snort/snort_interfaces_whitelist_edit.php
+++ b/config/snort/snort_passlist_edit.php
@@ -1,8 +1,9 @@
<?php
/*
- * snort_interfaces_whitelist_edit.php
+ * snort_passlist_edit.php
* Copyright (C) 2004 Scott Ullrich
* Copyright (C) 2011-2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* originially part of m0n0wall (http://m0n0.ch/wall)
@@ -39,7 +40,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
if ($_POST['cancel']) {
- header("Location: /snort/snort_interfaces_whitelist.php");
+ header("Location: /snort/snort_passlist.php");
exit;
}
@@ -47,27 +48,32 @@ if (!is_array($config['installedpackages']['snortglobal']['whitelist']))
$config['installedpackages']['snortglobal']['whitelist'] = array();
if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item']))
$config['installedpackages']['snortglobal']['whitelist']['item'] = array();
-$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
+$a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+/* Should never be called without identifying list index, so bail */
if (is_null($id)) {
header("Location: /snort/snort_interfaces_whitelist.php");
exit;
}
-if (empty($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'])) {
- $whitelist_uuid = 0;
- while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) {
- $whitelist_uuid = mt_rand(1, 65535);
- $pconfig['uuid'] = $whitelist_uuid;
+/* If no entry for this passlist, then create a UUID and treat it like a new list */
+if (!isset($a_passlist[$id]['uuid'])) {
+ $passlist_uuid = 0;
+ while ($passlist_uuid > 65535 || $passlist_uuid == 0) {
+ $passlist_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $passlist_uuid;
+ $pconfig['name'] = "passlist_{$passlist_uuid}";
}
} else
- $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'];
+ $passlist_uuid = $a_passlist[$id]['uuid'];
-/* returns true if $name is a valid name for a whitelist file name or ip */
-function is_validwhitelistname($name) {
+/* returns true if $name is a valid name for a pass list file name or ip */
+function is_validpasslistname($name) {
if (!is_string($name))
return false;
@@ -77,29 +83,29 @@ function is_validwhitelistname($name) {
return false;
}
-if (isset($id) && $a_whitelist[$id]) {
+if (isset($id) && $a_passlist[$id]) {
/* old settings */
$pconfig = array();
- $pconfig['name'] = $a_whitelist[$id]['name'];
- $pconfig['uuid'] = $a_whitelist[$id]['uuid'];
- $pconfig['detail'] = $a_whitelist[$id]['detail'];
- $pconfig['address'] = $a_whitelist[$id]['address'];
- $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']);
- $pconfig['localnets'] = $a_whitelist[$id]['localnets'];
- $pconfig['wanips'] = $a_whitelist[$id]['wanips'];
- $pconfig['wangateips'] = $a_whitelist[$id]['wangateips'];
- $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips'];
- $pconfig['vips'] = $a_whitelist[$id]['vips'];
- $pconfig['vpnips'] = $a_whitelist[$id]['vpnips'];
+ $pconfig['name'] = $a_passlist[$id]['name'];
+ $pconfig['uuid'] = $a_passlist[$id]['uuid'];
+ $pconfig['detail'] = $a_passlist[$id]['detail'];
+ $pconfig['address'] = $a_passlist[$id]['address'];
+ $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']);
+ $pconfig['localnets'] = $a_passlist[$id]['localnets'];
+ $pconfig['wanips'] = $a_passlist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_passlist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_passlist[$id]['vips'];
+ $pconfig['vpnips'] = $a_passlist[$id]['vpnips'];
}
// Check for returned "selected alias" if action is import
if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "address" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ if ($_GET['varname'] == "address" && isset($_GET['varvalue']))
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
}
-if ($_POST['submit']) {
+if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
@@ -108,19 +114,19 @@ if ($_POST['submit']) {
$reqdfieldsn = explode(",", "Name");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
- if(strtolower($_POST['name']) == "defaultwhitelist")
- $input_errors[] = gettext("Whitelist file names may not be named defaultwhitelist.");
+ if(strtolower($_POST['name']) == "defaultpasslist")
+ $input_errors[] = gettext("Pass List file names may not be named defaultpasslist.");
- if (is_validwhitelistname($_POST['name']) == false)
- $input_errors[] = gettext("Whitelist file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset.");
+ if (is_validpasslistname($_POST['name']) == false)
+ $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset.");
/* check for name conflicts */
- foreach ($a_whitelist as $w_list) {
- if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list))
+ foreach ($a_passlist as $w_list) {
+ if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list))
continue;
if ($w_list['name'] == $_POST['name']) {
- $input_errors[] = gettext("A whitelist file name with this name already exists.");
+ $input_errors[] = gettext("A Pass List file name with this name already exists.");
break;
}
}
@@ -133,7 +139,7 @@ if ($_POST['submit']) {
$w_list = array();
/* post user input */
$w_list['name'] = $_POST['name'];
- $w_list['uuid'] = $whitelist_uuid;
+ $w_list['uuid'] = $passlist_uuid;
$w_list['localnets'] = $_POST['localnets']? 'yes' : 'no';
$w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
$w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
@@ -145,22 +151,22 @@ if ($_POST['submit']) {
$w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
$w_list['detail'] = $final_address_details;
- if (isset($id) && $a_whitelist[$id])
- $a_whitelist[$id] = $w_list;
+ if (isset($id) && $a_passlist[$id])
+ $a_passlist[$id] = $w_list;
else
- $a_whitelist[] = $w_list;
+ $a_passlist[] = $w_list;
- write_config();
+ write_config("Snort pkg: modified PASS LIST {$w_list['name']}.");
- /* create whitelist and homenet file then sync files */
+ /* create pass list and homenet file, then sync files */
sync_snort_package_config();
- header("Location: /snort/snort_interfaces_whitelist.php");
+ header("Location: /snort/snort_passlist.php");
exit;
}
}
-$pgtitle = gettext("Snort: Whitelist Edit - {$a_whitelist[$id]['name']}");
+$pgtitle = gettext("Snort: Pass List Edit - {$pconfig['name']}");
include_once("head.inc");
?>
@@ -168,8 +174,8 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
@@ -177,7 +183,8 @@ if ($savemsg)
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
</script>
-<form action="snort_interfaces_whitelist_edit.php" method="post" name="iform" id="iform">
+<form action="snort_passlist_edit.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>" />
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -187,10 +194,11 @@ if ($savemsg)
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), true, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), true, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array,true);
?>
</td>
</tr>
@@ -266,12 +274,12 @@ if ($savemsg)
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add custom IP Addresses from configured Aliases."); ?></td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncellreq">
- <div id="addressnetworkport"><?php echo gettext("Alias Name:"); ?></div>
+ <td width="22%" valign="top" class="vncell">
+ <?php echo gettext("Assigned Aliases:"); ?>
</td>
<td width="78%" class="vtable">
<input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>"
- title="<?=trim(filter_expand_alias($pconfig['address']));?>" />
+ title="<?=trim(filter_expand_alias($pconfig['address']));?>"/>
&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='snort_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
title="<?php echo gettext("Select an existing IP alias");?>"/>
</td>
@@ -279,9 +287,8 @@ if ($savemsg)
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input id="submit" name="submit" type="submit" class="formbtn" value="Save" />
+ <input id="save" name="save" type="submit" class="formbtn" value="Save" />
<input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" />
- <input name="id" type="hidden" value="<?=$id;?>" />
</td>
</tr>
</table>
@@ -299,15 +306,11 @@ if ($savemsg)
foreach($config['aliases']['alias'] as $alias_name) {
if ($alias_name['type'] != "host" && $alias_name['type'] != "network")
continue;
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
if($addrisfirst == 1) $aliasesaddr .= ",";
$aliasesaddr .= "'" . $alias_name['name'] . "'";
$addrisfirst = 1;
}
?>
-
var addressarray=new Array(<?php echo $aliasesaddr; ?>);
function createAutoSuggest() {
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 945ddd04..8d3c427d 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -96,13 +96,15 @@ function snort_build_new_conf($snortcfg) {
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
+ conf_mount_rw();
+
/* See if we should protect and not modify the preprocessor rules files */
if (!empty($snortcfg['protect_preproc_rules']))
$protect_preproc_rules = $snortcfg['protect_preproc_rules'];
else
$protect_preproc_rules = "off";
- $if_real = snort_get_real_interface($snortcfg['interface']);
+ $if_real = get_real_interface($snortcfg['interface']);
$snort_uuid = $snortcfg['uuid'];
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
@@ -162,8 +164,18 @@ function snort_build_new_conf($snortcfg) {
/* define snortunifiedlog */
$snortunifiedlog_type = "";
- if ($snortcfg['snortunifiedlog'] == "on")
- $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128";
+ if ($snortcfg['barnyard_enable'] == "on") {
+ if (isset($snortcfg['unified2_log_limit']))
+ $u2_log_limit = "limit {$snortcfg['unified2_log_limit']}";
+ else
+ $u2_log_limit = "limit 128";
+
+ $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, {$u2_log_limit}";
+ if ($snortcfg['barnyard_log_vlan_events'] == 'on')
+ $snortunifiedlog_type .= ", vlan_event_types";
+ if ($snortcfg['barnyard_log_mpls_events'] == 'on')
+ $snortunifiedlog_type .= ", mpls_event_types";
+ }
/* define spoink */
$spoink_type = "";
@@ -721,6 +733,49 @@ preprocessor sensitive_data: \
EOD;
+ /* define IP Reputation preprocessor */
+ if (is_array($snortcfg['blist_files']['item'])) {
+ $blist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['blist_files']['item'] as $blist) {
+ if ($bIsFirst) {
+ $blist_files .= "blacklist " . IPREP_PATH . $blist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $blist_files .= ", \\ \n\tblacklist " . IPREP_PATH . $blist;
+ }
+ }
+ if (is_array($snortcfg['wlist_files']['item'])) {
+ $wlist_files = "";
+ $bIsFirst = TRUE;
+ foreach ($snortcfg['wlist_files']['item'] as $wlist) {
+ if ($bIsFirst) {
+ $wlist_files .= "whitelist " . IPREP_PATH . $wlist;
+ $bIsFirst = FALSE;
+ }
+ else
+ $wlist_files .= ", \\ \n\twhitelist " . IPREP_PATH . $wlist;
+ }
+ }
+ if (!empty($blist_files))
+ $ip_lists = $blist_files;
+ if (!empty($wlist_files))
+ $ip_lists .= ", \\ \n" . $wlist_files;
+ if ($snortcfg['iprep_scan_local'] == 'on')
+ $ip_lists .= ", \\ \n\tscan_local";
+
+ $reputation_preproc = <<<EOD
+# IP Reputation preprocessor #
+preprocessor reputation: \
+ memcap {$snortcfg['iprep_memcap']}, \
+ priority {$snortcfg['iprep_priority']}, \
+ nested_ip {$snortcfg['iprep_nested_ip']}, \
+ white {$snortcfg['iprep_white']}, \
+ {$ip_lists}
+
+EOD;
+
/* define servers as IP variables */
$snort_servers = array (
"dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET",
@@ -751,11 +806,11 @@ EOD;
"ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc"
);
$snort_preproc = array (
- "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc",
- "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc"
+ "perform_stat", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "ssh_preproc", "sf_portscan",
+ "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc", "reputation_preproc"
);
$default_disabled_preprocs = array(
- "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc"
+ "sf_portscan", "gtp_preproc", "sensitive_data", "dnp3_preproc", "modbus_preproc", "reputation_preproc", "perform_stat"
);
$snort_preprocessors = "";
foreach ($snort_preproc as $preproc) {
@@ -1213,7 +1268,7 @@ EOD;
ipvar HOME_NET [{$home_net}]
ipvar EXTERNAL_NET [{$external_net}]
-# Define Rule Paths #
+# Define Rule Path #
var RULE_PATH {$snortcfgdir}/rules
# Define Servers #
@@ -1305,13 +1360,8 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src
EOD;
// Write out snort.conf file
- $conf = fopen("{$snortcfgdir}/snort.conf", "w");
- if(!$conf) {
- log_error("Could not open {$snortcfgdir}/snort.conf for writing.");
- return -1;
- }
- fwrite($conf, $snort_conf_text);
- fclose($conf);
+ file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text);
+ conf_mount_ro();
unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type);
unset($home_net, $external_net, $ipvardef, $portvardef);
}
@@ -1326,14 +1376,14 @@ if(is_process_running("snort")) {
exec("/usr/bin/killall -z snort");
sleep(2);
// Delete any leftover snort PID files in /var/run
- array_map('@unlink', glob("/var/run/snort_*.pid"));
+ unlink_if_exists("/var/run/snort_*.pid");
}
// Hard kill any running Barnyard2 processes
if(is_process_running("barnyard")) {
exec("/usr/bin/killall -z barnyard2");
sleep(2);
// Delete any leftover barnyard2 PID files in /var/run
- array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
+ unlink_if_exists("/var/run/barnyard2_*.pid");
}
/* Set flag for post-install in progress */
@@ -1362,46 +1412,68 @@ foreach ($preproc_rules as $file) {
@unlink("{$rcdir}/snort.sh");
@unlink("{$rcdir}/barnyard2");
+/* Create required log and db directories in /var */
+safe_mkdir(SNORTLOGDIR);
+safe_mkdir(IPREP_PATH);
+
+/* If installed, absorb the Snort Dashboard Widget into this package */
+/* by removing it as a separately installed package. */
+$pkgid = get_pkg_id("Dashboard Widget: Snort");
+if ($pkgid >= 0) {
+ log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package."));
+ unset($config['installedpackages']['package'][$pkgid]);
+ unlink_if_exists("/usr/local/pkg/widget-snort.xml");
+ write_config("Snort pkg: removed legacy Snort Dashboard Widget.");
+}
+
+/* Define a default Dashboard Widget Container for Snort */
+$snort_widget_container = "snort_alerts-container:col2:close";
+
/* remake saved settings */
if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings..."));
update_status(gettext("Saved settings detected..."));
/* Do one-time settings migration for new multi-engine configurations */
- update_output_window(gettext("Please wait... migrating settings to new multi-engine configuration..."));
- include('/usr/local/pkg/snort/snort_migrate_config.php');
+ update_output_window(gettext("Please wait... migrating settings to new configuration..."));
+ include('/usr/local/www/snort/snort_migrate_config.php');
update_output_window(gettext("Please wait... rebuilding installation with saved settings..."));
log_error(gettext("[Snort] Downloading and updating configured rule types..."));
update_output_window(gettext("Please wait... downloading and updating configured rule types..."));
if ($pkg_interface <> "console")
$snort_gui_include = true;
- include('/usr/local/pkg/snort/snort_check_for_rule_updates.php');
+ include('/usr/local/www/snort/snort_check_for_rule_updates.php');
update_status(gettext("Generating snort.conf configuration file from saved settings..."));
$rebuild_rules = true;
/* Create the snort.conf files for each enabled interface */
$snortconf = $config['installedpackages']['snortglobal']['rule'];
foreach ($snortconf as $value) {
- $if_real = snort_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
/* create a snort.conf file for interface */
snort_build_new_conf($value);
/* create barnyard2.conf file for interface */
if ($value['barnyard_enable'] == 'on')
- snort_create_barnyard2_conf($value, $if_real);
+ snort_generate_barnyard2_conf($value, $if_real);
}
/* create snort bootup file snort.sh */
snort_create_rc();
/* Set Log Limit, Block Hosts Time and Rules Update Time */
- snort_snortloglimit_install_cron($config['installedpackages']['snortglobal']['snortloglimit'] == 'on' ? true : false);
+ snort_snortloglimit_install_cron(true);
snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false);
snort_rules_up_install_cron($config['installedpackages']['snortglobal']['autorulesupdate7'] != "never_up" ? true : false);
/* Add the recurring jobs created above to crontab */
configure_cron();
+ /* Restore the last Snort Dashboard Widget setting if none is set */
+ if (!empty($config['installedpackages']['snortglobal']['dashboard_widget']) &&
+ stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
+ $config['widgets']['sequence'] .= "," . $config['installedpackages']['snortglobal']['dashboard_widget'];
+
$rebuild_rules = false;
update_output_window(gettext("Finished rebuilding Snort configuration files..."));
log_error(gettext("[Snort] Finished rebuilding installation from saved settings..."));
@@ -1416,9 +1488,14 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
}
}
+/* If an existing Snort Dashboard Widget container is not found, */
+/* then insert our default Widget Dashboard container. */
+if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE)
+ $config['widgets']['sequence'] .= ",{$snort_widget_container}";
+
/* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.4";
-write_config();
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8";
+write_config("Snort pkg: post-install configuration saved.");
/* Done with post-install, so clear flag */
unset($g['snort_postinstall']);
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 26b37e81..5cee95df 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -6,7 +6,7 @@
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2008-2009 Robert Zelaya.
* Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -38,9 +38,11 @@ require_once("/usr/local/pkg/snort/snort.inc");
global $g, $rebuild_rules;
$snortlogdir = SNORTLOGDIR;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
@@ -66,6 +68,8 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_clie
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
+
+// Calculate the "next engine ID" to use for the multi-config engine arrays
$frag3_engine_next_id = count($a_nat[$id]['frag3_engine']['item']);
$stream5_tcp_engine_next_id = count($a_nat[$id]['stream5_tcp_engine']['item']);
$http_inspect_engine_next_id = count($a_nat[$id]['http_inspect_engine']['item']);
@@ -73,170 +77,9 @@ $ftp_server_engine_next_id = count($a_nat[$id]['ftp_server_engine']['item']);
$ftp_client_engine_next_id = count($a_nat[$id]['ftp_client_engine']['item']);
$pconfig = array();
-if (isset($id) && $a_nat[$id]) {
+if (isset($id) && isset($a_nat[$id])) {
$pconfig = $a_nat[$id];
- /* Get current values from config for page form fields */
- $pconfig['perform_stat'] = $a_nat[$id]['perform_stat'];
- $pconfig['host_attribute_table'] = $a_nat[$id]['host_attribute_table'];
- $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
- $pconfig['max_attribute_hosts'] = $a_nat[$id]['max_attribute_hosts'];
- $pconfig['max_attribute_services_per_host'] = $a_nat[$id]['max_attribute_services_per_host'];
- $pconfig['max_paf'] = $a_nat[$id]['max_paf'];
- $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs'];
- $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor'];
- $pconfig['ftp_telnet_inspection_type'] = $a_nat[$id]['ftp_telnet_inspection_type'];
- $pconfig['ftp_telnet_alert_encrypted'] = $a_nat[$id]['ftp_telnet_alert_encrypted'];
- $pconfig['ftp_telnet_check_encrypted'] = $a_nat[$id]['ftp_telnet_check_encrypted'];
- $pconfig['ftp_telnet_normalize'] = $a_nat[$id]['ftp_telnet_normalize'];
- $pconfig['ftp_telnet_detect_anomalies'] = $a_nat[$id]['ftp_telnet_detect_anomalies'];
- $pconfig['ftp_telnet_ayt_attack_threshold'] = $a_nat[$id]['ftp_telnet_ayt_attack_threshold'];
- $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor'];
- $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan'];
- $pconfig['pscan_protocol'] = $a_nat[$id]['pscan_protocol'];
- $pconfig['pscan_type'] = $a_nat[$id]['pscan_type'];
- $pconfig['pscan_sense_level'] = $a_nat[$id]['pscan_sense_level'];
- $pconfig['pscan_memcap'] = $a_nat[$id]['pscan_memcap'];
- $pconfig['pscan_ignore_scanners'] = $a_nat[$id]['pscan_ignore_scanners'];
- $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2'];
- $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor'];
- $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data'];
- $pconfig['sdf_alert_data_type'] = $a_nat[$id]['sdf_alert_data_type'];
- $pconfig['sdf_alert_threshold'] = $a_nat[$id]['sdf_alert_threshold'];
- $pconfig['sdf_mask_output'] = $a_nat[$id]['sdf_mask_output'];
- $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc'];
- $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc'];
- $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc'];
- $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc'];
- $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc'];
- $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc'];
- $pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc'];
- $pconfig['ssh_preproc'] = $a_nat[$id]['ssh_preproc'];
- $pconfig['preproc_auto_rule_disable'] = $a_nat[$id]['preproc_auto_rule_disable'];
- $pconfig['protect_preproc_rules'] = $a_nat[$id]['protect_preproc_rules'];
-
- // Frag3 global settings
- $pconfig['frag3_detection'] = $a_nat[$id]['frag3_detection'];
- $pconfig['frag3_max_frags'] = $a_nat[$id]['frag3_max_frags'];
- $pconfig['frag3_memcap'] = $a_nat[$id]['frag3_memcap'];
-
- // See if new Frag3 engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['frag3_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd",
- "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on",
- "overlap_limit" => 0, "min_frag_len" => 0 );
- $pconfig['frag3_engine']['item'] = array();
- $pconfig['frag3_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['frag3_engine']['item']))
- $a_nat[$id]['frag3_engine']['item'] = array();
- $a_nat[$id]['frag3_engine']['item'][] = $default;
- write_config();
- $frag3_engine_next_id++;
- }
- else
- $pconfig['frag3_engine'] = $a_nat[$id]['frag3_engine'];
-
- // Stream5 global settings
- $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly'];
- $pconfig['stream5_flush_on_alert'] = $a_nat[$id]['stream5_flush_on_alert'];
- $pconfig['stream5_prune_log_max'] = $a_nat[$id]['stream5_prune_log_max'];
- $pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap'];
- $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp'];
- $pconfig['stream5_max_tcp'] = $a_nat[$id]['stream5_max_tcp'];
- $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp'];
- $pconfig['stream5_max_udp'] = $a_nat[$id]['stream5_max_udp'];
- $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout'];
- $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp'];
- $pconfig['stream5_max_icmp'] = $a_nat[$id]['stream5_max_icmp'];
- $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout'];
-
- // See if new Stream5 engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['stream5_tcp_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30,
- "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0,
- "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0,
- "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off",
- "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default",
- "ports_both" => "default", "ports_server" => "none" );
- $pconfig['stream5_tcp_engine']['item'] = array();
- $pconfig['stream5_tcp_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['stream5_tcp_engine']['item']))
- $a_nat[$id]['stream5_tcp_engine']['item'] = array();
- $a_nat[$id]['stream5_tcp_engine']['item'][] = $default;
- write_config();
- $stream5_tcp_engine_next_id++;
- }
- else
- $pconfig['stream5_tcp_engine'] = $a_nat[$id]['stream5_tcp_engine'];
-
- // HTTP_INSPECT global settings
- $pconfig['http_inspect'] = $a_nat[$id]['http_inspect'];
- $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap'];
- $pconfig['http_inspect_proxy_alert'] = $a_nat[$id]['http_inspect_proxy_alert'];
- $pconfig['http_inspect_max_gzip_mem'] = $a_nat[$id]['http_inspect_max_gzip_mem'];
-
- // See if new HTTP_INSPECT engine array is configured and use it;
- // otherwise create a default engine configuration.
- if (empty($pconfig['http_inspect_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off",
- "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on",
- "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off",
- "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on",
- "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on",
- "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200,
- "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" );
- $pconfig['http_inspect_engine']['item'] = array();
- $pconfig['http_inspect_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['http_inspect_engine']['item']))
- $a_nat[$id]['http_inspect_engine']['item'] = array();
- $a_nat[$id]['http_inspect_engine']['item'][] = $default;
- write_config();
- $http_inspect_engine_next_id++;
- }
- else
- $pconfig['http_inspect_engine'] = $a_nat[$id]['http_inspect_engine'];
-
- // See if new FTP client engine array is configured and use it;
- // otherwise create a default engine configuration..
- if (empty($pconfig['ftp_client_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256,
- "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
- "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" );
- $pconfig['ftp_client_engine']['item'] = array();
- $pconfig['ftp_client_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['ftp_client_engine']['item']))
- $a_nat[$id]['ftp_client_engine']['item'] = array();
- $a_nat[$id]['ftp_client_engine']['item'][] = $default;
- write_config();
- $ftp_client_engine_next_id++;
- }
- else
- $pconfig['ftp_client_engine'] = $a_nat[$id]['ftp_client_engine'];
-
- // See if new FTP server engine array is configured and use it;
- // otherwise create a default engine configuration..
- if (empty($pconfig['ftp_server_engine']['item'])) {
- $default = array( "name" => "default", "bind_to" => "all", "ports" => "default",
- "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes",
- "ignore_data_chan" => "no", "def_max_param_len" => 100 );
- $pconfig['ftp_server_engine']['item'] = array();
- $pconfig['ftp_server_engine']['item'][] = $default;
- if (!is_array($a_nat[$id]['ftp_server_engine']['item']))
- $a_nat[$id]['ftp_server_engine']['item'] = array();
- $a_nat[$id]['ftp_server_engine']['item'][] = $default;
- write_config();
- $ftp_server_engine_next_id++;
- }
- else
- $pconfig['ftp_server_engine'] = $a_nat[$id]['ftp_server_engine'];
-
- /* If not using the Snort VRT rules, then disable */
- /* the Sensitive Data (sdf) preprocessor. */
- if ($vrt_enabled == "off")
- $pconfig['sensitive_data'] = "off";
-
/************************************************************/
/* To keep new users from shooting themselves in the foot */
/* enable the most common required preprocessors by default */
@@ -264,12 +107,14 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ftp_telnet_detect_anomalies'] = 'on';
if (empty($pconfig['ftp_telnet_ayt_attack_threshold']) && $pconfig['ftp_telnet_ayt_attack_threshold'] <> 0)
$pconfig['ftp_telnet_ayt_attack_threshold'] = '20';
+
if (empty($pconfig['sdf_alert_data_type']))
$pconfig['sdf_alert_data_type'] = "Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers";
if (empty($pconfig['sdf_alert_threshold']))
$pconfig['sdf_alert_threshold'] = '25';
if (empty($pconfig['sdf_mask_output']))
$pconfig['sdf_mask_output'] = 'off';
+
if (empty($pconfig['smtp_preprocessor']))
$pconfig['smtp_preprocessor'] = 'on';
if (empty($pconfig['dce_rpc_2']))
@@ -340,36 +185,56 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['pscan_sense_level'] = 'medium';
}
-/* Define the "disabled_preproc_rules.log" file for this interface */
-$iface = snort_get_friendly_interface($pconfig['interface']);
-$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log";
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
-if ($_GET['act'] && isset($_GET['eng_id'])) {
+/* Define the "disabled_preproc_rules.log" file for this interface */
+$disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log";
- $natent = array();
- $natent = $pconfig;
+// Check for returned "selected alias" if action is import
+if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
+}
- if ($_GET['act'] == "del_frag3")
- unset($natent['frag3_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_stream5_tcp")
- unset($natent['stream5_tcp_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_http_inspect")
- unset($natent['http_inspect_engine']['item'][$_GET['eng_id']]);
- elseif ($_GET['act'] == "del_ftp_server")
- unset($natent['ftp_server_engine']['item'][$_GET['eng_id']]);
-
- if (isset($id) && $a_nat[$id]) {
- $a_nat[$id] = $natent;
- write_config();
+// Handle deleting of any of the multiple configuration engines
+if ($_POST['del_http_inspect']) {
+ if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) {
+ unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted http_inspect engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#httpinspect_row");
+ exit;
}
-
- header("Location: snort_preprocessors.php?id=$id");
- exit;
}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+elseif ($_POST['del_frag3']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted frag3 engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#frag3_row");
+ exit;
+ }
+}
+elseif ($_POST['del_stream5_tcp']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted stream5 engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#stream5_row");
+ exit;
+ }
+}
+elseif ($_POST['del_ftp_client']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted ftp_client engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
+ exit;
+ }
+}
+elseif ($_POST['del_ftp_server']) {
+ if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) {
+ unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]);
+ write_config("Snort pkg: deleted ftp_server engine for {$a_nat[$id]['interface']}.");
+ header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row");
+ exit;
+ }
}
if ($_POST['ResetAll']) {
@@ -434,7 +299,8 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All preprocessor settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+
+if ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -509,9 +375,9 @@ elseif ($_POST['Submit']) {
$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
- if (isset($id) && $a_nat[$id]) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id] = $natent;
- write_config();
+ write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}.");
}
/*************************************************/
@@ -524,7 +390,7 @@ elseif ($_POST['Submit']) {
/* If 'preproc_auto_rule_disable' is off, then clear log file */
if ($natent['preproc_auto_rule_disable'] == 'off')
- @unlink("{$disabled_rules_log}");
+ unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}");
/*******************************************************/
/* Signal Snort to reload Host Attribute Table if one */
@@ -543,20 +409,25 @@ elseif ($_POST['Submit']) {
header("Location: snort_preprocessors.php?id=$id");
exit;
}
+ else
+ $pconfig = $_POST;
}
-elseif ($_POST['btn_import']) {
+
+if ($_POST['btn_import']) {
if (is_uploaded_file($_FILES['host_attribute_file']['tmp_name'])) {
$data = file_get_contents($_FILES['host_attribute_file']['tmp_name']);
- if ($data === false)
+ if ($data === false) {
$input_errors[] = gettext("Error uploading file {$_FILES['host_attribute_file']}!");
+ $pconfig = $_POST;
+ }
else {
- if (isset($id) && $a_nat[$id]) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['host_attribute_data'] = base64_encode($data);
$pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data'];
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: imported Host Attribute Table data for {$a_nat[$id]['interface']}.");
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -567,15 +438,18 @@ elseif ($_POST['btn_import']) {
exit;
}
}
- else
+ else {
$input_errors[] = gettext("No filename specified for import!");
+ $pconfig = $_POST;
+ }
}
-elseif ($_POST['btn_edit_hat']) {
- if (isset($id) && $a_nat[$id]) {
+
+if ($_POST['btn_edit_hat']) {
+ if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id]['host_attribute_table'] = "on";
$a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts'];
$a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host'];
- write_config();
+ write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}.");
header("Location: snort_edit_hat_data.php?id=$id");
exit;
}
@@ -586,26 +460,21 @@ elseif ($_POST['btn_edit_hat']) {
if ($pconfig['host_attribute_table'] == 'on' && empty($pconfig['host_attribute_data']))
$input_errors[] = gettext("The Host Attribute Table option is enabled, but no Host Attribute data has been loaded. Data may be entered manually or imported from a suitable file.");
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Preprocessors and Flow");
include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="enable_change_all()">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
+<?php include("fbegin.inc");
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
-
- if ($savemsg) {
- print_info_box($savemsg);
- }
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<script type="text/javascript" src="/javascript/autosuggest.js">
@@ -613,8 +482,9 @@ include_once("head.inc");
<script type="text/javascript" src="/javascript/suggestions.js">
</script>
-<form action="snort_preprocessors.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input name="eng_id" id="eng_id" type="hidden" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -622,23 +492,25 @@ include_once("head.inc");
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), true, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -694,7 +566,7 @@ include_once("head.inc");
"disabled preprocessors, but can substantially compromise the level of protection by " .
"automatically disabling detection rules."); ?></td>
</tr>
- <?php if (file_exists($disabled_rules_log) && filesize($disabled_rules_log) > 0): ?>
+ <?php if (file_exists("{$snortlogdir}/{$disabled_rules_log}") && filesize("{$snortlogdir}/{$disabled_rules_log}") > 0): ?>
<tr>
<td width="3%">&nbsp;</td>
<td class="vexpl"><input type="button" class="formbtn" value="View" onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$disabled_rules_log;?>','FileViewer',800,600);">
@@ -718,8 +590,8 @@ include_once("head.inc");
<tr id="host_attrib_table_data_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Host Attribute Data"); ?></td>
<td width="78%" class="vtable"><strong><?php echo gettext("Import From File"); ?></strong><br/>
- <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40">&nbsp;&nbsp;
- <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"><br/>
+ <input name="host_attribute_file" type="file" class="formfld file" value="on" id="host_attribute_file" size="40"/>&nbsp;&nbsp;
+ <input type="submit" name="btn_import" id="btn_import" value="Import" class="formbtn"/><br/>
<?php echo gettext("Choose the Host Attributes file to use for auto-configuration."); ?><br/><br/>
<span class="red"><strong><?php echo gettext("Warning: "); ?></strong></span>
<?php echo gettext("The Host Attributes file has a required format. See the "); ?><a href="http://manual.snort.org/" target="_blank">
@@ -744,7 +616,7 @@ include_once("head.inc");
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="max_attribute_hosts" type="text" class="formfld unknown" id="max_attribute_hosts" size="9"
- value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>">&nbsp;&nbsp;
+ value="<?=htmlspecialchars($pconfig['max_attribute_hosts']);?>"/>&nbsp;&nbsp;
<?php echo gettext("Max number of hosts to read from the Attribute Table. Min is ") .
"<strong>" . gettext("32") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("524288") . "</strong>"; ?>.</td>
@@ -761,7 +633,7 @@ include_once("head.inc");
<table cellpadding="0" cellspacing="0">
<tr>
<td><input name="max_attribute_services_per_host" type="text" class="formfld unknown" id="max_attribute_services_per_host" size="9"
- value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>">&nbsp;&nbsp;
+ value="<?=htmlspecialchars($pconfig['max_attribute_services_per_host']);?>"/>&nbsp;&nbsp;
<?php echo gettext("Max number of per host services to read from the Attribute Table. Min is ") .
"<strong>" . gettext("1") . "</strong>" . gettext(" and Max is ") . "<strong>" .
gettext("65535") . "</strong>"; ?>.</td>
@@ -868,10 +740,10 @@ include_once("head.inc");
<td class="listt" align="right"><a href="snort_httpinspect_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
- <?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_http_inspect" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this server configuration");?>"></a>
+ <?php if ($v['bind_to'] <> "all") : ?>
+ <input type="image" name="del_http_inspect[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this server configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -937,9 +809,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this engine configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_frag3" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this engine configuration");?>"></a>
+ <input type="image" name="del_frag3[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this engine configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default engine configuration cannot be deleted");?>">
@@ -1094,9 +966,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this TCP engine configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_stream5_tcp" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this TCP engine configuration");?>"></a>
+ <input type="image" name="del_stream5_tcp[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this TCP engine configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default engine configuration cannot be deleted");?>">
@@ -1329,9 +1201,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this FTP client configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this FTP client configuration");?>"></a>
+ <input type="image" name="del_ftp_client[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP client configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default client configuration cannot be deleted");?>">
@@ -1371,9 +1243,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this FTP server configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="snort_preprocessors.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_ftp_server" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this FTP server configuration");?>"></a>
+ <input type="image" name="del_ftp_server[]" onclick="document.getElementById('eng_id').value='<?=$f;?>'; return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this FTP server configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -1399,7 +1271,7 @@ include_once("head.inc");
<?php echo gettext("Sensitive data searches for credit card numbers, Social Security numbers and e-mail addresses in data."); ?>
<br/>
<span class="red"><strong><?php echo gettext("Note: "); ?></strong></span><?php echo gettext("To enable this preprocessor, you must select the Snort VRT rules on the ") .
- "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\"/>" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
+ "<a href=\"/snort/snort_interfaces_global.php\" title=\"" . gettext("Modify Snort global settings") . "\">" . gettext("Global Settings") . "</a>" . gettext(" tab."); ?>
</td>
</tr>
<tr id="sdf_alert_data_row">
@@ -1533,9 +1405,9 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save preprocessor settings"); ?>">
- <input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
+ &nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" .
gettext("WARNING: This will reset ALL preprocessor settings to their defaults. Click OK to continue or CANCEL to quit.") .
@@ -1582,8 +1454,6 @@ include_once("head.inc");
function createAutoSuggest() {
<?php
echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n";
?>
}
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index afc764fc..e69152c3 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -37,38 +37,28 @@ global $g, $rebuild_rules;
$snortdir = SNORTDIR;
$rules_map = array();
+$categories = array();
$pconfig = array();
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_rule = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
-if (isset($id) && $a_rule[$id]) {
+if (isset($id) && isset($a_rule[$id])) {
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
}
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 2)) . "...";
- return $string;
-}
-
function add_title_attribute($tag, $title) {
/********************************
@@ -102,15 +92,19 @@ function add_title_attribute($tag, $title) {
}
/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off';
$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
$etprodownload = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
-$categories = explode("||", $pconfig['rulesets']);
-// add the standard rules files to the categories list
+// Add any previously saved rules files to the categories array
+if (!empty($pconfig['rulesets']))
+ $categories = explode("||", $pconfig['rulesets']);
+
+// add the standard rules files to the categories array
$categories[] = "custom.rules";
$categories[] = "decoder.rules";
$categories[] = "preprocessor.rules";
@@ -121,20 +115,19 @@ if ($a_rule[$id]['autoflowbitrules'] == 'on')
$categories[] = "Auto-Flowbit Rules";
natcasesort($categories);
-if ($_GET['openruleset'])
- $currentruleset = $_GET['openruleset'];
-else if ($_POST['openruleset'])
+if (isset($_POST['openruleset']))
$currentruleset = $_POST['openruleset'];
+elseif (isset($_GET['openruleset']))
+ $currentruleset = htmlspecialchars($_GET['openruleset']);
else
- $currentruleset = $categories[0];
+ $currentruleset = $categories[key($categories)];
/* One last sanity check -- if the rules directory is empty, default to loading custom rules */
$tmp = glob("{$snortdir}/rules/*.rules");
if (empty($tmp))
$currentruleset = "custom.rules";
-$ruledir = "{$snortdir}/rules";
-$rulefile = "{$ruledir}/{$currentruleset}";
+$rulefile = "{$snortdir}/rules/{$currentruleset}";
if ($currentruleset != 'custom.rules') {
// Read the current rules file into our rules map array.
// If it is the auto-flowbits file, set the full path.
@@ -157,13 +150,11 @@ if ($currentruleset != 'custom.rules') {
$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']);
$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']);
-if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
-
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gid'];
+if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) {
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['ids'];
+ // Get the GID:SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gid'];
+ $sid = $_POST['sid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it back to default if present; otherwise,
@@ -205,13 +196,11 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
+ write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}.");
- $_GET['openruleset'] = $currentruleset;
$anchor = "rule_{$gid}_{$sid}";
}
-
-if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
+elseif ($_POST['disable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "disabled".
foreach (array_keys($rules_map) as $k1) {
@@ -247,14 +236,9 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
}
-
-if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
+elseif ($_POST['enable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "enabled".
foreach (array_keys($rules_map) as $k1) {
@@ -289,14 +273,9 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
}
-
-if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
+elseif ($_POST['resetcategory'] && !empty($rules_map)) {
// Reset any modified SIDs in the current rule category to their defaults.
foreach (array_keys($rules_map) as $k1) {
@@ -333,43 +312,35 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
else
unset($a_rule[$id]['rule_sid_off']);
- write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}.");
}
-
-if ($_GET['act'] == "resetall" && !empty($rules_map)) {
+elseif ($_POST['resetall'] && !empty($rules_map)) {
// Remove all modified SIDs from config.xml and save the changes.
unset($a_rule[$id]['rule_sid_on']);
unset($a_rule[$id]['rule_sid_off']);
/* Update the config.xml file. */
- write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}.");
}
-
-if ($_POST['clear']) {
+else if ($_POST['cancel']) {
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
+}
+elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
- write_config();
+ write_config("Snort pkg: clear all custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ $pconfig['customrules'] = '';
}
-
-if ($_POST['submit']) {
+elseif ($_POST['save']) {
+ $pconfig['customrules'] = $_POST['customrules'];
if ($_POST['customrules'])
$a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
else
unset($a_rule[$id]['customrules']);
- write_config();
+ write_config("Snort pkg: save modified custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
$rebuild_rules = false;
@@ -385,14 +356,15 @@ if ($_POST['submit']) {
$input_errors[] = "Custom rules have errors:\n {$error}";
}
else {
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ /* Soft-restart Snort to live-load new rules */
+ snort_reload_config($a_rule[$id]);
+ $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. ");
+ $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules.");
}
}
-
else if ($_POST['apply']) {
/* Save new configuration */
- write_config();
+ write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
@@ -404,29 +376,18 @@ else if ($_POST['apply']) {
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_rule[$id]);
-
- /* Return to this same page */
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
-}
-else if ($_POST['cancel']) {
-
- /* Return to this same page */
- header("Location: /snort/snort_rules.php?id={$id}");
- exit;
}
require_once("guiconfig.inc");
include_once("head.inc");
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
-if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
@@ -440,6 +401,10 @@ if ($savemsg) {
?>
<form action="/snort/snort_rules.php" method="post" name="iform" id="iform">
+<input type='hidden' name='id' id='id' value='<?=$id;?>'/>
+<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/>
+<input type='hidden' name='sid' id='sid' value=''/>
+<input type='hidden' name='gid' id='gid' value=''/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -447,12 +412,13 @@ if ($savemsg) {
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array,true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -461,9 +427,10 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -471,20 +438,21 @@ if ($savemsg) {
<tr>
<td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td>
</tr>
-
<tr>
<td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;<select id="selectbox" name="selectbox" class="formselect" onChange="go()">
<?php
foreach ($categories as $value) {
- if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_")
+ if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX)
+ continue;
+ if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX)
continue;
- if ($emergingdownload != 'on' && substr($value, 0, 8) == "emerging")
+ if ($etprodownload != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX)
continue;
- if ($etprodownload != 'on' && substr($value, 0, 6) == "etpro-")
+ if ($snortcommunitydownload != 'on' && substr($value, 0, mb_strlen(GPL_FILE_PREFIX)) == GPL_FILE_PREFIX)
continue;
if (empty($value))
continue;
- echo "<option value='?id={$id}&openruleset={$value}' ";
+ echo "<option value='{$value}' ";
if ($value == $currentruleset)
echo "selected";
echo ">{$value}</option>\n";
@@ -493,21 +461,18 @@ if ($savemsg) {
</select>&nbsp;&nbsp;&nbsp;<?php echo gettext("Select the rule category to view"); ?>
</td>
</tr>
-
<?php if ($currentruleset == 'custom.rules'): ?>
<tr>
<td class="listtopic"><?php echo gettext("Defined Custom Rules"); ?></td>
</tr>
<tr>
<td valign="top" class="vtable">
- <input type='hidden' name='openruleset' value='custom.rules'>
- <input type='hidden' name='id' value='<?=$id;?>'>
<textarea wrap="soft" cols="90" rows="40" name="customrules"><?=base64_decode($a_rule[$id]['customrules']);?></textarea>
</td>
</tr>
<tr>
<td>
- <input name="submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
+ <input name="save" type="submit" class="formbtn" id="save" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
<input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel changes and return to last page"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/>
</td>
@@ -520,43 +485,50 @@ if ($savemsg) {
<td class="vncell">
<table width="100%" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td rowspan="4" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
- title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/>
- <input type='hidden' name='id' value='<?=$id;?>'/>
- <input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/><br/><br/>
+ <td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
+ title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/>
<span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" .
- gettext("Snort must be restarted to activate any rule enable/disable changes made on this tab."); ?></span></td>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ gettext("When finished, click APPLY to save and send any SID enable/disable changes made on this tab to Snort."); ?></span></td>
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetcategory[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'></a>"?>
+ title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove Enable/Disable changes in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetall'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetall[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'></a>"?>
+ title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove all Enable/Disable changes in all Categories"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=disable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='disable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to disable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to disable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Disable all rules in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=enable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='enable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus_mo.gif\"' border='0'
- title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to enable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Enable all rules in the current Category"); ?></td>
</tr>
+ <tr>
+ <td class="vexpl" valign="middle"><a href="javascript: void(0)"
+ onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" width="15" height="15" <?php
+ echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
+ onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
+ title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a>
+ &nbsp;&nbsp;<?php echo gettext("View full file contents for the current Category"); ?></td>
+ </tr>
<?php if ($currentruleset == 'Auto-Flowbit Rules'): ?>
<tr>
<td colspan="3">&nbsp;</td>
@@ -564,14 +536,13 @@ if ($savemsg) {
<tr>
<td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" .
gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") .
- "<a href='snort_rules_flowbits.php?id={$id}&openruleset={$currentruleset}&returl=" . urlencode($_SERVER['PHP_SELF']) . "' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
+ "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
gettext("clicking here") . ".</a>";?></td>
</tr>
<?php endif;?>
</table>
</td>
</tr>
-
<tr>
<td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td>
</tr>
@@ -579,18 +550,18 @@ if ($savemsg) {
<td>
<?php if ($currentruleset != 'decoder.rules' && $currentruleset != 'preprocessor.rules'): ?>
+
<table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="15" align="left" valign="middle">
+ <col width="14" align="left" valign="middle">
<col width="6%" align="center" axis="number">
- <col width="8%" align="center" axis="number">
- <col width="54" align="center" axis="string">
+ <col width="9%" align="center" axis="number">
+ <col width="52" align="center" axis="string">
<col width="14%" align="center" axis="string">
- <col width="11%" align="center" axis="string">
+ <col width="10%" align="center" axis="string">
<col width="14%" align="center" axis="string">
- <col width="11%" align="center" axis="string">
+ <col width="10%" align="center" axis="string">
<col axis="string">
- <col width="22" align="right" valign="middle">
</colgroup>
<thead>
<tr>
@@ -599,20 +570,13 @@ if ($savemsg) {
<th class="listhdrr"><?php echo gettext("SID"); ?></th>
<th class="listhdrr"><?php echo gettext("Proto"); ?></th>
<th class="listhdrr"><?php echo gettext("Source"); ?></th>
- <th class="listhdrr"><?php echo gettext("Port"); ?></th>
+ <th class="listhdrr"><?php echo gettext("SPort"); ?></th>
<th class="listhdrr"><?php echo gettext("Destination"); ?></th>
- <th class="listhdrr"><?php echo gettext("Port"); ?></th>
+ <th class="listhdrr"><?php echo gettext("DPort"); ?></th>
<th class="listhdrr"><?php echo gettext("Message"); ?></th>
- <th class="list"><a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php
- echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
- onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
- title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th>
</tr>
</thead>
<tbody>
-
<?php
$counter = $enable_cnt = $disable_cnt = 0;
foreach ($rules_map as $k1 => $rulem) {
@@ -660,51 +624,47 @@ if ($savemsg) {
$dstspan = add_title_attribute($textss, $rule_content[5]);
$dstprtspan = add_title_attribute($textss, $rule_content[6]);
- $protocol = $rule_content[1]; //protocol field
- $source = truncate($rule_content[2], 14); //source field
- $source_port = truncate($rule_content[3], 10); //source port field
- $destination = truncate($rule_content[5], 14); //destination field
- $destination_port = truncate($rule_content[6], 10); //destination port field
- $message = snort_get_msg($v['rule']);
-
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss
- <a id=\"rule_{$gid}_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&gid={$gid}&ids={$sid}'>
- <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
- width=\"11\" height=\"11\" border=\"0\"
- title='{$title}'></a>
- $textse
+ $protocol = $rule_content[1]; //protocol field
+ $source = $rule_content[2]; //source field
+ $source_port = $rule_content[3]; //source port field
+ $destination = $rule_content[5]; //destination field
+ $destination_port = $rule_content[6]; //destination port field
+ $message = snort_get_msg($v['rule']); // description field
+ $sid_tooltip = gettext("View the raw text for this rule");
+
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ <a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/></a>{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
- {$textss}{$sid}{$textse}
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ <a href=\"javascript: void(0)\"
+ onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"
+ title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$protocol}{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcspan}{$source}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcprtspan}{$source_port}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstspan}{$destination}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstprtspan}{$destination_port}</span>
</td>
- <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\">
- {$textss}{$message}{$textse}</font>
+ <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ {$textss}{$message}{$textse}
</td>";
?>
- <td align="right" valign="middle" nowrap class="listt">
- <a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
- title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a>
- </td>
</tr>
<?php
$counter++;
@@ -725,7 +685,6 @@ if ($savemsg) {
<col width="22%" align="center" axis="string">
<col width="15%" align="center" axis="string">
<col align="left" axis="string">
- <col width="22" align="right" valign="middle">
</colgroup>
<thead>
<tr>
@@ -735,12 +694,6 @@ if ($savemsg) {
<th class="listhdrr"><?php echo gettext("Classification"); ?></th>
<th class="listhdrr"><?php echo gettext("IPS Policy"); ?></th>
<th class="listhdrr"><?php echo gettext("Message"); ?></th>
- <th class="list"><a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php
- echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
- onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
- title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th>
</tr>
</thead>
<tbody>
@@ -788,35 +741,30 @@ if ($savemsg) {
else
$policy = "none";
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss
- <a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}&gid={$gid}'>
- <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
- width=\"11\" height=\"11\" border=\"0\"
- title='{$title}'></a>
- $textse
- </td>
- <td class=\"listlr\" align=\"center\">
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/>{$textse}
+ </td>
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
- <td class=\"listlr\" align=\"center\">
- {$textss}{$sid}{$textse}
- </td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ <a href=\"javascript: void(0)\"
+ onclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"
+ title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a>
+ </td>
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$classtype}</span>
</td>
- <td class=\"listlr\" align=\"center\">
+ <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$policy}</span>
</td>
- <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\">
- {$textss}{$message}{$textse}</font>
+ <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
+ {$textss}{$message}{$textse}
</td>";
?>
- <td align="right" valign="middle" nowrap class="listt">
- <a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
- title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a>
- </td>
</tr>
<?php
$counter++;
@@ -826,7 +774,9 @@ if ($savemsg) {
?>
</tbody>
</table>
+
<?php endif;?>
+
</td>
</tr>
<tr>
@@ -875,10 +825,11 @@ if ($savemsg) {
<script language="javascript" type="text/javascript">
function go()
{
- var box = document.iform.selectbox;
- destination = box.options[box.selectedIndex].value;
- if (destination)
- location.href = destination;
+ var box = document.getElementById("selectbox");
+ var ruleset = box.options[box.selectedIndex].value;
+ if (ruleset)
+ document.getElementById("openruleset").value = ruleset;
+ document.getElementById("iform").submit();
}
function wopen(url, name, w, h)
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 61a9574a..49423440 100755
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -41,28 +41,30 @@ require_once("/usr/local/pkg/snort/snort.inc");
$flowbit_rules_file = FLOWBITS_FILENAME;
$snortdir = SNORTDIR;
-if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
- $config['installedpackages']['snortglobal']['rule'] = array();
-}
-$a_rule = &$config['installedpackages']['snortglobal']['rule'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
-$id = $_GET['id'];
+// If we were not passed a valid index ID, close the pop-up and exit
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
+ echo '<html><body link="#000000" vlink="#000000" alink="#000000">';
+ echo '<script language="javascript" type="text/javascript">';
+ echo 'window.close();</script>';
+ echo '</body></html>';
exit;
}
-if (isset($id) && $a_rule[$id]) {
- $pconfig['enable'] = $a_rule[$id]['enable'];
- $pconfig['interface'] = $a_rule[$id]['interface'];
- $pconfig['rulesets'] = $a_rule[$id]['rulesets'];
+if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
+ $config['installedpackages']['snortglobal']['rule'] = array();
}
-/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
+$a_rule = &$config['installedpackages']['snortglobal']['rule'];
+
+$if_real = get_real_interface($a_rule[$id]['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
-$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
-$file = $_GET['openruleset'];
+$snortlogdir = SNORTLOGDIR;
+$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}/";
+
+$file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
$contents = '';
$wrap_flag = "off";
@@ -77,13 +79,13 @@ else
// a standard rules file, or a complete file name.
// Test for the special case of an IPS Policy file.
if (substr($file, 0, 10) == "IPS Policy") {
- $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']);
- if (isset($_GET['ids'])) {
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $rules_map = snort_load_vrt_policy(strtolower(trim(substr($file, strpos($file, "-")+1))));
+ if (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
else {
- $contents = "# Snort IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']) . "\n\n";
+ $contents = "# Snort IPS Policy - " . ucfirst(trim(substr($file, strpos($file, "-")+1))) . "\n\n";
foreach (array_keys($rules_map) as $k1) {
foreach (array_keys($rules_map[$k1]) as $k2) {
$contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n";
@@ -94,7 +96,7 @@ if (substr($file, 0, 10) == "IPS Policy") {
unset($rules_map);
}
// Is it a SID to load the rule text from?
-elseif (isset($_GET['ids'])) {
+elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
// If flowbit rule, point to interface-specific file
if ($file == "Auto-Flowbit Rules")
$rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME);
@@ -102,7 +104,7 @@ elseif (isset($_GET['ids'])) {
$rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$file}");
else
$rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}");
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
// Is it our special flowbit rules file?
@@ -114,16 +116,12 @@ elseif (file_exists("{$snortdir}/rules/{$file}"))
// Is it a rules file in the ../preproc_rules/ directory?
elseif (file_exists("{$snortdir}/preproc_rules/{$file}"))
$contents = file_get_contents("{$snortdir}/preproc_rules/{$file}");
-// Is it a fully qualified path and file?
-elseif (file_exists($file)) {
- if (substr(realpath($file), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
- $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!");
- else
- $contents = file_get_contents($file);
-}
+// Is it a disabled preprocessor auto-rules-disable file?
+elseif (file_exists("{$snortlogdir}/{$file}"))
+ $contents = file_get_contents("{$snortlogdir}/{$file}");
// It is not something we can display, so exit.
else
- $input_errors[] = gettext("Unable to open file: {$displayfile}");
+ $contents = gettext("Unable to open file: {$displayfile}");
$pgtitle = array(gettext("Snort"), gettext("File Viewer"));
?>
@@ -131,10 +129,8 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
<?php include("head.inc");?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
<?php // include("fbegin.inc");?>
-<form action="snort_rules_edit.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
@@ -161,7 +157,6 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
</td>
</tr>
</table>
-</form>
<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index 325276ee..daf1c4ef 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_rules_flowbits.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -41,40 +41,34 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-// Set who called us so we can return to the correct page with
-// the RETURN button. Save the original referrer and the query
-// string in session variables.
-session_start();
-if (!isset($_SESSION['org_referrer']) || isset($_GET['returl'])) {
- $_SESSION['org_referrer'] = urldecode($_GET['returl']);
- $_SESSION['org_querystr'] = $_SERVER['QUERY_STRING'];
-}
-$referrer = $_SESSION['org_referrer'];
-$querystr = $_SESSION['org_querystr'];
-session_write_close();
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
-if ($_POST['cancel']) {
- session_start();
- unset($_SESSION['org_referrer']);
- unset($_SESSION['org_querystr']);
- session_write_close();
- header("Location: {$referrer}?{$querystr}");
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
exit;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- session_start();
- unset($_SESSION['org_referrer']);
- unset($_SESSION['org_querystr']);
- session_write_close();
- header("Location: /snort/snort_interfaces.php");
+// Set who called us so we can return to the correct page with
+// the RETURN ('cancel') button.
+if ($_POST['referrer'])
+ $referrer = $_POST['referrer'];
+else
+ $referrer = $_SERVER['HTTP_REFERER'];
+
+// Make sure a rule index ID is appended to the return URL
+if (strpos($referrer, "?id={$id}") === FALSE)
+ $referrer .= "?id={$id}";
+
+// If RETURN button clicked, exit to original calling page
+if ($_POST['cancel']) {
+ header("Location: {$referrer}");
exit;
}
-$if_real = snort_get_real_interface($a_nat[$id]['interface']);
+$if_real = get_real_interface($a_nat[$id]['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
/* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */
@@ -89,12 +83,13 @@ if ($a_nat[$id]['autoflowbitrules'] == 'on') {
else
$input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!");
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- $descr = snort_get_msg($rules_map[$_GET['gen_id']][$_GET['sidid']]['rule']);
+if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) {
+ $descr = snort_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']);
+ $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n");
if (empty($descr))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
+ $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
else
- $suppress = "# {$descr}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}";
+ $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
if (!is_array($config['installedpackages']['snortglobal']['suppress']))
$config['installedpackages']['snortglobal']['suppress'] = array();
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
@@ -130,11 +125,11 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
}
}
if ($found_list) {
- write_config();
+ write_config("Snort pkg: modified Suppress List for {$a_nat[$id]['interface']}.");
$rebuild_rules = false;
sync_snort_package_config();
snort_reload_config($a_nat[$id]);
- $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
+ $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
}
else {
/* We did not find the defined list, so notify the user with an error */
@@ -142,23 +137,10 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
}
}
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 3)) . "...";
- return $string;
-}
-
/* Load up an array with the current Suppression List GID,SID values */
$supplist = snort_load_suppress_sigs($a_nat[$id]);
-$if_friendly = snort_get_friendly_interface($a_nat[$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Flowbit Rules");
include_once("head.inc");
@@ -168,12 +150,16 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-if ($input_errors) print_input_errors($input_errors);
+if ($input_errors)
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
<form action="snort_rules_flowbits.php" method="post" name="iform" id="iform">
+<input type="hidden" name="id" value="<?=$id;?>"/>
+<input type="hidden" name="referrer" value="<?=$referrer;?>"/>
+<input type="hidden" name="sid" id="sid" value=""/>
+<input type="hidden" name="gid" id="gid" value=""/>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
@@ -203,7 +189,7 @@ if ($savemsg)
<td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td>
<td rowspan="3" align="right"><input id="cancel" name="cancel" type="submit" class="formbtn" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
- <input name="id" type="hidden" value="<?=$id;?>" /></td>
+ </td>
</tr>
<tr>
<td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus_d.gif" width='12' height='12' border='0'/></td>
@@ -220,13 +206,13 @@ if ($savemsg)
</tr>
<tr>
<td>
- <table id="myTable" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0">
+ <table id="myTable" width="100%" class="sortable" style="table-layout: fixed;" border="0" cellpadding="0" cellspacing="0">
<colgroup>
<col width="11%" axis="number">
- <col width="10%" axis="string">
+ <col width="54" axis="string">
<col width="14%" axis="string">
<col width="14%" axis="string">
- <col width="20%" axis="string">
+ <col width="24%" axis="string">
<col axis="string">
</colgroup>
<thead>
@@ -253,19 +239,20 @@ if ($savemsg)
$tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp));
$rule_content = preg_split('/[\s]+/', $tmp);
- $protocol = $rule_content[1]; //protocol
- $source = truncate($rule_content[2], 14); //source
- $destination = truncate($rule_content[5], 14); //destination
- $message = snort_get_msg($v['rule']);
+ $protocol = $rule_content[1]; //protocol
+ $source = $rule_content[2]; //source
+ $destination = $rule_content[5]; //destination
+ $message = snort_get_msg($v['rule']); // description
$flowbits = implode("; ", snort_get_flowbits($v['rule']));
if (strstr($flowbits, "noalert"))
$supplink = "";
else {
if (!isset($supplist[$gid][$sid])) {
- $supplink = "<a href=\"?id={$id}&act=addsuppress&sidid={$sid}&gen_id={$gid}\">";
- $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
+ $supplink = "<input type=\"image\" name=\"addsuppress[]\" onClick=\"document.getElementById('sid').value='{$sid}';";
+ $supplink .= "document.getElementById('gid').value='{$gid}';\" ";
+ $supplink .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
$supplink .= "width='12' height='12' border='0' title='";
- $supplink .= gettext("Click to add to Suppress List") . "'/></a>";
+ $supplink .= gettext("Click to add to Suppress List") . "'/>";
}
else {
$supplink = "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\" ";
@@ -276,12 +263,12 @@ if ($savemsg)
// Use "echo" to write the table HTML row-by-row.
echo "<tr>" .
- "<td class=\"listr\">{$sid}&nbsp;{$supplink}</td>" .
- "<td class=\"listr\">{$protocol}</td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
+ "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid}&nbsp;{$supplink}</td>" .
+ "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" .
+ "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
+ "<td class=\"listr\" style=\"overflow: hidden; text-overflow: ellipsis; text-align:center;\" nowrap><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
"<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$flowbits}</td>" .
- "<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" .
+ "<td class=\"listbg\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" .
"</tr>";
$count++;
}
@@ -297,7 +284,6 @@ if ($savemsg)
<td align="center" valign="middle">
<input id="cancel" name="cancel" type="submit" class="formbtn" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
- <input name="id" type="hidden" value="<?=$id;?>" />
</td>
</tr>
<?php endif; ?>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 9c14392d..79365f5f 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -5,6 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009 Robert Zelaya
* Copyright (C) 2011 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -42,12 +43,14 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /snort/snort_interfaces.php");
- exit;
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
if (isset($id) && $a_nat[$id]) {
@@ -59,12 +62,12 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['ips_policy'] = $a_nat[$id]['ips_policy'];
}
-$if_real = snort_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
-$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
-$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off';
+$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'] == 'on' ? 'on' : 'off';
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'on' ? 'on' : 'off';
+$snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off';
$no_emerging_files = false;
$no_snort_files = false;
@@ -118,7 +121,12 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') {
else
$disable_vrt_rules = "";
-if ($_POST["Submit"]) {
+if (!empty($a_nat[$id]['rulesets']))
+ $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
+else
+ $enabled_rulesets_array = array();
+
+if ($_POST["save"]) {
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -145,7 +153,7 @@ if ($_POST["Submit"]) {
@unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
}
- write_config();
+ write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
@@ -158,8 +166,10 @@ if ($_POST["Submit"]) {
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_nat[$id]);
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
+ $pconfig = $_POST;
+ $enabled_rulesets_array = explode("||", $enabled_items);
+ if (snort_is_running($snort_uuid, $if_real))
+ $savemsg = gettext("Snort is 'live-reloading' the new rule set.");
}
if ($_POST['unselectall']) {
@@ -174,61 +184,47 @@ if ($_POST['unselectall']) {
unset($a_nat[$id]['ips_policy']);
}
- write_config();
- sync_snort_package_config();
+ $pconfig['autoflowbits'] = $_POST['autoflowbits'];
+ $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable'];
+ $pconfig['ips_policy'] = $_POST['ips_policy'];
+ $enabled_rulesets_array = array();
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
+ $savemsg = gettext("All rule categories have been de-selected. ");
+ if ($a_nat[$id]['ips_policy_enable'] = 'on')
+ $savemsg .= gettext("Only the rules included in the selected IPS Policy will be used.");
+ else
+ $savemsg .= gettext("There currently are no inspection rules enabled for this Snort instance!");
}
if ($_POST['selectall']) {
- $rulesets = array();
-
- if ($_POST['ips_policy_enable'] == "on") {
- $a_nat[$id]['ips_policy_enable'] = 'on';
- $a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
- }
- else {
- $a_nat[$id]['ips_policy_enable'] = 'off';
- unset($a_nat[$id]['ips_policy']);
- }
+ $enabled_rulesets_array = array();
if ($emergingdownload == 'on') {
$files = glob("{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "*.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
elseif ($etpro == 'on') {
$files = glob("{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "*.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
if ($snortcommunitydownload == 'on') {
$files = glob("{$snortdir}/rules/" . GPL_FILE_PREFIX . "community.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
/* Include the Snort VRT rules only if enabled and no IPS policy is set */
if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') {
$files = glob("{$snortdir}/rules/" . VRT_FILE_PREFIX . "*.rules");
foreach ($files as $file)
- $rulesets[] = basename($file);
+ $enabled_rulesets_array[] = basename($file);
}
-
- $a_nat[$id]['rulesets'] = implode("||", $rulesets);
-
- write_config();
- sync_snort_package_config();
-
- header("Location: /snort/snort_rulesets.php?id=$id");
- exit;
}
-$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
-
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Categories");
include_once("head.inc");
?>
@@ -237,11 +233,10 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
if ($savemsg) {
@@ -259,12 +254,13 @@ if ($savemsg) {
$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
- $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php");
+ $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
- $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
+ $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
- $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
- display_top_tabs($tab_array);
+ $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+ $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -273,9 +269,10 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -392,9 +389,9 @@ if ($savemsg) {
<td colspan="6">
<table width=90% align="center" border="0" cellpadding="2" cellspacing="0">
<tr height="45px">
- <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td>
- <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td>
- <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
+ <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all categories to enforcing rules"); ?>"/></td>
+ <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove categories all from enforcing rules"); ?>"/></td>
+ <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
<td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td>
</tr>
</table>
@@ -426,14 +423,14 @@ if ($savemsg) {
<?php endif; ?>
<?php endif; ?>
- <?php if ($no_emerging_files)
- $msg_emerging = "downloaded.";
+ <?php if ($no_emerging_files && ($emergingdownload == 'on' || $etpro == 'on'))
+ $msg_emerging = "have not been downloaded.";
else
- $msg_emerging = "enabled.";
- if ($no_snort_files)
- $msg_snort = "downloaded.";
+ $msg_emerging = "are not enabled.";
+ if ($no_snort_files && $snortdownload == 'on')
+ $msg_snort = "have not been downloaded.";
else
- $msg_snort = "enabled.";
+ $msg_snort = "are not enabled.";
?>
<tr id="frheader">
<?php if ($emergingdownload == 'on' && !$no_emerging_files): ?>
@@ -443,7 +440,7 @@ if ($savemsg) {
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
<td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td>
<?php else: ?>
- <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules not {$msg_emerging}"); ?></td>
+ <td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("{$et_type} rules {$msg_emerging}"); ?></td>
<?php endif; ?>
<?php if ($snortdownload == 'on' && !$no_snort_files): ?>
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
@@ -451,7 +448,7 @@ if ($savemsg) {
<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
<td width="25%" class="listhdrr"><?php echo gettext('Ruleset: Snort SO Rules');?></td>
<?php else: ?>
- <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules have not been {$msg_snort}"); ?></td>
+ <td colspan="4" align="center" width="60%" class="listhdrr"><?php echo gettext("Snort VRT rules {$msg_snort}"); ?></td>
<?php endif; ?>
</tr>
<?php
@@ -561,7 +558,7 @@ if ($savemsg) {
</tr>
<tr>
<td colspan="6" align="center" valign="middle">
- <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
+ <input value="Save" type="submit" name="save" id="save" class="formbtn" title="<?php echo gettext("Click to Save changes and rebuild rules");?>"/></td>
</tr>
<?php endif; ?>
</table>
diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php
index c5c6347e..c632b388 100644
--- a/config/snort/snort_select_alias.php
+++ b/config/snort/snort_select_alias.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
snort_select_alias.php
- Copyright (C) 2013 Bill Meeks
+ Copyright (C) 2013, 2014 Bill Meeks
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -42,22 +42,29 @@ require_once("/usr/local/pkg/snort/snort.inc");
// overwrite it on subsequent POST-BACKs to this page.
if (!isset($_POST['org_querystr']))
$querystr = $_SERVER['QUERY_STRING'];
+else
+ $querystr = $_POST['org_querystr'];
// Retrieve any passed QUERY STRING or POST variables
-$type = $_GET['type'];
-$varname = $_GET['varname'];
-$multi_ip = $_GET['multi_ip'];
-$referrer = urldecode($_GET['returl']);
if (isset($_POST['type']))
$type = $_POST['type'];
+elseif (isset($_GET['type']))
+ $type = htmlspecialchars($_GET['type']);
+
if (isset($_POST['varname']))
$varname = $_POST['varname'];
+elseif (isset($_GET['varname']))
+ $varname = htmlspecialchars($_GET['varname']);
+
if (isset($_POST['multi_ip']))
$multi_ip = $_POST['multi_ip'];
+elseif (isset($_GET['multi_ip']))
+ $multi_ip = htmlspecialchars($_GET['multi_ip']);
+
if (isset($_POST['returl']))
$referrer = urldecode($_POST['returl']);
-if (isset($_POST['org_querystr']))
- $querystr = $_POST['org_querystr'];
+elseif (isset($_GET['returl']))
+ $referrer = urldecode($_GET['returl']);
// Make sure we have a valid VARIABLE name
// and ALIAS TYPE, or else bail out.
@@ -122,11 +129,11 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<form action="snort_select_alias.php" method="post">
-<input type="hidden" name="varname" value="<?=$varname;?>">
-<input type="hidden" name="type" value="<?=$type;?>">
-<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>">
-<input type="hidden" name="returl" value="<?=$referrer;?>">
-<input type="hidden" name="org_querystr" value="<?=$querystr;?>">
+<input type="hidden" name="varname" value="<?=$varname;?>"/>
+<input type="hidden" name="type" value="<?=$type;?>"/>
+<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/>
+<input type="hidden" name="returl" value="<?=$referrer;?>"/>
+<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php
index b3d81f37..89b0bc02 100644
--- a/config/snort/snort_stream5_engine.php
+++ b/config/snort/snort_stream5_engine.php
@@ -1,7 +1,7 @@
<?php
/*
* snort_stream5_engine.php
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -36,14 +36,16 @@ $snortdir = SNORTDIR;
/* Retrieve required array index values from QUERY string if available. */
/* 'id' is the [rule] array index, and 'eng_id' is the index for the */
/* stream5_tcp_engine's [item] array. */
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-
/* See if values are in our form's POST content */
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (isset($_POST['eng_id']))
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (isset($_POST['eng_id']) && isset($_POST['eng_id']))
$eng_id = $_POST['eng_id'];
+elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id']))
+ $eng_id = htmlspecialchars($_GET['eng_id']);
/* If we don't have a [rule] index specified, exit */
if (is_null($id)) {
@@ -131,7 +133,7 @@ if ($_GET['act'] == "import") {
session_start();
if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports_client" || $_GET['varname'] == "ports_both" || $_GET['varname'] == "ports_server")
&& !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
if(!isset($_SESSION['stream5_client_import']))
$_SESSION['stream5_client_import'] = array();
@@ -165,7 +167,7 @@ if ($_GET['act'] == "import") {
}
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
// Clear and close out any session variable we created
session_start();
unset($_SESSION['org_referer']);
@@ -326,14 +328,14 @@ if ($_POST['Submit']) {
}
/* Now write the new engine array to conf */
- write_config();
+ write_config("Snort pkg: save modified stream5 engine.");
header("Location: /snort/snort_preprocessors.php?id={$id}#stream5_row");
exit;
}
}
-$if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Stream5 Preprocessor TCP Engine");
include_once("head.inc");
@@ -586,7 +588,7 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save Stream5 engine settings and return to Preprocessors tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
<input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
diff --git a/config/snort/snort_sync.xml b/config/snort/snort_sync.xml
index 14a13321..2b9594ea 100755
--- a/config/snort/snort_sync.xml
+++ b/config/snort/snort_sync.xml
@@ -47,7 +47,7 @@ POSSIBILITY OF SUCH DAMAGE.
<faq>Currently there are no FAQ items provided.</faq>
<name>snortsync</name>
<version>1.0</version>
- <title>Snort: XMLRPC Sync (EXPERIMENTAL)</title>
+ <title>Snort: XMLRPC Sync</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<tabs>
<tab>
@@ -71,14 +71,18 @@ POSSIBILITY OF SUCH DAMAGE.
<url>/snort/snort_blocked.php</url>
</tab>
<tab>
- <text>Whitelists</text>
- <url>/snort/snort_interfaces_whitelist.php</url>
+ <text>Pass Lists</text>
+ <url>/snort/snort_passlist.php</url>
</tab>
<tab>
<text>Suppress</text>
<url>/snort/snort_interfaces_suppress.php</url>
</tab>
<tab>
+ <text>IP Lists</text>
+ <url>/snort/snort_ip_list_mgmt.php</url>
+ </tab>
+ <tab>
<text>Sync</text>
<url>/pkg_edit.php?xml=snort/snort_sync.xml</url>
<active/>
@@ -180,10 +184,6 @@ POSSIBILITY OF SUCH DAMAGE.
</rowhelperfield>
</rowhelper>
</field>
- <field>
- <name>WARNING: This feature is considered experimental and not recommended for production use</name>
- <type>listtopic</type>
- </field>
</fields>
<custom_delete_php_command>
</custom_delete_php_command>
diff --git a/config/snort/widget-snort.inc b/config/snort/widget-snort.inc
new file mode 100644
index 00000000..3c4d9718
--- /dev/null
+++ b/config/snort/widget-snort.inc
@@ -0,0 +1,24 @@
+<?php
+require_once("config.inc");
+
+//set variables for custom title and link
+$snort_alerts_title = "Snort Alerts";
+$snort_alerts_title_link = "snort/snort_alerts.php";
+
+function widget_snort_uninstall() {
+
+ global $config;
+
+ /* Remove the Snort widget from the Dashboard display list */
+ $widgets = $config['widgets']['sequence'];
+ if (!empty($widgets)) {
+ $widgetlist = explode(",", $widgets);
+ foreach ($widgetlist as $key => $widget) {
+ if (strstr($widget, "snort_alerts-container"))
+ unset($widgetlist[$key]);
+ }
+ $config['widgets']['sequence'] = implode(",", $widgetlist);
+ write_config();
+ }
+}
+?>
diff --git a/config/softflowd/softflowd.xml b/config/softflowd/softflowd.xml
index 149631b8..88e521a7 100644
--- a/config/softflowd/softflowd.xml
+++ b/config/softflowd/softflowd.xml
@@ -1,6 +1,6 @@
<packagegui>
<name>softflowd</name>
- <version>0.9.8</version>
+ <version>0.9.8 pkg v1.0.1</version>
<title>softflowd: Settings</title>
<aftersaveredirect>pkg_edit.php?xml=softflowd.xml&amp;id=0</aftersaveredirect>
<menu>
@@ -103,7 +103,7 @@
config_unlock();
}
- function validate_form_softflowd($post, $input_errors) {
+ function validate_form_softflowd($post, &$input_errors) {
if (($post['host'] == "") || !is_ipaddr($post['host']))
$input_errors[] = 'You must specify a valid ip address in the \'Host\' field';
if (($post['port'] == "") || !is_port($post['port']))
@@ -129,7 +129,7 @@
sync_package_softflowd();
</custom_php_resync_config_command>
<custom_php_validation_command>
- validate_form_softflowd($_POST, &amp;$input_errors);
+ validate_form_softflowd($_POST, $input_errors);
</custom_php_validation_command>
<custom_php_command_before_form>
cleanup_config_softflowd();
diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml
index 1a7b4272..45cc9168 100644
--- a/config/spamd/spamd.xml
+++ b/config/spamd/spamd.xml
@@ -97,42 +97,42 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/spamd/spamd_rules.php</item>
+ <item>https://packages.pfsense.org/packages/config/spamd/spamd_rules.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/spamd/spamd_whitelist.xml</item>
+ <item>https://packages.pfsense.org/packages/config/spamd/spamd_whitelist.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/spamd/spamd_outlook.xml</item>
+ <item>https://packages.pfsense.org/packages/config/spamd/spamd_outlook.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/spamd/spamd.inc</item>
+ <item>https://packages.pfsense.org/packages/config/spamd/spamd.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/spamd/spamd_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/spamd/spamd_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/spamd/spamd_db.php</item>
+ <item>https://packages.pfsense.org/packages/config/spamd/spamd_db.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/spamd/spamd_db_ext.php</item>
+ <item>https://packages.pfsense.org/packages/config/spamd/spamd_db_ext.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/spamd/spamd_gather_stats.php</item>
+ <item>https://packages.pfsense.org/packages/config/spamd/spamd_gather_stats.php</item>
</additional_files_needed>
<!-- fields gets invoked when the user adds or edits a item. the following items
diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php
index c4c8ffe2..c2df25d1 100644
--- a/config/spamd/spamd_db.php
+++ b/config/spamd/spamd_db.php
@@ -205,7 +205,6 @@ $blacklist_items = $blacklist_items + $spamdb_black;
<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script>
<script type="text/javascript" language="javascript" src="row_toggle.js"></script>
-<script src="/javascript/sorttable.js"></script>
<script language="javascript">
function outputrule(req) {
if(req.content != '') {
@@ -314,6 +313,9 @@ if (typeof getURL == 'undefined') {
<td class="listhdrr">IP</td>
<td class="listhdrr">From</td>
<td class="listhdrr">To</td>
+ <td class="listhdrr">First</td>
+ <td class="listhdrr">Pass</td>
+ <td class="listhdrr">Expire</td>
<td class="listhdr">Attempts</td>
<td class="list"></td>
</tr>
@@ -386,6 +388,9 @@ if (typeof getURL == 'undefined') {
$srcip = htmlentities($pkgdb_split[1]);
$fromaddress = htmlentities($pkgdb_split[3]);
$toaddress = htmlentities($pkgdb_split[4]);
+ $first = "";
+ $pass = "";
+ $expire = "";
$attempts = htmlentities($pkgdb_split[8]);
break;
case "TRAPPED":
@@ -393,6 +398,9 @@ if (typeof getURL == 'undefined') {
$srcip = htmlentities($pkgdb_split[1]);
$fromaddress = "";
$toaddress = "";
+ $first = "";
+ $pass = "";
+ $expire = htmlentities($pkgdb_split[2]);
$attempts = "";
break;
case "GREY":
@@ -400,6 +408,9 @@ if (typeof getURL == 'undefined') {
$srcip = htmlentities($pkgdb_split[1]);
$fromaddress = htmlentities($pkgdb_split[3]);
$toaddress = htmlentities($pkgdb_split[4]);
+ $first = htmlentities($pkgdb_split[5]);
+ $pass = htmlentities($pkgdb_split[6]);
+ $expire = htmlentities($pkgdb_split[7]);
$attempts = htmlentities($pkgdb_split[8]);
break;
case "WHITE":
@@ -407,6 +418,9 @@ if (typeof getURL == 'undefined') {
$srcip = htmlentities($pkgdb_split[1]);
$fromaddress = "";
$toaddress = "";
+ $first = htmlentities($pkgdb_split[4]);
+ $pass = htmlentities($pkgdb_split[5]);
+ $expire = htmlentities($pkgdb_split[6]);
$attempts = htmlentities($pkgdb_split[8]);
break;
}
@@ -417,6 +431,9 @@ if (typeof getURL == 'undefined') {
echo "<td class=\"listr\">{$srcip}</td>";
echo "<td class=\"listr\">{$fromaddress}</td>";
echo "<td class=\"listr\">{$toaddress}</td>";
+ echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . date("Y-m-d", $first) . "<br/>" . date("H:i:s", $first) . "</span></td>";
+ echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . date("Y-m-d", $pass) . "<br/>" . date("H:i:s", $pass) . "</span></td>";
+ echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . date("Y-m-d", $expire) . "<br/>" . date("H:i:s", $expire) . "</span></td>";
echo "<td class=\"listr\">{$attempts}</td>";
echo "<td>";
$rowtext = "<NOBR><a href='javascript:toggle_on(\"w{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_plus_p.gif\"); getURL(\"spamd_db.php?buttonid=w{$rows}&srcip={$srcip}&action=whitelist\", outputrule);'><img title=\"Add to whitelist\" name='w{$rows}' id='w{$rows}' border=\"0\" alt=\"Add to whitelist\" src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\"></a> ";
diff --git a/config/squid-head/squid.xml b/config/squid-head/squid.xml
index 67f4c2aa..6657e3af 100644
--- a/config/squid-head/squid.xml
+++ b/config/squid-head/squid.xml
@@ -95,30 +95,30 @@
</tabs>
<!-- Installation -->
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/squid.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid.inc</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/squid_nac.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/squid_traffic.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/squid_upstream.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/squid_auth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/squid_users.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid_users.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/All/squid_monitor.sh</item>
+ <item>https://www.pfsense.org/packages/All/squid_monitor.sh</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/squid/squid.xml b/config/squid/squid.xml
index 3df0482a..32a65589 100644
--- a/config/squid/squid.xml
+++ b/config/squid/squid.xml
@@ -96,57 +96,57 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/squid.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/squid_nac.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/squid_ng.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_ng.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/squid_traffic.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/squid_upstream.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/squid_auth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/squid_users.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_users.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/sqpmon.sh</item>
+ <item>https://packages.pfsense.org/packages/config/squid/sqpmon.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid/swapstate_check.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid/swapstate_check.php</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/squid/squid_ng.inc b/config/squid/squid_ng.inc
index cfd2fe66..f96c73e4 100644
--- a/config/squid/squid_ng.inc
+++ b/config/squid/squid_ng.inc
@@ -803,7 +803,7 @@ function custom_php_install_command() {
touch("/tmp/custom_php_install_command");
/* make sure this all exists, see:
- * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
+ * https://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
*/
update_output_window("Setting up Squid environment...");
mwexec("mkdir -p /var/squid");
diff --git a/config/squid/squid_ng.xml b/config/squid/squid_ng.xml
index 5d956387..4ff3690c 100644
--- a/config/squid/squid_ng.xml
+++ b/config/squid/squid_ng.xml
@@ -102,42 +102,42 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_nac.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_ng.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_ng.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_traffic.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_upstream.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_auth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_auth.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_auth.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_extauth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_extauth.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/squid3/31/squid.xml b/config/squid3/31/squid.xml
index aa76c0f1..53293acd 100644
--- a/config/squid3/31/squid.xml
+++ b/config/squid3/31/squid.xml
@@ -111,112 +111,112 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_general.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_general.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_peer.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_peer.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_uri.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_uri.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_nac.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_ng.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_ng.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_ng.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_ng.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_traffic.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_upstream.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_auth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_users.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_users.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/sqpmon.sh</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/sqpmon.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/swapstate_check.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/swapstate_check.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_reverse_redir.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_reverse_redir.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_monitor.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_monitor.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_monitor_data.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_monitor_data.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/31/squid_log_parser.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/31/squid_log_parser.php</item>
</additional_files_needed>
<fields>
diff --git a/config/squid3/31/squid_ng.inc b/config/squid3/31/squid_ng.inc
index 0e1e0515..3b9ef405 100644
--- a/config/squid3/31/squid_ng.inc
+++ b/config/squid3/31/squid_ng.inc
@@ -803,7 +803,7 @@ function squid3_custom_php_install_command() {
touch("/tmp/squid3_custom_php_install_command");
/* make sure this all exists, see:
- * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
+ * https://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
*/
update_output_window("Setting up Squid environment...");
mwexec("mkdir -p /var/squid");
diff --git a/config/squid3/31/squid_ng.xml b/config/squid3/31/squid_ng.xml
index 142536d6..b96b4eb2 100644
--- a/config/squid3/31/squid_ng.xml
+++ b/config/squid3/31/squid_ng.xml
@@ -102,42 +102,42 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_nac.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_ng.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_ng.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_traffic.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_upstream.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_auth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_auth.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_auth.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_extauth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_extauth.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/squid3/31/squid_reverse.inc b/config/squid3/31/squid_reverse.inc
index eb2d4c73..993508aa 100644
--- a/config/squid3/31/squid_reverse.inc
+++ b/config/squid3/31/squid_reverse.inc
@@ -170,17 +170,20 @@ function squid_resync_reverse() {
array_push($owa_dirs,'Microsoft-Server-ActiveSync');
if($settings['reverse_owa_rpchttp'])
array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll');
- if($settings['reverse_owa_autodiscover'])
- array_push($owa_dirs,'autodiscover');
if($settings['reverse_owa_webservice']){
array_push($owa_dirs,'EWS');
$conf .= "ignore_expect_100 on\n";
- }
+ }
}
if (is_array($owa_dirs))
foreach ($owa_dirs as $owa_dir)
$conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/$owa_dir.*$\n";
- }
+
+ if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) {
+ $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
+ }
+ }
//$conf .= "ssl_unclean_shutdown on";
if (is_array($reverse_maps))
foreach ($reverse_maps as $rm){
diff --git a/config/squid3/33/check_ip.php b/config/squid3/33/check_ip.php
index 6c65ff3f..e16cee0b 100644
--- a/config/squid3/33/check_ip.php
+++ b/config/squid3/33/check_ip.php
@@ -49,10 +49,11 @@ if ($pf_version > 2.0){
$dbhandle = sqlite_open("$dir/$file", 0666, $error);
if ($dbhandle){
$query = "select * from captiveportal";
- $result = sqlite_query($dbhandle, $query);
+ $result = sqlite_array_query($dbhandle, $query, SQLITE_ASSOC);
if ($result){
- $row = sqlite_fetch_array($result, SQLITE_ASSOC);
- $cp_db[]=implode(",",$row);
+ foreach ($result as $rownum => $row){
+ $cp_db[$rownum]=implode(",",$row);
+ }
sqlite_close($dbhandle);
}
}
diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc
index c55160bc..a97746e2 100755
--- a/config/squid3/33/squid.inc
+++ b/config/squid3/33/squid.inc
@@ -5,7 +5,7 @@
Copyright (C) 2006-2009 Scott Ullrich
Copyright (C) 2006 Fernando Lemos
Copyright (C) 2012 Martin Fuchs
- Copyright (C) 2012-2013 Marcello Coutinho
+ Copyright (C) 2012-2014 Marcello Coutinho
Copyright (C) 2013 Gekkenhuis
All rights reserved.
@@ -95,8 +95,17 @@ function squid_chown_recursive($dir, $user, $group) {
}
}
+function squid_check_clamav_user($user)
+ {
+ exec("/usr/sbin/pw usershow {$user}",$sq_ex_output,$sq_ex_return);
+ $user_arg=($sq_ex_return == 0?"mod":"add");
+ exec("/usr/sbin/pw user{$user_arg} {$user} -G wheel -u 9595 -s /sbin/nologin",$sq_ex_output,$sq_ex_return);
+ if ($sq_ex_return != 0)
+ log_error("Squid - Could not change clamav user settings. ".serialize($sq_ex_output));
+ }
+
/* setup cache */
-function squid_dash_z() {
+function squid_dash_z($cache_action='none') {
global $config;
//Do nothing if there is no cache config
@@ -110,7 +119,12 @@ function squid_dash_z() {
return;
$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
-
+
+ if ($cache_action=="clean"){
+ rename ($cachedir,"{$cachedir}.old");
+ mwexec_bg("/bin/rm -rf {$cachedir}.old");
+ }
+
if(!is_dir($cachedir.'/')) {
log_error("Creating Squid cache dir $cachedir");
make_dirs($cachedir);
@@ -354,9 +368,9 @@ function squid_deinstall_command() {
$settings = array();
$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
$logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs');
- update_status("Removing swap.state ... One moment please...");
+ update_status("Removing cache ... One moment please...");
update_output_window("$plswait_txt");
- mwexec('rm -rf $cachedir/swap.state');
+ mwexec_bg('rm -rf $cachedir');
mwexec('rm -rf $logdir');
update_status("Finishing package cleanup.");
mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop");
@@ -721,19 +735,26 @@ function squid_install_cron($should_install) {
$x=0;
$rotate_job_id=-1;
$swapstate_job_id=-1;
+ $cron_cmd=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : "");
+ $cron_cmd .= SQUID_LOCALBASE."/sbin/squid -k rotate -f " . SQUID_CONFFILE;
+ $need_write = false;
foreach($config['cron']['item'] as $item) {
if(strstr($item['task_name'], "squid_rotate_logs")) {
$rotate_job_id = $x;
+ if ($item['command'] != $cron_cmd){
+ $config['cron']['item'][$x]['command']=$cron_cmd;
+ $need_write = true;
+ }
} elseif(strstr($item['task_name'], "squid_check_swapstate")) {
$swapstate_job_id = $x;
}
$x++;
}
- $need_write = false;
switch($should_install) {
case true:
$cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache');
if($rotate_job_id < 0) {
+ $cron_item['command']=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : "");
$cron_item = array();
$cron_item['task_name'] = "squid_rotate_logs";
$cron_item['minute'] = "0";
@@ -742,7 +763,7 @@ function squid_install_cron($should_install) {
$cron_item['month'] = "*";
$cron_item['wday'] = "*";
$cron_item['who'] = "root";
- $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; ". SQUID_LOCALBASE."/sbin/squid -k rotate -f " . SQUID_CONFFILE;
+ $cron_item['command'] .= $cron_cmd;
/* Add this cron_item as a new entry at the end of the item array. */
$config['cron']['item'][] = $cron_item;
$need_write = true;
@@ -919,7 +940,7 @@ function squid_resync_general() {
$conf .= "http_port 127.0.0.1:{$port} intercept\n";
}
}
- $icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 7);
+ $icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0);
$dns_v4_first= ($settings['dns_v4_first'] == "on" ? "on" : "off" );
$pidfile = "{$g['varrun_path']}/squid.pid";
$language = ($settings['error_language'] ? $settings['error_language'] : 'en');
@@ -934,6 +955,8 @@ function squid_resync_general() {
}
$logdir_cache = $logdir . '/cache.log';
$logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null');
+ $pinger_helper = ($settings['disable_pinger']) =='on' ? 'off' : 'on';
+ $pinger_program=SQUID_LOCALBASE."/libexec/squid/pinger";
$conf .= <<< EOD
icp_port {$icp_port}
@@ -948,15 +971,17 @@ cache_mgr {$email}
access_log {$logdir_access}
cache_log {$logdir_cache}
cache_store_log none
+netdb_filename {$logdir}/netdb.state
+pinger_enable {$pinger_helper}
+pinger_program {$pinger_program}
{$interception_checks}
EOD;
// Per squid docs, setting logfile_rotate to 0 is safe and causes a simple close/reopen.
-// Rotating also ensures that swap.state is rewritten, so is useful even if the logs
-// are not being rotated.
$rotate = empty($settings['log_rotate']) ? 0 : $settings['log_rotate'];
$conf .= "logfile_rotate {$rotate}\n";
+$conf .= "debug_options rotate={$rotate}\n";
squid_install_cron(true);
$conf .= <<< EOD
@@ -1051,7 +1076,7 @@ EOC;
range_offset_limit -1
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
-refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
+refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
EOC;
}
@@ -1310,8 +1335,27 @@ function squid_resync_antivirus(){
if (preg_match("/fr/i",$squid_config['error_language']))
$clwarn="clwarn.cgi.fr_FR";
if (preg_match("/pt_br/i",$squid_config['error_language']))
- $clwarn="clwarn.cgi.pt_BR";
- copy(SQUID_LOCALBASE."/libexec/squidclamav/{$clwarn}","/usr/local/www/clwarn.cgi");
+ $clwarn="clwarn.cgi.pt_BR";
+ $clwarn_file="/usr/local/www/clwarn.cgi";
+ copy(SQUID_LOCALBASE."/libexec/squidclamav/{$clwarn}",$clwarn_file);
+
+ #fix perl path on clwarn.cgi
+ $clwarn_file_new=file_get_contents($clwarn_file);
+ $c_pattern[]="@/usr/\S+/perl@";
+ $c_replacement[]=SQUID_LOCALBASE."/bin/perl";
+ /*$c_pattern[]="@redirect \S+/clwarn.cgi@";
+ $gui_proto=$config['system']['webgui']['protocol'];
+ $gui_port=$config['system']['webgui']['port'];
+ if($gui_port == "") {
+ $gui_port($gui_proto == "http"?"80":"443");
+ }
+ $c_replacement[]=SQUID_LOCALBASE."redirect {$gui_proto}://127.0.0.1:{$gui_port}/clwarn.cgi";
+ */
+ $clwarn_file_new=preg_replace($c_pattern, $c_replacement,$clwarn_file_new);
+ file_put_contents($clwarn_file, $clwarn_file_new,LOCK_EX);
+
+ #fix clwarn.cgi file permission
+ chmod($clwarn_file,0755);
$conf = <<< EOF
icap_enable on
@@ -1346,7 +1390,7 @@ EOF;
if (!isset($clamav_clamd_enable))
$rc_file.='clamav_clamd_enable="YES"'."\n";
file_put_contents("/etc/rc.conf.local",$rc_file,LOCK_EX);
-
+ squid_check_clamav_user('clamav');
#patch sample files to pfsense dirs
#squidclamav.conf
if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample"))
@@ -1391,9 +1435,13 @@ EOF;
foreach ($dirs as $dir_path => $dir_user){
if (!is_dir($dir_path))
make_dirs($dir_path);
- squid_chown_recursive($dir_path, $dir_user, $dir_user);
+ squid_chown_recursive($dir_path, $dir_user, "wheel");
+ }
+ #Check clamav database
+ if (count(glob("/var/db/clamav/*d"))==0){
+ log_error("Squid - Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam on background.");
+ mwexec_bg(SQUID_LOCALBASE."/bin/freshclam");
}
-
#check startup scripts on pfsense > 2.1
if (preg_match("/usr.pbi/",SQUID_LOCALBASE)){
$rcd_files = scandir(SQUID_LOCALBASE."/etc/rc.d");
@@ -1410,7 +1458,7 @@ EOF;
#check antivirus daemons
#check icap
if (is_process_running("c-icap")){
- mwexec('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl');
+ mwexec_bg('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl');
}
else{
#check c-icap user on startup file
@@ -1421,13 +1469,13 @@ EOF;
$cicapr[0]='c_icap_user="clamav"}';
file_put_contents($c_icap_rcfile,preg_replace($cicapm,$cicapr,$sample_file),LOCK_EX);
}
- mwexec("/usr/local/etc/rc.d/c-icap start");
+ mwexec_bg("/usr/local/etc/rc.d/c-icap start");
}
#check clamav
if (is_process_running("clamd"))
mwexec_bg("/usr/local/etc/rc.d/clamav-clamd reload");
else
- mwexec("/usr/local/etc/rc.d/clamav-clamd start");
+ mwexec_bg("/usr/local/etc/rc.d/clamav-clamd start");
}
return $conf;
}
@@ -1533,12 +1581,12 @@ include('/usr/local/pkg/squid_reverse.inc');
function squid_resync_auth() {
global $config, $valid_acls;
-
- if (is_array($config['installedpackages']['squidauth']['config']))
- $settings = $config['installedpackages']['squidauth']['config'][0];
- else
- $settings = array();
-
+ $write_config=0;
+ if (!is_array($config['installedpackages']['squidauth']['config'])){
+ $config['installedpackages']['squidauth']['config'][]=array('auth_method'=> "none");
+ $write_config++;
+ }
+ $settings = $config['installedpackages']['squidauth']['config'][0];
if (is_array($config['installedpackages']['squidnac']['config']))
$settingsnac = $config['installedpackages']['squidnac']['config'][0];
else
@@ -1549,6 +1597,9 @@ function squid_resync_auth() {
else
$settingsconfig = array();
+ if ($write_config > 0)
+ write_config();
+
$conf = '';
// SSL interception acl options part 1
@@ -1568,8 +1619,8 @@ function squid_resync_auth() {
$conf.="# Package Integration\n".preg_replace($co_preg,$co_rep,$settingsconfig['custom_options'])."\n\n";
}
- // Custom User Options
- $conf .= "# Custom options\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n";
+ // Custom User Options before authentication acls
+ $conf .= "# Custom options before auth\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n";
// Deny the banned guys before allowing the good guys
if(! empty($settingsnac['banned_hosts'])) {
@@ -1626,10 +1677,10 @@ function squid_resync_auth() {
}
// SSL interception acl options part 2
- if ($settingsconfig['ssl_proxy'] == "on"){
+ /*if ($settingsconfig['ssl_proxy'] == "on"){
$conf .= "always_direct allow all\n";
$conf .= "ssl_bump server-first all\n";
- }
+ }*/
// Include squidguard denied acl log in squid
if ($settingsconfig['log_sqd'])
@@ -1687,9 +1738,8 @@ function squid_resync_auth() {
$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n";
break;
case 'cp':
- $conf .= "external_acl_type check_filter children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n";
- $conf .= "acl dgfilter external check_filter\n";
- $conf .= "http_access allow dgfilter\n";
+ $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_LOCALBASE . "/libexec/squid/check_ip.php\n";
+ $conf .= "acl password external check_cp\n";
break;
case 'msnt':
$conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n";
@@ -1705,6 +1755,14 @@ acl password proxy_auth REQUIRED
EOD;
}
+ // Custom User Options after authentication definition
+ $conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n";
+
+ // SSL interception acl options part 2
+ if ($settingsconfig['ssl_proxy'] == "on"){
+ $conf .= "always_direct allow all\n";
+ $conf .= "ssl_bump server-first all\n";
+ }
// Onto the ACLs
$password = array('localnet', 'allowed_subnets');
$passwordless = array('unrestricted_hosts');
@@ -1721,7 +1779,7 @@ EOD;
foreach ($passwordless as $acl)
$conf .= "http_access allow $acl\n";
- if ($auth_method != 'cp'){
+ //if ($auth_method != 'cp'){
// Include squidguard denied acl log in squid
if ($settingsconfig['log_sqd'])
$conf .="http_access deny password sglog\n";
@@ -1729,9 +1787,9 @@ EOD;
// Allow the other ACLs as long as they authenticate
foreach ($password as $acl)
$conf .= "http_access allow password $acl\n";
- }
+ // }
}
-
+
$conf .= "# Default block all to be sure\n";
$conf .= "http_access deny allsrc\n";
@@ -2224,6 +2282,12 @@ EOD;
{$squid_local_base}/sbin/squid -k shutdown -f {$squid_conffile_var}
# Just to be sure...
sleep 5
+
+if [ -f /usr/bin/ipcs ];then
+# http://man.chinaunix.net/newsoft/squid/Squid_FAQ/FAQ-22.html#ss22.8
+ipcs | grep '^[mq]' | awk '{printf "ipcrm -%s %s\\n", $1, $2}' | /bin/sh
+fi
+
killall -9 squid 2>/dev/null
killall pinger 2>/dev/null
diff --git a/config/squid3/33/squid.xml b/config/squid3/33/squid.xml
index a8bc0530..bf740221 100644
--- a/config/squid3/33/squid.xml
+++ b/config/squid3/33/squid.xml
@@ -126,127 +126,127 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_general.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_general.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_peer.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_peer.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_uri.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_uri.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_nac.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_ng.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_ng.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_ng.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_ng.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_traffic.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_upstream.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_auth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_users.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_users.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_antivirus.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_antivirus.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/sqpmon.sh</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/sqpmon.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/swapstate_check.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/swapstate_check.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_reverse_redir.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_reverse_redir.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_monitor.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_monitor.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_monitor_data.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_monitor_data.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/squid_log_parser.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/squid_log_parser.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/pkg_squid.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/pkg_squid.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/33/check_ip.php</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/33/check_ip.php</item>
</additional_files_needed>
<fields>
<field>
@@ -301,6 +301,12 @@
<type>checkbox</type>
</field>
<field>
+ <fielddescr>Disable ICMP</fielddescr>
+ <fieldname>disable_pinger</fieldname>
+ <description><![CDATA[Enable this option to disable squid ICMP pinger helper.]]></description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Use alternate DNS-servers for the proxy-server</fielddescr>
<fieldname>dns_nameservers</fieldname>
<description>If you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;).</description>
@@ -528,9 +534,19 @@
<rows>5</rows>
</field>
<field>
- <fielddescr>Custom Options</fielddescr>
+ <fielddescr>Custom ACLS (Before_Auth)</fielddescr>
<fieldname>custom_options_squid3</fieldname>
- <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration.<br>
+ <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration before authetication acls(if any).<br>
+ <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <cols>78</cols>
+ <rows>10</rows>
+ </field>
+ <field>
+ <fielddescr>Custom ACLS (After_Auth)</fielddescr>
+ <fieldname>custom_options2_squid3</fieldname>
+ <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration after authetication definition(if any).<br>
<strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description>
<type>textarea</type>
<encoding>base64</encoding>
diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml
index 26d6463c..f60863c9 100755
--- a/config/squid3/33/squid_cache.xml
+++ b/config/squid3/33/squid_cache.xml
@@ -166,7 +166,11 @@
<field>
<fielddescr>Hard disk cache system</fielddescr>
<fieldname>harddisk_cache_system</fieldname>
- <description>This specifies the kind of storage system to use. &lt;p&gt; &lt;b&gt; ufs &lt;/b&gt; is the old well-known Squid storage format that has always been there. &lt;p&gt; &lt;b&gt; aufs &lt;/b&gt; uses POSIX-threads to avoid blocking the main Squid process on disk-I/O. (Formerly known as async-io.) &lt;p&gt; &lt;b&gt; diskd &lt;/b&gt; uses a separate process to avoid blocking the main Squid process on disk-I/O. &lt;p&gt; &lt;b&gt; null &lt;/b&gt; Does not use any storage. Ideal for Embedded/NanoBSD.</description>
+ <description><![CDATA[This specifies the kind of storage system to use.
+ <br><br><b>ufs</b> is the old well-known Squid storage format that has always been there.
+ <br><br><b>aufs</b> uses POSIX-threads to avoid blocking the main Squid process on disk-I/O. (Formerly known as async-io.)
+ <br><br><b>diskd</b> uses a separate process to avoid blocking the main Squid process on disk-I/O.<br>To use <b>ipcs</b> and <b>ipcrm</b> on squid, Download livefs.iso from ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.3/ mount it and copy <b>/usr/bin/ipcs</b> and <b>/usr/bin/ipcrm</b> to your system and set them as executables.
+ <br><br><b>null</b> Does not use any storage. Ideal for Embedded/NanoBSD.]]></description>
<type>select</type>
<default_value>ufs</default_value>
<options>
@@ -175,7 +179,14 @@
<option><name>diskd</name><value>diskd</value></option>
<option><name>null</name><value>null</value></option>
</options>
- </field>
+ </field>
+ <field>
+ <fielddescr>Clear cache on log rotate</fielddescr>
+ <fieldname>clear_cache</fieldname>
+ <description><![CDATA[If set, Squid will clear cache and swap.state on every log rotate.<br>
+ This action will be executed automatically if the swap.state file is taking up more than 75% disk space,or the drive is 90%]]></description>
+ <type>checkbox</type>
+ </field>
<field>
<fielddescr>Level 1 subdirectories</fielddescr>
<fieldname>level1_subdirs</fieldname>
diff --git a/config/squid3/33/squid_ng.inc b/config/squid3/33/squid_ng.inc
index 0e1e0515..3b9ef405 100755
--- a/config/squid3/33/squid_ng.inc
+++ b/config/squid3/33/squid_ng.inc
@@ -803,7 +803,7 @@ function squid3_custom_php_install_command() {
touch("/tmp/squid3_custom_php_install_command");
/* make sure this all exists, see:
- * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
+ * https://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
*/
update_output_window("Setting up Squid environment...");
mwexec("mkdir -p /var/squid");
diff --git a/config/squid3/33/squid_ng.xml b/config/squid3/33/squid_ng.xml
index 142536d6..b96b4eb2 100755
--- a/config/squid3/33/squid_ng.xml
+++ b/config/squid3/33/squid_ng.xml
@@ -102,42 +102,42 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_nac.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_ng.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_ng.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_traffic.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_upstream.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_auth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_auth.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_auth.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid/squid_extauth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid/squid_extauth.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/squid3/33/squid_reverse.inc b/config/squid3/33/squid_reverse.inc
index c4061ba4..34ff2366 100755
--- a/config/squid3/33/squid_reverse.inc
+++ b/config/squid3/33/squid_reverse.inc
@@ -110,7 +110,7 @@ function squid_resync_reverse() {
foreach ($reverse_peers as $rp){
if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !=""){
$conf_peer = "#{$rp['description']}\n";
- $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS ";
+ $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASS round-robin ";
if($rp['protocol'] == 'HTTPS')
$conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto ";
$conf_peer .= "name=rvp_{$rp['name']}\n\n";
@@ -173,8 +173,6 @@ function squid_resync_reverse() {
array_push($owa_dirs,'Microsoft-Server-ActiveSync');
if($settings['reverse_owa_rpchttp'])
array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll');
- if($settings['reverse_owa_autodiscover'])
- array_push($owa_dirs,'autodiscover');
if($settings['reverse_owa_webservice']){
array_push($owa_dirs,'EWS');
//$conf .= "ignore_expect_100 on\n"; Obsolete on 3.3
@@ -183,6 +181,11 @@ function squid_resync_reverse() {
if (is_array($owa_dirs))
foreach ($owa_dirs as $owa_dir)
$conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/$owa_dir.*$\n";
+
+ if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) {
+ $reverse_external_domain = strstr($settings['reverse_external_fqdn'], '.');
+ $conf .= "acl OWA_URI_pfs url_regex -i ^https://autodiscover{$reverse_external_domain}/AutoDiscover/AutoDiscover.xml\n";
+ }
}
//$conf .= "ssl_unclean_shutdown on";
if (is_array($reverse_maps))
diff --git a/config/squid3/33/swapstate_check.php b/config/squid3/33/swapstate_check.php
index 6ecfff3c..a0b3c98b 100644
--- a/config/squid3/33/swapstate_check.php
+++ b/config/squid3/33/swapstate_check.php
@@ -28,6 +28,7 @@
*/
require_once('config.inc');
require_once('util.inc');
+require_once('squid.inc');
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
if ($pf_version > 2.0)
@@ -46,13 +47,12 @@ if ($settings['harddisk_cache_system'] != "null"){
$diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100);
$swapstate_size = filesize($swapstate);
$swapstate_pct = round(($swapstate_size / $disktotal) * 100);
-
// If the swap.state file is taking up more than 75% disk space,
// or the drive is 90% full and swap.state is larger than 1GB,
// kill it and initiate a rotate to write a fresh copy.
- if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024))) {
- mwexec_bg("/bin/rm $swapstate; ". SQUID_LOCALBASE . "/sbin/squid -k rotate");
- log_error(gettext(sprintf("Squid swap.state file exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct)));
+ if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024)) || $argv[1]=="clean") {
+ squid_dash_z('clean');
+ log_error(gettext(sprintf("Squid cache and/or swap.state exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct)));
}
}
?> \ No newline at end of file
diff --git a/config/squid3/old/squid.xml b/config/squid3/old/squid.xml
index ea13625e..5762efb1 100644
--- a/config/squid3/old/squid.xml
+++ b/config/squid3/old/squid.xml
@@ -96,52 +96,52 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_nac.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_ng.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_ng.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_traffic.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_upstream.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_auth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_users.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_users.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/etc/rc.d/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/proxy_monitor.sh</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/proxy_monitor.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squid3/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_cache.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/squid3/old/squid_ng.inc b/config/squid3/old/squid_ng.inc
index 03f6d48c..bfc99faf 100644
--- a/config/squid3/old/squid_ng.inc
+++ b/config/squid3/old/squid_ng.inc
@@ -803,7 +803,7 @@ function custom_php_install_command() {
touch("/tmp/custom_php_install_command");
/* make sure this all exists, see:
- * http://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
+ * https://forum.pfsense.org/index.php?topic=23.msg2391#msg2391
*/
update_output_window("Setting up Squid environment...");
mwexec("mkdir -p /var/squid");
diff --git a/config/squid3/old/squid_ng.xml b/config/squid3/old/squid_ng.xml
index cb535cd3..3448657f 100644
--- a/config/squid3/old/squid_ng.xml
+++ b/config/squid3/old/squid_ng.xml
@@ -102,42 +102,42 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid3/squid_cache.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_cache.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid3/squid_nac.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_nac.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid3/squid_ng.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_ng.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid3/squid_traffic.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_traffic.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid3/squid_upstream.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_upstream.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid3/squid_auth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_auth.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid3/squid_auth.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_auth.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/squid3/squid_extauth.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squid3/squid_extauth.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/squidGuard-devel/squidguard.xml b/config/squidGuard-devel/squidguard.xml
index e9ce78fd..d5f2b82d 100644
--- a/config/squidGuard-devel/squidguard.xml
+++ b/config/squidGuard-devel/squidguard.xml
@@ -63,57 +63,57 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_configurator.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_configurator.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_acl.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_default.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_default.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_dest.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_dest.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_rewr.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_rewr.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_time.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_time.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/squidGuard/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_log.php</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_log.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/squidGuard/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/squidguard_blacklist.php</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/squidguard_blacklist.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard-devel/sgerror.php</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard-devel/sgerror.php</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml
index e1fb3d41..ee7302f4 100644
--- a/config/squidGuard/squidguard.xml
+++ b/config/squidGuard/squidguard.xml
@@ -63,57 +63,57 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_configurator.inc</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_configurator.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_acl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_acl.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_default.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_default.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_dest.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_dest.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_rewr.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_rewr.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_time.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_time.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/squidGuard/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_log.php</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_log.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/squidGuard/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/squidguard_blacklist.php</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_blacklist.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/squidGuard/sgerror.php</item>
+ <item>https://packages.pfsense.org/packages/config/squidGuard/sgerror.php</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/sshdcond/sshdcond.xml b/config/sshdcond/sshdcond.xml
index eeb35d75..17dda28d 100644
--- a/config/sshdcond/sshdcond.xml
+++ b/config/sshdcond/sshdcond.xml
@@ -60,12 +60,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/sshdcond/sshdcond.inc</item>
+ <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/sshdcond/sshdcond_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/sshdcond/sshdcond_sync.xml</item>
</additional_files_needed>
<tabs>
<tab>
diff --git a/config/sshterm/sshterm.xml b/config/sshterm/sshterm.xml
index 80907d0a..69098f01 100644
--- a/config/sshterm/sshterm.xml
+++ b/config/sshterm/sshterm.xml
@@ -64,12 +64,12 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/sshterm/diag_shell_head.php</item>
+ <item>https://packages.pfsense.org/packages/config/sshterm/diag_shell_head.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/sshterm/diag_shell_releng.php</item>
+ <item>https://packages.pfsense.org/packages/config/sshterm/diag_shell_releng.php</item>
</additional_files_needed>
<!--
fields gets invoked when the user adds or edits a item.
diff --git a/config/states-summary/states-summary.xml b/config/states-summary/states-summary.xml
index a27230fd..7071420f 100644
--- a/config/states-summary/states-summary.xml
+++ b/config/states-summary/states-summary.xml
@@ -57,7 +57,7 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/states-summary/diag_states_summary.php</item>
+ <item>https://packages.pfsense.org/packages/config/states-summary/diag_states_summary.php</item>
</additional_files_needed>
<custom_php_deinstall_command>
<![CDATA[
diff --git a/config/strikeback/strikeback.xml b/config/strikeback/strikeback.xml
index 15c35668..221f3f77 100644
--- a/config/strikeback/strikeback.xml
+++ b/config/strikeback/strikeback.xml
@@ -39,7 +39,7 @@
</copyright>
<description>Strikeback</description>
<requirements>Active Internet</requirements>
- <faq>http://forum.pfsense.org/index.php/topic,37225.0.html</faq>
+ <faq>https://forum.pfsense.org/index.php/topic,37225.0.html</faq>
<name>Strikeback Settings</name>
<version>0.1</version>
<title>Settings</title>
@@ -62,52 +62,52 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/strikeback.xml</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/strikeback.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/strikeback.inc</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/strikeback.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/strikeback.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/strikeback.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/index.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/index.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/firewall_shaper.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/firewall_shaper.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/help.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/help.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/settings.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/settings.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/parse.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/parse.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/strikeback.db</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/strikeback.db</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/strikeback/jscolor.js</item>
+ <item>https://packages.pfsense.org/packages/config/strikeback/jscolor.js</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/stunnel.xml b/config/stunnel.xml
index 601dbfa2..21e023a9 100644
--- a/config/stunnel.xml
+++ b/config/stunnel.xml
@@ -55,12 +55,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/stunnel/stunnel.inc</item>
+ <item>https://packages.pfsense.org/packages/config/stunnel/stunnel.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/stunnel/stunnel_certs.xml</item>
+ <item>https://packages.pfsense.org/packages/config/stunnel/stunnel_certs.xml</item>
</additional_files_needed>
<!-- configpath gets expanded out automatically and config items will be
stored in that location -->
diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc
index 5ffa14c3..68cf4a00 100644
--- a/config/sudo/sudo.inc
+++ b/config/sudo/sudo.inc
@@ -165,7 +165,7 @@ function sudo_get_users($list_all_user = false) {
/* Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior.
This also forces the user to give full paths to executables, which they should be doing anyhow.
*/
-function sudo_validate_commands($input_errors) {
+function sudo_validate_commands(&$input_errors) {
$idx = 0;
while(isset($_POST["cmdlist{$idx}"])) {
$commands = $_POST["cmdlist" . $idx++];
diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml
index defca988..2fccab24 100644
--- a/config/sudo/sudo.xml
+++ b/config/sudo/sudo.xml
@@ -3,7 +3,7 @@
<description>Sudo Command Control</description>
<requirements>None</requirements>
<name>sudo</name>
- <version>0.2</version>
+ <version>0.2.1</version>
<title>Sudo - Shell Command Privilege Delegation Utility</title>
<include_file>/usr/local/pkg/sudo.inc</include_file>
<menu>
@@ -16,7 +16,7 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/sudo/sudo.inc</item>
+ <item>https://packages.pfsense.org/packages/config/sudo/sudo.inc</item>
</additional_files_needed>
<fields>
<field>
@@ -83,7 +83,7 @@ User permission definitions for allowing the use of sudo by shell users to run c
</custom_php_resync_config_command>
<custom_php_validation_command>
<![CDATA[
- sudo_validate_commands(&$input_errors);
+ sudo_validate_commands($input_errors);
]]>
</custom_php_validation_command>
</packagegui>
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc
index b87e2f6a..c767f2d0 100644
--- a/config/suricata/suricata.inc
+++ b/config/suricata/suricata.inc
@@ -1,30 +1,41 @@
<?php
/*
- suricata.inc
-
- Copyright (C) 2014 Bill Meeks
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ * suricata.inc
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
require_once("pfsense-utils.inc");
require_once("config.inc");
@@ -39,6 +50,15 @@ global $g, $config;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
+/* Get installed package version for display */
+$suricata_package_version = "Suricata {$config['installedpackages']['package'][get_pkg_id("suricata")]['version']}";
+
+// Define the installed package version
+define('SURICATA_PKG_VER', $suricata_package_version);
+
+// Define the name of the pf table used for IP blocks
+define('SURICATA_PF_TABLE', 'snort2c');
+
// Create some other useful defines
define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/');
define('SURICATALOGDIR', '/var/log/suricata/');
@@ -73,16 +93,12 @@ function suricata_generate_id() {
}
function suricata_is_running($suricata_uuid, $if_real, $type = 'suricata') {
- global $config, $g;
-
- if (isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid"))
- return 'yes';
- else
- return 'no';
+ global $g;
+ return isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid");
}
function suricata_barnyard_stop($suricatacfg, $if_real) {
- global $config, $g;
+ global $g;
$suricata_uuid = $suricatacfg['uuid'];
if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) {
@@ -92,13 +108,13 @@ function suricata_barnyard_stop($suricatacfg, $if_real) {
}
function suricata_stop($suricatacfg, $if_real) {
- global $config, $g;
+ global $g;
$suricata_uuid = $suricatacfg['uuid'];
if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) {
log_error("[Suricata] Suricata STOP for {$suricatacfg['descr']}({$if_real})...");
killbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid");
- sleep(2);
+ sleep(1);
// For some reason Suricata seems to need a double TERM signal to actually shutdown
if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"))
@@ -109,7 +125,7 @@ function suricata_stop($suricatacfg, $if_real) {
}
function suricata_barnyard_start($suricatacfg, $if_real) {
- global $config, $g;
+ global $g;
$suricata_uuid = $suricatacfg['uuid'];
$suricatadir = SURICATADIR . "suricata_{$suricata_uuid}_{$if_real}";
@@ -117,19 +133,19 @@ function suricata_barnyard_start($suricatacfg, $if_real) {
if ($suricatacfg['barnyard_enable'] == 'on') {
log_error("[Suricata] Barnyard2 START for {$suricatacfg['descr']}({$if_real})...");
- exec("/usr/local/bin/barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}/barnyard2.conf -d {$suricatalogdir} -D -q");
+ mwexec_bg("/usr/local/bin/barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}/barnyard2.conf -d {$suricatalogdir} -D -q");
}
}
function suricata_start($suricatacfg, $if_real) {
- global $config, $g;
+ global $g;
$suricatadir = SURICATADIR;
$suricata_uuid = $suricatacfg['uuid'];
if ($suricatacfg['enable'] == 'on') {
log_error("[Suricata] Suricata START for {$suricatacfg['descr']}({$if_real})...");
- exec("/usr/local/bin/suricata -i {$if_real} -D -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/suricata.yaml --pidfile {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid");
+ mwexec_bg("/usr/local/bin/suricata -i {$if_real} -D -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/suricata.yaml --pidfile {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid");
}
else
return;
@@ -150,11 +166,11 @@ function suricata_reload_config($suricatacfg, $signal="USR2") {
/* */
/* $signal = USR2 (default) parses and reloads config. */
/**************************************************************/
- global $config, $g;
+ global $g;
$suricatadir = SURICATADIR;
$suricata_uuid = $suricatacfg['uuid'];
- $if_real = suricata_get_real_interface($suricatacfg['interface']);
+ $if_real = get_real_interface($suricatacfg['interface']);
/******************************************************/
/* Only send the SIGUSR2 if Suricata is running and */
@@ -162,8 +178,8 @@ function suricata_reload_config($suricatacfg, $signal="USR2") {
/******************************************************/
if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) {
log_error("[Suricata] Suricata LIVE RULE RELOAD initiated for {$suricatacfg['descr']} ({$if_real})...");
- sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", $signal);
-// exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid 2>&1 &");
+// sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", $signal);
+ mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid");
}
}
@@ -179,11 +195,11 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") {
/* */
/* $signal = HUP (default) parses and reloads config. */
/**************************************************************/
- global $config, $g;
+ global $g;
$suricatadir = SURICATADIR;
$suricata_uuid = $suricatacfg['uuid'];
- $if_real = suricata_get_real_interface($suricatacfg['interface']);
+ $if_real = get_real_interface($suricatacfg['interface']);
/******************************************************/
/* Only send the SIGHUP if Barnyard2 is running and */
@@ -191,36 +207,33 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") {
/******************************************************/
if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) {
log_error("[Suricata] Barnyard2 CONFIG RELOAD initiated for {$suricatacfg['descr']} ({$if_real})...");
- sigkillbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid", $signal);
-// exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid 2>&1 &");
+// sigkillbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid", $signal);
+ mwexec_bg("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid");
}
}
-function suricata_get_friendly_interface($interface) {
-
- // Pass this directly to the system for now.
- // Later, this wrapper will be removed and all
- // the Suricata code changed to use the system call.
- return convert_friendly_interface_to_friendly_descr($interface);
-}
-
-function suricata_get_real_interface($interface) {
+function suricata_get_blocked_ips() {
- // Pass this directly to the system for now.
- // Later, this wrapper will be removed and all
- // the Suricata code changed to use the system call.
- return get_real_interface($interface);
-}
+ $suri_pf_table = SURICATA_PF_TABLE;
+ $blocked_ips = "";
-function suricata_get_blocked_ips() {
+ exec("/sbin/pfctl -t {$suri_pf_table} -T show", $blocked_ips);
- // This is a placeholder function for later use.
- // Blocking is not currently enabled in Suricata.
- return array();
+ $blocked_ips_array = array();
+ if (!empty($blocked_ips)) {
+ if (is_array($blocked_ips)) {
+ foreach ($blocked_ips as $blocked_ip) {
+ if (empty($blocked_ip))
+ continue;
+ $blocked_ips_array[] = trim($blocked_ip, " \n\t");
+ }
+ }
+ }
+ return $blocked_ips_array;
}
-/* func builds custom white lists */
-function suricata_find_list($find_name, $type = 'whitelist') {
+/* func builds custom Pass Lists */
+function suricata_find_list($find_name, $type = 'passlist') {
global $config;
$suricataglob = $config['installedpackages']['suricata'];
@@ -237,11 +250,11 @@ function suricata_find_list($find_name, $type = 'whitelist') {
return array();
}
-function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
+function suricata_build_list($suricatacfg, $listname = "", $passlist = false) {
/***********************************************************/
/* The default is to build a HOME_NET variable unless */
- /* '$whitelist' is set to 'true' when calling. */
+ /* '$passlist' is set to 'true' when calling. */
/***********************************************************/
global $config, $g, $aliastable, $filterdns;
@@ -263,7 +276,7 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
$home_net = explode(" ", trim(filter_expand_alias($list['address'])));
}
- // Always add loopback to HOME_NET and whitelist (ftphelper)
+ // Always add loopback to HOME_NET and passlist (ftphelper)
if (!in_array("127.0.0.1", $home_net))
$home_net[] = "127.0.0.1";
@@ -271,8 +284,8 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
/* Always put the interface running Suricata in HOME_NET and */
/* whitelist unless it's the WAN. WAN options are handled further */
/* down. If the user specifically chose not to include LOCAL_NETS */
- /* in the WHITELIST, then do not include the Suricata interface */
- /* subnet in the WHITELIST. We do include the actual LAN interface */
+ /* in the PASS LIST, then do not include the Suricata interface */
+ /* subnet in the PASS LIST. We do include the actual LAN interface */
/* IP for Suricata, though, to prevent locking out the firewall. */
/********************************************************************/
$suricataip = get_interface_ip($suricatacfg['interface']);
@@ -313,8 +326,8 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
if (!$whitelist || $localnet == 'yes' || empty($localnet)) {
/*************************************************************************/
- /* Iterate through the interface list and write out whitelist items and */
- /* also compile a HOME_NET list of all the local interfaces for suricata. */
+ /* Iterate through the interface list and write out pass list items and */
+ /* also compile a HOME_NET list of all local interfaces for suricata. */
/* Skip the WAN interface as we do not typically want that whole subnet */
/* whitelisted (just the i/f IP itself which was handled earlier). */
/*************************************************************************/
@@ -381,7 +394,7 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
}
if($vips == 'yes') {
- // iterate all vips and add to whitelist
+ // iterate all vips and add to passlist
if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
foreach($config['virtualip']['vip'] as $vip) {
if ($vip['subnet'] && $vip['mode'] != 'proxyarp') {
@@ -422,7 +435,7 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
return $valresult;
}
-function suricata_rules_up_install_cron($should_install) {
+function suricata_rules_up_install_cron($should_install=true) {
global $config, $g;
$command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php";
@@ -495,11 +508,109 @@ function suricata_rules_up_install_cron($should_install) {
install_cron_job($command, $should_install, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root");
}
-function suricata_loglimit_install_cron($should_install) {
+function suricata_loglimit_install_cron($should_install=true) {
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", $should_install, "*/5");
}
+function suricata_rm_blocked_install_cron($should_install) {
+ global $config, $g;
+ $suri_pf_table = SURICATA_PF_TABLE;
+
+ $suricata_rm_blocked_info_ck = $config['installedpackages']['suricata']['config'][0]['rm_blocked'];
+
+ if ($suricata_rm_blocked_info_ck == "15m_b") {
+ $suricata_rm_blocked_min = "*/1";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "900";
+ }
+ if ($suricata_rm_blocked_info_ck == "30m_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "1800";
+ }
+ if ($suricata_rm_blocked_info_ck == "1h_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "3600";
+ }
+ if ($suricata_rm_blocked_info_ck == "3h_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "10800";
+ }
+ if ($suricata_rm_blocked_info_ck == "6h_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "21600";
+ }
+ if ($suricata_rm_blocked_info_ck == "12h_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "43200";
+ }
+ if ($suricata_rm_blocked_info_ck == "1d_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "86400";
+ }
+ if ($suricata_rm_blocked_info_ck == "4d_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "345600";
+ }
+ if ($suricata_rm_blocked_info_ck == "7d_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "604800";
+ }
+ if ($suricata_rm_blocked_info_ck == "28d_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "2419200";
+ }
+
+ // First, remove any existing cron task for "rm_blocked" hosts
+ install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false);
+
+ // Now add or update the cron task for "rm_blocked" hosts
+ // if enabled.
+ if ($should_install) {
+ $command = "/usr/bin/nice -n20 /sbin/pfctl -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}";
+ install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root");
+ }
+}
+
function sync_suricata_package_config() {
global $config, $g;
@@ -517,7 +628,7 @@ function sync_suricata_package_config() {
$suricataconf = $config['installedpackages']['suricata']['rule'];
foreach ($suricataconf as $value) {
- $if_real = suricata_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
// create a suricata.yaml file for interface
suricata_generate_yaml($value);
@@ -532,9 +643,11 @@ function sync_suricata_package_config() {
$suricataglob = $config['installedpackages']['suricata']['config'][0];
// setup the log directory size check job if enabled
- suricata_loglimit_install_cron($suricataglob['suricataloglimit'] == 'on' ? true : false);
+ suricata_loglimit_install_cron(true);
// setup the suricata rules update job if enabled
- suricata_rules_up_install_cron($suricataglob['autoruleupdate'] != "never_up" ? true : false);
+ suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false);
+ // set the suricata blocked hosts time
+ suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false);
write_config();
configure_cron();
@@ -669,7 +782,7 @@ function suricata_post_delete_logs($suricata_uuid = 0) {
foreach ($config['installedpackages']['suricata']['rule'] as $value) {
if ($value['uuid'] != $suricata_uuid)
continue;
- $if_real = suricata_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
$suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
if ($if_real != '') {
@@ -710,7 +823,19 @@ function suricata_build_sid_msg_map($rules_path, $sid_file) {
/*************************************************************/
/* This function reads all the rules file in the passed */
/* $rules_path variable and produces a properly formatted */
- /* sid-msg.map file for use by Suricata and/or barnyard2. */
+ /* sid-msg.map v2 file for use by Suricata and barnyard2. */
+ /* */
+ /* This function produces the new v2 format sid-msg.map */
+ /* with the field layout as follows: */
+ /* */
+ /* GID || SID || REV || CLASSTYPE || PRI || MSG || REF ... */
+ /* */
+ /* On Entry: $rules_path --> array or directory of files */
+ /* or a single file containing */
+ /* the rules to read. */
+ /* $sid_file --> the complete destination path */
+ /* and filename for the output */
+ /* sid-msg.map file. */
/*************************************************************/
$sidMap = array();
@@ -719,7 +844,7 @@ function suricata_build_sid_msg_map($rules_path, $sid_file) {
// First check if we were passed a directory, a single file
// or an array of filenames to read. Set our $rule_files
// variable accordingly. If we can't figure it out, return
- // and don't write a sid_msg_map file.
+ // and don't write a sid-msg.map file.
if (is_string($rules_path)) {
if (is_dir($rules_path))
$rule_files = glob($rules_path . "*.rules");
@@ -772,7 +897,11 @@ function suricata_build_sid_msg_map($rules_path, $sid_file) {
$record = "";
// Parse the rule to find sid and any references.
+ $gid = '1'; // default to 1 for regular rules
$sid = '';
+ $rev = '';
+ $classtype = 'NOCLASS'; // required default for v2 format
+ $priority = '0'; // required default for v2 format
$msg = '';
$matches = '';
$sidEntry = '';
@@ -780,23 +909,32 @@ function suricata_build_sid_msg_map($rules_path, $sid_file) {
$msg = trim($matches[1]);
if (preg_match('/\bsid\s*:\s*(\d+)\s*;/i', $rule, $matches))
$sid = trim($matches[1]);
- if (!empty($sid) && !empty($msg)) {
- $sidEntry = $sid . ' || ' . $msg;
+ if (preg_match('/\bgid\s*:\s*(\d+)\s*;/i', $rule, $matches))
+ $gid = trim($matches[1]);
+ if (preg_match('/\brev\s*:\s*([^\;]+)/i', $rule, $matches))
+ $rev = trim($matches[1]);
+ if (preg_match('/\bclasstype\s*:\s*([^\;]+)/i', $rule, $matches))
+ $classtype = trim($matches[1]);
+ if (preg_match('/\bpriority\s*:\s*([^\;]+)/i', $rule, $matches))
+ $priority = trim($matches[1]);
+
+ if (!empty($gid) && !empty($sid) && !empty($msg)) {
+ $sidEntry = $gid . ' || ' . $sid . ' || ' . $rev . ' || ' . $classtype . ' || ';
+ $sidEntry .= $priority . ' || ' . $msg;
preg_match_all('/\breference\s*:\s*([^\;]+)/i', $rule, $matches);
foreach ($matches[1] as $ref)
$sidEntry .= " || " . trim($ref);
$sidEntry .= "\n";
- if (!is_array($sidMap[$sid]))
- $sidMap[$sid] = array();
- $sidMap[$sid] = $sidEntry;
+ $sidMap[] = $sidEntry;
}
}
}
- // Sort the generated sid-msg map by sid
- ksort($sidMap);
+ // Sort the generated sid-msg map
+ natcasesort($sidMap);
// Now print the result to the supplied file
- @file_put_contents($sid_file, array_values($sidMap));
+ @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Snort.\n\n");
+ @file_put_contents($sid_file, array_values($sidMap), FILE_APPEND);
}
function suricata_merge_reference_configs($cfg_in, $cfg_out) {
@@ -1508,7 +1646,7 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) {
return;
// Log a message for rules rebuild in progress
- log_error(gettext("[Suricata] Updating rules configuration for: " . suricata_get_friendly_interface($suricatacfg['interface']) . " ..."));
+ log_error(gettext("[Suricata] Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " ..."));
// Only rebuild rules if some are selected or an IPS Policy is enabled
if (!empty($suricatacfg['rulesets']) || $suricatacfg['ips_policy_enable'] == 'on') {
@@ -1581,7 +1719,7 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) {
// If auto-flowbit resolution is enabled, generate the dependent flowbits rules file.
if ($suricatacfg['autoflowbitrules'] == 'on') {
- log_error('[Suricata] Enabling any flowbit-required rules for: ' . suricata_get_friendly_interface($suricatacfg['interface']) . '...');
+ log_error('[Suricata] Enabling any flowbit-required rules for: ' . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . '...');
$fbits = suricata_resolve_flowbits($all_rules, $enabled_rules);
// Check for and disable any flowbit-required rules the user has
@@ -1606,11 +1744,11 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) {
// Log a warning if the interface has no rules defined or enabled
if ($no_rules_defined)
- log_error(gettext("[Suricata] Warning - no text rules selected for: " . suricata_get_friendly_interface($suricatacfg['interface']) . " ..."));
+ log_error(gettext("[Suricata] Warning - no text rules selected for: " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " ..."));
// Build a new sid-msg.map file from the enabled
// rules and copy it to the interface directory.
- log_error(gettext("[Suricata] Building new sig-msg.map file for " . suricata_get_friendly_interface($suricatacfg['interface']) . "..."));
+ log_error(gettext("[Suricata] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "..."));
suricata_build_sid_msg_map("{$suricatacfgdir}/rules/", "{$suricatacfgdir}/sid-msg.map");
}
@@ -1694,33 +1832,27 @@ function suricata_create_rc() {
// Loop thru each configured interface and build
// the shell script.
foreach ($suricataconf as $value) {
+ // Skip disabled Suricata interfaces
+ if ($value['enable'] <> 'on')
+ continue;
$suricata_uuid = $value['uuid'];
- $if_real = suricata_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
$start_barnyard = <<<EOE
if [ ! -f {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid ]; then
- pid=`/bin/pgrep -f "barnyard2 -r {$suricata_uuid} "`
+ pid=`/bin/pgrep -fn "barnyard2 -r {$suricata_uuid} "`
else
pid=`/bin/pgrep -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid`
fi
+
if [ ! -z \$pid ]; then
- /usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 STOP for {$value['descr']}({$suricata_uuid}_{$if_real})..."
- /bin/pkill -TERM \$pid
- time=0 timeout=30
- while /bin/kill -TERM \$pid 2>/dev/null; do
- sleep 1
- time=\$((time+1))
- if [ \$time -gt \$timeout ]; then
- break
- fi
- done
- if [ -f /var/run/barnyard2_{$if_real}{$suricata_uuid}.pid ]; then
- /bin/rm /var/run/barnyard2_{$if_real}{$suricata_uuid}.pid
- fi
+ /usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 SOFT RESTART for {$value['descr']}({$suricata_uuid}_{$if_real})..."
+ /bin/pkill -HUP \$pid
+ else
+ /usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 START for {$value['descr']}({$suricata_uuid}_{$if_real})..."
+ /usr/local/bin/barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/barnyard2.conf -d {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} -D -q
fi
- /usr/bin/logger -p daemon.info -i -t SuricataStartup "Barnyard2 START for {$value['descr']}({$suricata_uuid}_{$if_real})..."
- /usr/local/bin/barnyard2 -r {$suricata_uuid} -f unified2.alert --pid-path {$g['varrun_path']} --nolock-pidfile -c {$suricatadir}suricata_{$suricata_uuid}_{$if_real}/barnyard2.conf -d {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} -D -q
EOE;
$stop_barnyard2 = <<<EOE
@@ -1741,9 +1873,9 @@ EOE;
/bin/rm /var/run/barnyard2_{$if_real}{$suricata_uuid}.pid
fi
else
- pid=`/bin/pgrep -f "barnyard2 -r {$suricata_uuid} "`
+ pid=`/bin/pgrep -fn "barnyard2 -r {$suricata_uuid} "`
if [ ! -z \$pid ]; then
- /bin/pkill -TERM -f "barnyard2 -r {$suricata_uuid} "
+ /bin/pkill -TERM -fn "barnyard2 -r {$suricata_uuid} "
time=0 timeout=30
while /bin/kill -TERM \$pid 2>/dev/null; do
sleep 1
@@ -1766,7 +1898,7 @@ EOE;
###### For Each Iface
# Start suricata and barnyard2
if [ ! -f {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid ]; then
- pid=`/bin/pgrep -f "suricata -i {$if_real} "`
+ pid=`/bin/pgrep -fn "suricata -i {$if_real} "`
else
pid=`/bin/pgrep -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid`
fi
@@ -1802,10 +1934,10 @@ EOE;
/bin/rm /var/run/suricata_{$if_real}{$suricata_uuid}.pid
fi
else
- pid=`/bin/pgrep -f "suricata -i {$if_real} "`
+ pid=`/bin/pgrep -fn "suricata -i {$if_real} "`
if [ ! -z \$pid ]; then
/usr/bin/logger -p daemon.info -i -t SuricataStartup "Suricata STOP for {$value['descr']}({$suricata_uuid}_{$if_real})..."
- /bin/pkill -TERM -f "suricata -i {$if_real} "
+ /bin/pkill -TERM -fn "suricata -i {$if_real} "
time=0 timeout=30
while /bin/kill -TERM \$pid 2>/dev/null; do
sleep 1
@@ -1908,19 +2040,28 @@ function suricata_generate_barnyard2_conf($suricatacfg, $if_real) {
$by2_dbpwd = base64_decode($suricatacfg['barnyard_dbpwd']);
$suricatabarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: alert, mysql, ";
$suricatabarnyardlog_output_plugins .= "user={$suricatacfg['barnyard_dbuser']} password={$by2_dbpwd} ";
- $suricatabarnyardlog_output_plugins .= "dbname={$suricatacfg['barnyard_dbname']} host={$suricatacfg['barnyard_dbhost']}\n\n";
+ $suricatabarnyardlog_output_plugins .= "dbname={$suricatacfg['barnyard_dbname']} host={$suricatacfg['barnyard_dbhost']}";
+ if (isset($suricatacfg['barnyard_sensor_name']) && strlen($suricatacfg['barnyard_sensor_name']) > 0)
+ $suricatabarnyardlog_output_plugins .= " sensor_name={$suricatacfg['barnyard_sensor_name']}";
+ if ($suricatacfg['barnyard_disable_sig_ref_tbl'] == 'on')
+ $suricatabarnyardlog_output_plugins .= " disable_signature_reference_table";
+ $suricatabarnyardlog_output_plugins .= "\n\n";
}
if ($suricatacfg['barnyard_syslog_enable'] == 'on') {
$suricatabarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\n";
$suricatabarnyardlog_output_plugins .= "output alert_syslog_full: sensor_name {$suricatabarnyardlog_hostname_info_chk}, ";
if ($suricatacfg['barnyard_syslog_local'] == 'on')
- $suricatabarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n";
+ $suricatabarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n\n";
else {
$suricatabarnyardlog_output_plugins .= "server {$suricatacfg['barnyard_syslog_rhost']}, protocol {$suricatacfg['barnyard_syslog_proto']}, ";
$suricatabarnyardlog_output_plugins .= "port {$suricatacfg['barnyard_syslog_dport']}, operation_mode {$suricatacfg['barnyard_syslog_opmode']}, ";
- $suricatabarnyardlog_output_plugins .= "log_facility {$suricatacfg['barnyard_syslog_facility']}, log_priority {$suricatacfg['barnyard_syslog_priority']}\n";
+ $suricatabarnyardlog_output_plugins .= "log_facility {$suricatacfg['barnyard_syslog_facility']}, log_priority {$suricatacfg['barnyard_syslog_priority']}\n\n";
}
}
+ if ($suricatacfg['barnyard_bro_ids_enable'] == 'on') {
+ $suricatabarnyardlog_output_plugins .= "# alert_bro: log to a Bro-IDS receiver\n";
+ $suricatabarnyardlog_output_plugins .= "output alert_bro: {$suricatacfg['barnyard_bro_ids_rhost']}:{$suricatacfg['barnyard_bro_ids_dport']}\n";
+ }
// Trim leading and trailing newlines and spaces
$suricatabarnyardlog_output_plugins = rtrim($suricatabarnyardlog_output_plugins, "\n");
@@ -1986,7 +2127,7 @@ function suricata_generate_yaml($suricatacfg) {
$suricatalogdir = SURICATALOGDIR;
$flowbit_rules_file = FLOWBITS_FILENAME;
$suricata_enforcing_rules_file = ENFORCING_RULES_FILENAME;
- $if_real = suricata_get_real_interface($suricatacfg['interface']);
+ $if_real = get_real_interface($suricatacfg['interface']);
$suricata_uuid = $suricatacfg['uuid'];
$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc
index 7f5f1825..3bbee55a 100644
--- a/config/suricata/suricata.priv.inc
+++ b/config/suricata/suricata.priv.inc
@@ -21,17 +21,18 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_global.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress_edit.php*";
-$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist.php*";
-$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist_edit.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_select_alias.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_list_view.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_browser.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_mgmt.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist_edit.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_flow_stream.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules_edit.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules_flowbits.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rulesets.php*";
-$priv_list['page-services-suricata']['match'][] = "suricata/suricata_select_alias.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_os_policy_engine.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_global.php*";
$priv_list['page-services-suricata']['match'][] = "pkg_edit.php?xml=suricata/suricata.xml*";
@@ -41,5 +42,7 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata.inc*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_uninstall.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_generate_yaml.php*";
-
+$priv_list['page-services-suricata']['match'][] = "widgets/javascript/suricata_alerts.js*";
+$priv_list['page-services-suricata']['match'][] = "widgets/widgets/suricata_alerts.widget.php*";
+$priv_list['page-services-suricata']['match'][] = "widgets/include/widget-suricata.inc*";
?> \ No newline at end of file
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index 4760149d..1a64d619 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -9,40 +9,49 @@
/*
suricata.xml
part of the Suricata package for pfSense
- Copyright (C) 2014 Bill meeks
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Significant portions are based on original work done for the Snort
+ package for pfSense from the following contributors:
+
+ Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya Sr. Developer
+ Copyright (C) 2012 Ermal Luci
+ All rights reserved.
+
+ Adapted for Suricata by:
+ Copyright (C) 2014 Bill Meeks
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code MUST retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* ========================================================================== */
]]>
</copyright>
<description>Suricata IDS/IPS Package</description>
<requirements>None</requirements>
<name>suricata</name>
- <version>1.4.6 pkg v0.1-BETA</version>
+ <version>1.4.6 pkg v1.0</version>
<title>Services: Suricata IDS</title>
<include_file>/usr/local/pkg/suricata/suricata.inc</include_file>
<menu>
@@ -58,159 +67,189 @@
<description>Suricata IDS/IPS Daemon</description>
</service>
<additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata.priv.inc</item>
<prefix>/etc/inc/priv/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/suricata/suricata.priv.inc</item>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata.inc</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata.inc</item>
<prefix>/usr/local/pkg/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_check_cron_misc.inc</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_check_cron_misc.inc</item>
<prefix>/usr/local/pkg/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_yaml_template.inc</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_yaml_template.inc</item>
<prefix>/usr/local/pkg/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_generate_yaml.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_generate_yaml.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_download_updates.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_download_updates.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_global.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_global.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_alerts.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_interfaces.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_interfaces.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_interfaces_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_interfaces_edit.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_download_rules.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_download_rules.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_check_for_rule_updates.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_check_for_rule_updates.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_rules.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_rules.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_rulesets.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_rulesets.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_rules_flowbits.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_rules_flowbits.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_rules_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_rules_edit.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_flow_stream.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_flow_stream.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_os_policy_engine.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_os_policy_engine.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_import_aliases.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_import_aliases.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_select_alias.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_suppress.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_suppress.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_suppress_edit.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_suppress_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_logs_browser.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_logs_browser.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_logs_mgmt.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_list_view.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_list_view.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_app_parsers.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_app_parsers.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_libhtp_policy_engine.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_libhtp_policy_engine.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_uninstall.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_uninstall.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_define_vars.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_define_vars.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_barnyard.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_barnyard.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_post_install.php</item>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_post_install.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_uninstall.php</item>
<prefix>/usr/local/www/suricata/</prefix>
- <chmod>0755</chmod>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_blocked.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_passlist.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_passlist_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_select_alias.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/javascript/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.js</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/widgets/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.widget.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/include/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/widget-suricata.inc</item>
</additional_files_needed>
<!-- configpath gets expanded out automatically and config items will be stored in that location -->
<configpath>['installedpackages']['suricata']</configpath>
diff --git a/config/suricata/suricata_alerts.js b/config/suricata/suricata_alerts.js
new file mode 100644
index 00000000..b6a5d3c3
--- /dev/null
+++ b/config/suricata/suricata_alerts.js
@@ -0,0 +1,85 @@
+
+var suricatatimer;
+var suricataisBusy = false;
+var suricataisPaused = false;
+
+function suricata_alerts_fetch_new_rules_callback(callback_data) {
+ var data_split;
+ var new_data_to_add = Array();
+ var data = callback_data;
+
+ data_split = data.split("\n");
+
+ // Loop through rows and generate replacement HTML
+ for(var x=0; x<data_split.length-1; x++) {
+ row_split = data_split[x].split("||");
+ var line = '';
+ line = '<td class="listMRr">' + row_split[0] + '<br/>' + row_split[1] + '</td>';
+ line += '<td class="listMRr ellipsis" nowrap><div style="display:inline;" title="';
+ line += row_split[2] + '">' + row_split[2] + '</div><br/><div style="display:inline;" title="';
+ line += row_split[3] + '">' + row_split[3] + '</div></td>';
+ line += '<td class="listMRr">' + 'Pri: ' + row_split[4] + ' ' + row_split[5] + '</td>';
+ new_data_to_add[new_data_to_add.length] = line;
+ }
+ suricata_alerts_update_div_rows(new_data_to_add);
+ suricataisBusy = false;
+}
+function suricata_alerts_update_div_rows(data) {
+ if(suricataisPaused)
+ return;
+
+ var rows = jQuery('#suricata-alert-entries>tr');
+
+ // Number of rows to move by
+ var move = rows.length + data.length - suri_nentries;
+ if (move < 0)
+ move = 0;
+
+ for (var i = rows.length - 1; i >= move; i--) {
+ jQuery(rows[i]).html(jQuery(rows[i - move]).html());
+ }
+
+ var tbody = jQuery('#suricata-alert-entries');
+ for (var i = data.length - 1; i >= 0; i--) {
+ if (i < rows.length) {
+ jQuery(rows[i]).html(data[i]);
+ } else {
+ jQuery(tbody).prepend('<tr>' + data[i] + '</tr>');
+ }
+ }
+
+ // Add the even/odd class to each of the rows now
+ // they have all been added.
+ rows = jQuery('#suricata-alert-entries>tr');
+ for (var i = 0; i < rows.length; i++) {
+ rows[i].className = i % 2 == 0 ? 'listMRodd' : 'listMReven';
+ }
+}
+
+function fetch_new_surialerts() {
+ if(suricataisPaused)
+ return;
+ if(suricataisBusy)
+ return;
+
+ suricataisBusy = true;
+
+ jQuery.ajax('/widgets/widgets/suricata_alerts.widget.php?getNewAlerts=' + new Date().getTime(), {
+ type: 'GET',
+ dataType: 'text',
+ success: function(data) {
+ suricata_alerts_fetch_new_rules_callback(data);
+ }
+ });
+}
+
+function suricata_alerts_toggle_pause() {
+ if(suricataisPaused) {
+ suricataisPaused = false;
+ fetch_new_surialerts();
+ } else {
+ suricataisPaused = true;
+ }
+}
+/* start local AJAX engine */
+suricatatimer = setInterval('fetch_new_surialerts()', suricataupdateDelay);
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index c36c0dd7..07e4eb1f 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -3,19 +3,30 @@
* suricata_alerts.php
* part of pfSense
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -32,6 +43,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
$supplist = array();
+$suri_pf_table = SURICATA_PF_TABLE;
function suricata_is_alert_globally_suppressed($list, $gid, $sid) {
@@ -109,23 +121,24 @@ function suricata_add_supplist_entry($suppress) {
}
}
- /* If we created a new list or updated an existing one, save the change, */
- /* tell Snort to load it, and return true; otherwise return false. */
+ /* If we created a new list or updated an existing one, save the change */
+ /* and return true; otherwise return false. */
if ($found_list) {
write_config();
sync_suricata_package_config();
- suricata_reload_config($a_instance[$instanceid]);
return true;
}
else
return false;
}
-if ($_GET['instance'])
- $instanceid = $_GET['instance'];
-if ($_POST['instance'])
+if (isset($_POST['instance']) && is_numericint($_POST['instance']))
$instanceid = $_POST['instance'];
-if (empty($instanceid))
+// This is for the auto-refresh so we can stay on the same interface
+elseif (isset($_GET['instance']) && is_numericint($_GET['instance']))
+ $instanceid = $_GET['instance'];
+
+if (is_null($instanceid))
$instanceid = 0;
if (!is_array($config['installedpackages']['suricata']['rule']))
@@ -163,63 +176,64 @@ if ($_POST['save']) {
exit;
}
-//if ($_POST['todelete'] || $_GET['todelete']) {
-// $ip = "";
-// if($_POST['todelete'])
-// $ip = $_POST['todelete'];
-// else if($_GET['todelete'])
-// $ip = $_GET['todelete'];
-// if (is_ipaddr($ip)) {
-// exec("/sbin/pfctl -t snort2c -T delete {$ip}");
-// $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table.");
-// }
-//}
-
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
-
- /* Add the new entry to the Suppress List */
- if (suricata_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
- else
- $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
+if ($_POST['unblock'] && $_POST['ip']) {
+ if (is_ipaddr($_POST['ip'])) {
+ exec("/sbin/pfctl -t {$suri_pf_table} -T delete {$_POST['ip']}");
+ $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table.");
+ }
}
-if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip") && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if ($_GET['act'] == "addsuppress_srcip")
+if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ if ($_POST['addsuppress_srcip'])
$method = "by_src";
- else
+ elseif ($_POST['addsuppress_dstip'])
$method = "by_dst";
-
- /* Check for valid IP addresses, exit if not valid */
- if (is_ipaddr($_GET['ip']) || is_ipaddrv6($_GET['ip'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- }
- else {
- header("Location: /suricata/suricata_alerts.php?instance={$instanceid}");
- exit;
+ else
+ $method ="all";
+
+ // See which kind of Suppress Entry to create
+ switch ($method) {
+ case "all":
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}' has been added to the Suppress List.");
+ break;
+ case "by_src":
+ case "by_dst":
+ // Check for valid IP addresses, exit if not valid
+ if (is_ipaddr($_POST['ip'])) {
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}' has been added to the Suppress List.");
+ }
+ else {
+ header("Location: /suricata/suricata_alerts.php");
+ exit;
+ }
+ break;
+ default:
+ header("Location: /suricata/suricata_alerts.php");
+ exit;
}
- /* Add the new entry to the Suppress List */
- if (suricata_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.");
+ /* Add the new entry to the Suppress List and signal Suricata to reload config */
+ if (suricata_add_supplist_entry($suppress)) {
+ suricata_reload_config($a_instance[$instanceid]);
+ $savemsg = $success;
+ sleep(2);
+ }
else
- /* We did not find the defined list, so notify the user with an error */
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
}
-if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gen_id'];
-
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['sidid'];
+if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ // Get the GID and SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gen_id'];
+ $sid= $_POST['sidid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it if present.
@@ -268,21 +282,18 @@ if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GE
/* Signal Suricata to live-load the new rules */
suricata_reload_config($a_instance[$instanceid]);
+ sleep(2);
- $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 30 secs for the process to complete before toggling additional rules.");
+ $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules.");
}
-if ($_GET['action'] == "clear" || $_POST['delete']) {
- conf_mount_rw();
+if ($_POST['delete']) {
suricata_post_delete_logs($suricata_uuid);
$fd = @fopen("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/alerts.log", "w+");
if ($fd)
fclose($fd);
- conf_mount_ro();
/* XXX: This is needed if suricata is run as suricata user */
mwexec('/bin/chmod 660 {$suricatalogdir}*', true);
- if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"))
- mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid -a");
header("Location: /suricata/suricata_alerts.php?instance={$instanceid}");
exit;
}
@@ -332,16 +343,21 @@ if ($pconfig['arefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/suricata/suricata_alerts.php?instance={$instanceid}\" />\n";
?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
- if ($savemsg) {
- print_info_box($savemsg);
- }
+<?php
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<form action="/suricata/suricata_alerts.php" method="post" id="formalert">
+<input type="hidden" name="sidid" id="sidid" value=""/>
+<input type="hidden" name="gen_id" id="gen_id" value=""/>
+<input type="hidden" name="ip" id="ip" value=""/>
+<input type="hidden" name="descr" id="descr" value=""/>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -349,10 +365,13 @@ if ($pconfig['arefresh'] == 'on')
$tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -364,13 +383,13 @@ if ($pconfig['arefresh'] == 'on')
<tr>
<td width="22%" class="vncell"><?php echo gettext('Instance to Inspect'); ?></td>
<td width="78%" class="vtable">
- <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='get';document.getElementById('formalert').submit()">
+ <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='post';document.getElementById('formalert').submit()">
<?php
foreach ($a_instance as $id => $instance) {
$selected = "";
if ($id == $instanceid)
$selected = "selected";
- echo "<option value='{$id}' {$selected}> (" . suricata_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . ") {$instance['descr']}</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which instance alerts you want to inspect.'); ?>
@@ -378,22 +397,23 @@ if ($pconfig['arefresh'] == 'on')
<tr>
<td width="22%" class="vncell"><?php echo gettext('Save or Remove Logs'); ?></td>
<td width="78%" class="vtable">
- <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' .
- 'log files will be saved.'); ?>&nbsp;&nbsp;<a href="/suricata/suricata_alerts.php?action=clear&instance=<?=$instanceid;?>">
- <input name="delete" type="submit" class="formbtns" value="Clear"
- onclick="return confirm('Do you really want to remove all instance logs?')"></a>
- <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
+ <input name="download" type="submit" class="formbtns" value="Download"
+ title="<?=gettext("Download interface log files as a gzip archive");?>"/>
+ &nbsp;<?php echo gettext('All log files will be saved.');?>&nbsp;&nbsp;
+ <input name="delete" type="submit" class="formbtns" value="Clear"
+ onclick="return confirm('Do you really want to remove all instance logs?')" title="<?=gettext("Clear all interface log files");?>"/>
+ &nbsp;<span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span>&nbsp;<?php echo gettext('all log files will be deleted.'); ?>
</td>
</tr>
<tr>
<td width="22%" class="vncell"><?php echo gettext('Auto Refresh and Log View'); ?></td>
<td width="78%" class="vtable">
- <input name="save" type="submit" class="formbtns" value="Save">
- <?php echo gettext('Refresh'); ?> <input name="arefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['suricata']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
- <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
- <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>">
- <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
+ <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
+ &nbsp;<?php echo gettext('Refresh');?>&nbsp;&nbsp;<input name="arefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/>
+ <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
+ <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/>
+ &nbsp;<?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
</td>
</tr>
<tr>
@@ -402,31 +422,31 @@ if ($pconfig['arefresh'] == 'on')
</tr>
<tr>
<td width="100%" colspan="2">
- <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0">
+ <table id="myTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0">
<colgroup>
<col width="10%" align="center" axis="date">
- <col width="41" align="center" axis="number">
- <col width="64" align="center" axis="string">
+ <col width="40" align="center" axis="number">
+ <col width="52" align="center" axis="string">
<col width="10%" axis="string">
<col width="13%" align="center" axis="string">
- <col width="8%" align="center" axis="string">
+ <col width="7%" align="center" axis="string">
<col width="13%" align="center" axis="string">
- <col width="8%" align="center" axis="string">
- <col width="9%" align="center" axis="number">
+ <col width="7%" align="center" axis="string">
+ <col width="10%" align="center" axis="number">
<col axis="string">
</colgroup>
<thead>
<tr>
- <th class="listhdrr" axis="date"><?php echo gettext("DATE"); ?></th>
- <th class="listhdrr" axis="number"><?php echo gettext("PRI"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("PROTO"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("CLASS"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("SRC"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("SPORT"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DST"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DPORT"); ?></th>
+ <th class="listhdrr" axis="date"><?php echo gettext("Date"); ?></th>
+ <th class="listhdrr" axis="number"><?php echo gettext("Pri"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Proto"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Class"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Src"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("SPort"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Dst"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("DPort"); ?></th>
<th class="listhdrr" axis="number"><?php echo gettext("SID"); ?></th>
- <th class="listhdrr" axis="string"><?php echo gettext("DESCRIPTION"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Description"); ?></th>
</tr>
</thead>
<tbody>
@@ -434,21 +454,30 @@ if ($pconfig['arefresh'] == 'on')
/* make sure alert file exists */
if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) {
- exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_{$suricata_uuid}");
- if (file_exists("/tmp/alerts_{$suricata_uuid}")) {
+ exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_suricata{$suricata_uuid}");
+ if (file_exists("/tmp/alerts_suricata{$suricata_uuid}")) {
$tmpblocked = array_flip(suricata_get_blocked_ips());
$counter = 0;
/* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
/* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */
- $fd = fopen("/tmp/alerts_{$suricata_uuid}", "r");
+ $fd = fopen("/tmp/alerts_suricata{$suricata_uuid}", "r");
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 12)
+ if(count($fields) < 13)
continue;
+ // Create a DateTime object from the event timestamp that
+ // we can use to easily manipulate output formats.
+ $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]);
+
+ // Check the 'CATEGORY' field for the text "(null)" and
+ // substitute "Not Assigned".
+ if ($fields[6] == "(null)")
+ $fields[6] = "Not Assigned";
+
/* Time */
- $alert_time = substr($fields[0], strpos($fields[0], '-')+1, -7);
+ $alert_time = date_format($event_tm, "H:i:s");
/* Date */
- $alert_date = trim(substr($fields[0], 0, strpos($fields[0], '-')));
+ $alert_date = date_format($event_tm, "m/d/Y");
/* Description */
$alert_descr = $fields[5];
$alert_descr_url = urlencode($fields[5]);
@@ -470,9 +499,9 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
/* Add icons for auto-adding to Suppress List if appropriate */
if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) &&
!isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) {
- $alert_ip_src .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_srcip&sidid={$fields[3]}&gen_id={$fields[2]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[9])) . "'>";
- $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'></a>";
+ $alert_ip_src .= "&nbsp;&nbsp;<input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[9]}','{$alert_descr}');\" ";
+ $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'/>";
}
elseif (isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) {
$alert_ip_src .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -480,9 +509,8 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
}
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[9]])) {
- $alert_ip_src .= "&nbsp;";
- $alert_ip_src .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[9])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
+ $alert_ip_src .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" ";
+ $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
}
/* IP SRC Port */
$alert_src_p = $fields[10];
@@ -499,10 +527,10 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
$alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
/* Add icons for auto-adding to Suppress List if appropriate */
if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) &&
- !isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[1]])) {
- $alert_ip_dst .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_dstip&sidid={$fields[3]}&gen_id={$fields[2]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[11])) . "'>";
- $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'></a>";
+ !isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) {
+ $alert_ip_dst .= "&nbsp;&nbsp;<input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[11]}','{$alert_descr}');\" ";
+ $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>";
}
elseif (isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) {
$alert_ip_dst .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -510,18 +538,17 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
}
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[11]])) {
- $alert_ip_dst .= "&nbsp;";
- $alert_ip_dst .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[11])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
+ $alert_ip_dst .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" ";
+ $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
}
/* IP DST Port */
$alert_dst_p = $fields[12];
/* SID */
$alert_sid_str = "{$fields[2]}:{$fields[3]}";
if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3])) {
- $sidsupplink = "<a href='?instance={$instanceid}&act=addsuppress&sidid={$fields[3]}&gen_id={$fields[2]}&descr={$alert_descr_url}'>";
- $sidsupplink .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'></a>";
+ $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','{$alert_descr}');\" ";
+ $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>";
}
else {
$sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -529,14 +556,14 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
}
/* Add icon for toggling rule state */
if (isset($disablesid[$fields[2]][$fields[3]])) {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[3]}&gen_id={$fields[2]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>";
}
else {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[3]}&gen_id={$fields[2]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>";
}
/* DESCRIPTION */
$alert_class = $fields[6];
@@ -546,18 +573,18 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
<td class='listr' align='center'>{$alert_priority}</td>
<td class='listr' align='center'>{$alert_proto}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td>
- <td class='listr' align='center'>{$alert_ip_src}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[9]}'>{$alert_ip_src}</td>
<td class='listr' align='center'>{$alert_src_p}</td>
- <td class='listr' align='center'>{$alert_ip_dst}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[11]}'>{$alert_ip_dst}</td>
<td class='listr' align='center'>{$alert_dst_p}</td>
- <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
- <td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[3]}'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
+ <td class='listbg' style=\"word-wrap:break-word;\">{$alert_descr}</td>
</tr>\n";
$counter++;
}
fclose($fd);
- @unlink("/tmp/alerts_{$suricata_uuid}");
+ @unlink("/tmp/alerts_suricata{$suricata_uuid}");
}
}
?>
@@ -573,6 +600,21 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
<?php
include("fend.inc");
?>
-
+<script type="text/javascript">
+function encRuleSig(rulegid,rulesid,srcip,ruledescr) {
+
+ // This function stuffs the passed GID, SID
+ // and other values into hidden Form Fields
+ // for postback.
+ if (typeof srcipip == "undefined")
+ var srcipip = "";
+ if (typeof ruledescr == "undefined")
+ var ruledescr = "";
+ document.getElementById("sidid").value = rulesid;
+ document.getElementById("gen_id").value = rulegid;
+ document.getElementById("ip").value = srcip;
+ document.getElementById("descr").value = ruledescr;
+}
+</script>
</body>
</html>
diff --git a/config/suricata/suricata_alerts.widget.php b/config/suricata/suricata_alerts.widget.php
new file mode 100644
index 00000000..21fad03d
--- /dev/null
+++ b/config/suricata/suricata_alerts.widget.php
@@ -0,0 +1,229 @@
+<?php
+/*
+ suricata_alerts.widget.php
+ Copyright (C) 2009 Jim Pingle
+ mod 24-07-2012
+
+ Copyright (C) 2014 Bill Meeks
+ mod 03-Mar-2014 adapted for use with Suricata by Bill Meeks
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$nocsrf = true;
+
+require_once("guiconfig.inc");
+require_once("/usr/local/www/widgets/include/widget-suricata.inc");
+
+global $config, $g;
+
+/* Retrieve Suricata configuration */
+if (!is_array($config['installedpackages']['suricata']['rule']))
+ $config['installedpackages']['suricata']['rule'] = array();
+$a_instance = &$config['installedpackages']['suricata']['rule'];
+
+/* array sorting */
+function sksort(&$array, $subkey="id", $sort_ascending=false) {
+ /* an empty array causes sksort to fail - this test alleviates the error */
+ if(empty($array))
+ return false;
+ if (count($array)){
+ $temp_array[key($array)] = array_shift($array);
+ };
+ foreach ($array as $key => $val){
+ $offset = 0;
+ $found = false;
+ foreach ($temp_array as $tmp_key => $tmp_val) {
+ if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) {
+ $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset));
+ $found = true;
+ };
+ $offset++;
+ };
+ if (!$found) $temp_array = array_merge($temp_array, array($key => $val));
+ };
+
+ if ($sort_ascending) {
+ $array = array_reverse($temp_array);
+ } else $array = $temp_array;
+ /* below is the complement for empty array test */
+ return true;
+};
+
+/* check if suricata widget variable is set */
+$suri_nentries = $config['widgets']['widget_suricata_display_lines'];
+if (!isset($suri_nentries) || $suri_nentries < 0)
+ $suri_nentries = 5;
+
+// Called by Ajax to update alerts table contents
+if (isset($_GET['getNewAlerts'])) {
+ $response = "";
+ $suri_alerts = suricata_widget_get_alerts();
+ $counter = 0;
+ foreach ($suri_alerts as $a) {
+ $response .= $a['instanceid'] . " " . $a['dateonly'] . "||" . $a['timeonly'] . "||" . $a['src'] . "||";
+ $response .= $a['dst'] . "||" . $a['priority'] . "||" . $a['category'] . "\n";
+ $counter++;
+ if($counter >= $suri_nentries)
+ break;
+ }
+ echo $response;
+ return;
+}
+
+if(isset($_POST['widget_suricata_display_lines'])) {
+ $config['widgets']['widget_suricata_display_lines'] = $_POST['widget_suricata_display_lines'];
+ write_config("Saved Suricata Alerts Widget Displayed Lines Parameter via Dashboard");
+ header("Location: ../../index.php");
+}
+
+// Read "$suri_nentries" worth of alerts from the top of the alerts.log file
+function suricata_widget_get_alerts() {
+
+ global $config, $a_instance, $suri_nentries;
+ $suricata_alerts = array();
+
+ /* read log file(s) */
+ $counter=0;
+ foreach ($a_instance as $instanceid => $instance) {
+ $suricata_uuid = $a_instance[$instanceid]['uuid'];
+ $if_real = get_real_interface($a_instance[$instanceid]['interface']);
+
+ // make sure alert file exists, then grab the most recent {$suri_nentries} from it
+ // and write them to a temp file.
+ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) {
+ exec("tail -{$suri_nentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/surialerts_{$suricata_uuid}");
+ if (file_exists("/tmp/surialerts_{$suricata_uuid}")) {
+
+ /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
+ /* File format: timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */
+ $fd = fopen("/tmp/surialerts_{$suricata_uuid}", "r");
+ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
+ if(count($fields) < 13)
+ continue;
+
+ // Create a DateTime object from the event timestamp that
+ // we can use to easily manipulate output formats.
+ $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]);
+
+ // Check the 'CATEGORY' field for the text "(null)" and
+ // substitute "No classtype defined".
+ if ($fields[6] == "(null)")
+ $fields[6] = "No classtype assigned";
+
+ $suricata_alerts[$counter]['instanceid'] = strtoupper($a_instance[$instanceid]['interface']);
+ $suricata_alerts[$counter]['timestamp'] = strval(date_timestamp_get($event_tm));
+ $suricata_alerts[$counter]['timeonly'] = date_format($event_tm, "H:i:s");
+ $suricata_alerts[$counter]['dateonly'] = date_format($event_tm, "M d");
+ // Add square brackets around any IPv6 address
+ if (is_ipaddrv6($fields[9]))
+ $suricata_alerts[$counter]['src'] = "[" . $fields[9] . "]";
+ else
+ $suricata_alerts[$counter]['src'] = $fields[9];
+ // Add the SRC PORT if not null
+ if (!empty($fields[10]))
+ $suricata_alerts[$counter]['src'] .= ":" . $fields[10];
+ // Add square brackets around any IPv6 address
+ if (is_ipaddrv6($fields[11]))
+ $suricata_alerts[$counter]['dst'] = "[" . $fields[11] . "]";
+ else
+ $suricata_alerts[$counter]['dst'] = $fields[11];
+ // Add the SRC PORT if not null
+ if (!empty($fields[12]))
+ $suricata_alerts[$counter]['dst'] .= ":" . $fields[12];
+ $suricata_alerts[$counter]['priority'] = $fields[7];
+ $suricata_alerts[$counter]['category'] = $fields[6];
+ $counter++;
+ };
+ fclose($fd);
+ @unlink("/tmp/surialerts_{$suricata_uuid}");
+ };
+ };
+ };
+
+ // Sort the alerts array
+ if (isset($config['syslog']['reverse'])) {
+ sksort($suricata_alerts, 'timestamp', false);
+ } else {
+ sksort($suricata_alerts, 'timestamp', true);
+ }
+
+ return $suricata_alerts;
+}
+
+/* display the result */
+?>
+
+<input type="hidden" id="suricata_alerts-config" name="suricata_alerts-config" value=""/>
+<div id="suricata_alerts-settings" class="widgetconfigdiv" style="display:none;">
+ <form action="/widgets/widgets/suricata_alerts.widget.php" method="post" name="iformd">
+ Enter number of recent alerts to display (default is 5)<br/>
+ <input type="text" size="5" name="widget_suricata_display_lines" class="formfld unknown" id="widget_suricata_display_lines" value="<?= $config['widgets']['widget_suricata_display_lines'] ?>" />
+ &nbsp;&nbsp;<input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" />
+ </form>
+</div>
+
+<table width="100%" border="0" cellspacing="0" cellpadding="0" style="table-layout: fixed;">
+ <colgroup>
+ <col style="width: 24%;" />
+ <col style="width: 38%;" />
+ <col style="width: 38%;" />
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?=gettext("IF/Date");?></th>
+ <th class="listhdrr"><?=gettext("Src/Dst Address");?></th>
+ <th class="listhdrr"><?=gettext("Classification");?></th>
+ </tr>
+ </thead>
+ <tbody id="suricata-alert-entries">
+ <?php
+ $suricata_alerts = suricata_widget_get_alerts($suri_nentries);
+ $counter=0;
+ if (is_array($suricata_alerts)) {
+ foreach ($suricata_alerts as $alert) {
+ $evenRowClass = $counter % 2 ? " listMReven" : " listMRodd";
+ echo(" <tr class='" . $evenRowClass . "'>
+ <td class='listMRr'>" . $alert['instanceid'] . " " . $alert['dateonly'] . "<br/>" . $alert['timeonly'] . "</td>
+ <td class='listMRr ellipsis' nowrap><div style='display:inline;' title='" . $alert['src'] . "'>" . $alert['src'] . "</div><br/><div style='display:inline;' title='" . $alert['dst'] . "'>" . $alert['dst'] . "</div></td>
+ <td class='listMRr'>Pri: " . $alert['priority'] . " " . $alert['category'] . "</td></tr>");
+ $counter++;
+ if($counter >= $suri_nentries)
+ break;
+ }
+ }
+ ?>
+ </tbody>
+</table>
+
+<script type="text/javascript">
+//<![CDATA[
+ var suricataupdateDelay = 10000; // update every 10 seconds
+ var suri_nentries = <?php echo $suri_nentries; ?>; // default is 5
+
+<!-- needed to display the widget settings menu -->
+ selectIntLink = "suricata_alerts-configure";
+ textlink = document.getElementById(selectIntLink);
+ textlink.style.display = "inline";
+//]]>
+</script>
+
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 0be45c32..c28b99d1 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -3,12 +3,23 @@
* suricata_app_parsers.php
* part of pfSense
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
@@ -28,19 +39,18 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (is_null($id))
+ $id = 0;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
@@ -51,10 +61,21 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item']))
$config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array();
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
$a_nat = &$config['installedpackages']['suricata']['rule'];
$libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']);
+// Build a lookup array of currently used engine 'bind_to' Aliases
+// so we can screen matching Alias names from the list.
+$used = array();
+foreach ($a_nat[$id]['libhtp_policy']['item'] as $v)
+ $used[$v['bind_to']] = true;
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* Get current values from config for page form fields */
@@ -78,29 +99,143 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy'];
}
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+// Check for "import or select alias mode" and set flags if TRUE.
+// "selectalias", when true, displays radio buttons to limit
+// multiple selections.
+if ($_POST['import_alias']) {
+ $importalias = true;
+ $selectalias = false;
+ $title = "HTTP Server Policy";
}
-
-if ($_GET['act'] && isset($_GET['eng_id'])) {
-
+elseif ($_POST['select_alias']) {
+ $importalias = true;
+ $selectalias = true;
+ $title = "HTTP Server Policy";
+
+ // Preserve current Libhtp Policy Engine settings
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['policy_name'];
+ $eng_bind = $_POST['policy_bind_to'];
+ $eng_personality = $_POST['personality'];
+ $eng_req_body_limit = $_POST['req_body_limit'];
+ $eng_resp_body_limit = $_POST['resp_body_limit'];
+ $eng_enable_double_decode_path = $_POST['enable_double_decode_path'];
+ $eng_enable_double_decode_query = $_POST['enable_double_decode_query'];
+ $mode = "add_edit_libhtp_policy";
+}
+if ($_POST['save_libhtp_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $eng_id = $_POST['eng_id'];
+
+ // Grab all the POST values and save in new temp array
+ $engine = array();
+ $policy_name = trim($_POST['policy_name']);
+ if ($policy_name) {
+ $engine['name'] = $policy_name;
+ }
+ else
+ $input_errors[] = gettext("The 'Policy Name' value cannot be blank.");
+
+ if ($_POST['policy_bind_to']) {
+ if (is_alias($_POST['policy_bind_to']))
+ $engine['bind_to'] = $_POST['policy_bind_to'];
+ elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
+ $engine['bind_to'] = "all";
+ else
+ $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
+ }
+ else
+ $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
+
+ if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "bsd"; }
+
+ if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0)
+ $engine['request-body-limit'] = $_POST['req_body_limit'];
+ else
+ $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero.");
+
+ if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0)
+ $engine['response-body-limit'] = $_POST['resp_body_limit'];
+ else
+ $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero.");
+
+ if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; }
+ if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; }
+
+ // Can only have one "all" Bind_To address
+ if ($engine['bind_to'] == "all" && $engine['name'] <> "default")
+ $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ if (isset($eng_id) && $a_nat[$id]['libhtp_policy']['item'][$eng_id]) {
+ $a_nat[$id]['libhtp_policy']['item'][$eng_id] = $engine;
+ }
+ else
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+
+ /* Reorder the engine array to ensure the */
+ /* 'bind_to=all' entry is at the bottom */
+ /* if it contains more than one entry. */
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ /* Only relocate the entry if we */
+ /* found it, and it's not already */
+ /* at the end. */
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ }
+
+ // Now write the new engine array to conf
+ write_config();
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
+ }
+ else {
+ $add_edit_libhtp_policy = true;
+ $pengcfg = $engine;
+ }
+ }
+}
+elseif ($_POST['add_libhtp_policy']) {
+ $add_edit_libhtp_policy = true;
+ $pengcfg = array( "name" => "engine_{$libhtp_engine_next_id}", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+ $eng_id = $libhtp_engine_next_id;
+}
+elseif ($_POST['edit_libhtp_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $add_edit_libhtp_policy = true;
+ $eng_id = $_POST['eng_id'];
+ $pengcfg = $a_nat[$id]['libhtp_policy']['item'][$eng_id];
+ }
+}
+elseif ($_POST['del_libhtp_policy']) {
$natent = array();
$natent = $pconfig;
- if ($_GET['act'] == "del_libhtp_policy")
- unset($natent['libhtp_policy']['item'][$_GET['eng_id']]);
-
+ if ($_POST['eng_id'] != "") {
+ unset($natent['libhtp_policy']['item'][$_POST['eng_id']]);
+ $pconfig = $natent;
+ }
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
-
- header("Location: /suricata/suricata_app_parsers.php?id=$id");
- exit;
}
-
-if ($_POST['ResetAll']) {
+elseif ($_POST['cancel_libhtp_policy']) {
+ $add_edit_libhtp_policy = false;
+}
+elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
$pconfig['asn1_max_frames'] = "256";
@@ -108,7 +243,111 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+elseif ($_POST['save_import_alias']) {
+ // If saving out of "select alias" mode,
+ // then return to Libhtp Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_libhtp_policy') {
+ $pengcfg = array();
+ $eng_id = $_POST['eng_id'];
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['personality'] = $_POST['eng_personality'];
+ $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit'];
+ $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit'];
+ $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path'];
+ $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query'];
+ $add_edit_libhtp_policy = true;
+ $mode = "add_edit_libhtp_policy";
+
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) {
+ $pengcfg['bind_to'] = $_POST['aliastoimport'][0];
+ $importalias = false;
+ $selectalias = false;
+ }
+ else {
+ $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE.");
+ $importalias = true;
+ $selectalias = true;
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['eng_name'];
+ $eng_bind = $_POST['eng_bind'];
+ $eng_personality = $_POST['eng_personality'];
+ $eng_req_body_limit = $_POST['eng_req_body_limit'];
+ $eng_resp_body_limit = $_POST['eng_resp_body_limit'];
+ $eng_enable_double_decode_path = $_POST['eng_enable_double_decode_path'];
+ $eng_enable_double_decode_query = $_POST['eng_enable_double_decode_query'];
+ }
+ }
+ else {
+ $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
+ }
+
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ }
+ }
+}
+elseif ($_POST['cancel_import_alias']) {
+ $importalias = false;
+ $selectalias = false;
+ $eng_id = $_POST['eng_id'];
+
+ // If cancelling out of "select alias" mode,
+ // then return to Libhtp Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_libhtp_policy') {
+ $pengcfg = array();
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['personality'] = $_POST['eng_personality'];
+ $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit'];
+ $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit'];
+ $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path'];
+ $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query'];
+ $add_edit_libhtp_policy = true;
+ }
+}
+elseif ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -122,15 +361,14 @@ elseif ($_POST['Submit']) {
/**************************************************/
/* If we have a valid rule ID, save configuration */
- /* then update the suricata.conf file and rebuild */
- /* the rules for this interface. */
+ /* then update the suricata.conf file for this */
+ /* interface. */
/**************************************************/
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
- $rebuild_rules = true;
- suricata_generate_yaml($natent);
$rebuild_rules = false;
+ suricata_generate_yaml($natent);
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -149,40 +387,33 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
-
+<?php include("fbegin.inc");
+ /* Display error or save message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
-
if ($savemsg) {
print_info_box($savemsg);
}
-
?>
-<script type="text/javascript" src="/javascript/autosuggest.js">
-</script>
-<script type="text/javascript" src="/javascript/suggestions.js">
-</script>
-
-<form action="suricata_app_parsers.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="suricata_app_parsers.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -194,10 +425,29 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("App Parsers"), true, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
+
+<?php if ($importalias) : ?>
+ <?php include("/usr/local/www/suricata/suricata_import_aliases.php");
+ if ($selectalias) {
+ echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>';
+ echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>';
+ echo '<input type="hidden" name="eng_personality" value="' . $eng_personality . '"/>';
+ echo '<input type="hidden" name="eng_req_body_limit" value="' . $eng_req_body_limit . '"/>';
+ echo '<input type="hidden" name="eng_resp_body_limit" value="' . $eng_resp_body_limit . '"/>';
+ echo '<input type="hidden" name="eng_enable_double_decode_path" value="' . $eng_enable_double_decode_path . '"/>';
+ echo '<input type="hidden" name="eng_enable_double_decode_query" value="' . $eng_enable_double_decode_query . '"/>';
+ }
+ ?>
+
+<?php elseif ($add_edit_libhtp_policy) : ?>
+ <?php include("/usr/local/www/suricata/suricata_libhtp_policy_engine.php"); ?>
+
+<?php else: ?>
+
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
@@ -231,25 +481,23 @@ include_once("head.inc");
<tr>
<th class="listhdrr" axis="string"><?php echo gettext("Name");?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
- <th class="list" align="right"><a href="suricata_import_aliases.php?id=<?=$id?>&eng=libhtp_policy">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"></a>
- <a href="suricata_libhtp_policy_engine.php?id=<?=$id?>&eng_id=<?=$libhtp_engine_next_id?>">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></a></th>
+ <th class="list" align="right"><input type="image" name="import_alias[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"/>
+ <input type="image" name="add_libhtp_policy[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></th>
</tr>
</thead>
<?php foreach ($pconfig['libhtp_policy']['item'] as $f => $v): ?>
<tr>
<td class="listlr" align="left"><?=gettext($v['name']);?></td>
<td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
- <td class="listt" align="right"><a href="suricata_libhtp_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
+ <td class="listt" align="right"><input type="image" name="edit_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"/>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="suricata_app_parsers.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_libhtp_policy" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this server configuration");?>"></a>
+ <input type="image" name="del_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this server configuration");?>">
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -263,9 +511,9 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save flow and stream settings"); ?>">
- <input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
+ &nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" .
gettext("WARNING: This will reset ALL App Parsers settings to their defaults. Click OK to continue or CANCEL to quit.") .
@@ -278,26 +526,12 @@ include_once("head.inc");
<?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td>
</tr>
</table>
+
+<?php endif; ?>
+
</div>
</td></tr></table>
</form>
-<script type="text/javascript">
-function wopen(url, name, w, h)
-{
- // Fudge factors for window decoration space.
- // In my tests these work well on all platforms & browsers.
- w += 32;
- h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index f0bdbd17..d4afe4f4 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -3,12 +3,23 @@
* suricata_barnyard.php
* part of pfSense
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
@@ -33,9 +44,11 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /suricata/suricata_interfaces.php");
exit;
@@ -46,8 +59,8 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
$a_nat = &$config['installedpackages']['suricata']['rule'];
$pconfig = array();
+
if (isset($id) && $a_nat[$id]) {
- /* old options */
$pconfig = $a_nat[$id];
if (!empty($a_nat[$id]['barnconfigpassthru']))
$pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
@@ -69,28 +82,28 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['barnyard_syslog_facility'] = "LOG_USER";
if (empty($a_nat[$id]['barnyard_syslog_priority']))
$pconfig['barnyard_syslog_priority'] = "LOG_INFO";
+ if (empty($a_nat[$id]['barnyard_bro_ids_dport']))
+ $pconfig['barnyard_bro_ids_dport'] = "47760";
+ if (empty($a_nat[$id]['barnyard_sensor_id']))
+ $pconfig['barnyard_sensor_id'] = "0";
if (empty($a_nat[$id]['barnyard_sensor_name']))
$pconfig['barnyard_sensor_name'] = php_uname("n");
}
-if (isset($_GET['dup']))
- unset($id);
-
-if ($_POST) {
-
- foreach ($a_nat as $natent) {
- if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
- continue;
- if ($natent['interface'] != $_POST['interface'])
- $input_error[] = "This interface has already an instance defined";
- }
-
+if ($_POST['save']) {
// Check that at least one output plugin is enabled
- if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on')
+ if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' &&
+ $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on")
$input_errors[] = gettext("You must enable at least one output option when using Barnyard2.");
+ // Validate Sensor ID is a valid integer
+ if ($_POST['barnyard_enable'] == 'on') {
+ if (!is_numericint($_POST['barnyard_sensor_id']) || $_POST['barnyard_sensor_id'] < 0)
+ $input_errors[] = gettext("The value for 'Sensor ID' must be a valid positive integer.");
+ }
+
// Validate inputs if MySQL database loggging enabled
- if ($_POST['barnyard_mysql_enable'] == 'on') {
+ if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
if (empty($_POST['barnyard_dbhost']))
$input_errors[] = gettext("Please provide a valid hostname or IP address for the MySQL database host.");
if (empty($_POST['barnyard_dbname']))
@@ -100,13 +113,22 @@ if ($_POST) {
}
// Validate inputs if syslog output enabled
- if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_syslog_local'] <> 'on') {
+ if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_syslog_local'] <> 'on' &&
+ $_POST['barnyard_enable'] == "on") {
if (empty($_POST['barnyard_syslog_dport']) || !is_numeric($_POST['barnyard_syslog_dport']))
$input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Syslog Remote Port.");
if (empty($_POST['barnyard_syslog_rhost']))
$input_errors[] = gettext("Please provide a valid hostname or IP address for the Syslog Remote Host.");
}
+ // Validate inputs if Bro-IDS output enabled
+ if ($_POST['barnyard_bro_ids_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_bro_ids_dport']) || !is_numeric($_POST['barnyard_bro_ids_dport']))
+ $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Bro-IDS Remote Port.");
+ if (empty($_POST['barnyard_bro_ids_rhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the Bro-IDS Remote Host.");
+ }
+
// if no errors write to conf
if (!$input_errors) {
$natent = array();
@@ -121,9 +143,12 @@ if ($_POST) {
$natent['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'] ? 'on' : 'off';
$natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off';
$natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off';
+ $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off';
+ $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off';
$natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
$natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
+ if ($_POST['barnyard_sensor_id']) $natent['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; else $natent['barnyard_sensor_id'] = '0';
if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']);
if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']);
if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']);
@@ -133,70 +158,76 @@ if ($_POST) {
if ($_POST['barnyard_syslog_dport']) $natent['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; else $natent['barnyard_syslog_dport'] = '514';
if ($_POST['barnyard_syslog_facility']) $natent['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; else $natent['barnyard_syslog_facility'] = 'LOG_USER';
if ($_POST['barnyard_syslog_priority']) $natent['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; else $natent['barnyard_syslog_priority'] = 'LOG_INFO';
+ if ($_POST['barnyard_bro_ids_rhost']) $natent['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; else unset($natent['barnyard_bro_ids_rhost']);
+ if ($_POST['barnyard_bro_ids_dport']) $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; else $natent['barnyard_bro_ids_dport'] = '47760';
if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']);
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
- else {
- $a_nat[] = $natent;
- }
-
+ $a_nat[$id] = $natent;
write_config();
- // No need to rebuild rules if just toggling Barnyard2 on or off
+ // No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
sync_suricata_package_config();
- // Signal any running barnyard2 instance on this interface to
- // reload its configuration to pick up any changes made.
- suricata_barnyard_reload_config($a_nat[$id], "HUP");
-
- // after click go to this page
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: suricata_barnyard.php?id=$id");
- exit;
+ // If disabling Barnyard2 on the interface, stop any
+ // currently running instance. If an instance is
+ // running, signal it to reload the configuration.
+ // If Barnyard2 is enabled but not running, start it.
+ if ($a_nat[$id]['barnyard_enable'] == "off") {
+ suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
+ }
+ elseif ($a_nat[$id]['barnyard_enable'] == "on") {
+ if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2"))
+ suricata_barnyard_reload_config($a_nat[$id], "HUP");
+ else {
+ // Notify user a Suricata restart is required if enabling Barnyard2 for the first time
+ $savemsg = gettext("NOTE: you must restart Suricata on this interface to activate unified2 logging for Barnyard2.");
+ }
+ }
+
+ $pconfig = $natent;
+ }
+ else {
+ // We had errors, so save previous field data to prevent retyping
+ $pconfig = $_POST;
}
}
-$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Barnyard2 Settings");
include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<?php include("fbegin.inc");
-<?php
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
if ($savemsg) {
print_info_box($savemsg);
}
- ?>
+?>
-<form action="suricata_barnyard.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="suricata_barnyard.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -208,7 +239,7 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -254,14 +285,21 @@ include_once("head.inc");
<?php echo gettext("Enable obfuscation of logged IP addresses. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>
</td>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor ID"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_sensor_id" type="text" class="formfld unknown"
+ id="barnyard_sensor_id" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_id']);?>"/>
+ &nbsp;<?php echo gettext("Sensor ID to use for this sensor. Default is ") . "<strong>" . gettext("0.") . "</strong>"; ?>
+ </td>
+ </tr>
+ <tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor Name"); ?></td>
<td width="78%" class="vtable">
<input name="barnyard_sensor_name" type="text" class="formfld unknown"
id="barnyard_sensor_name" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_name']);?>"/>
- &nbsp;<?php echo gettext("Unique name to use for this sensor."); ?>
+ &nbsp;<?php echo gettext("Unique name to use for this sensor. (Optional)"); ?>
</td>
</tr>
- </tr>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Database Output Settings"); ?></td>
</tr>
@@ -272,6 +310,7 @@ include_once("head.inc");
onClick="toggle_mySQL()"/><?php echo gettext("Enable logging of alerts to a MySQL database instance"); ?><br/>
<?php echo gettext("You will also have to provide the database credentials in the fields below."); ?></td>
</tr>
+ <tbody id="mysql_config_rows">
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Database Host"); ?></td>
<td width="78%" class="vtable">
@@ -305,6 +344,15 @@ include_once("head.inc");
</td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Suricata instances."); ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td>
</tr>
<tr>
@@ -315,6 +363,7 @@ include_once("head.inc");
<?php echo gettext("Enable logging of alerts to a syslog receiver"); ?><br/>
<?php echo gettext("This will send alert data to either a local or remote syslog receiver."); ?></td>
</tr>
+ <tbody id="syslog_config_rows">
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Operation Mode"); ?></td>
<td width="78%" class="vtable">
@@ -395,6 +444,36 @@ include_once("head.inc");
<?php echo gettext("Select Syslog Priority (Level) to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?>
</td>
</tr>
+ </tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Bro-IDS Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Bro-IDS"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_bro_ids_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_bro_ids()"/>
+ <?php echo gettext("Enable logging of alerts to a Bro-IDS receiver"); ?><br/>
+ <?php echo gettext("This will send alert data to either a local or remote Bro-IDS receiver."); ?></td>
+ </tr>
+ <tbody id="bro_ids_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_rhost" type="text" class="formfld host"
+ id="barnyard_bro_ids_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_rhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of remote Bro-IDS host"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_dport" type="text" class="formfld unknown"
+ id="barnyard_bro_ids_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_dport']);?>"/>
+ &nbsp;<?php echo gettext("Port number for Bro-IDS instance on remote host. Default is ") . "<strong>" . gettext("47760") . "</strong>."; ?>
+ </td>
+ </tr>
+ </tbody>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Advanced Settings"); ?></td>
</tr>
@@ -410,7 +489,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="save" type="submit" class="formbtn" value="Save">
<input name="id" type="hidden" value="<?=$id;?>"> </td>
</tr>
<tr>
@@ -435,6 +514,12 @@ function toggle_mySQL() {
document.iform.barnyard_dbname.disabled = endis;
document.iform.barnyard_dbuser.disabled = endis;
document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
+
+ if (endis)
+ document.getElementById("mysql_config_rows").style.display = "none";
+ else
+ document.getElementById("mysql_config_rows").style.display = "";
}
function toggle_syslog() {
@@ -449,6 +534,11 @@ function toggle_syslog() {
document.iform.barnyard_syslog_proto_tcp.disabled = endis;
document.iform.barnyard_syslog_facility.disabled = endis;
document.iform.barnyard_syslog_priority.disabled = endis;
+
+ if (endis)
+ document.getElementById("syslog_config_rows").style.display = "none";
+ else
+ document.getElementById("syslog_config_rows").style.display = "";
}
function toggle_local_syslog() {
@@ -464,6 +554,18 @@ function toggle_local_syslog() {
}
}
+function toggle_bro_ids() {
+ var endis = !document.iform.barnyard_bro_ids_enable.checked;
+
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
+
+ if (endis)
+ document.getElementById("bro_ids_config_rows").style.display = "none";
+ else
+ document.getElementById("bro_ids_config_rows").style.display = "";
+}
+
function enable_change(enable_change) {
endis = !(document.iform.barnyard_enable.checked || enable_change);
// make sure a default answer is called if this is invoked.
@@ -472,12 +574,14 @@ function enable_change(enable_change) {
document.iform.barnyard_show_year.disabled = endis;
document.iform.barnyard_dump_payload.disabled = endis;
document.iform.barnyard_obfuscate_ip.disabled = endis;
+ document.iform.barnyard_sensor_id.disabled = endis;
document.iform.barnyard_sensor_name.disabled = endis;
document.iform.barnyard_mysql_enable.disabled = endis;
document.iform.barnyard_dbhost.disabled = endis;
document.iform.barnyard_dbname.disabled = endis;
document.iform.barnyard_dbuser.disabled = endis;
document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
document.iform.barnyard_syslog_enable.disabled = endis;
document.iform.barnyard_syslog_local.disabled = endis;
document.iform.barnyard_syslog_opmode_default.disabled = endis;
@@ -488,6 +592,9 @@ function enable_change(enable_change) {
document.iform.barnyard_syslog_proto_tcp.disabled = endis;
document.iform.barnyard_syslog_facility.disabled = endis;
document.iform.barnyard_syslog_priority.disabled = endis;
+ document.iform.barnyard_bro_ids_enable.disabled = endis;
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
document.iform.barnconfigpassthru.disabled = endis;
}
@@ -495,6 +602,7 @@ enable_change(false);
toggle_mySQL();
toggle_syslog();
toggle_local_syslog();
+toggle_bro_ids();
</script>
diff --git a/config/suricata/suricata_blocked.php b/config/suricata/suricata_blocked.php
new file mode 100644
index 00000000..96171c1e
--- /dev/null
+++ b/config/suricata/suricata_blocked.php
@@ -0,0 +1,323 @@
+<?php
+/*
+ * suricata_blocked.php
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+$suricatalogdir = SURICATALOGDIR;
+$suri_pf_table = SURICATA_PF_TABLE;
+
+if (!is_array($config['installedpackages']['suricata']['alertsblocks']))
+ $config['installedpackages']['suricata']['alertsblocks'] = array();
+
+$pconfig['brefresh'] = $config['installedpackages']['suricata']['alertsblocks']['brefresh'];
+$pconfig['blertnumber'] = $config['installedpackages']['suricata']['alertsblocks']['blertnumber'];
+
+if (empty($pconfig['blertnumber']))
+ $bnentries = '500';
+else
+ $bnentries = $pconfig['blertnumber'];
+
+if ($_POST['todelete']) {
+ $ip = "";
+ if ($_POST['ip'])
+ $ip = $_POST['ip'];
+ if (is_ipaddr($ip))
+ exec("/sbin/pfctl -t {$suri_pf_table} -T delete {$ip}");
+ else
+ $input_errors[] = gettext("An invalid IP address was provided as a parameter.");
+}
+
+if ($_POST['remove']) {
+ exec("/sbin/pfctl -t {$suri_pf_table} -T flush");
+ header("Location: /suricata/suricata_blocked.php");
+ exit;
+}
+
+/* TODO: build a file with block ip and disc */
+if ($_POST['download'])
+{
+ $blocked_ips_array_save = "";
+ exec("/sbin/pfctl -t {$suri_pf_table} -T show", $blocked_ips_array_save);
+ /* build the list */
+ if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) {
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "suricata_blocked_{$save_date}.tar.gz";
+ exec('/bin/mkdir -p /tmp/suricata_blocked');
+ file_put_contents("/tmp/suricata_blocked/suricata_block.pf", "");
+ foreach($blocked_ips_array_save as $counter => $fileline) {
+ if (empty($fileline))
+ continue;
+ $fileline = trim($fileline, " \n\t");
+ file_put_contents("/tmp/suricata_blocked/suricata_block.pf", "{$fileline}\n", FILE_APPEND);
+ }
+
+ // Create a tar gzip archive of blocked host IP addresses
+ exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/suricata_blocked suricata_block.pf");
+
+ // If we successfully created the archive, send it to the browser.
+ if(file_exists("/tmp/{$file_name}")) {
+ ob_start(); //important or other posts will fail
+ if (isset($_SERVER['HTTPS'])) {
+ header('Pragma: ');
+ header('Cache-Control: ');
+ } else {
+ header("Pragma: private");
+ header("Cache-Control: private, must-revalidate");
+ }
+ header("Content-Type: application/octet-stream");
+ header("Content-length: " . filesize("/tmp/{$file_name}"));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ ob_end_clean(); //important or other post will fail
+ readfile("/tmp/{$file_name}");
+
+ // Clean up the temp files and directory
+ @unlink("/tmp/{$file_name}");
+ exec("/bin/rm -fr /tmp/suricata_blocked");
+ } else
+ $savemsg = gettext("An error occurred while creating archive");
+ } else
+ $savemsg = gettext("No content on suricata block list");
+}
+
+if ($_POST['save'])
+{
+ /* no errors */
+ if (!$input_errors) {
+ $config['installedpackages']['suricata']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
+ $config['installedpackages']['suricata']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
+
+ write_config("Suricata pkg: updated BLOCKED tab settings.");
+
+ header("Location: /suricata/suricata_blocked.php");
+ exit;
+ }
+
+}
+
+$pgtitle = gettext("Suricata: Blocked Hosts");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+<script src="/javascript/filter_log.js" type="text/javascript"></script>
+
+<?php
+
+include_once("fbegin.inc");
+
+/* refresh every 60 secs */
+if ($pconfig['brefresh'] == 'on')
+ echo "<meta http-equiv=\"refresh\" content=\"60;url=/suricata/suricata_blocked.php\" />\n";
+
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+?>
+
+<form action="/suricata/suricata_blocked.php" method="post">
+<input type="hidden" name="ip" id="ip" value=""/>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+ <td>
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), true, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
+ ?>
+ </td>
+</tr>
+<tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" class="listtopic"><?php echo gettext("Blocked Hosts Log View Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell"><?php echo gettext("Save or Remove Hosts"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/>
+ &nbsp;<?php echo gettext("All blocked hosts will be saved."); ?>&nbsp;&nbsp;
+ <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>"
+ onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/>&nbsp;
+ <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>&nbsp;<?php echo gettext("all hosts will be removed."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell"><?php echo gettext("Auto Refresh and Log View"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
+ &nbsp;&nbsp;<?php echo gettext("Refresh"); ?>&nbsp;<input name="brefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['suricata']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['suricata']['alertsblocks']['brefresh']=='') echo "checked"; ?>/>
+ &nbsp;<?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
+ <input name="blertnumber" type="text" class="formfld unknown" id="blertnumber"
+ size="5" value="<?=htmlspecialchars($bnentries);?>"/>&nbsp;<?php printf(gettext("Enter number of " .
+ "blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Hosts Blocked by Suricata"), $bnentries); ?></td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="2" cellspacing="0">
+ <colgroup>
+ <col width="5%" align="center" axis="number">
+ <col width="15%" align="center" axis="string">
+ <col width="70%" align="left" axis="string">
+ <col width="10%" align="center">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr" axis="number">#</th>
+ <th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Remove"); ?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php
+
+ /* set the arrays */
+ $blocked_ips_array = suricata_get_blocked_ips();
+ if (!empty($blocked_ips_array)) {
+ foreach ($blocked_ips_array as &$ip)
+ $ip = inet_pton($ip);
+ $tmpblocked = array_flip($blocked_ips_array);
+ $src_ip_list = array();
+ foreach (glob("{$suricatalogdir}*/block.log*") as $alertfile) {
+ $fd = fopen($alertfile, "r");
+ if ($fd) {
+ /* 0 1 2 3 4 5 6 7 8 9 10 */
+ /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,ip,port */
+ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
+ if(count($fields) < 11)
+ continue;
+ $fields[9] = inet_pton($fields[9]);
+ if (isset($tmpblocked[$fields[9]])) {
+ if (!is_array($src_ip_list[$fields[9]]))
+ $src_ip_list[$fields[9]] = array();
+ $src_ip_list[$fields[9]][$fields[5]] = "{$fields[5]} - " . substr($fields[0], 0, -7);
+ }
+ }
+ fclose($fd);
+ }
+ }
+
+ foreach($blocked_ips_array as $blocked_ip) {
+ if (is_ipaddr($blocked_ip) && !isset($src_ip_list[$blocked_ip]))
+ $src_ip_list[$blocked_ip] = array("N\A\n");
+ }
+
+ /* build final list, build html */
+ $counter = 0;
+ foreach($src_ip_list as $blocked_ip => $blocked_msg) {
+ $blocked_desc = implode("<br/>", $blocked_msg);
+ if($counter > $bnentries)
+ break;
+ else
+ $counter++;
+
+ $block_ip_str = inet_ntop($blocked_ip);
+ /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
+ $tmp_ip = str_replace(":", ":&#8203;", $block_ip_str);
+ /* Add reverse DNS lookup icons */
+ $rdns_link = "";
+ $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$block_ip_str}&dialog_output=true', outputrule);\">";
+ $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
+ $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
+ $rdns_link .= "<a href='/diag_dns.php?host={$block_ip_str}'>";
+ $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
+ $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
+ /* use one echo to do the magic*/
+ echo "<tr>
+ <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td>
+ <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td>
+ <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td>
+ <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\">
+ <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$block_ip_str}';\"
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td>
+ </tr>\n";
+ }
+ }
+ ?>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="vexpl" align="center">
+ <?php if (!empty($blocked_ips_array)) {
+ if ($counter > 1)
+ echo "{$counter}" . gettext(" host IP addresses are currently being blocked.");
+ else
+ echo "{$counter}" . gettext(" host IP address is currently being blocked.");
+ }
+ else {
+ echo gettext("There are currently no hosts being blocked by Suricata.");
+ }
+ ?>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+</tr>
+</table>
+</form>
+<?php
+include("fend.inc");
+?>
+</body>
+</html>
diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc
index 88dfd5ff..f750c530 100644
--- a/config/suricata/suricata_check_cron_misc.inc
+++ b/config/suricata/suricata_check_cron_misc.inc
@@ -3,12 +3,23 @@
* suricata_check_cron_misc.inc
* part of pfSense
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
@@ -30,80 +41,178 @@
require_once("/usr/local/pkg/suricata/suricata.inc");
-// 'B' => 1,
-// 'KB' => 1024,
-// 'MB' => 1024 * 1024,
-// 'GB' => 1024 * 1024 * 1024,
-// 'TB' => 1024 * 1024 * 1024 * 1024,
-// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024,
+global $g, $config;
+
+function suricata_check_dir_size_limit($suricataloglimitsize) {
+
+ /********************************************************
+ * This function checks the total size of the Suricata *
+ * logging sub-directory structure and prunes the files *
+ * for all Suricata interfaces if the size exceeds the *
+ * passed limit. *
+ * *
+ * On Entry: $surictaaloglimitsize = dir size limit *
+ * in megabytes *
+ ********************************************************/
+
+ global $config;
+
+ // Convert Log Limit Size setting from MB to KB
+ $suricataloglimitsizeKB = round($suricataloglimitsize * 1024);
+ $suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR);
+
+ if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) {
+ log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated."));
+ conf_mount_rw();
+
+ // Truncate the Rules Update Log file if it exists
+ if (file_exists(RULES_UPD_LOGFILE)) {
+ log_error(gettext("[Suricata] Truncating the Rules Update Log file..."));
+ @file_put_contents(RULES_UPD_LOGFILE, "");
+ }
+ // Initialize an array of the log files we want to prune
+ $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" );
-/* chk if snort log dir is full if so clear it */
-$suricataloglimit = $config['installedpackages']['suricata']['config'][0]['suricataloglimit'];
-$suricataloglimitsize = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
+ // Clean-up the logs for each configured Suricata instance
+ foreach ($config['installedpackages']['suricata']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $suricata_uuid = $value['uuid'];
+ $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
+ log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})..."));
+ suricata_post_delete_logs($suricata_uuid);
+
+ foreach ($logs as $file) {
+ // Truncate the log file if it exists
+ if (file_exists("{$suricata_log_dir}/{$file}")) {
+ try {
+ file_put_contents("{$suricata_log_dir}/{$file}", "");
+ } catch (Exception $e) {
+ log_error("[Suricata] Failed to truncate file '{$suricata_log_dir}/{$file}' -- error was {$e->getMessage()}");
+ }
+ }
+ }
-if ($g['booting']==true)
- return;
+ // Check for any captured stored files and clean them up
+ unlink_if_exists("{$suricata_log_dir}/files/*");
-if ($suricataloglimit == 'off')
- return;
+ // This is needed if suricata is run as suricata user
+ mwexec('/bin/chmod 660 /var/log/suricata/*', true);
+ }
+ conf_mount_ro();
+ log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed."));
+ }
+}
-if (!is_array($config['installedpackages']['suricata']['rule']))
- return;
+function suricata_check_rotate_log($log_file, $log_limit, $retention) {
+
+ /********************************************************
+ * This function checks the passed log file against *
+ * the passed size limit and rotates the log file if *
+ * necessary. It also checks the age of previously *
+ * rotated logs and removes those older than the *
+ * rentention parameter. *
+ * *
+ * On Entry: $log_file -> full pathname/filename of *
+ * log file to check *
+ * $log_limit -> size of file in bytes to *
+ * trigger rotation. Zero *
+ * means no rotation. *
+ * $retention -> retention period in hours *
+ * for rotated logs. Zero *
+ * means never remove. *
+ ********************************************************/
+
+ // Check the current log to see if it needs rotating.
+ // If it does, rotate it and put the current time
+ // on the end of the filename as UNIX timestamp.
+ if (($log_limit > 0) && (filesize($log_file) >= $log_limit)) {
+ $newfile = $log_file . "." . strval(time());
+ try {
+ copy($log_file, $newfile);
+ file_put_contents($log_file, "");
+ } catch (Exception $e) {
+ log_error("[Suricata] Failed to rotate file '{$log_file}' -- error was {$e->getMessage()}");
+ }
+ }
-/* Convert Log Limit Size setting from MB to KB */
-$suricataloglimitsizeKB = round($suricataloglimitsize * 1024);
-$suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR);
-if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) {
- log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated."));
- conf_mount_rw();
-
- /* Truncate the Rules Update Log file if it exists */
- if (file_exists(RULES_UPD_LOGFILE)) {
- log_error(gettext("[Suricata] Truncating the Rules Update Log file..."));
- $fd = @fopen(RULES_UPD_LOGFILE, "w+");
- if ($fd)
- fclose($fd);
+ // Check previously rotated logs to see if time to
+ // delete any older than the retention period.
+ // Rotated logs have a UNIX timestamp appended to
+ // filename.
+ if ($retention > 0) {
+ $now = time();
+ $rotated_files = glob("{$log_file}.*");
+ foreach ($rotated_files as $file) {
+ if (($now - filemtime($file)) > ($retention * 3600))
+ unlink_if_exists($file);
+ }
+ unset($rotated_files);
}
+}
- /* Clean-up the logs for each configured Suricata instance */
- foreach ($config['installedpackages']['suricata']['rule'] as $value) {
- $if_real = suricata_get_real_interface($value['interface']);
- $suricata_uuid = $value['uuid'];
- $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
- log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})..."));
- suricata_post_delete_logs($suricata_uuid);
+/*************************
+ * Start of main code *
+ *************************/
- // Initialize an array of the log files we want to prune
- $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" );
+// If firewall is booting, do nothing
+if ($g['booting'] == true)
+ return;
- foreach ($logs as $file) {
- // Truncate the log file if it exists
- if (file_exists("{$suricata_log_dir}/$file")) {
- $fd = @fopen("{$suricata_log_dir}/$file", "w+");
- if ($fd)
- fclose($fd);
- }
- }
+// If no interfaces defined, there is nothing to clean up
+if (!is_array($config['installedpackages']['suricata']['rule']))
+ return;
- // Check for any captured stored files and clean them up
- $filelist = glob("{$suricata_log_dir}/files/*");
- if (!empty($filelist)) {
- foreach ($filelist as $file)
- @unlink($file);
+$logs = array ();
+
+// Build an arry of files to check and limits to check them against from our saved configuration
+$logs['alerts.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'];
+$logs['alerts.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention'];
+$logs['files-json.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'];
+$logs['files-json.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'];
+$logs['http.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'];
+$logs['http.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention'];
+$logs['stats.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'];
+$logs['stats.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention'];
+$logs['tls.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'];
+$logs['tls.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention'];
+
+// Check log limits and retention in the interface logging directories if enabled
+if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on') {
+ foreach ($config['installedpackages']['suricata']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$value['uuid']}";
+ foreach ($logs as $k => $p)
+ suricata_check_rotate_log("{$suricata_log_dir}/{$k}", $p['limit']*1024, $p['retention']);
+
+ // Prune any aged-out Barnyard2 archived logs if any exist
+ if (is_dir("{$suricata_log_dir}/barnyard2/archive") &&
+ $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) {
+ $now = time();
+ $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*");
+ foreach ($files as $f) {
+ if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600))
+ unlink_if_exists($f);
+ }
}
-
- // This is needed if suricata is run as suricata user
- mwexec('/bin/chmod 660 /var/log/suricata/*', true);
-
- // Soft-restart Suricata process to resync logging
- if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) {
- log_error(gettext("[Suricata] Restarting logging on {$value['descr']} ({$if_real})..."));
- mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid -a");
+ unset($files);
+
+ // Prune aged-out File Store files if any exist
+ if (is_dir("{$suricata_log_dir}/files") &&
+ $config['installedpackages']['suricata']['config'][0]['file_store_retention'] > 0) {
+ $now = time();
+ $files = glob("{$suricata_log_dir}/files/file.*");
+ foreach ($files as $f) {
+ if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['file_store_retention'] * 3600))
+ unlink_if_exists($f);
+ }
}
+ unset($files);
}
- conf_mount_ro();
- log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed."));
}
+// Check the overall log directory limit (if enabled) and prune if necessary
+if ($config['installedpackages']['suricata']['config'][0]['suricataloglimit'] == 'on')
+ suricata_check_dir_size_limit($config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']);
+
?>
diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 9aa14f6e..bb29078f 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -2,19 +2,30 @@
/*
* suricata_check_for_rule_updates.php
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -95,6 +106,9 @@ $snort_community_rules_filename = GPLV2_DNLD_FILENAME;
$snort_community_rules_filename_md5 = GPLV2_DNLD_FILENAME . ".md5";
$snort_community_rules_url = GPLV2_DNLD_URL;
+/* Mount the Suricata conf directories R/W so we can modify files there */
+conf_mount_rw();
+
/* Set up Emerging Threats rules filenames and URL */
if ($etpro == "on") {
$emergingthreats_filename = ETPRO_DNLD_FILENAME;
@@ -139,22 +153,54 @@ function suricata_download_file_url($url, $file_out) {
global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update;
+ $rfc2616 = array(
+ 100 => "100 Continue",
+ 101 => "101 Switching Protocols",
+ 200 => "200 OK",
+ 201 => "201 Created",
+ 202 => "202 Accepted",
+ 203 => "203 Non-Authoritative Information",
+ 204 => "204 No Content",
+ 205 => "205 Reset Content",
+ 206 => "206 Partial Content",
+ 300 => "300 Multiple Choices",
+ 301 => "301 Moved Permanently",
+ 302 => "302 Found",
+ 303 => "303 See Other",
+ 304 => "304 Not Modified",
+ 305 => "305 Use Proxy",
+ 306 => "306 (Unused)",
+ 307 => "307 Temporary Redirect",
+ 400 => "400 Bad Request",
+ 401 => "401 Unauthorized",
+ 402 => "402 Payment Required",
+ 403 => "403 Forbidden",
+ 404 => "404 Not Found",
+ 405 => "405 Method Not Allowed",
+ 406 => "406 Not Acceptable",
+ 407 => "407 Proxy Authentication Required",
+ 408 => "408 Request Timeout",
+ 409 => "409 Conflict",
+ 410 => "410 Gone",
+ 411 => "411 Length Required",
+ 412 => "412 Precondition Failed",
+ 413 => "413 Request Entity Too Large",
+ 414 => "414 Request-URI Too Long",
+ 415 => "415 Unsupported Media Type",
+ 416 => "416 Requested Range Not Satisfiable",
+ 417 => "417 Expectation Failed",
+ 500 => "500 Internal Server Error",
+ 501 => "501 Not Implemented",
+ 502 => "502 Bad Gateway",
+ 503 => "503 Service Unavailable",
+ 504 => "504 Gateway Timeout",
+ 505 => "505 HTTP Version Not Supported"
+ );
+
// Initialize required variables for the pfSense "read_body()" function
$file_size = 1;
$downloaded = 1;
$first_progress_update = TRUE;
-
-
- // Array of message strings for HTTP Response Codes
- $http_resp_msg = array( 200 => "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content",
- 206 => "Partial Content", 301 => "Moved Permanently", 302 => "Found",
- 305 => "Use Proxy", 307 => "Temporary Redirect", 400 => "Bad Request",
- 401 => "Unauthorized", 402 => "Payment Required", 403 => "Forbidden",
- 404 => "Not Found", 405 => "Method Not Allowed", 407 => "Proxy Authentication Required",
- 408 => "Request Timeout", 410 => "Gone", 500 => "Internal Server Error",
- 501 => "Not Implemented", 502 => "Bad Gateway", 503 => "Service Unavailable",
- 504 => "Gateway Timeout", 505 => "HTTP Version Not Supported" );
-
$last_curl_error = "";
$fout = fopen($file_out, "wb");
@@ -204,8 +250,8 @@ function suricata_download_file_url($url, $file_out) {
if ($rc === false)
$last_curl_error = curl_error($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- if (isset($http_resp_msg[$http_code]))
- $last_curl_error = $http_resp_msg[$http_code];
+ if (isset($rfc2616[$http_code]))
+ $last_curl_error = $rfc2616[$http_code];
curl_close($ch);
fclose($fout);
@@ -239,7 +285,7 @@ function suricata_check_rule_md5($file_url, $file_dst, $desc = "") {
/* error occurred. */
/**********************************************************/
- global $pkg_interface, $suricata_rules_upd_log, $last_curl_error;
+ global $pkg_interface, $suricata_rules_upd_log, $last_curl_error, $update_errors;
$suricatadir = SURICATADIR;
$filename_md5 = basename($file_dst);
@@ -284,6 +330,7 @@ function suricata_check_rule_md5($file_url, $file_dst, $desc = "") {
if ($pkg_interface == "console")
error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $suricata_rules_upd_log);
error_log(gettext("\t{$desc} will not be updated.\n"), 3, $suricata_rules_upd_log);
+ $update_errors = true;
return false;
}
}
@@ -307,7 +354,7 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
/* FALSE if download was not successful. */
/**********************************************************/
- global $pkg_interface, $suricata_rules_upd_log, $last_curl_error;
+ global $pkg_interface, $suricata_rules_upd_log, $last_curl_error, $update_errors;
$suricatadir = SURICATADIR;
$filename = basename($file_dst);
@@ -337,6 +384,7 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $suricata_rules_upd_log);
error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $suricata_rules_upd_log);
error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $suricata_rules_upd_log);
+ $update_errors = true;
return false;
}
return true;
@@ -349,13 +397,13 @@ function suricata_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
if ($pkg_interface == "console")
error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $suricata_rules_upd_log);
error_log(gettext("\t{$desc} will not be updated.\n"), 3, $suricata_rules_upd_log);
+ $update_errors = true;
return false;
}
}
/* Start of main code */
-conf_mount_rw();
/* remove old $tmpfname files if present */
if (is_dir("{$tmpfname}"))
@@ -375,6 +423,7 @@ if (file_exists($suricata_rules_upd_log)) {
/* Log start time for this rules update */
error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $suricata_rules_upd_log);
$last_curl_error = "";
+$update_errors = false;
/* Check for and download any new Emerging Threats Rules sigs */
if ($emergingthreats == 'on') {
@@ -426,22 +475,32 @@ if ($emergingthreats == 'on') {
/* Remove the old Emerging Threats rules files */
$eto_prefix = ET_OPEN_FILE_PREFIX;
$etpro_prefix = ET_PRO_FILE_PREFIX;
- array_map('unlink', glob("{$suricatadir}rules/{$eto_prefix}*.rules"));
- array_map('unlink', glob("{$suricatadir}rules/{$etpro_prefix}*.rules"));
- array_map('unlink', glob("{$suricatadir}rules/{$eto_prefix}*ips.txt"));
- array_map('unlink', glob("{$suricatadir}rules/{$etpro_prefix}*ips.txt"));
+ unlink_if_exists("{$suricatadir}rules/{$eto_prefix}*.rules");
+ unlink_if_exists("{$suricatadir}rules/{$etpro_prefix}*.rules");
+ unlink_if_exists("{$suricatadir}rules/{$eto_prefix}*ips.txt");
+ unlink_if_exists("{$suricatadir}rules/{$etpro_prefix}*ips.txt");
- // The code below renames ET-Pro files with a prefix, so we
+ // The code below renames ET files with a prefix, so we
// skip renaming the Suricata default events rule files
- // that are also bundled in the ET-Pro rules.
- $default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules" );
+ // that are also bundled in the ET rules.
+ $default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" );
$files = glob("{$tmpfname}/emerging/rules/*.rules");
+ // Determine the correct prefix to use based on which
+ // Emerging Threats rules package is enabled.
+ if ($etpro == "on")
+ $prefix = ET_PRO_FILE_PREFIX;
+ else
+ $prefix = ET_OPEN_FILE_PREFIX;
foreach ($files as $file) {
$newfile = basename($file);
- if ($etpro == "on" && !in_array($newfile, $default_rules))
- @copy($file, "{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "{$newfile}");
- else
+ if (in_array($newfile, $default_rules))
@copy($file, "{$suricatadir}rules/{$newfile}");
+ else {
+ if (strpos($newfile, $prefix) === FALSE)
+ @copy($file, "{$suricatadir}rules/{$prefix}{$newfile}");
+ else
+ @copy($file, "{$suricatadir}rules/{$newfile}");
+ }
}
/* IP lists for Emerging Threats rules */
$files = glob("{$tmpfname}/emerging/rules/*ips.txt");
@@ -478,7 +537,7 @@ if ($snortdownload == 'on') {
if (file_exists("{$tmpfname}/{$snort_filename}")) {
/* Remove the old Snort rules files */
$vrt_prefix = VRT_FILE_PREFIX;
- array_map('unlink', glob("{$suricatadir}rules/{$vrt_prefix}*.rules"));
+ unlink_if_exists("{$suricatadir}rules/{$vrt_prefix}*.rules");
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort VRT rules..."));
@@ -646,17 +705,38 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
$rebuild_rules = false;
/* Restart Suricata if already running and we are not rebooting to pick up the new rules. */
- if (is_process_running("suricata") && !$g['booting']) {
- if ($pkg_interface <> "console") {
- update_status(gettext('Restarting Suricata to activate the new set of rules...'));
- update_output_window(gettext("Please wait ... restarting Suricata will take some time..."));
+ if (is_process_running("suricata") && !$g['booting'] &&
+ !empty($config['installedpackages']['suricata']['rule'])) {
+
+ // See if "Live Reload" is configured and signal each Suricata instance
+ // if enabled, else just do a hard restart of all the instances.
+ if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates'] == 'on') {
+ if ($pkg_interface <> "console") {
+ update_status(gettext('Signalling Suricata to live-load the new set of rules...'));
+ update_output_window(gettext("Please wait ... the process should complete in a few seconds..."));
+ }
+ log_error(gettext("[Suricata] Live-Reload of rules from auto-update is enabled..."));
+ error_log(gettext("\tLive-Reload of updated rules is enabled...\n"), 3, $suricata_rules_upd_log);
+ foreach ($config['installedpackages']['suricata']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ suricata_reload_config($value);
+ error_log(gettext("\tLive swap of updated rules requested for " . convert_friendly_interface_to_friendly_descr($value['interface']) . ".\n"), 3, $suricata_rules_upd_log);
+ }
+ log_error(gettext("[Suricata] Live-Reload of updated rules completed..."));
+ error_log(gettext("\tLive-Reload of the updated rules is complete.\n"), 3, $suricata_rules_upd_log);
+ }
+ else {
+ if ($pkg_interface <> "console") {
+ update_status(gettext('Restarting Suricata to activate the new set of rules...'));
+ update_output_window(gettext("Please wait ... restarting Suricata will take some time..."));
+ }
+ error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, $suricata_rules_upd_log);
+ restart_service("suricata");
+ if ($pkg_interface <> "console")
+ update_output_window(gettext("Suricata has restarted with your new set of rules..."));
+ log_error(gettext("[Suricata] Suricata has restarted with your new set of rules..."));
+ error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, $suricata_rules_upd_log);
}
- error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, $suricata_rules_upd_log);
- restart_service("suricata");
- if ($pkg_interface <> "console")
- update_output_window(gettext("Suricata has restarted with your new set of rules..."));
- log_error(gettext("[Suricata] Suricata has restarted with your new set of rules..."));
- error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, $suricata_rules_upd_log);
}
else {
if ($pkg_interface <> "console")
@@ -666,13 +746,17 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
// Remove old $tmpfname files
if (is_dir("{$tmpfname}")) {
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Cleaning up after rules extraction..."));
+ update_output_window(gettext("Removing {$tmpfname} directory..."));
+ }
exec("/bin/rm -r {$tmpfname}");
}
-if ($pkg_interface <> "console")
+if ($pkg_interface <> "console") {
update_status(gettext("The Rules update has finished..."));
+ update_output_window("");
+}
log_error(gettext("[Suricata] The Rules update has finished."));
error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $suricata_rules_upd_log);
conf_mount_ro();
@@ -680,4 +764,12 @@ conf_mount_ro();
// Restore the state of $pkg_interface
$pkg_interface = $pkg_interface_orig;
+/* Save this update status to the configuration file */
+if ($update_errors)
+ $config['installedpackages']['suricata']['config'][0]['last_rule_upd_status'] = gettext("failed");
+else
+ $config['installedpackages']['suricata']['config'][0]['last_rule_upd_status'] = gettext("success");
+$config['installedpackages']['suricata']['config'][0]['last_rule_upd_time'] = time();
+write_config();
+
?>
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index b1cbfee9..d072ff42 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -3,12 +3,23 @@
* suricata_define_vars.php
* part of pfSense
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
@@ -34,9 +45,10 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
if (is_null($id)) {
header("Location: /suricata/suricata_interfaces.php");
exit;
@@ -157,13 +169,16 @@ if ($savemsg)
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -175,7 +190,7 @@ if ($savemsg)
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), true, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
diff --git a/config/suricata/suricata_download_rules.php b/config/suricata/suricata_download_rules.php
index 26737dcf..2de286ba 100644
--- a/config/suricata/suricata_download_rules.php
+++ b/config/suricata/suricata_download_rules.php
@@ -2,19 +2,31 @@
/*
* suricata_download_rules.php
*
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php
index ecfd5f8b..b5377351 100644
--- a/config/suricata/suricata_download_updates.php
+++ b/config/suricata/suricata_download_updates.php
@@ -3,19 +3,30 @@
* suricata_download_updates.php
* part of pfSense
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -35,38 +46,72 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
$suricatadir = SURICATADIR;
$suricata_rules_upd_log = RULES_UPD_LOGFILE;
-/* load only javascript that is needed */
-$suricata_load_jquery = 'yes';
-$suricata_load_jquery_colorbox = 'yes';
$snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'];
$emergingthreats = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'];
$etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'];
$snortcommunityrules = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'];
+/* Get last update information if available */
+if (!empty($config['installedpackages']['suricata']['config'][0]['last_rule_upd_time']))
+ $last_rule_upd_time = date('M-d Y H:i', $config['installedpackages']['suricata']['config'][0]['last_rule_upd_time']);
+else
+ $last_rule_upd_time = gettext("Unknown");
+if (!empty($config['installedpackages']['suricata']['config'][0]['last_rule_upd_status']))
+ $last_rule_upd_status = htmlspecialchars($config['installedpackages']['suricata']['config'][0]['last_rule_upd_status']);
+else
+ $last_rule_upd_status = gettext("Unknown");
+
$snort_rules_file = VRT_DNLD_FILENAME;
$snort_community_rules_filename = GPLV2_DNLD_FILENAME;
if ($etpro == "on") {
$emergingthreats_filename = ETPRO_DNLD_FILENAME;
- $et_name = "EMERGING THREATS PRO RULES";
+ $et_name = "Emerging Threats Pro Rules";
}
else {
$emergingthreats_filename = ET_DNLD_FILENAME;
- $et_name = "EMERGING THREATS RULES";
+ $et_name = "Emerging Threats Open Rules";
}
/* quick md5 chk of downloaded rules */
-$snort_org_sig_chk_local = 'N/A';
-if (file_exists("{$suricatadir}{$snort_rules_file}.md5"))
+if ($snortdownload == 'on') {
+ $snort_org_sig_chk_local = 'Not Downloaded';
+ $snort_org_sig_date = 'Not Downloaded';
+}
+else {
+ $snort_org_sig_chk_local = 'Not Enabled';
+ $snort_org_sig_date = 'Not Enabled';
+}
+if (file_exists("{$suricatadir}{$snort_rules_file}.md5")){
$snort_org_sig_chk_local = file_get_contents("{$suricatadir}{$snort_rules_file}.md5");
+ $snort_org_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$snort_rules_file}.md5"));
+}
-$emergingt_net_sig_chk_local = 'N/A';
-if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5"))
+if ($etpro == "on" || $emergingthreats == "on") {
+ $emergingt_net_sig_chk_local = 'Not Downloaded';
+ $emergingt_net_sig_date = 'Not Downloaded';
+}
+else {
+ $emergingt_net_sig_chk_local = 'Not Enabled';
+ $emergingt_net_sig_date = 'Not Enabled';
+}
+if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5")) {
$emergingt_net_sig_chk_local = file_get_contents("{$suricatadir}{$emergingthreats_filename}.md5");
+ $emergingt_net_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$emergingthreats_filename}.md5"));
+}
-$snort_community_sig_chk_local = 'N/A';
-if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5"))
+if ($snortcommunityrules == 'on') {
+ $snort_community_sig_chk_local = 'Not Downloaded';
+ $snort_community_sig_sig_date = 'Not Downloaded';
+}
+else {
+ $snort_community_sig_chk_local = 'Not Enabled';
+ $snort_community_sig_sig_date = 'Not Enabled';
+}
+if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5")) {
$snort_community_sig_chk_local = file_get_contents("{$suricatadir}{$snort_community_rules_filename}.md5");
+ $snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$snort_community_rules_filename}.md5"));
+}
/* Check for postback to see if we should clear the update log file. */
if ($_POST['clear']) {
@@ -74,7 +119,28 @@ if ($_POST['clear']) {
mwexec("/bin/rm -f {$suricata_rules_upd_log}");
}
-if ($_POST['update']) {
+if ($_POST['check']) {
+ // Go see if new updates for rule sets are available
+ header("Location: /suricata/suricata_download_rules.php");
+ exit;
+}
+
+if ($_POST['force']) {
+ // Mount file system R/W since we need to remove files
+ conf_mount_rw();
+
+ // Remove the existing MD5 signature files to force a download
+ if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5"))
+ @unlink("{$suricatadir}{$emergingthreats_filename}.md5");
+ if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5"))
+ @unlink("{$suricatadir}{$snort_community_rules_filename}.md5");
+ if (file_exists("{$suricatadir}{$snort_rules_file}.md5"))
+ @unlink("{$suricatadir}{$snort_rules_file}.md5");
+
+ // Revert file system to R/O.
+ conf_mount_ro();
+
+ // Go download the updates
header("Location: /suricata/suricata_download_rules.php");
exit;
}
@@ -91,6 +157,9 @@ if ($_POST['view']&& $suricata_rules_upd_log_chk == 'yes') {
$input_errors[] = gettext("Unable to read log file: {$suricata_rules_upd_log}");
}
+if ($_POST['hide'])
+ $contents = "";
+
$pgtitle = gettext("Suricata: Update Rules Set Files");
include_once("head.inc");
?>
@@ -118,9 +187,12 @@ include_once("head.inc");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), true, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -128,21 +200,32 @@ include_once("head.inc");
<div id="mainarea">
<table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURES");?></td>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURE");?></td>
</tr>
<tr>
<td align="center"><br/>
- <table width="100%" border="0" cellpadding="2" cellspacing="2">
+ <table width="95%" border="0" cellpadding="2" cellspacing="2">
+ <thead>
+ <tr>
+ <th class="listhdrr"><?=gettext("Rule Set Name/Publisher");?></th>
+ <th class="listhdrr"><?=gettext("MD5 Signature Hash");?></th>
+ <th class="listhdrr"><?=gettext("MD5 Signature Date");?></th>
+ </tr>
+ </thead>
<tr>
- <td align="right" class="vexpl"><b><?=$et_name;?>&nbsp;&nbsp;---></b></td>
- <td class="vexpl"><? echo $emergingt_net_sig_chk_local; ?></td>
+ <td align="center" class="vncell vexpl"><b><?=$et_name;?></b></td>
+ <td align="center" class="vncell vexpl"><? echo trim($emergingt_net_sig_chk_local);?></td>
+ <td align="center" class="vncell vexpl"><?php echo gettext($emergingt_net_sig_date);?></td>
</tr>
<tr>
- <td align="right" class="vexpl"><b>SNORT VRT RULES&nbsp;&nbsp;---></b></td>
- <td class="vexpl"><? echo $snort_org_sig_chk_local; ?></td>
+ <td align="center" class="vncell vexpl"><b>Snort VRT Rules</b></td>
+ <td align="center" class="vncell vexpl"><? echo trim($snort_org_sig_chk_local);?></td>
+ <td align="center" class="vncell vexpl"><?php echo gettext($snort_org_sig_date);?></td>
</tr>
- <td align="right" class="vexpl"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;---></b></td>
- <td class="vexpl"><? echo $snort_community_sig_chk_local; ?></td>
+ <tr>
+ <td align="center" class="vncell vexpl"><b>Snort GPLv2 Community Rules</b></td>
+ <td align="center" class="vncell vexpl"><? echo trim($snort_community_sig_chk_local);?></td>
+ <td align="center" class="vncell vexpl"><?php echo gettext($snort_community_sig_sig_date);?></td>
</tr>
</table><br/>
</td>
@@ -152,17 +235,39 @@ include_once("head.inc");
</tr>
<tr>
<td align="center">
+ <table width="45%" border="0" cellpadding="0" cellspacing="0">
+ <tbody>
+ <tr>
+ <td class="list" align="right"><strong><?php echo gettext("Last Update:");?></strong></td>
+ <td class="list" align="left"><?php echo $last_rule_upd_time;?></td>
+ </tr>
+ <tr>
+ <td class="list" align="right"><strong><?php echo gettext("Result:");?></strong></td>
+ <td class="list" align="left"><?php echo $last_rule_upd_status;?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td align="center">
<?php if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on'): ?>
- <br/><button disabled="disabled"><?php echo gettext("Update Rules"); ?></button><br/>
- <p style="text-align:left;">
- <font color="red" size="2px"><b><?php echo gettext("WARNING:");?></b></font><font size="1px" color="#000000">&nbsp;&nbsp;
+ <br/><button disabled="disabled"><?=gettext("Check");?></button>&nbsp;&nbsp;&nbsp;&nbsp;
+ <button disabled="disabled"><?=gettext("Force");?></button>
+ <br/>
+ <p style="text-align:center;" class="vexpl">
+ <font class="red"><b><?php echo gettext("WARNING:");?></b></font>&nbsp;
<?php echo gettext('No rule types have been selected for download. ') .
gettext('Visit the ') . '<a href="/suricata/suricata_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?>
- </font><br/></p>
+ <br/></p>
<?php else: ?>
<br/>
- <input type="submit" value="<?php echo gettext(" Update "); ?>" name="update" id="submit" class="formbtn"
- title="<?php echo gettext("Check for new updates to configured rulesets"); ?>"/><br/><br/>
+ <input type="submit" value="<?=gettext("Check");?>" name="check" id="check" class="formbtn"
+ title="<?php echo gettext("Check for new updates to enabled rule sets"); ?>"/>&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" value="<?=gettext("Force");?>" name="force" id="force" class="formbtn"
+ title="<?=gettext("Force an update of all enabled rule sets");?>"
+ onclick="return confirm('<?=gettext("This will zero-out the MD5 hashes to force a fresh download of all enabled rule sets. Click OK to continue or CANCEL to quit");?>');"/>
+ <br/><br/>
<?php endif; ?>
</td>
</tr>
@@ -174,15 +279,20 @@ include_once("head.inc");
<td align="center" valign="middle" class="vexpl">
<?php if ($suricata_rules_upd_log_chk == 'yes'): ?>
<br/>
- <input type="submit" value="<?php echo gettext("View Log"); ?>" name="view" id="view" class="formbtn"
- title="<?php echo gettext("View rules update log contents"); ?>"/>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
- <input type="submit" value="<?php echo gettext("Clear Log"); ?>" name="clear" id="clear" class="formbtn"
- title="<?php echo gettext("Clear rules update log contents"); ?>" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/>
+ <?php if (!empty($contents)): ?>
+ <input type="submit" value="<?php echo gettext("Hide"); ?>" name="hide" id="hide" class="formbtn"
+ title="<?php echo gettext("Hide rules update log"); ?>"/>
+ <?php else: ?>
+ <input type="submit" value="<?php echo gettext("View"); ?>" name="view" id="view" class="formbtn"
+ title="<?php echo gettext("View rules update log"); ?>"/>
+ <?php endif; ?>
+ &nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" value="<?php echo gettext("Clear"); ?>" name="clear" id="clear" class="formbtn"
+ title="<?php echo gettext("Clear rules update log"); ?>" onClick="return confirm('Are you sure you want to delete the log contents?\nOK to confirm, or CANCEL to quit');"/>
<br/>
<?php else: ?>
<br/>
- <button disabled='disabled'><?php echo gettext("View Log"); ?></button>&nbsp;&nbsp;&nbsp;<?php echo gettext("Log is empty."); ?><br/>
+ <button disabled='disabled'><?php echo gettext("View Log"); ?></button><br/><?php echo gettext("Log is empty."); ?><br/>
<?php endif; ?>
<br/><?php echo gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); ?><br/><br/>
</td>
@@ -201,9 +311,9 @@ include_once("head.inc");
<?php endif; ?>
<tr>
<td align="center">
- <span class="vexpl"><br/><br/>
+ <span class="vexpl"><br/>
<span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
- &nbsp;&nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
+ &nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" .
gettext(" will go down from time to time. Please be patient."); ?></span><br/>
</td>
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index 3a677d3a..ba594d55 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -3,12 +3,23 @@
* suricata_flow_stream.php
* part of pfSense
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
@@ -28,25 +39,28 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+if (is_null($id))
+ $id=0;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
// Initialize Host-OS Policy engine arrays if necessary
if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item']))
$config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array();
@@ -55,6 +69,12 @@ $a_nat = &$config['installedpackages']['suricata']['rule'];
$host_os_policy_engine_next_id = count($a_nat[$id]['host_os_policy']['item']);
+// Build a lookup array of currently used engine 'bind_to' Aliases
+// so we can screen matching Alias names from the list.
+$used = array();
+foreach ($a_nat[$id]['host_os_policy']['item'] as $v)
+ $used[$v['bind_to']] = true;
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* Get current values from config for page form fields */
@@ -76,29 +96,129 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['host_os_policy'] = $a_nat[$id]['host_os_policy'];
}
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+// Check for "import or select alias mode" and set flags if TRUE.
+// "selectalias", when true, displays radio buttons to limit
+// multiple selections.
+if ($_POST['import_alias']) {
+ $importalias = true;
+ $selectalias = false;
+ $title = "Host Operating System Policy";
+}
+elseif ($_POST['select_alias']) {
+ $importalias = true;
+ $selectalias = true;
+ $title = "Host Operating System Policy";
+
+ // Preserve current OS Policy Engine settings
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['policy_name'];
+ $eng_bind = $_POST['policy_bind_to'];
+ $eng_policy = $_POST['policy'];
+ $mode = "add_edit_os_policy";
}
-if ($_GET['act'] && isset($_GET['eng_id'])) {
+if ($_POST['save_os_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $eng_id = $_POST['eng_id'];
+
+ // Grab all the POST values and save in new temp array
+ $engine = array();
+ $policy_name = trim($_POST['policy_name']);
+ if ($policy_name) {
+ $engine['name'] = $policy_name;
+ }
+ else {
+ $input_errors[] = gettext("The 'Policy Name' value cannot be blank.");
+ $add_edit_os_policy = true;
+ }
+ if ($_POST['policy_bind_to']) {
+ if (is_alias($_POST['policy_bind_to']))
+ $engine['bind_to'] = $_POST['policy_bind_to'];
+ elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
+ $engine['bind_to'] = "all";
+ else {
+ $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
+ $add_edit_os_policy = true;
+ }
+ }
+ else {
+ $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
+ $add_edit_os_policy = true;
+ }
+
+ if ($_POST['policy']) { $engine['policy'] = $_POST['policy']; } else { $engine['policy'] = "bsd"; }
+
+ // Can only have one "all" Bind_To address
+ if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
+ $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
+ $add_edit_os_policy = true;
+ $pengcfg = $engine;
+ }
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ if (isset($eng_id) && $a_nat[$id]['host_os_policy']['item'][$eng_id]) {
+ $a_nat[$id]['host_os_policy']['item'][$eng_id] = $engine;
+ }
+ else
+ $a_nat[$id]['host_os_policy']['item'][] = $engine;
+
+ /* Reorder the engine array to ensure the */
+ /* 'bind_to=all' entry is at the bottom */
+ /* if it contains more than one entry. */
+ if (count($a_nat[$id]['host_os_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ /* Only relocate the entry if we */
+ /* found it, and it's not already */
+ /* at the end. */
+ if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['host_os_policy']['item'][$i];
+ unset($a_nat[$id]['host_os_policy']['item'][$i]);
+ $a_nat[$id]['host_os_policy']['item'][] = $tmp;
+ }
+ }
+
+ // Now write the new engine array to conf
+ write_config();
+ $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item'];
+ }
+ }
+}
+elseif ($_POST['add_os_policy']) {
+ $add_edit_os_policy = true;
+ $pengcfg = array( "name" => "engine_{$host_os_policy_engine_next_id}", "bind_to" => "", "policy" => "bsd" );
+ $eng_id = $host_os_policy_engine_next_id;
+}
+elseif ($_POST['edit_os_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $add_edit_os_policy = true;
+ $eng_id = $_POST['eng_id'];
+ $pengcfg = $a_nat[$id]['host_os_policy']['item'][$eng_id];
+ }
+}
+elseif ($_POST['del_os_policy']) {
$natent = array();
$natent = $pconfig;
- if ($_GET['act'] == "del_host_os_policy")
- unset($natent['host_os_policy']['item'][$_GET['eng_id']]);
-
+ if ($_POST['eng_id'] != "") {
+ unset($natent['host_os_policy']['item'][$_POST['eng_id']]);
+ $pconfig = $natent;
+ }
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
-
- header("Location: /suricata/suricata_flow_stream.php?id=$id");
- exit;
}
-
-if ($_POST['ResetAll']) {
+elseif ($_POST['cancel_os_policy']) {
+ $add_edit_os_policy = false;
+}
+elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
$pconfig['ip_max_frags'] = "65535";
@@ -143,7 +263,7 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+elseif ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -191,15 +311,14 @@ elseif ($_POST['Submit']) {
/**************************************************/
/* If we have a valid rule ID, save configuration */
- /* then update the suricata.conf file and rebuild */
- /* the rules for this interface. */
+ /* then update the suricata.conf file for this */
+ /* interface. */
/**************************************************/
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
- $rebuild_rules = true;
- suricata_generate_yaml($natent);
$rebuild_rules = false;
+ suricata_generate_yaml($natent);
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -211,6 +330,99 @@ elseif ($_POST['Submit']) {
exit;
}
}
+elseif ($_POST['save_import_alias']) {
+ // If saving out of "select alias" mode,
+ // then return to Host OS Policy Engine edit
+ // page.
+ if ($_POST['mode'] =='add_edit_os_policy') {
+ $pengcfg = array();
+ $eng_id = $_POST['eng_id'];
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['policy'] = $_POST['eng_policy'];
+ $add_edit_os_policy = true;
+ $mode = "add_edit_os_policy";
+
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) {
+ $pengcfg['bind_to'] = $_POST['aliastoimport'][0];
+ $importalias = false;
+ $selectalias = false;
+ }
+ else {
+ $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE.");
+ $importalias = true;
+ $selectalias = true;
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['eng_name'];
+ $eng_bind = $_POST['eng_bind'];
+ $eng_policy = $_POST['eng_policy'];
+ }
+ }
+ else {
+ // Assume we are importing one or more aliases
+ // for use in new Host OS Policy engines.
+ $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['host_os_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['host_os_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['host_os_policy']['item'][$i];
+ unset($a_nat[$id]['host_os_policy']['item'][$i]);
+ $a_nat[$id]['host_os_policy']['item'][] = $tmp;
+ }
+ $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item'];
+ }
+
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ $selectalias = false;
+ }
+ }
+}
+elseif ($_POST['cancel_import_alias']) {
+ $importalias = false;
+ $selectalias = false;
+ $eng_id = $_POST['eng_id'];
+
+ // If cancelling out of "select alias" mode,
+ // then return to Host OS Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_os_policy') {
+ $pengcfg = array();
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['policy'] = $_POST['eng_policy'];
+ $add_edit_os_policy = true;
+ }
+}
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Flow and Stream");
@@ -218,40 +430,34 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
+<?php include("fbegin.inc");
+ /* Display error or save message */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
-
if ($savemsg) {
print_info_box($savemsg);
}
-
?>
-<script type="text/javascript" src="/javascript/autosuggest.js">
-</script>
-<script type="text/javascript" src="/javascript/suggestions.js">
-</script>
+<form action="suricata_flow_stream.php" method="post" name="iform" id="iform">
+<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/>
+<input type="hidden" name="id" id="id" value="<?=$id;?>"/>
-<form action="suricata_flow_stream.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -263,10 +469,25 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
+
+<?php if ($importalias) : ?>
+ <?php include("/usr/local/www/suricata/suricata_import_aliases.php");
+ if ($selectalias) {
+ echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>';
+ echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>';
+ echo '<input type="hidden" name="eng_policy" value="' . $eng_policy . '"/>';
+ }
+ ?>
+
+<?php elseif ($add_edit_os_policy) : ?>
+ <?php include("/usr/local/www/suricata/suricata_os_policy_engine.php"); ?>
+
+<?php else: ?>
+
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host-Specific Defrag and Stream Settings"); ?></td>
@@ -284,25 +505,23 @@ include_once("head.inc");
<tr>
<th class="listhdrr" axis="string"><?php echo gettext("Name");?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
- <th class="list" align="right"><a href="suricata_import_aliases.php?id=<?=$id?>&eng=host_os_policy">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Import policy configuration from existing Aliases");?>"></a>
- <a href="suricata_os_policy_engine.php?id=<?=$id?>&eng_id=<?=$host_os_policy_engine_next_id?>">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Add a new policy configuration");?>"></a></th>
+ <th class="list" align="right"><input type="image" name="import_alias[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import policy configuration from existing Aliases");?>"/>
+ <input type="image" name="add_os_policy[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new policy configuration");?>"/></th>
</tr>
</thead>
<?php foreach ($pconfig['host_os_policy']['item'] as $f => $v): ?>
<tr>
<td class="listlr" align="left"><?=gettext($v['name']);?></td>
<td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
- <td class="listt" align="right"><a href="suricata_os_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"></a>
+ <td class="listt" align="right"><input type="image" name="edit_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"/>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="suricata_flow_stream.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_host_os_policy" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this policy configuration");?>"></a>
+ <input type="image" name="del_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this policy configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default policy configuration cannot be deleted");?>">
@@ -314,7 +533,6 @@ include_once("head.inc");
</td>
</tr>
<tr>
-
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Defragmentation"); ?></td>
</tr>
<tr>
@@ -603,7 +821,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save flow and stream settings"); ?>">
<input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
@@ -618,27 +836,12 @@ include_once("head.inc");
<?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td>
</tr>
</table>
+
+<?php endif; ?>
+
</div>
</td></tr></table>
</form>
-<script type="text/javascript">
-
-function wopen(url, name, w, h)
-{
- // Fudge factors for window decoration space.
- // In my tests these work well on all platforms & browsers.
- w += 32;
- h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php
index 0614adf8..bd3ce368 100644
--- a/config/suricata/suricata_generate_yaml.php
+++ b/config/suricata/suricata_generate_yaml.php
@@ -1,30 +1,41 @@
<?php
/*
- suricata_generate_yaml.php
-
- Copyright (C) 2014 Bill Meeks
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ * suricata_generate_yaml.php
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
// Create required Suricata directories if they don't exist
@@ -64,6 +75,11 @@ if (!empty($suricatacfg['externallistname']) && $suricatacfg['externallistname']
$external_net = trim($external_net);
}
+// Set the PASS LIST and write its contents to disk
+$plist = suricata_build_list($suricatacfg, $suricatacfg['passlistname'], true);
+@file_put_contents("{$suricatacfgdir}/passlist", implode("\n", $plist));
+$suri_passlist = "{$suricatacfgdir}/passlist";
+
// Set default and user-defined variables for SERVER_VARS and PORT_VARS
$suricata_servers = array (
"dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET",
@@ -137,6 +153,31 @@ if (!empty($suricatacfg['inspect_recursion_limit']) || $suricatacfg['inspect_rec
else
$inspection_recursion_limit = "";
+if ($suricatacfg['delayed_detect'] == 'on')
+ $delayed_detect = "yes";
+else
+ $delayed_detect = "no";
+
+// Add interface-specific blocking settings
+if ($suricatacfg['blockoffenders'] == 'on')
+ $suri_blockoffenders = "yes";
+else
+ $suri_blockoffenders = "no";
+
+if ($suricatacfg['blockoffenderskill'] == 'on')
+ $suri_killstates = "yes";
+else
+ $suri_killstates = "no";
+
+if ($suricatacfg['blockoffendersip'] == 'src')
+ $suri_blockip = 'SRC';
+elseif ($suricatacfg['blockoffendersip'] == 'dst')
+ $suri_blockip = 'DST';
+else
+ $suri_blockip = 'BOTH';
+
+$suri_pf_table = SURICATA_PF_TABLE;
+
// Add interface-specific logging settings
if ($suricatacfg['alertsystemlog'] == 'on')
$alert_syslog = "yes";
@@ -226,6 +267,16 @@ if ($suricatacfg['barnyard_enable'] == 'on')
else
$barnyard2_enabled = "no";
+if (isset($config['installedpackages']['suricata']['config'][0]['unified2_log_limit']))
+ $unified2_log_limit = "{$config['installedpackages']['suricata']['config'][0]['unified2_log_limit']}mb";
+else
+ $unified2_log_limit = "32mb";
+
+if (isset($suricatacfg['barnyard_sensor_id']))
+ $unified2_sensor_id = $suricatacfg['barnyard_sensor_id'];
+else
+ $unified2_sensor_id = "0";
+
// Add interface-specific IP defrag settings
if (!empty($suricatacfg['frag_memcap']))
$frag_memcap = $suricatacfg['frag_memcap'];
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index f6b5d83d..9c932222 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -3,12 +3,23 @@
* suricata_global.php
* part of pfSense
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
@@ -28,7 +39,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -42,23 +52,15 @@ $pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['e
$pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'];
$pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'];
$pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked'];
-$pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimit'];
-$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
$pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate'];
$pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'];
+$pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates'];
$pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'];
-$pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs'];
$pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'];
$pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'];
-if (empty($pconfig['suricataloglimit']))
- $pconfig['suricataloglimit'] = 'on';
if (empty($pconfig['autoruleupdatetime']))
$pconfig['autoruleupdatetime'] = '00:30';
-if (empty($pconfig['suricataloglimitsize']))
- // Set limit to 20% of slice that is unused */
- $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024);
-
if ($_POST['autoruleupdatetime']) {
if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime']))
@@ -73,7 +75,7 @@ if ($_POST['enable_etpro_rules'] == "on" && empty($_POST['etprocode']))
/* if no errors move foward with save */
if (!$input_errors) {
- if ($_POST["Submit"]) {
+ if ($_POST["save"]) {
$config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] = $_POST['enable_vrt_rules'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
@@ -117,18 +119,7 @@ if (!$input_errors) {
$config['installedpackages']['suricata']['config'][0]['oinkcode'] = $_POST['oinkcode'];
$config['installedpackages']['suricata']['config'][0]['etprocode'] = $_POST['etprocode'];
-
$config['installedpackages']['suricata']['config'][0]['rm_blocked'] = $_POST['rm_blocked'];
- if ($_POST['suricataloglimitsize']) {
- $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = $_POST['suricataloglimit'];
- $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize'];
- } else {
- $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = 'on';
-
- /* code will set limit to 21% of slice that is unused */
- $suricataloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024);
- $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $suricataloglimitDSKsize;
- }
$config['installedpackages']['suricata']['config'][0]['autoruleupdate'] = $_POST['autoruleupdate'];
/* Check and adjust format of Rule Update Starttime string to add colon and leading zero if necessary */
@@ -139,12 +130,12 @@ if (!$input_errors) {
}
$config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT);
$config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off';
- $config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off';
+ $config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
$retval = 0;
- /* create whitelist and homenet file, then sync files */
+ /* create passlist and homenet file, then sync files */
sync_suricata_package_config();
write_config();
@@ -187,10 +178,13 @@ if ($input_errors)
$tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -206,13 +200,13 @@ if ($input_errors)
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td valign="top" width="8%"><input name="enable_etopen_rules" type="checkbox" value="on" onclick="enable_et_rules();"
- <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>></td>
+ <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>/></td>
<td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " .
"is more limited than ETPro."); ?></span></td>
</tr>
<tr>
<td valign="top" width="8%"><input name="enable_etpro_rules" type="checkbox" value="on" onclick="enable_pro_rules();"
- <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']=="on") echo "checked"; ?>></td>
+ <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']=="on") echo "checked"; ?>/></td>
<td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td>
</tr>
<tr>
@@ -234,9 +228,8 @@ if ($input_errors)
</tr>
<tr>
<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
- <td><input name="etprocode" type="text"
- class="formfld unknown" id="etprocode" size="52"
- value="<?=htmlspecialchars($pconfig['etprocode']);?>"><br/>
+ <td><input name="etprocode" type="text" class="formfld unknown" id="etprocode" size="52"
+ value="<?=htmlspecialchars($pconfig['etprocode']);?>"/><br/>
<?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td>
</tr>
</table>
@@ -248,7 +241,7 @@ if ($input_errors)
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td><input name="enable_vrt_rules" type="checkbox" id="enable_vrt_rules" value="on" onclick="enable_snort_vrt();"
- <?php if($pconfig['enable_vrt_rules']=='on') echo 'checked'; ?>></td>
+ <?php if($pconfig['enable_vrt_rules']=='on') echo 'checked'; ?>/></td>
<td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td>
<tr>
<td>&nbsp;</td>
@@ -266,9 +259,8 @@ if ($input_errors)
</tr>
<tr>
<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
- <td><input name="oinkcode" type="text"
- class="formfld unknown" id="oinkcode" size="52"
- value="<?=htmlspecialchars($pconfig['oinkcode']);?>"><br/>
+ <td><input name="oinkcode" type="text" class="formfld unknown" id="oinkcode" size="52"
+ value="<?=htmlspecialchars($pconfig['oinkcode']);?>"/><br/>
<?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td>
</tr>
</table>
@@ -279,7 +271,7 @@ if ($input_errors)
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on"
- <?php if ($config['installedpackages']['suricata']['config'][0]['snortcommunityrules']=="on") echo "checked";?> ></td>
+ <?php if ($config['installedpackages']['suricata']['config'][0]['snortcommunityrules']=="on") echo " checked";?>/></td>
<td class="vexpl"><?php echo gettext("The Snort Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge " .
"without any VRT License restrictions. This ruleset is updated daily and is a subset of the subscriber ruleset.");?>
<br/><br/><?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" .
@@ -302,100 +294,61 @@ if ($input_errors)
<?php if ($iface3 == $pconfig['autoruleupdate']) echo "selected"; ?>>
<?=htmlspecialchars($ifacename3);?></option>
<?php endforeach; ?>
- </select><span class="vexpl">&nbsp;&nbsp;<?php echo gettext("Please select the interval for rule updates. Choosing ") .
+ </select>&nbsp;&nbsp;<?php echo gettext("Please select the interval for rule updates. Choosing ") .
"<strong>" . gettext("NEVER") . "</strong>" . gettext(" disables auto-updates."); ?><br/><br/>
- <?php echo "<span class=\"red\"><strong>" . gettext("Hint: ") . "</strong></span>" . gettext("in most cases, every 12 hours is a good choice."); ?></span></td>
+ <?php echo "<span class=\"red\"><strong>" . gettext("Hint: ") . "</strong></span>" . gettext("in most cases, every 12 hours is a good choice."); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td>
<td width="78%" class="vtable"><input type="text" class="formfld time" name="autoruleupdatetime" id="autoruleupdatetime" size="4"
- maxlength="5" value="<?=$pconfig['autoruleupdatetime'];?>" <?php if ($pconfig['autoruleupdate'] == "never_up") {echo "disabled";} ?>><span class="vexpl">&nbsp;&nbsp;
- <?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). ") . "<strong>" .
- gettext("Default") . "&nbsp;</strong>" . gettext("is ") . "<strong>" . gettext("00:03") . "</strong></span>"; ?>.<br/><br/>
+ maxlength="5" value="<?=$pconfig['autoruleupdatetime'];?>" <?php if ($pconfig['autoruleupdate'] == "never_up") {echo "disabled";} ?>/>&nbsp;&nbsp;
+ <?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). Default is ") . "<strong>" . gettext("00:03") . "</strong>"; ?>.<br/><br/>
<?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " .
"start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:03 and 12:03 each day."); ?></td>
</tr>
<tr>
- <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Live Rule Swap on Update"); ?></td>
+ <td width="78%" class="vtable"><input name="live_swap_updates" id="live_swap_updates" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates']=="on") echo " checked"; ?>/>
+ &nbsp;<?php echo gettext("Enable \"Live Swap\" reload of rules after downloading an update. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/><br/>
+ <?php echo gettext("When enabled, Suricata will perform a live load of the new rules following an update instead of a hard restart. " .
+ "If issues are encountered with live load, uncheck this option to perform a hard restart of all Suricata instances following an update."); ?></td>
</tr>
<tr>
-<?php $suricatalogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " .
- "Limit"); ?><br/>
- <br/>
- <br/>
- <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/>
- <?php echo gettext("Available space is"); ?> <strong><?php echo $suricatalogCurrentDSKsize; ?>&nbsp;MB</strong></td>
- <td width="78%" class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td colspan="2"><input name="suricataloglimit" type="radio" id="suricataloglimit" value="on"
- <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?>><span class="vexpl">
- <strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</span></td>
- </tr>
- <tr>
- <td colspan="2"><input name="suricataloglimit" type="radio" id="suricataloglimit" value="off"
- <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?>> <span class="vexpl"><strong><?php echo gettext("Disable"); ?></strong>
- <?php echo gettext("directory size limit"); ?></span><br/>
- <br/>
- <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("Nanobsd " .
- "should use no more than 10MB of space."); ?></td>
- </tr>
- </table>
- <table width="100%" border="0" cellpadding="2" cellspacing="0">
- <tr>
- <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?>&nbsp;
- <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>">
- &nbsp;<?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td>
- </tr>
- </table>
- </td>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
</tr>
-<tr style="display:none;">
+<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts Interval"); ?></td>
<td width="78%" class="vtable">
<select name="rm_blocked" class="formselect" id="rm_blocked">
<?php
$interfaces3 = array('never_b' => gettext('NEVER'), '15m_b' => gettext('15 MINS'), '30m_b' => gettext('30 MINS'), '1h_b' => gettext('1 HOUR'), '3h_b' => gettext('3 HOURS'), '6h_b' => gettext('6 HOURS'), '12h_b' => gettext('12 HOURS'), '1d_b' => gettext('1 DAY'), '4d_b' => gettext('4 DAYS'), '7d_b' => gettext('7 DAYS'), '28d_b' => gettext('28 DAYS'));
foreach ($interfaces3 as $iface3 => $ifacename3): ?>
- <option value="<?=$iface3;?>"
- <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename3);?></option>
- <?php endforeach; ?>
- </select>&nbsp;
+ <option value="<?=$iface3;?>"
+ <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;
<?php echo gettext("Please select the amount of time you would like hosts to be blocked."); ?><br/><br/>
<?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Log to System Log"); ?></td>
- <td width="78%" class="vtable"><input name="log_to_systemlog"
- id="log_to_systemlog" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog']=="on") echo "checked"; ?>
- >&nbsp;<?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td>
-</tr>
-<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Suricata Log Files After Deinstall"); ?></td>
- <td width="78%" class="vtable"><input name="clearlogs"
- id="clearlogs" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo "checked"; ?>
- >&nbsp;<?php echo gettext("Suricata log files will be removed during package deinstallation."); ?></td>
+ <td width="78%" class="vtable"><input name="log_to_systemlog" id="log_to_systemlog" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Suricata Settings After Deinstall"); ?></td>
- <td width="78%" class="vtable"><input name="forcekeepsettings"
- id="forcekeepsettings" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings']=="on") echo "checked"; ?>
- >&nbsp;<?php echo gettext("Settings will not be removed during package deinstallation."); ?></td>
+ <td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("Settings will not be removed during package deinstallation."); ?></td>
</tr>
<tr>
- <td width="22%" valign="top">
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" >
- </td>
+ <td colspan="2" align="center"><input name="save" type="submit" class="formbtn" value="Save"/></td>
</tr>
<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%" class="vexpl"><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
+ <td colspan="2" class="vexpl" align="center"><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
</span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td>
</tr>
</table>
diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php
index c16ac65d..ccaaf29d 100644
--- a/config/suricata/suricata_import_aliases.php
+++ b/config/suricata/suricata_import_aliases.php
@@ -1,5 +1,4 @@
<?php
-/* $Id$ */
/*
suricata_import_aliases.php
Copyright (C) 2014 Bill Meeks
@@ -27,160 +26,51 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-require("guiconfig.inc");
-require_once("functions.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
+/************************************************************************************
+ This file contains code for selecting and importing an existing Alias.
+ It is included and injected inline from other Suricata PHP pages that
+ use the Import Alias functionality.
-// Retrieve any passed QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng = $_GET['eng'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (isset($_POST['eng']))
- $eng = $_POST['eng'];
+ The following variables are assumed to exist and must be initialized
+ as necessary in order to utilize this page.
-// Make sure we have a valid rule ID and ENGINE name, or
-// else bail out to top-level menu.
-if (is_null($id) || is_null($eng)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+ $g --> system global variables array
+ $config --> global variable pointing to configuration information
+ $a_aliases --> $config['aliases']['alias'] array
+ $title --> title string for import alias engine type
+ $used --> array of currently used engine 'bind_to' Alias names
+ $selectalias --> boolean to display radio buttons instead of checkboxes
+ $mode --> string value to indicate current operation mode
-// Used to track if any selectable Aliases are found
-$selectablealias = false;
+ Information is returned from this page via the following form fields:
-// Initialize required array variables as necessary
-if (!is_array($config['aliases']['alias']))
- $config['aliases']['alias'] = array();
-$a_aliases = $config['aliases']['alias'];
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-
-// The $eng variable points to the specific Suricata config section
-// engine we are importing values into. Initialize the config.xml
-// array if necessary.
-if (!is_array($config['installedpackages']['suricata']['rule'][$id][$eng]['item']))
- $config['installedpackages']['suricata']['rule'][$id][$eng]['item'] = array();
-
-// Initialize a pointer to the Suricata config section engine we are
-// importing values into.
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id][$eng]['item'];
-
-// Build a lookup array of currently used engine 'bind_to' Aliases
-// so we can screen matching Alias names from the list.
-$used = array();
-foreach ($a_nat as $v)
- $used[$v['bind_to']] = true;
-
-// Construct the correct return URL based on the Suricata config section
-// engine we were called with. This lets us return to the page we were
-// called from.
-switch ($eng) {
- case "host_os_policy":
- $returl = "/suricata/suricata_flow_stream.php";
- $multi_ip = true;
- $title = "Host Operating System Policy";
- break;
- case "libhtp_policy":
- $returl = "/suricata/suricata_app_parsers.php";
- $multi_ip = true;
- $title = "HTTP Server Policy";
- break;
- default:
- $returl = "/suricata/suricata_interface_edit";
- $multi_ip = true;
- $title = "";
-}
-
-if ($_POST['cancel']) {
- header("Location: {$returl}?id={$id}");
- exit;
-}
-
-if ($_POST['save']) {
-
- // Define default engine configurations for each of the supported engines.
- $def_os_policy = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
-
- $def_libhtp_policy = array( "name" => "default", "bind_to" => "all", "personality" => "IDS",
- "request-body-limit" => 4096, "response-body-limit" => 4096,
- "double-decode-path" => "no", "double-decode-query" => "no" );
-
- // Figure out which engine type we are importing and set up default engine array
- $engine = array();
- switch ($eng) {
- case "host_os_policy":
- $engine = $def_os_policy;
- break;
- case "libhtp_policy":
- $engine = $def_libhtp_policy;
- break;
- default:
- $engine = "";
- $input_errors[] = gettext("Invalid ENGINE TYPE passed in query string. Aborting operation.");
- }
+ aliastoimport[] --> checkbox array containing selected alias names
+ save_import_alias --> Submit button for save operation and exit
+ cancel_import_alias --> Submit button to cancel operation and exit
+ ************************************************************************************/
+?>
- // See if anything was checked to import
- if (is_array($_POST['toimport']) && count($_POST['toimport']) > 0) {
- foreach ($_POST['toimport'] as $item) {
- $engine['name'] = strtolower($item);
- $engine['bind_to'] = $item;
- $a_nat[] = $engine;
- }
+<?php $selectablealias = false;
+ if (!is_array($a_aliases))
+ $a_aliases = array();
+ if ($mode <> "")
+ echo '<input type="hidden" name="mode" id="mode" value="' . $mode . '"/>';
+ if ($selectalias == true) {
+ $fieldtype = "radio";
+ $header = gettext("Select an Alias to use as {$title} target from the list below.");
}
- else
- $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
-
- // if no errors, write new entry to conf
- if (!$input_errors) {
- // Reorder the engine array to ensure the
- // 'bind_to=all' entry is at the bottom if
- // the array contains more than one entry.
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- // Only relocate the entry if we
- // found it, and it's not already
- // at the end.
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- // Now write the new engine array to conf and return
- write_config();
-
- header("Location: {$returl}?id={$id}");
- exit;
+ else {
+ $fieldtype = "checkbox";
+ $header = gettext("Select one or more Aliases to use as {$title} targets from the list below.");
}
-}
-
-$pgtitle = gettext("Suricata: Import Host/Network Alias for {$title}");
-include("head.inc");
-
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<form action="suricata_import_aliases.php" method="post">
-<input type="hidden" name="id" value="<?=$id;?>">
-<input type="hidden" name="eng" value="<?=$eng;?>">
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td class="tabcont"><strong><?=gettext("Select one or more Aliases to use as {$title} targets from the list below.");?></strong><br/>
- </td>
+ <td class="listtopic" align="center"><?=$header;?></td>
</tr>
<tr>
- <td class="tabcont">
+ <td>
<table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
<colgroup>
<col width="5%" align="center">
@@ -221,7 +111,7 @@ include("head.inc");
<td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
<?php else: ?>
<tr>
- <td class="listlr" align="center"><input type="checkbox" name="toimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
+ <td class="listlr" align="center"><input type="<?=$fieldtype;?>" name="aliastoimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
<?php endif; ?>
<td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td>
<td class="listr" align="left">
@@ -244,29 +134,26 @@ include("head.inc");
</tr>
<?php if (!$selectablealias): ?>
<tr>
- <td class="tabcont" align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for import.");?></b></td>
+ <td align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for import.");?></b></td>
</tr>
<tr>
- <td class="tabcont" align="center">
- <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+ <td align="center" valign="middle">
+ <input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
</td>
</tr>
<?php else: ?>
<tr>
- <td class="tabcont" align="center">
- <input type="Submit" name="save" value="Save" id="save" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;&nbsp;
- <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+ <td align="center" valign="middle">
+ <input type="Submit" name="save_import_alias" value="Save" id="save_import_alias" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;
+ <input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
</td>
</tr>
<?php endif; ?>
<tr>
- <td class="tabcont">
+ <td>
<span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br></strong></span><?=gettext("Fully-Qualified Domain Name (FQDN) host Aliases cannot be used as Suricata configuration parameters. Aliases resolving to a single FQDN value are disabled in the list above. In the case of nested Aliases where one or more of the nested values is a FQDN host, the FQDN host will not be included in the {$title} configuration.");?></span>
</td>
</tr>
</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
+
+
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 26ccada3..26d57b71 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -2,19 +2,30 @@
/*
* suricata_interfaces.php
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -27,7 +38,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-$nocsrf = true;
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -37,42 +47,26 @@ $suricatadir = SURICATADIR;
$suricatalogdir = SURICATALOGDIR;
$rcdir = RCFILEPREFIX;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if ($_POST['id'])
$id = $_POST['id'];
+else
+ $id = 0;
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_nat = &$config['installedpackages']['suricata']['rule'];
$id_gen = count($config['installedpackages']['suricata']['rule']);
-if (isset($_POST['del_x'])) {
- /* delete selected rules */
+if ($_POST['del_x']) {
+ /* delete selected interfaces */
if (is_array($_POST['rule'])) {
conf_mount_rw();
foreach ($_POST['rule'] as $rulei) {
- /* convert fake interfaces to real */
$if_real = get_real_interface($a_nat[$rulei]['interface']);
$suricata_uuid = $a_nat[$rulei]['uuid'];
suricata_stop($a_nat[$rulei], $if_real);
exec("/bin/rm -r {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}");
exec("/bin/rm -r {$suricatadir}suricata_{$suricata_uuid}_{$if_real}");
-
- // If interface had auto-generated Suppress List, then
- // delete that along with the interface
- $autolist = "{$a_nat[$rulei]['interface']}" . "suppress";
- if (is_array($config['installedpackages']['suricata']['suppress']) &&
- is_array($config['installedpackages']['suricata']['suppress']['item'])) {
- $a_suppress = &$config['installedpackages']['suricata']['suppress']['item'];
- foreach ($a_suppress as $k => $i) {
- if ($i['name'] == $autolist) {
- unset($config['installedpackages']['suricata']['suppress']['item'][$k]);
- break;
- }
- }
- }
-
- // Finally delete the interface's config entry entirely
unset($a_nat[$rulei]);
}
conf_mount_ro();
@@ -103,16 +97,15 @@ if (isset($_POST['del_x'])) {
header("Location: /suricata/suricata_interfaces.php");
exit;
}
-
}
/* start/stop Barnyard2 */
-if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
+if ($_POST['bartoggle']) {
$suricatacfg = $config['installedpackages']['suricata']['rule'][$id];
$if_real = get_real_interface($suricatacfg['interface']);
$if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']);
- if (suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2') == 'no') {
+ if (!suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2')) {
log_error("Toggle (barnyard starting) for {$if_friendly}({$suricatacfg['descr']})...");
sync_suricata_package_config();
suricata_barnyard_start($suricatacfg, $if_real);
@@ -127,12 +120,12 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
}
/* start/stop Suricata */
-if ($_GET['act'] == 'toggle' && is_numeric($id)) {
+if ($_POST['toggle']) {
$suricatacfg = $config['installedpackages']['suricata']['rule'][$id];
$if_real = get_real_interface($suricatacfg['interface']);
$if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']);
- if (suricata_is_running($suricatacfg['uuid'], $if_real) == 'yes') {
+ if (suricata_is_running($suricatacfg['uuid'], $if_real)) {
log_error("Toggle (suricata stopping) for {$if_friendly}({$suricatacfg['descr']})...");
suricata_stop($suricatacfg, $if_real);
} else {
@@ -152,24 +145,21 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
header("Location: /suricata/suricata_interfaces.php");
exit;
}
-
-$pgtitle = "Services: Suricata Intrusion Detection System";
+$suri_pkg_ver = SURICATA_PKG_VER;
+$pgtitle = "Services: {$suri_pkg_ver} - Intrusion Detection System";
include_once("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php
-include_once("fbegin.inc");
-if ($pfsense_stable == 'yes')
- echo '<p class="pgtitle">' . $pgtitle . '</p>';
-?>
+<?php include_once("fbegin.inc"); ?>
<form action="suricata_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input type="hidden" name="id" id="id" value="">
<?php
/* Display Alert message */
if ($input_errors)
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
@@ -184,9 +174,12 @@ if ($pfsense_stable == 'yes')
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -194,25 +187,32 @@ if ($pfsense_stable == 'yes')
<td>
<div id="mainarea">
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <colgroup>
+ <col width="3%" align="center">
+ <col width="12%">
+ <col width="14%">
+ <col width="120" align="center">
+ <col width="65" align="center">
+ <col width="14%">
+ <col>
+ <col width="20" align="center">
+ </colgroup>
+ <thead>
<tr id="frheader">
- <td width="3%" class="list">&nbsp;</td>
- <td width="10%" class="listhdrr"><?php echo gettext("Interface"); ?></td>
- <td width="13%" class="listhdrr"><?php echo gettext("Suricata"); ?></td>
- <td width="10%" class="listhdrr"><?php echo gettext("Pattern Match"); ?></td>
- <td width="10%" class="listhdrr"><?php echo gettext("Block"); ?></td>
- <td width="12%" class="listhdrr"><?php echo gettext("Barnyard2"); ?></td>
- <td width="30%" class="listhdr"><?php echo gettext("Description"); ?></td>
- <td width="3%" class="list">
- <table border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td></td>
- <td align="center" valign="middle"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a></td>
- </tr>
- </table>
- </td>
+ <th class="list">&nbsp;</th>
+ <th class="listhdrr"><?php echo gettext("Interface"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Suricata"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Pattern Match"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Block"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th>
+ <th class="listhdr"><?php echo gettext("Description"); ?></th>
+ <th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a>
+ </th>
</tr>
+ </thead>
<?php $nnats = $i = 0;
// Turn on buffering to speed up rendering
@@ -237,7 +237,7 @@ if ($pfsense_stable == 'yes')
$if_real = get_real_interface($natent['interface']);
$natend_friendly= convert_friendly_interface_to_friendly_descr($natent['interface']);
$suricata_uuid = $natent['uuid'];
- if (suricata_is_running($suricata_uuid, $if_real) == 'no'){
+ if (!suricata_is_running($suricata_uuid, $if_real)){
$iconfn = 'block';
$iconfn_msg1 = 'Suricata is not running on ';
$iconfn_msg2 = '. Click to start.';
@@ -247,7 +247,7 @@ if ($pfsense_stable == 'yes')
$iconfn_msg1 = 'Suricata is running on ';
$iconfn_msg2 = '. Click to stop.';
}
- if (suricata_is_running($suricata_uuid, $if_real, 'barnyard2') == 'no'){
+ if (!suricata_is_running($suricata_uuid, $if_real, 'barnyard2')){
$biconfn = 'block';
$biconfn_msg1 = 'Barnyard2 is not running on ';
$biconfn_msg2 = '. Click to start.';
@@ -275,31 +275,30 @@ if ($pfsense_stable == 'yes')
<td class="listt">
<input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;">
</td>
- <td class="listr"
- id="frd<?=$nnats;?>" valign="middle"
+ <td class="listr" valign="middle"
+ id="frd<?=$nnats;?>"
ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
echo $natend_friendly;
?>
</td>
- <td class="listr"
+ <td class="listr" valign="middle"
id="frd<?=$nnats;?>"
ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
$check_suricata_info = $config['installedpackages']['suricata']['rule'][$nnats]['enable'];
if ($check_suricata_info == "on") {
- echo gettext("ENABLED");
- echo "<a href='?act=toggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" ";
+ echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>";
echo ($no_rules) ? "&nbsp;<img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : "";
} else
echo gettext("DISABLED");
?>
</td>
<td class="listr"
- id="frd<?=$nnats;?>" valign="middle"
+ id="frd<?=$nnats;?>" valign="middle" align="center"
ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
$check_performance_info = $config['installedpackages']['suricata']['rule'][$nnats]['mpm_algo'];
@@ -311,7 +310,7 @@ if ($pfsense_stable == 'yes')
?> <?=strtoupper($check_performance);?>
</td>
<td class="listr"
- id="frd<?=$nnats;?>" valign="middle"
+ id="frd<?=$nnats;?>" valign="middle" align="center"
ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
$check_blockoffenders_info = $config['installedpackages']['suricata']['rule'][$nnats]['blockoffenders'];
@@ -329,11 +328,9 @@ if ($pfsense_stable == 'yes')
<?php
$check_suricatabarnyardlog_info = $config['installedpackages']['suricata']['rule'][$nnats]['barnyard_enable'];
if ($check_suricatabarnyardlog_info == "on") {
- echo gettext("ENABLED");
- echo "<a href='?act=bartoggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>";
} else
echo gettext("DISABLED");
?>
@@ -343,14 +340,9 @@ if ($pfsense_stable == 'yes')
<font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;</font>
</td>
<td valign="middle" class="list" nowrap>
- <table border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td><a href="suricata_interfaces_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a>
- </td>
- </tr>
- </table>
+ <a href="suricata_interfaces_edit.php?id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a>
</td>
</tr>
<?php $i++; $nnats++; endforeach; ob_end_flush(); ?>
@@ -363,19 +355,13 @@ if ($pfsense_stable == 'yes')
<?php endif; ?>
</td>
<td class="list" valign="middle" nowrap>
- <table border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td><?php if ($nnats == 0): ?><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
- width="17" height="17" " border="0">
- <?php else: ?>
- <input name="del" type="image"
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>"
- onclick="return intf_del()">
- <?php endif; ?></td>
- </tr>
- </table>
+ <?php if ($nnats == 0): ?>
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0">
+ <?php else: ?>
+ <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>"
+ onclick="return intf_del()">
+ <?php endif; ?>
</td>
</tr>
<tr>
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 5f644a55..3b61755c 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -2,19 +2,30 @@
/*
* suricata_interfaces_edit.php
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -32,6 +43,9 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
+$suricatadir = SURICATADIR;
+$suricatalogdir = SURICATALOGDIR;
+
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
$suricataglob = $config['installedpackages']['suricata'];
@@ -40,13 +54,13 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_rule = &$config['installedpackages']['suricata']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+elseif (isset($_GET['id']) && is_numericint($_GET['id']));
+ $id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401);
+
+if (is_null($id))
+ $id = 0;
$pconfig = array();
if (empty($suricataglob['rule'][$id]['uuid'])) {
@@ -62,13 +76,7 @@ else {
$suricata_uuid = $pconfig['uuid'];
// Get the physical configured interfaces on the firewall
-if (function_exists('get_configured_interface_with_descr'))
- $interfaces = get_configured_interface_with_descr();
-else {
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
-}
+$interfaces = get_configured_interface_with_descr();
// See if interface is already configured, and use its values
if (isset($id) && $a_rule[$id]) {
@@ -78,8 +86,8 @@ if (isset($id) && $a_rule[$id]) {
if (empty($pconfig['uuid']))
$pconfig['uuid'] = $suricata_uuid;
}
-// Must be a new interface, so try to pick next available physical interface to use
elseif (isset($id) && !isset($a_rule[$id])) {
+ // Must be a new interface, so try to pick next available physical interface to use
$ifaces = get_configured_interface_list();
$ifrules = array();
foreach($a_rule as $r)
@@ -87,6 +95,9 @@ elseif (isset($id) && !isset($a_rule[$id])) {
foreach ($ifaces as $i) {
if (!in_array($i, $ifrules)) {
$pconfig['interface'] = $i;
+ $pconfig['enable'] = 'on';
+ $pconfig['descr'] = strtoupper($i);
+ $pconfig['inspect_recursion_limit'] = '3000';
break;
}
}
@@ -97,16 +108,11 @@ elseif (isset($id) && !isset($a_rule[$id])) {
}
}
-if (isset($_GET['dup']))
- unset($id);
-
// Set defaults for any empty key parameters
if (empty($pconfig['blockoffendersip']))
$pconfig['blockoffendersip'] = "both";
if (empty($pconfig['max_pending_packets']))
$pconfig['max_pending_packets'] = "1024";
-if (empty($pconfig['inspect_recursion_limit']))
- $pconfig['inspect_recursion_limit'] = "3000";
if (empty($pconfig['detect_eng_profile']))
$pconfig['detect_eng_profile'] = "medium";
if (empty($pconfig['mpm_algo']))
@@ -136,18 +142,60 @@ if (empty($pconfig['max_pcap_log_size']))
if (empty($pconfig['max_pcap_log_files']))
$pconfig['max_pcap_log_files'] = "1000";
-if ($_POST["Submit"]) {
- if (!$_POST['interface'])
+if ($_POST["save"]) {
+ // If the interface is not enabled, stop any running Suricata
+ // instance on it, save the new state and exit.
+ if (!isset($_POST['enable'])) {
+ if (isset($id) && $a_rule[$id]) {
+ $a_rule[$id]['enable'] = 'off';
+ $a_rule[$id]['interface'] = htmlspecialchars($_POST['interface']);
+ $a_rule[$id]['descr'] = htmlspecialchars($_POST['descr']);
+ suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface']));
+
+ // Save configuration changes
+ write_config();
+
+ // Update suricata.conf and suricata.sh files for this interface
+ sync_suricata_package_config();
+
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /suricata/suricata_interfaces.php");
+ exit;
+ }
+ }
+
+ // Validate inputs
+ if (!isset($_POST['interface']))
$input_errors[] = gettext("Choosing an Interface is mandatory!");
- if ($_POST['max_pending_packets'] < 1 || $_POST['max_pending_packets'] > 65535)
- $input_errors[] = gettext("The value for Maximum-Pending-Packets must be between 1 and 65,535!");
+ if (isset($_POST['stats_upd_interval']) && !is_numericint($_POST['stats_upd_interval']))
+ $input_errors[] = gettext("The value for Stats Update Interval must contain only digits and evaluate to an integer.");
+
+ if ($_POST['max_pending_packets'] < 1 || $_POST['max_pending_packets'] > 65000)
+ $input_errors[] = gettext("The value for Maximum-Pending-Packets must be between 1 and 65,000!");
- if (!empty($_POST['max_pcap_log_size']) && !is_numeric($_POST['max_pcap_log_size']))
+ if (isset($_POST['max_pcap_log_size']) && !is_numeric($_POST['max_pcap_log_size']))
$input_errors[] = gettext("The value for 'Max Packet Log Size' must be numbers only. Do not include any alphabetic characters.");
- if (!empty($_POST['max_pcap_log_files']) && !is_numeric($_POST['max_pcap_log_files']))
- $input_errors[] = gettext("The value for 'Max Packet Log Files' must be numbers only.");
+ if (isset($_POST['max_pcap_log_files']) && !is_numeric($_POST['max_pcap_log_files']))
+ $input_errors[] = gettext("The value for 'Max Packet Log Files' must be numbers only.");
+
+ if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit']))
+ $input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0.");
+
+ /* See if assigned interface is already in use */
+ if (isset($_POST['interface'])) {
+ foreach ($a_rule as $k => $v) {
+ if (($v['interface'] == $_POST['interface']) && ($id <> $k)) {
+ $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance.");
+ break;
+ }
+ }
+ }
// if no errors write to suricata.yaml
if (!$input_errors) {
@@ -156,21 +204,12 @@ if ($_POST["Submit"]) {
$natent['enable'] = $_POST['enable'] ? 'on' : 'off';
$natent['uuid'] = $pconfig['uuid'];
- // See if the HOME_NET, EXTERNAL_NET, or SUPPRESS LIST values were changed
- $suricata_reload = false;
- if ($_POST['homelistname'] && ($_POST['homelistname'] <> $natent['homelistname']))
- $suricata_reload = true;
- if ($_POST['externallistname'] && ($_POST['externallistname'] <> $natent['externallistname']))
- $suricata_reload = true;
- if ($_POST['suppresslistname'] && ($_POST['suppresslistname'] <> $natent['suppresslistname']))
- $suricata_reload = true;
-
- if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = strtoupper($natent['interface']);
+ if ($_POST['descr']) $natent['descr'] = htmlspecialchars($_POST['descr']); else $natent['descr'] = strtoupper($natent['interface']);
if ($_POST['max_pcap_log_size']) $natent['max_pcap_log_size'] = $_POST['max_pcap_log_size']; else unset($natent['max_pcap_log_size']);
if ($_POST['max_pcap_log_files']) $natent['max_pcap_log_files'] = $_POST['max_pcap_log_files']; else unset($natent['max_pcap_log_files']);
if ($_POST['enable_stats_log'] == "on") { $natent['enable_stats_log'] = 'on'; }else{ $natent['enable_stats_log'] = 'off'; }
if ($_POST['append_stats_log'] == "on") { $natent['append_stats_log'] = 'on'; }else{ $natent['append_stats_log'] = 'off'; }
- if ($_POST['stats_upd_interval']) $natent['stats_upd_interval'] = $_POST['stats_upd_interval']; else $natent['stats_upd_interval'] = "10";
+ if ($_POST['stats_upd_interval'] >= 1) $natent['stats_upd_interval'] = $_POST['stats_upd_interval']; else $natent['stats_upd_interval'] = "10";
if ($_POST['enable_http_log'] == "on") { $natent['enable_http_log'] = 'on'; }else{ $natent['enable_http_log'] = 'off'; }
if ($_POST['append_http_log'] == "on") { $natent['append_http_log'] = 'on'; }else{ $natent['append_http_log'] = 'off'; }
if ($_POST['enable_tls_log'] == "on") { $natent['enable_tls_log'] = 'on'; }else{ $natent['enable_tls_log'] = 'off'; }
@@ -182,30 +221,37 @@ if ($_POST["Submit"]) {
if ($_POST['enable_tracked_files_md5'] == "on") { $natent['enable_tracked_files_md5'] = 'on'; }else{ $natent['enable_tracked_files_md5'] = 'off'; }
if ($_POST['enable_file_store'] == "on") { $natent['enable_file_store'] = 'on'; }else{ $natent['enable_file_store'] = 'off'; }
if ($_POST['max_pending_packets']) $natent['max_pending_packets'] = $_POST['max_pending_packets']; else unset($natent['max_pending_packets']);
- if ($_POST['inspect_recursion_limit']) $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']);
+ if ($_POST['inspect_recursion_limit'] >= '0') $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']);
if ($_POST['detect_eng_profile']) $natent['detect_eng_profile'] = $_POST['detect_eng_profile']; else unset($natent['detect_eng_profile']);
if ($_POST['mpm_algo']) $natent['mpm_algo'] = $_POST['mpm_algo']; else unset($natent['mpm_algo']);
if ($_POST['sgh_mpm_context']) $natent['sgh_mpm_context'] = $_POST['sgh_mpm_context']; else unset($natent['sgh_mpm_context']);
if ($_POST['blockoffenders'] == "on") $natent['blockoffenders'] = 'on'; else $natent['blockoffenders'] = 'off';
if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']);
if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']);
- if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']);
+ if ($_POST['passlistname']) $natent['passlistname'] = $_POST['passlistname']; else unset($natent['passlistname']);
if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']);
if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']);
if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']);
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
+ if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; }
if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']);
$if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id]) {
+ // See if moving an existing Suricata instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
- suricata_stop($a_rule[$id], $oif_real);
- exec("rm -r /var/log/suricata_{$oif_real}" . $a_rule[$id]['uuid']);
- exec("mv -f {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ if (suricata_is_running($a_rule[$id]['uuid'], $oif_real)) {
+ suricata_stop($a_rule[$id], $oif_real);
+ $suricata_start = true;
+ }
+ else
+ $suricata_start = false;
+ exec("mv -f {$suricatalogdir}suricata_{$oif_real}" . $a_rule[$id]['uuid'] . " {$suricatalogdir}suricata_{$if_real}" . $a_rule[$id]['uuid']);
+ conf_mount_rw();
+ exec("mv -f {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ conf_mount_ro();
}
- // Edits don't require a rules rebuild, so turn it "off"
- $rebuild_rules = false;
$a_rule[$id] = $natent;
} else {
// Adding new interface, so set interface configuration parameter defaults
@@ -247,6 +293,7 @@ if ($_POST["Submit"]) {
$natent['reassembly_to_client_chunk'] = '2560';
$natent['enable_midstream_sessions'] = 'off';
$natent['enable_async_sessions'] = 'off';
+ $natent['delayed_detect'] = 'off';
$natent['asn1_max_frames'] = '256';
@@ -263,7 +310,7 @@ if ($_POST["Submit"]) {
$natent['libhtp_policy']['item'][] = $default;
// Enable the basic default rules for the interface
- $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules";
+ $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules";
// Adding a new interface, so set flag to build new rules
$rebuild_rules = true;
@@ -282,15 +329,6 @@ if ($_POST["Submit"]) {
// Update suricata.conf and suricata.sh files for this interface
sync_suricata_package_config();
- /*******************************************************/
- /* Signal Suricata to reload configuration if we changed */
- /* HOME_NET, EXTERNAL_NET or Suppress list values. */
- /* The function only signals a running Suricata instance */
- /* to safely reload these parameters. */
- /*******************************************************/
- if ($suricata_reload == true)
- suricata_reload_config($natent, "USR2");
-
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -309,19 +347,14 @@ include_once("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors);
- }
-
- if ($savemsg) {
- print_info_box($savemsg);
- }
+<?php include("fbegin.inc");
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform">
@@ -329,13 +362,16 @@ include_once("head.inc");
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -347,7 +383,7 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -374,13 +410,13 @@ include_once("head.inc");
<?php endforeach; ?>
</select>&nbsp;&nbsp;
<span class="vexpl"><?php echo gettext("Choose which interface this Suricata instance applies to."); ?><br/>
- <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("In most cases, you'll want to use WAN here."); ?></span><br/></td>
+ <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("In most cases, you'll want to use WAN here if this is the first Suricata-configured interface."); ?></span><br/></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td>
<td width="78%" class="vtable"><input name="descr" type="text"
class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"/> <br/>
- <span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td>
+ <span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference. The default is the interface name."); ?></span><br/></td>
</tr>
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Logging Settings"); ?></td>
@@ -390,7 +426,6 @@ include_once("head.inc");
<td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/>
<?php echo gettext("Suricata will send Alerts to the firewall's system log."); ?></td>
</tr>
-
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Stats Log"); ?></td>
<td width="78%" class="vtable"><input name="enable_stats_log" type="checkbox" value="on" <?php if ($pconfig['enable_stats_log'] == "on") echo "checked"; ?>
@@ -466,8 +501,6 @@ include_once("head.inc");
gettext("This will consume a significant amount of disk space on a busy network when enabled!"); ?></div>
</td>
</tr>
-
-
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Packet Log"); ?></td>
<td width="78%" class="vtable"><input name="enable_pcap_log" id="enable_pcap_log" type="checkbox" value="on" <?php if ($pconfig['enable_pcap_log'] == "on") echo "checked"; ?>
@@ -484,7 +517,6 @@ include_once("head.inc");
<?php echo gettext("Enter maximum size in ") . "<strong>" . gettext("MB") . "</strong>" . gettext(" for a packet log file. Default is ") . "<strong>" .
gettext("32") . "</strong>."; ?><br/><br/><?php echo gettext("When the packet log file size reaches the set limit, it will be rotated and a new one created.") ?></td>
</tr>
- </tr>
<tr id="pcap_log_max_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Max Packet Log Files"); ?></td>
<td width="78%" class="vtable"><input name="max_pcap_log_files" type="text"
@@ -492,8 +524,6 @@ include_once("head.inc");
<?php echo gettext("Enter maximum number of packet log files to maintain. Default is ") . "<strong>" .
gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td>
</tr>
-
-<!--
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
</tr>
@@ -529,8 +559,6 @@ include_once("head.inc");
<span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td>
</td>
</tr>
--->
-
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Detection Engine Settings"); ?></td>
</tr>
@@ -539,7 +567,9 @@ include_once("head.inc");
<td width="78%" class="vtable"><input name="max_pending_packets" type="text"
class="formfld unknown" id="max_pending_packets" size="8" value="<?=htmlspecialchars($pconfig['max_pending_packets']); ?>"/>&nbsp;
<?php echo gettext("Enter number of simultaneous packets to process. Default is ") . "<strong>" .
- gettext("1024") . "</strong>."; ?><br/><br/><?php echo gettext("Minimum value is 1 and the maximum value is 65,535.") ?></td>
+ gettext("1024") . "</strong>."; ?><br/><br/><?php echo gettext("This controls the number simultaneous packets the engine can handle. ") .
+ gettext("Setting this higher generally keeps the threads more busy. The minimum value is 1 and the maximum value is 65,000. ") . "<br/><span class='red'><strong>" .
+ gettext("Warning: ") . "</strong></span>" . gettext("Setting this too high can lead to degradation and a possible system crash by exhausting available memory.") ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Detect-Engine Profile"); ?></td>
@@ -575,7 +605,7 @@ include_once("head.inc");
</select>&nbsp;&nbsp;
<?php echo gettext("Choose a multi-pattern matcher (MPM) algorithm. ") . "<strong>" . gettext("Default") .
"</strong>" . gettext(" is ") . "<strong>" . gettext("AC") . "</strong>"; ?>.<br/><br/>
- <?php echo gettext("AC is recommended for most systems. "); ?>
+ <?php echo gettext("AC is the default, and is the best choice for almost all systems."); ?>
<br/></td>
</tr>
<tr>
@@ -605,7 +635,15 @@ include_once("head.inc");
gettext("3000") . "</strong>."; ?><br/><br/><?php echo gettext("When set to 0 an internal default is used. When left blank there is no recursion limit.") ?></td>
</tr>
<tr>
- <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Whitelist"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Delayed Detect"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="delayed_detect" id="delayed_detect" type="checkbox" value="on"
+ <?php if ($pconfig['delayed_detect'] == "on") echo " checked"; ?>/>
+ <?php echo gettext("Suricata will build list of signatures after packet capture threads have started. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td>
@@ -666,15 +704,15 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td>
<td width="78%" class="vtable">
- <select name="whitelistname" class="formselect" id="whitelistname">
+ <select name="passlistname" class="formselect" id="passlistname">
<?php
- /* find whitelist names and filter by type, make sure to track by uuid */
+ /* find passlist names and filter by type, make sure to track by uuid */
echo "<option value='default' >default</option>\n";
- if (is_array($suricataglob['whitelist']['item'])) {
- foreach ($suricataglob['whitelist']['item'] as $value) {
- if ($value['name'] == $pconfig['whitelistname'])
+ if (is_array($suricataglob['passlist']['item'])) {
+ foreach ($suricataglob['passlist']['item'] as $value) {
+ if ($value['name'] == $pconfig['passlistname'])
echo "<option value='{$value['name']}' selected>";
else
echo "<option value='{$value['name']}'>";
@@ -683,14 +721,13 @@ include_once("head.inc");
}
?>
</select>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')"
- id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','passlistname','passlist')"
+ id="btnPasslist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/>
<br/>
- <?php echo gettext("Choose the whitelist you want this interface to " .
- "use."); ?> <br/><br/>
+ <?php echo gettext("Choose the Pass List you want this interface to use."); ?> <br/><br/>
<span class="red"><?php echo gettext("Note:"); ?></span>&nbsp;<?php echo gettext("This option will only be used when block offenders is on."); ?><br/>
<span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("Default " .
- "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
+ "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
</td>
</tr>
<tr>
@@ -734,15 +771,13 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td width="22%" valign="top"></td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Click to save settings and exit"); ?>"/>
<input name="id" type="hidden" value="<?=$id;?>"/>
</td>
</tr>
<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
+ <td colspan="2" align="center" valign="middle"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
gettext("Please save your settings before you attempt to start Suricata."); ?>
</td>
</tr>
@@ -755,11 +790,11 @@ include_once("head.inc");
<script language="JavaScript">
function enable_blockoffenders() {
-// var endis = !(document.iform.blockoffenders.checked);
-// document.iform.blockoffenderskill.disabled=endis;
-// document.iform.blockoffendersip.disabled=endis;
-// document.iform.whitelistname.disabled=endis;
-// document.iform.btnWhitelist.disabled=endis;
+ var endis = !(document.iform.blockoffenders.checked);
+ document.iform.blockoffenderskill.disabled=endis;
+ document.iform.blockoffendersip.disabled=endis;
+ document.iform.passlistname.disabled=endis;
+ document.iform.btnPasslist.disabled=endis;
}
function toggle_stats_log() {
@@ -854,19 +889,20 @@ function enable_change(enable_change) {
document.iform.mpm_algo.disabled = endis;
document.iform.sgh_mpm_context.disabled = endis;
document.iform.inspect_recursion_limit.disabled = endis;
-// document.iform.blockoffenders.disabled = endis;
-// document.iform.blockoffendersip.disabled=endis;
-// document.iform.blockoffenderskill.disabled=endis;
+ document.iform.blockoffenders.disabled = endis;
+ document.iform.blockoffendersip.disabled=endis;
+ document.iform.blockoffenderskill.disabled=endis;
document.iform.alertsystemlog.disabled = endis;
document.iform.externallistname.disabled = endis;
document.iform.homelistname.disabled = endis;
- document.iform.whitelistname.disabled=endis;
+ document.iform.passlistname.disabled=endis;
document.iform.suppresslistname.disabled = endis;
document.iform.configpassthru.disabled = endis;
document.iform.btnHomeNet.disabled=endis;
- document.iform.btnWhitelist.disabled=endis;
+ document.iform.btnPasslist.disabled=endis;
document.iform.btnSuppressList.disabled=endis;
-}
+} document.iform.delayed_detect.disabled=endis;
+
function wopen(url, name, w, h) {
// Fudge factors for window decoration space.
@@ -889,15 +925,16 @@ function getSelectedValue(elemID) {
function viewList(id, elemID, elemType) {
if (typeof elemType == "undefined") {
- elemType = "whitelist";
+ elemType = "passlist";
}
var url = "suricata_list_view.php?id=" + id + "&wlist=";
url = url + getSelectedValue(elemID) + "&type=" + elemType;
- wopen(url, 'WhitelistViewer', 640, 480);
+ url = url + "&time=" + new Date().getTime();
+ wopen(url, 'PassListViewer', 640, 480);
}
enable_change(false);
-enable_blockoffenders();
+//enable_blockoffenders();
toggle_stats_log();
toggle_http_log();
toggle_tls_log();
diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php
index e7cf4135..7e6ffd6d 100644
--- a/config/suricata/suricata_libhtp_policy_engine.php
+++ b/config/suricata/suricata_libhtp_policy_engine.php
@@ -1,12 +1,24 @@
<?php
/*
* suricata_libhtp_policy_engine.php
+ *
+ * Portions of this code are based on original work done for the
+ * Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
@@ -26,159 +38,34 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
-
-global $g;
-
-// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (isset($_POST['eng_id']))
- $eng_id = $_POST['eng_id'];
-
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
-
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item']))
- $config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array();
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'];
-
-$pconfig = array();
-if (empty($a_nat[$eng_id])) {
- $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "personality" => "IDS",
- "request-body-limit" => "4096", "response-body-limit" => "4096",
- "double-decode-path" => "no", "double-decode-query" => "no" );
-
- // See if this is initial entry and set to "default" if true
- if ($eng_id < 1) {
- $def['name'] = "default";
- $def['bind_to'] = "all";
- }
- $pconfig = $def;
-}
-else {
- $pconfig = $a_nat[$eng_id];
-
- // Check for any empty values and set sensible defaults
- if (empty($pconfig['personality']))
- $pconfig['personality'] = "IDS";
-}
-
-if ($_POST['Cancel']) {
- header("Location: /suricata/suricata_app_parsers.php?id={$id}");
- exit;
-}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
-}
-
-if ($_POST['Submit']) {
-
- /* Grab all the POST values and save in new temp array */
- $engine = array();
- if ($_POST['policy_name']) { $engine['name'] = trim($_POST['policy_name']); } else { $engine['name'] = "default"; }
- if ($_POST['policy_bind_to']) {
- if (is_alias($_POST['policy_bind_to']))
- $engine['bind_to'] = $_POST['policy_bind_to'];
- elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
- $engine['bind_to'] = "all";
- else
- $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
- }
- else {
- $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
- }
-
- if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "IDS"; }
- if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0)
- $engine['request-body-limit'] = $_POST['req_body_limit'];
- else
- $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero.");
-
- if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0)
- $engine['response-body-limit'] = $_POST['resp_body_limit'];
- else
- $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero.");
-
- if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; }
- if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; }
-
- /* Can only have one "all" Bind_To address */
- if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
- $input_errors[] = gettext("Only one default HTTP Server Policy Engine can be bound to all addresses.");
- $pconfig = $engine;
- }
-
- /* if no errors, write new entry to conf */
- if (!$input_errors) {
- if (isset($eng_id) && $a_nat[$eng_id]) {
- $a_nat[$eng_id] = $engine;
- }
- else
- $a_nat[] = $engine;
-
- /* Reorder the engine array to ensure the */
- /* 'bind_to=all' entry is at the bottom */
- /* if it contains more than one entry. */
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- /* Only relocate the entry if we */
- /* found it, and it's not already */
- /* at the end. */
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- /* Now write the new engine array to conf */
- write_config();
-
- header("Location: /suricata/suricata_app_parsers.php?id={$id}");
- exit;
- }
-}
-
-$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['suricata']['rule'][$id]['interface']);
-$pgtitle = gettext("Suricata: Interface {$if_friendly} HTTP Server Policy Engine");
-include_once("head.inc");
-
+/**************************************************************************************
+ This file contains code for adding/editing an existing Libhtp Policy Engine.
+ It is included and injected inline as needed into the suricata_app_parsers.php
+ page to provide the edit functionality for Host OS Policy Engines.
+
+ The following variables are assumed to exist and must be initialized
+ as necessary in order to utilize this page.
+
+ $g --> system global variables array
+ $config --> global variable pointing to configuration information
+ $pengcfg --> array containing current Libhtp Policy engine configuration
+
+ Information is returned from this page via the following form fields:
+
+ policy_name --> Unique Name for the Libhtp Policy Engine
+ policy_bind_to --> Alias name representing "bind_to" IP address for engine
+ personality --> Operating system chosen for engine policy
+ select_alias --> Submit button for select alias operation
+ req_body_limit --> Request Body Limit size
+ resp_body_limit --> Response Body Limit size
+ enable_double_decode_path --> double-decode path part of URI
+ enable_double_decode_query --> double-decode query string part of URI
+ save_libhtp_policy --> Submit button for save operation and exit
+ cancel_libhtp_policy --> Submit button to cancel operation and exit
+ **************************************************************************************/
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
-
-<?php
-include("fbegin.inc");
-if ($input_errors) print_input_errors($input_errors);
-if ($savemsg)
- print_info_box($savemsg);
-?>
-
-<form action="suricata_libhtp_policy_engine.php" method="post" name="iform" id="iform">
-<input name="id" type="hidden" value="<?=$id?>">
-<input name="eng_id" type="hidden" value="<?=$eng_id?>">
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
-<td class="tabcont">
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
+<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="middle" class="listtopic"><?php echo gettext("Suricata Target-Based HTTP Server Policy Configuration"); ?></td>
</tr>
@@ -186,8 +73,8 @@ if ($savemsg)
<td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td>
<td class="vtable">
<input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25"
- value="<?=htmlspecialchars($pconfig['name']);?>"<?php if (htmlspecialchars($pconfig['name']) == "default") echo "readonly";?>>&nbsp;
- <?php if (htmlspecialchars($pconfig['name']) <> "default")
+ value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>>&nbsp;
+ <?php if (htmlspecialchars($pengcfg['name']) <> "default")
echo gettext("Name or description for this engine. (Max 25 characters)");
else
echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/>
@@ -198,13 +85,13 @@ if ($savemsg)
<tr>
<td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td>
<td class="vtable">
- <?php if ($pconfig['name'] <> "default") : ?>
+ <?php if ($pengcfg['name'] <> "default") : ?>
<table width="95%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off">&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -214,7 +101,7 @@ if ($savemsg)
<br/><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?>
<?php else : ?>
<input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" autocomplete="off" readonly>&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly>&nbsp;
<?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/>
<?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/>
<?php endif ?>
@@ -228,7 +115,7 @@ if ($savemsg)
$profile = array( 'Apache', 'Apache_2_2', 'Generic', 'IDS', 'IIS_4_0', 'IIS_5_0', 'IIS_5_1', 'IIS_6_0', 'IIS_7_0', 'IIS_7_5', 'Minimal' );
foreach ($profile as $val): ?>
<option value="<?=$val;?>"
- <?php if ($val == $pconfig['personality']) echo "selected"; ?>>
+ <?php if ($val == $pengcfg['personality']) echo "selected"; ?>>
<?=gettext($val);?></option>
<?php endforeach; ?>
</select>&nbsp;&nbsp;<?php echo gettext("Choose the web server personality appropriate for the protected hosts. The default is ") .
@@ -243,7 +130,7 @@ if ($savemsg)
<td width="22%" valign="top" class="vncell"><?php echo gettext("Request Body Limit"); ?></td>
<td width="78%" class="vtable">
<input name="req_body_limit" type="text" class="formfld unknown" id="req_body_limit" size="9"
- value="<?=htmlspecialchars($pconfig['request-body-limit']);?>">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['request-body-limit']);?>">&nbsp;
<?php echo gettext("Maximum number of HTTP request body bytes to inspect. Default is ") .
"<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/>
<?php echo gettext("HTTP request bodies are often big, so they take a lot of time to process which has a significant impact ") .
@@ -255,7 +142,7 @@ if ($savemsg)
<td width="22%" valign="top" class="vncell"><?php echo gettext("Response Body Limit"); ?></td>
<td width="78%" class="vtable">
<input name="resp_body_limit" type="text" class="formfld unknown" id="resp_body_limit" size="9"
- value="<?=htmlspecialchars($pconfig['response-body-limit']);?>">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['response-body-limit']);?>">&nbsp;
<?php echo gettext("Maximum number of HTTP response body bytes to inspect. Default is ") .
"<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/>
<?php echo gettext("HTTP response bodies are often big, so they take a lot of time to process which has a significant impact ") .
@@ -268,31 +155,25 @@ if ($savemsg)
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Path"); ?></td>
- <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="on" <?php if ($pconfig['double-decode-path'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-path'] == "yes") echo "checked"; ?>>
<?php echo gettext("Suricata will double-decode path section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Query"); ?></td>
- <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="on" <?php if ($pconfig['double-decode-query'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-query'] == "yes") echo "checked"; ?>>
<?php echo gettext("Suricata will double-decode query string section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
</tr>
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save_libhtp_policy" id="save_libhtp_policy" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save web server policy engine settings and return to App Parsers tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
- <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
+ <input name="cancel_libhtp_policy" id="cancel_libhtp_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo
gettext("Cancel changes and return to App Parsers tab"); ?>"></td>
</tr>
</table>
-</td>
-</tr>
-</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
+
<script type="text/javascript" src="/javascript/autosuggest.js">
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
@@ -311,4 +192,3 @@ setTimeout("createAutoSuggest();", 500);
</script>
-</html>
diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php
index 2ff121f2..722bf47a 100644
--- a/config/suricata/suricata_list_view.php
+++ b/config/suricata/suricata_list_view.php
@@ -2,29 +2,29 @@
/*
* suricata_list_view.php
*
- Copyright (C) 2014 Bill Meeks
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
@@ -34,23 +34,29 @@ global $g, $config;
$contents = '';
-$id = $_GET['id'];
-$wlist = $_GET['wlist'];
-$type = $_GET['type'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+$wlist = htmlspecialchars($_GET['wlist']);
+$type = htmlspecialchars($_GET['type']);
+$title = "List";
if (isset($id) && isset($wlist)) {
- $a_rule = $config['installedpackages']['suricata']['rule'][$id];
+ $a_rule = $config['installedpackages']['suricataglobal']['rule'][$id];
if ($type == "homenet") {
$list = suricata_build_list($a_rule, $wlist);
$contents = implode("\n", $list);
+ $title = "HOME_NET";
}
- elseif ($type == "whitelist") {
+ elseif ($type == "passlist") {
$list = suricata_build_list($a_rule, $wlist, true);
$contents = implode("\n", $list);
+ $title = "Pass List";
}
elseif ($type == "suppress") {
$list = suricata_find_list($wlist, $type);
$contents = str_replace("\r", "", base64_decode($list['suppresspassthru']));
+ $title = "Suppress List";
}
else
$contents = gettext("\n\nERROR -- Requested List Type entity is not valid!");
@@ -58,35 +64,32 @@ if (isset($id) && isset($wlist)) {
else
$contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!");
-$pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer"));
+$pgtitle = array(gettext("Suricata"), gettext($title . " Viewer"));
?>
<?php include("head.inc");?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php // include("fbegin.inc");?>
-<form action="suricata_list_view.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
<table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
<tr>
- <td class="pgtitle" colspan="2">Suricata: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td>
+ <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td>
</tr>
<tr>
<td align="left" width="20%">
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
<td align="right">
- <b><?php echo gettext(ucfirst($type) . ": ") . '</b>&nbsp;' . $_GET['wlist']; ?>&nbsp;&nbsp;&nbsp;&nbsp;
+ <b><?php echo gettext($title . ": ") . '</b>&nbsp;' . htmlspecialchars($_GET['wlist']); ?>&nbsp;&nbsp;&nbsp;&nbsp;
</td>
</tr>
<tr>
<td colspan="2" valign="top" class="label">
<div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea>
+ <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea>
</div>
</td>
</tr>
@@ -94,7 +97,5 @@ $pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer"));
</td>
</tr>
</table>
-</form>
-<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php
index 38310b9f..04edf373 100644
--- a/config/suricata/suricata_logs_browser.php
+++ b/config/suricata/suricata_logs_browser.php
@@ -1,37 +1,50 @@
<?php
/*
- suricata_logs_browser.php
-
- Copyright (C) 2014 Bill Meeks
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ * suricata_logs_browser.php
+ *
+ * Portions of this code are based on original work done for the
+ * Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
-if ($_POST['instance'])
+if (isset($_POST['instance']) && is_numericint($_POST['instance']))
$instanceid = $_POST['instance'];
+elseif (isset($_GET['instance']) && is_numericint($_GET['instance']))
+ $instanceid = htmlspecialchars($_GET['instance']);
if (empty($instanceid))
$instanceid = 0;
@@ -127,9 +140,12 @@ if ($input_errors) {
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), true, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -148,7 +164,7 @@ if ($input_errors) {
$selected = "";
if ($id == $instanceid)
$selected = "selected";
- echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . "){$instance['descr']}</option>\n";
+ echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . ") {$instance['descr']}</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which instance logs you want to view.'); ?>
@@ -159,7 +175,7 @@ if ($input_errors) {
<td width="78%" class="vtable">
<select name="logFile" id="logFile" class="formselect" onChange="loadFile();">
<?php
- $logs = array( "alerts.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" );
+ $logs = array( "alerts.log", "block.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" );
foreach ($logs as $log) {
$selected = "";
if ($log == basename($logfile))
diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php
new file mode 100644
index 00000000..16376c5b
--- /dev/null
+++ b/config/suricata/suricata_logs_mgmt.php
@@ -0,0 +1,489 @@
+<?php
+/*
+ * suricata_logs_mgmt.php
+ *
+ * Portions of this code are based on original work done for the
+ * Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+global $g;
+
+$suricatadir = SURICATADIR;
+
+$pconfig = array();
+
+// Grab saved settings from configuration
+$pconfig['enable_log_mgmt'] = $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on' ? 'on' : 'off';
+$pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs'];
+$pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimit'];
+$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
+$pconfig['alert_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'];
+$pconfig['alert_log_retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention'];
+$pconfig['block_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['block_log_limit_size'];
+$pconfig['block_log_retention'] = $config['installedpackages']['suricata']['config'][0]['block_log_retention'];
+$pconfig['files_json_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'];
+$pconfig['files_json_log_retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'];
+$pconfig['http_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'];
+$pconfig['http_log_retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention'];
+$pconfig['stats_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'];
+$pconfig['stats_log_retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention'];
+$pconfig['tls_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'];
+$pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention'];
+$pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'];
+$pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'];
+$pconfig['file_store_retention'] = $config['installedpackages']['suricata']['config'][0]['file_store_retention'];
+
+// Load up some arrays with selection values (we use these later).
+// The keys in the $retentions array are the retention period
+// converted to hours. The keys in the $log_sizes array are
+// the file size limits in KB.
+$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'),
+ '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'),
+ '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") );
+$log_sizes = array( '0' => gettext('NO LIMIT'), '50' => gettext('50 KB'), '150' => gettext('150 KB'), '250' => gettext('250 KB'),
+ '500' => gettext('500 KB'), '750' => gettext('750 KB'), '1000' => gettext('1 MB'), '2000' => gettext('2 MB'),
+ '5000' => gettext("5 MB"), '10000' => gettext("10 MB") );
+
+// Set sensible defaults for any unset parameters
+if (empty($pconfig['suricataloglimit']))
+ $pconfig['suricataloglimit'] = 'on';
+if (empty($pconfig['suricataloglimitsize'])) {
+ // Set limit to 20% of slice that is unused */
+ $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024);
+}
+
+// Set default retention periods for rotated logs
+if (empty($pconfig['alert_log_retention']))
+ $pconfig['alert_log_retention'] = "336";
+if (empty($pconfig['block_log_retention']))
+ $pconfig['block_log_retention'] = "336";
+if (empty($pconfig['files_json_log_retention']))
+ $pconfig['files_json_log_retention'] = "168";
+if (empty($pconfig['http_log_retention']))
+ $pconfig['http_log_retention'] = "168";
+if (empty($pconfig['stats_log_retention']))
+ $pconfig['stats_log_retention'] = "168";
+if (empty($pconfig['tls_log_retention']))
+ $pconfig['tls_log_retention'] = "336";
+if (empty($pconfig['u2_archive_log_retention']))
+ $pconfig['u2_archive_log_retention'] = "168";
+if (empty($pconfig['file_store_retention']))
+ $pconfig['file_store_retention'] = "168";
+
+// Set default log file size limits
+if (empty($pconfig['alert_log_limit_size']))
+ $pconfig['alert_log_limit_size'] = "500";
+if (empty($pconfig['block_log_limit_size']))
+ $pconfig['block_log_limit_size'] = "500";
+if (empty($pconfig['files_json_log_limit_size']))
+ $pconfig['files_json_log_limit_size'] = "1000";
+if (empty($pconfig['http_log_limit_size']))
+ $pconfig['http_log_limit_size'] = "1000";
+if (empty($pconfig['stats_log_limit_size']))
+ $pconfig['stats_log_limit_size'] = "500";
+if (empty($pconfig['tls_log_limit_size']))
+ $pconfig['tls_log_limit_size'] = "500";
+if (empty($pconfig['unified2_log_limit']))
+ $pconfig['unified2_log_limit'] = "32";
+
+if ($_POST["save"]) {
+ if ($_POST['suricataloglimit'] == 'on') {
+ if (!is_numericint($_POST['suricataloglimitsize']) || $_POST['suricataloglimitsize'] < 1)
+ $input_errors[] = gettext("The 'Log Directory Size Limit' must be an integer value greater than zero.");
+ }
+
+ // Validate unified2 log file limit
+ if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1)
+ $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be an integer value greater than zero.");
+
+ if (!$input_errors) {
+ $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off';
+ $config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off';
+ $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = $_POST['suricataloglimit'];
+ $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize'];
+ $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'] = $_POST['alert_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['alert_log_retention'] = $_POST['alert_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['block_log_limit_size'] = $_POST['block_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['block_log_retention'] = $_POST['block_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'] = $_POST['files_json_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'] = $_POST['files_json_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'] = $_POST['http_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['http_log_retention'] = $_POST['http_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'] = $_POST['stats_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['stats_log_retention'] = $_POST['stats_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'] = $_POST['tls_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['tls_log_retention'] = $_POST['tls_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit'];
+ $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['file_store_retention'] = $_POST['file_store_retention'];
+
+ write_config();
+ sync_suricata_package_config();
+
+ /* forces page to reload new settings */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /suricata/suricata_logs_mgmt.php");
+ exit;
+ }
+}
+
+$pgtitle = gettext("Suricata: Logs Management");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+
+/* Display Alert message, under form tag or no refresh */
+if ($input_errors)
+ print_input_errors($input_errors);
+
+?>
+
+<form action="suricata_logs_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Suricata Log Files During Package Uninstall"); ?></td>
+ <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("Suricata log files will be removed when the Suricata package is uninstalled."); ?></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Auto Log Management"); ?></td>
+ <td width="78%" class="vtable"><input name="enable_log_mgmt" id="enable_log_mgmt" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt']=="on") echo " checked"; ?> onClick="enable_change();"/>&nbsp;
+ <?php echo gettext("Enable automatic unattended management of Suricata logs using parameters specified below."); ?><br/>
+ <span class="red"><strong><?=gettext("Note: ") . "</strong></span>" . gettext("This must be be enabled in order to set Log Size and Retention Limits below.");?>
+ </td>
+</tr>
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Logs Directory Size Limit"); ?></td>
+</tr>
+<tr>
+<?php $suricatalogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " .
+ "Limit"); ?><br/><br/><br/><br/><br/><br/><br/>
+ <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/>
+ <?php echo gettext("Available space is"); ?> <strong><?php echo $suricatalogCurrentDSKsize; ?>&nbsp;MB</strong></td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_on" value="on"
+ <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?> onClick="enable_change_dirSize();"/>
+ &nbsp;<strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</td>
+ </tr>
+ <tr>
+ <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_off" value="off"
+ <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?> onClick="enable_change_dirSize();"/>
+ &nbsp;<strong><?php echo gettext("Disable"); ?></strong>
+ <?php echo gettext("directory size limit"); ?><br/>
+ <br/><span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("this setting imposes a hard-limit on the combined log directory size of all Suricata interfaces. ") .
+ gettext("When the size limit set is reached, rotated logs for all interfaces will be removed, and any active logs pruned to zero-length.");?>
+ <br/><br/>
+ <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("NanoBSD " .
+ "should use no more than 10MB of space."); ?></td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?>&nbsp;
+ <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>"/>
+ &nbsp;<?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Log Size and Retention Limits"); ?></td>
+</tr>
+<tr>
+ <td class="vncell" valign="top" width="22%"><?php echo gettext("Text Log Settings");?></td>
+ <td class="vtable" width="78%">
+ <table width="100%" border="0" cellpadding="2" cellspacing="0">
+ <colgroup>
+ <col style="width: 15%;">
+ <col style="width: 18%;">
+ <col style="width: 20%;">
+ <col>
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?=gettext("Log Name");?></th>
+ <th class="listhdrr"><?=gettext("Max Size");?></th>
+ <th class="listhdrr"><?=gettext("Retention");?></th>
+ <th class="listhdrr"><?=gettext("Log Description");?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td class="listbg">alerts</td>
+ <td class="listr" align="center"><select name="alert_log_limit_size" class="formselect" id="alert_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['alert_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="alert_log_retention" class="formselect" id="alert_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['alert_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Suricata alerts and event details");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">block</td>
+ <td class="listr" align="center"><select name="block_log_limit_size" class="formselect" id="block_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['block_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="block_log_retention" class="formselect" id="block_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['block_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Suricata blocked IPs and event details");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">files-json</td>
+ <td class="listr" align="center"><select name="files_json_log_limit_size" class="formselect" id="files_json_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['files_json_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="files_json_log_retention" class="formselect" id="files_json_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['files_json_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Captured files info in JSON format");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">http</td>
+ <td class="listr" align="center"><select name="http_log_limit_size" class="formselect" id="http_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['http_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="http_log_retention" class="formselect" id="http_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['http_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Captured HTTP events and session info");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">stats</td>
+ <td class="listr" align="center"><select name="stats_log_limit_size" class="formselect" id="stats_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['stats_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="stats_log_retention" class="formselect" id="stats_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['stats_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Suricata performance statistics");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">tls</td>
+ <td class="listr" align="center"><select name="tls_log_limit_size" class="formselect" id="tls_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['tls_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="tls_log_retention" class="formselect" id="tls_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['tls_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("SMTP TLS handshake details");?></td>
+ </tr>
+ </tbody>
+ </table>
+ <br/><?=gettext("Settings will be ignored for any log in the list above not enabled on the Interface Settings tab. ") .
+ gettext("When a log reaches the Max Size limit, it will be rotated and tagged with a timestamp. The Retention period determines ") .
+ gettext("how long rotated logs are kept before they are automatically deleted.");?>
+ </td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="unified2_log_limit" type="text" class="formfld unknown"
+ id="unified2_log_limit" size="10" value="<?=htmlspecialchars($pconfig['unified2_log_limit']);?>"/>
+ &nbsp;<?php echo gettext("Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/>
+ <?php echo gettext("This sets the maximum size for a unified2 log file before it is rotated and a new one created."); ?>
+ </td>
+</tr>
+<tr>
+ <td class="vncell" width="22%" valign="top"><?=gettext("Unified2 Archived Log Retention Period");?></td>
+ <td width="78%" class="vtable"><select name="u2_archive_log_retention" class="formselect" id="u2_archive_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['u2_archive_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;<?=gettext("Choose retention period for archived Barnyard2 binary log files. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/>
+ <?=gettext("When Barnyard2 output is enabled, Suricata writes event data to a binary format file that Barnyard2 reads and processes. ") .
+ gettext("When finished processing a file, Barnyard2 moves it to an archive folder. This setting determines how long files ") .
+ gettext("remain in the archive folder before they are automatically deleted.");?>
+ </td>
+</tr>
+<tr>
+ <td class="vncell" width="22%" valign="top"><?=gettext("Captured Files Retention Period");?></td>
+ <td width="78%" class="vtable"><select name="file_store_retention" class="formselect" id="file_store_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['file_store_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;<?=gettext("Choose retention period for captured files in File Store. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/>
+ <?=gettext("When file capture and store is enabled, Suricata captures downloaded files from HTTP sessions and stores them, along with metadata, ") .
+ gettext("for later analysis. This setting determines how long files remain in the File Store folder before they are automatically deleted.");?>
+ </td>
+</tr>
+<tr>
+ <td width="22%"></td>
+ <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/><br/>
+ <br/><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
+ </span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td>
+</tr>
+ </table>
+</div><br/>
+</td></tr>
+</table>
+</form>
+
+<script language="JavaScript">
+function enable_change() {
+ var endis = !(document.iform.enable_log_mgmt.checked);
+ document.iform.alert_log_limit_size.disabled = endis;
+ document.iform.alert_log_retention.disabled = endis;
+ document.iform.block_log_limit_size.disabled = endis;
+ document.iform.block_log_retention.disabled = endis;
+ document.iform.files_json_log_limit_size.disabled = endis;
+ document.iform.files_json_log_retention.disabled = endis;
+ document.iform.http_log_limit_size.disabled = endis;
+ document.iform.http_log_retention.disabled = endis;
+ document.iform.stats_log_limit_size.disabled = endis;
+ document.iform.stats_log_retention.disabled = endis;
+ document.iform.tls_log_limit_size.disabled = endis;
+ document.iform.tls_log_retention.disabled = endis;
+ document.iform.unified2_log_limit.disabled = endis;
+ document.iform.u2_archive_log_retention.disabled = endis;
+ document.iform.file_store_retention.disabled = endis;
+}
+
+function enable_change_dirSize() {
+ var endis = !(document.getElementById('suricataloglimit_on').checked);
+ document.getElementById('suricataloglimitsize').disabled = endis;
+}
+
+enable_change();
+enable_change_dirSize();
+</script>
+
+<?php include("fend.inc"); ?>
+
+</body>
+</html>
diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php
index 61918e65..869d940c 100644
--- a/config/suricata/suricata_os_policy_engine.php
+++ b/config/suricata/suricata_os_policy_engine.php
@@ -1,12 +1,24 @@
<?php
/*
* suricata_os_policy_engine.php
+ *
+ * Portions of this code are based on original work done for the
+ * Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
@@ -26,153 +38,39 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
-
-global $g;
-
-// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (isset($_POST['eng_id']))
- $eng_id = $_POST['eng_id'];
-
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
-
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item']))
- $config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array();
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'];
-
-$pconfig = array();
-if (empty($a_nat[$eng_id])) {
- $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "policy" => "bsd" );
- // See if this is initial entry and set to "default" if true
- if ($eng_id < 1) {
- $def['name'] = "default";
- $def['bind_to'] = "all";
- }
- $pconfig = $def;
-}
-else {
- $pconfig = $a_nat[$eng_id];
-
- // Check for any empty values and set sensible defaults
- if (empty($pconfig['policy']))
- $pconfig['policy'] = "bsd";
-}
-
-if ($_POST['Cancel']) {
- header("Location: /suricata/suricata_flow_stream.php?id={$id}");
- exit;
-}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
-}
-
-if ($_POST['Submit']) {
+/**************************************************************************************
+ This file contains code for adding/editing an existing Host OS Policy Engine.
+ It is included and injected inline as needed into the suricata_stream_flow.php
+ page to provide the edit functionality for Host OS Policy Engines.
- /* Grab all the POST values and save in new temp array */
- $engine = array();
- if ($_POST['policy_name']) { $engine['name'] = trim($_POST['policy_name']); } else { $engine['name'] = "default"; }
- if ($_POST['policy_bind_to']) {
- if (is_alias($_POST['policy_bind_to']))
- $engine['bind_to'] = $_POST['policy_bind_to'];
- elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
- $engine['bind_to'] = "all";
- else
- $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
- }
- else {
- $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
- }
+ The following variables are assumed to exist and must be initialized
+ as necessary in order to utilize this page.
- if ($_POST['policy']) { $engine['policy'] = $_POST['policy']; } else { $engine['policy'] = "bsd"; }
+ $g --> system global variables array
+ $config --> global variable pointing to configuration information
+ $pengcfg --> array containing current Host OS Policy engine configuration
- /* Can only have one "all" Bind_To address */
- if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
- $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
- $pconfig = $engine;
- }
-
- /* if no errors, write new entry to conf */
- if (!$input_errors) {
- if (isset($eng_id) && $a_nat[$eng_id]) {
- $a_nat[$eng_id] = $engine;
- }
- else
- $a_nat[] = $engine;
-
- /* Reorder the engine array to ensure the */
- /* 'bind_to=all' entry is at the bottom */
- /* if it contains more than one entry. */
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- /* Only relocate the entry if we */
- /* found it, and it's not already */
- /* at the end. */
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- /* Now write the new engine array to conf */
- write_config();
-
- header("Location: /suricata/suricata_flow_stream.php?id={$id}");
- exit;
- }
-}
-
-$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['suricata']['rule'][$id]['interface']);
-$pgtitle = gettext("Suricata: Interface {$if_friendly} Operating System Policy Engine");
-include_once("head.inc");
+ Information is returned from this page via the following form fields:
+ policy_name --> Unique Name for the Host OS Policy Engine
+ policy_bind_to --> Alias name representing "bind_to" IP address for engine
+ policy --> Operating system chosen for engine policy
+ select_alias --> Submit button for select alias operation
+ save_os_policy --> Submit button for save operation and exit
+ cancel_os_policy --> Submit button to cancel operation and exit
+ **************************************************************************************/
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
-
-<?php
-include("fbegin.inc");
-if ($input_errors) print_input_errors($input_errors);
-if ($savemsg)
- print_info_box($savemsg);
-?>
-
-<form action="suricata_os_policy_engine.php" method="post" name="iform" id="iform">
-<input name="id" type="hidden" value="<?=$id?>">
-<input name="eng_id" type="hidden" value="<?=$eng_id?>">
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
-<td class="tabcont">
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
+<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td colspan="2" valign="middle" class="listtopic"><?php echo gettext("Suricata Target-Based OS Policy Engine Configuration"); ?></td>
+ <td colspan="2" align="center" class="listtopic"><?php echo gettext("Suricata Target-Based Host OS Policy Engine Configuration"); ?></td>
</tr>
<tr>
- <td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td>
+ <td valign="top" class="vncell"><?php echo gettext("Policy Name"); ?></td>
<td class="vtable">
<input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25"
- value="<?=htmlspecialchars($pconfig['name']);?>"<?php if (htmlspecialchars($pconfig['name']) == "default") echo "readonly";?>>&nbsp;
- <?php if (htmlspecialchars($pconfig['name']) <> "default")
+ value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>/>&nbsp;
+ <?php if (htmlspecialchars($pengcfg['name']) <> "default")
echo gettext("Name or description for this engine. (Max 25 characters)");
else
echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/>
@@ -183,13 +81,13 @@ if ($savemsg)
<tr>
<td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td>
<td class="vtable">
- <?php if ($pconfig['name'] <> "default") : ?>
+ <?php if ($pengcfg['name'] <> "default") : ?>
<table width="95%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off"/>&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -200,7 +98,7 @@ if ($savemsg)
&nbsp;&nbsp;&nbsp;&nbsp;
<?php else : ?>
<input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" autocomplete="off" readonly>&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly>&nbsp;
<?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/>
<?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/>
<?php endif ?>
@@ -214,7 +112,7 @@ if ($savemsg)
$profile = array( 'BSD', 'BSD-Right', 'HPUX10', 'HPUX11', 'Irix', 'Linux', 'Mac-OS', 'Old-Linux', 'Old-Solaris', 'Solaris', 'Vista', 'Windows', 'Windows2k3' );
foreach ($profile as $val): ?>
<option value="<?=strtolower($val);?>"
- <?php if (strtolower($val) == $pconfig['policy']) echo "selected"; ?>>
+ <?php if (strtolower($val) == $pengcfg['policy']) echo "selected"; ?>>
<?=gettext($val);?></option>
<?php endforeach; ?>
</select>&nbsp;&nbsp;<?php echo gettext("Choose the OS target policy appropriate for the protected hosts. The default is ") .
@@ -225,20 +123,13 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save_os_policy" id="save_os_policy" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save OS policy engine settings and return to Flow/Stream tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
- <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
+ <input name="cancel_os_policy" id="cancel_os_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo
gettext("Cancel changes and return to Flow/Stream tab"); ?>"></td>
</tr>
</table>
-</td>
-</tr>
-</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
<script type="text/javascript" src="/javascript/autosuggest.js">
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
@@ -258,4 +149,3 @@ setTimeout("createAutoSuggest();", 500);
</script>
-</html>
diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php
new file mode 100644
index 00000000..fc7c60e2
--- /dev/null
+++ b/config/suricata/suricata_passlist.php
@@ -0,0 +1,206 @@
+<?php
+/*
+ * suricata_passlist.php
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+if (!is_array($config['installedpackages']['suricata']['passlist']))
+ $config['installedpackages']['suricata']['passlist'] = array();
+if (!is_array($config['installedpackages']['suricata']['passlist']['item']))
+ $config['installedpackages']['suricata']['passlist']['item'] = array();
+$a_passlist = &$config['installedpackages']['suricata']['passlist']['item'];
+
+// Calculate the next Pass List index ID
+if (isset($config['installedpackages']['suricata']['passlist']['item']))
+ $id_gen = count($config['installedpackages']['suricata']['passlist']['item']);
+else
+ $id_gen = '0';
+
+function suricata_is_passlist_used($list) {
+
+ /**********************************************
+ * This function tests the provided Pass List *
+ * to determine if it is assigned to an *
+ * interface. *
+ * *
+ * On Entry: $list -> Pass List name to test *
+ * *
+ * Returns: TRUE if Pass List is in use or *
+ * FALSE if not in use *
+ **********************************************/
+
+ global $config;
+
+ if (!is_array($config['installedpackages']['suricata']['rule']))
+ return FALSE;
+
+ foreach($config['installedpackages']['suricata']['rule'] as $v) {
+ if (isset($v['passlistname']) && $v['passlistname'] == $list)
+ return TRUE;
+ }
+ return FALSE;
+}
+
+if ($_POST['del'] && is_numericint($_POST['list_id'])) {
+ if ($a_passlist[$_POST['list_id']]) {
+ /* make sure list is not being referenced by any interface */
+ if (suricata_is_passlist_used($a_passlist[$_POST['list_id']]['name'])) {
+ $input_errors[] = gettext("This Pass List is currently assigned to a Suricata interface and cannot be deleted. Unassign it from all Suricata interfaces first.");
+ }
+ if (!$input_errors) {
+ unset($a_passlist[$_POST['list_id']]);
+ write_config("Suricata pkg: deleted PASS LIST.");
+ sync_suricata_package_config();
+ header("Location: /suricata/suricata_passlist.php");
+ exit;
+ }
+ }
+}
+
+$pgtitle = gettext("Suricata: Pass Lists");
+include_once("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include_once("fbegin.inc");
+
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+?>
+
+<form action="/suricata/suricata_passlist.php" method="post">
+<input type="hidden" name="list_id" id="list_id" value=""/>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
+ ?>
+ </td>
+</tr>
+<tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="25%" class="listhdrr">List Name</td>
+ <td width="30%" class="listhdrr">Assigned Alias</td>
+ <td class="listhdr">Description</td>
+ <td width="40px" class="list"></td>
+ </tr>
+ <?php foreach ($a_passlist as $i => $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listr"
+ ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';"
+ title="<?=filter_expand_alias($list['address']);?>">
+ <?php echo gettext($list['address']);?></td>
+ <td class="listbg"
+ ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="suricata_passlist_edit.php?id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit pass list"); ?>"></a>
+ </td>
+ <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this pass list? Click OK to continue or CANCEL to quit.)!");?>');"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete pass list"); ?>"/>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a href="suricata_passlist_edit.php?id=<?php echo $id_gen;?> ">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("add a new pass list"); ?>"/></a>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+<br>
+<table width="100%" border="0" cellpadding="1"
+ cellspacing="1">
+ <tr>
+ <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span>
+ <p><?php echo gettext("1. Here you can create Pass List files for your Suricata package rules. Hosts on a Pass List are never blocked by Suricata."); ?><br/>
+ <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Suricata block decisions."); ?><br/>
+ <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/>
+ <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td>
+ </tr>
+ <tr>
+ <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Suricata on the interface for changes to take effect!"); ?></span></td>
+ </tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php
new file mode 100644
index 00000000..35c7b66e
--- /dev/null
+++ b/config/suricata/suricata_passlist_edit.php
@@ -0,0 +1,329 @@
+<?php
+/*
+ * suricata_passlist_edit.php
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+if ($_POST['cancel']) {
+ header("Location: /suricata/suricata_passlist.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['suricata']['passlist']))
+ $config['installedpackages']['suricata']['passlist'] = array();
+if (!is_array($config['installedpackages']['suricata']['passlist']['item']))
+ $config['installedpackages']['suricata']['passlist']['item'] = array();
+$a_passlist = &$config['installedpackages']['suricata']['passlist']['item'];
+
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+/* Should never be called without identifying list index, so bail */
+if (is_null($id)) {
+ header("Location: /suricata/suricata_interfaces_passlist.php");
+ exit;
+}
+
+/* If no entry for this passlist, then create a UUID and treat it like a new list */
+if (!isset($a_passlist[$id]['uuid'])) {
+ $passlist_uuid = 0;
+ while ($passlist_uuid > 65535 || $passlist_uuid == 0) {
+ $passlist_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $passlist_uuid;
+ $pconfig['name'] = "passlist_{$passlist_uuid}";
+ }
+} else
+ $passlist_uuid = $a_passlist[$id]['uuid'];
+
+/* returns true if $name is a valid name for a pass list file name or ip */
+function is_validpasslistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\_\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+if (isset($id) && $a_passlist[$id]) {
+ /* old settings */
+ $pconfig = array();
+ $pconfig['name'] = $a_passlist[$id]['name'];
+ $pconfig['uuid'] = $a_passlist[$id]['uuid'];
+ $pconfig['detail'] = $a_passlist[$id]['detail'];
+ $pconfig['address'] = $a_passlist[$id]['address'];
+ $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']);
+ $pconfig['localnets'] = $a_passlist[$id]['localnets'];
+ $pconfig['wanips'] = $a_passlist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_passlist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_passlist[$id]['vips'];
+ $pconfig['vpnips'] = $a_passlist[$id]['vpnips'];
+}
+
+// Check for returned "selected alias" if action is import
+if ($_GET['act'] == "import") {
+ if ($_GET['varname'] == "address" && isset($_GET['varvalue']))
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
+}
+
+if ($_POST['save']) {
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "name");
+ $reqdfieldsn = explode(",", "Name");
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultpasslist")
+ $input_errors[] = gettext("Pass List file names may not be named defaultpasslist.");
+
+ if (is_validpasslistname($_POST['name']) == false)
+ $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset.");
+
+ /* check for name conflicts */
+ foreach ($a_passlist as $w_list) {
+ if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list))
+ continue;
+
+ if ($w_list['name'] == $_POST['name']) {
+ $input_errors[] = gettext("A Pass List file name with this name already exists.");
+ break;
+ }
+ }
+
+ if ($_POST['address'])
+ if (!is_alias($_POST['address']))
+ $input_errors[] = gettext("A valid alias must be provided");
+
+ if (!$input_errors) {
+ $w_list = array();
+ /* post user input */
+ $w_list['name'] = $_POST['name'];
+ $w_list['uuid'] = $passlist_uuid;
+ $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no';
+ $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
+ $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
+ $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
+ $w_list['vips'] = $_POST['vips']? 'yes' : 'no';
+ $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
+
+ $w_list['address'] = $_POST['address'];
+ $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $w_list['detail'] = $final_address_details;
+
+ if (isset($id) && $a_passlist[$id])
+ $a_passlist[$id] = $w_list;
+ else
+ $a_passlist[] = $w_list;
+
+ write_config("Snort pkg: modified PASS LIST {$w_list['name']}.");
+
+ /* create pass list and homenet file, then sync files */
+ sync_suricata_package_config();
+
+ header("Location: /suricata/suricata_passlist.php");
+ exit;
+ }
+}
+
+$pgtitle = gettext("Suricata: Pass List Edit - {$pconfig['name']}");
+include_once("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
+
+<?php
+include("fbegin.inc");
+if ($input_errors)
+ print_input_errors($input_errors);
+if ($savemsg)
+ print_info_box($savemsg);
+?>
+<script type="text/javascript" src="/javascript/autosuggest.js">
+</script>
+<script type="text/javascript" src="/javascript/suggestions.js">
+</script>
+<form action="suricata_passlist_edit.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>" />
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
+?>
+ </td>
+</tr>
+<tr><td><div id="mainarea">
+<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add the name and " .
+ "description of the file."); ?></td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq"><?php echo gettext("Name"); ?></td>
+ <td class="vtable"><input name="name" type="text" id="name" class="formfld unknown"
+ size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
+ <span class="vexpl"> <?php echo gettext("The list name may only consist of the " .
+ "characters \"a-z, A-Z, 0-9 and _\"."); ?>&nbsp;&nbsp;<span class="red"><?php echo gettext("Note:"); ?> </span>
+ <?php echo gettext("No Spaces or dashes."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Description"); ?></td>
+ <td width="78%" class="vtable"><input name="descr" type="text" class="formfld unknown"
+ id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
+ <span class="vexpl"> <?php echo gettext("You may enter a description here for your " .
+ "reference (not parsed)."); ?> </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add auto-generated IP Addresses."); ?></td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Networks"); ?></td>
+ <td width="78%" class="vtable"><input name="localnets" type="checkbox"
+ id="localnets" size="40" value="yes"
+ <?php if($pconfig['localnets'] == 'yes'){ echo "checked";} if($pconfig['localnets'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add firewall Local Networks to the list (excluding WAN)."); ?> </span></td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN IPs"); ?></td>
+ <td width="78%" class="vtable"><input name="wanips" type="checkbox"
+ id="wanips" size="40" value="yes"
+ <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add WAN interface IPs to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN Gateways"); ?></td>
+ <td width="78%" class="vtable"><input name="wangateips"
+ type="checkbox" id="wangateips" size="40" value="yes"
+ <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add WAN Gateways to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN DNS servers"); ?></td>
+ <td width="78%" class="vtable"><input name="wandnsips"
+ type="checkbox" id="wandnsips" size="40" value="yes"
+ <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add WAN DNS servers to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Virtual IP Addresses"); ?></td>
+ <td width="78%" class="vtable"><input name="vips" type="checkbox"
+ id="vips" size="40" value="yes"
+ <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add Virtual IP Addresses to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("VPNs"); ?></td>
+ <td width="78%" class="vtable"><input name="vpnips" type="checkbox"
+ id="vpnips" size="40" value="yes"
+ <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add VPN Addresses to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add custom IP Addresses from configured Aliases."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">
+ <?php echo gettext("Assigned Aliases:"); ?>
+ </td>
+ <td width="78%" class="vtable">
+ <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>"
+ title="<?=trim(filter_expand_alias($pconfig['address']));?>"/>
+ &nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ title="<?php echo gettext("Select an existing IP alias");?>"/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input id="save" name="save" type="submit" class="formbtn" value="Save" />
+ <input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" />
+ </td>
+ </tr>
+</table>
+</div>
+</td></tr>
+</table>
+</form>
+<script type="text/javascript">
+<?php
+ $isfirst = 0;
+ $aliases = "";
+ $addrisfirst = 0;
+ $aliasesaddr = "";
+ if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
+ foreach($config['aliases']['alias'] as $alias_name) {
+ if ($alias_name['type'] != "host" && $alias_name['type'] != "network")
+ continue;
+ if($addrisfirst == 1) $aliasesaddr .= ",";
+ $aliasesaddr .= "'" . $alias_name['name'] . "'";
+ $addrisfirst = 1;
+ }
+?>
+ var addressarray=new Array(<?php echo $aliasesaddr; ?>);
+
+function createAutoSuggest() {
+<?php
+ echo "objAlias = new AutoSuggestControl(document.getElementById('address'), new StateSuggestions(addressarray));\n";
+?>
+}
+
+setTimeout("createAutoSuggest();", 500);
+
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 653f47fd..c44b392f 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -2,13 +2,23 @@
/*
* suricata_post_install.php
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
- * part of pfSense
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
@@ -50,14 +60,14 @@ if(is_process_running("suricata")) {
killbyname("suricata");
sleep(2);
// Delete any leftover suricata PID files in /var/run
- array_map('@unlink', glob("/var/run/suricata_*.pid"));
+ unlink_if_exists("/var/run/suricata_*.pid");
}
// Hard kill any running Barnyard2 processes
if(is_process_running("barnyard")) {
killbyname("barnyard2");
sleep(2);
// Delete any leftover barnyard2 PID files in /var/run
- array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
+ unlink_if_exists("/var/run/barnyard2_*.pid");
}
// Set flag for post-install in progress
@@ -87,6 +97,17 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
foreach ($suriconf as $value) {
$if_real = get_real_interface($value['interface']);
+ // ## BETA pkg bug fix-up -- be sure default rules enabled ##
+ $rules = explode("||", $value['rulesets']);
+ foreach (array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" ) as $r){
+ if (!in_array($r, $rules))
+ $rules[] = $r;
+ }
+ natcasesort($rules);
+ $value['rulesets'] = implode("||", $rules);
+ write_config();
+ // ## end of BETA pkg bug fix-up ##
+
// create a suricata.yaml file for interface
suricata_generate_yaml($value);
@@ -99,13 +120,19 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
suricata_create_rc();
// Set Log Limit, Block Hosts Time and Rules Update Time
- suricata_loglimit_install_cron($config['installedpackages']['suricata']['config'][0]['suricataloglimit'] == 'on' ? true : false);
-// suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false);
+ suricata_loglimit_install_cron(true);
+ suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false);
suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false);
// Add the recurring jobs created above to crontab
configure_cron();
+ // Restore the Dashboard Widget if it was previously enabled and saved
+ if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget']) && !empty($config['widgets']['sequence']))
+ $config['widgets']['sequence'] .= "," . $config['installedpackages']['suricata']['config'][0]['dashboard_widget'];
+ if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']) && !empty($config['widgets']))
+ $config['widgets']['widget_suricata_display_lines'] = $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows'];
+
$rebuild_rules = false;
update_output_window(gettext("Finished rebuilding Suricata configuration files..."));
log_error(gettext("[Suricata] Finished rebuilding installation from saved settings..."));
@@ -121,7 +148,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
}
// Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "0.1-BETA";
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.1";
write_config();
// Done with post-install, so clear flag
diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index b848b4e8..82bb33eb 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -2,19 +2,30 @@
/*
* suricata_rules.php
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -27,7 +38,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -35,38 +45,25 @@ global $g, $rebuild_rules;
$suricatadir = SURICATADIR;
$rules_map = array();
+$pconfig = array();
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_rule = &$config['installedpackages']['suricata']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
+ $id = 0;
}
if (isset($id) && $a_rule[$id]) {
- $pconfig['enable'] = $a_rule[$id]['enable'];
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
- if (!empty($a_rule[$id]['customrules']))
- $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
-}
-
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 2)) . "...";
- return $string;
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
}
function add_title_attribute($tag, $title) {
@@ -110,9 +107,15 @@ $emergingdownload = $config['installedpackages']['suricata']['config'][0]['enabl
$etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'];
$categories = explode("||", $pconfig['rulesets']);
+// Add any previously saved rules files to the categories array
+if (!empty($pconfig['rulesets']))
+ $categories = explode("||", $pconfig['rulesets']);
+
if ($_GET['openruleset'])
- $currentruleset = $_GET['openruleset'];
-else if ($_POST['openruleset'])
+ $currentruleset = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
+elseif ($_POST['selectbox'])
+ $currentruleset = $_POST['selectbox'];
+elseif ($_POST['openruleset'])
$currentruleset = $_POST['openruleset'];
else
$currentruleset = $categories[0];
@@ -149,13 +152,11 @@ if ($currentruleset != 'custom.rules') {
$enablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_on']);
$disablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_off']);
-if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
-
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gid'];
+if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) {
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['ids'];
+ // Get the GID:SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gid'];
+ $sid = $_POST['sid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it back to default if present; otherwise,
@@ -199,11 +200,9 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
- $_GET['openruleset'] = $currentruleset;
$anchor = "rule_{$gid}_{$sid}";
}
-
-if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
+elseif ($_POST['disable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "disabled".
foreach (array_keys($rules_map) as $k1) {
@@ -240,13 +239,8 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
+elseif ($_POST['enable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "enabled".
foreach (array_keys($rules_map) as $k1) {
@@ -282,13 +276,8 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
+elseif ($_POST['resetcategory'] && !empty($rules_map)) {
// Reset any modified SIDs in the current rule category to their defaults.
foreach (array_keys($rules_map) as $k1) {
@@ -326,13 +315,8 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "resetall" && !empty($rules_map)) {
+elseif ($_POST['resetall'] && !empty($rules_map)) {
// Remove all modified SIDs from config.xml and save the changes.
unset($a_rule[$id]['rule_sid_on']);
@@ -340,46 +324,32 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_POST['clear']) {
+elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
write_config();
$rebuild_rules = true;
suricata_generate_yaml($a_rule[$id]);
$rebuild_rules = false;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ $pconfig['customrules'] = '';
}
-
-if ($_POST['customrules']) {
- $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
+elseif ($_POST['cancel']) {
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
+}
+elseif ($_POST['save']) {
+ $pconfig['customrules'] = $_POST['customrules'];
+ if ($_POST['customrules'])
+ $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
+ else
+ unset($a_rule[$id]['customrules']);
write_config();
$rebuild_rules = true;
suricata_generate_yaml($a_rule[$id]);
$rebuild_rules = false;
- $output = "";
- $retcode = "";
-// exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode);
-// if (intval($retcode) != 0) {
-// $error = "";
-// $start = count($output);
-// $end = $start - 4;
-// for($i = $start; $i > $end; $i--)
-// $error .= $output[$i];
-// $input_errors[] = "Custom rules have errors:\n {$error}";
-// }
-// else {
-// header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
-// exit;
-// }
+ /* Signal Suricata to "live reload" the rules */
+ suricata_reload_config($a_rule[$id]);
}
-
-else if ($_POST['apply']) {
+elseif ($_POST['apply']) {
/* Save new configuration */
write_config();
@@ -394,16 +364,6 @@ else if ($_POST['apply']) {
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_rule[$id]);
-
- /* Return to this same page */
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
-}
-else if ($_POST['cancel']) {
-
- /* Return to this same page */
- header("Location: /suricata/suricata_rules.php?id={$id}");
- exit;
}
require_once("guiconfig.inc");
@@ -416,9 +376,7 @@ $pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
-if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-/* Display message */
+/* Display error or save messages if present */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
@@ -429,18 +387,25 @@ if ($savemsg) {
?>
-<form action="/suricata/suricata_rules.php" method="post" name="iform" id="iform">
+<form action='/suricata/suricata_rules.php' method='post' name='iform' id='iform'>
+<input type='hidden' name='id' id='id' value='<?=$id;?>'/>
+<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/>
+<input type='hidden' name='sid' id='sid' value=''/>
+<input type='hidden' name='gid' id='gid' value=''/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");;
@@ -452,7 +417,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -460,31 +425,31 @@ if ($savemsg) {
<tr>
<td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td>
</tr>
-
<tr>
- <td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;<select id="selectbox" name="selectbox" class="formselect" onChange="go()">
- <option value='?id=<?=$id;?>&openruleset=custom.rules'>custom.rules</option>
+ <td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;
+ <select id="selectbox" name="selectbox" class="formselect" onChange="go();">
+ <option value='custom.rules'>custom.rules</option>
<?php
- $files = explode("||", $pconfig['rulesets']);
- if ($a_rule[$id]['ips_policy_enable'] == 'on')
- $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
- if ($a_rule[$id]['autoflowbitrules'] == 'on')
- $files[] = "Auto-Flowbit Rules";
- natcasesort($files);
- foreach ($files as $value) {
- if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX)
- continue;
- if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX)
- continue;
- if ($etpro != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX)
- continue;
- if (empty($value))
- continue;
- echo "<option value='?id={$id}&openruleset={$value}' ";
- if ($value == $currentruleset)
- echo "selected";
- echo ">{$value}</option>\n";
- }
+ $files = explode("||", $pconfig['rulesets']);
+ if ($a_rule[$id]['ips_policy_enable'] == 'on')
+ $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
+ if ($a_rule[$id]['autoflowbitrules'] == 'on')
+ $files[] = "Auto-Flowbit Rules";
+ natcasesort($files);
+ foreach ($files as $value) {
+ if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX)
+ continue;
+ if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX)
+ continue;
+ if ($etpro != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX)
+ continue;
+ if (empty($value))
+ continue;
+ echo "<option value='{$value}' ";
+ if ($value == $currentruleset)
+ echo "selected";
+ echo ">{$value}</option>\n";
+ }
?>
</select>&nbsp;&nbsp;&nbsp;<?php echo gettext("Select the rule category to view"); ?>
</td>
@@ -496,15 +461,13 @@ if ($savemsg) {
</tr>
<tr>
<td valign="top" class="vtable">
- <input type='hidden' name='openruleset' value='custom.rules'>
- <input type='hidden' name='id' value='<?=$id;?>'>
<textarea wrap="soft" cols="90" rows="40" name="customrules"><?=$pconfig['customrules'];?></textarea>
</td>
</tr>
<tr>
<td>
- <input name="Submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
- <input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel changes and return to last page"); ?>"/>&nbsp;&nbsp;
+ <input name="save" type="submit" class="formbtn" id="save" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
+ <input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel all changes made prior to last save"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/>
</td>
</tr>
@@ -517,43 +480,40 @@ if ($savemsg) {
<table width="100%" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
<td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
- title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/>
- <input type='hidden' name='id' value='<?=$id;?>'/>
- <input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/><br/><br/>
+ title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/>
<span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" .
- gettext("Suricata must be restarted to activate any SID enable/disable changes made on this tab."); ?></span></td>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ gettext("When finished, click APPLY to send any SID enable/disable changes made on this tab to the running Suricata process."); ?></span></td>
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetcategory[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'></a>"?>
+ title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove Enable/Disable changes in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetall'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetall[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'></a>"?>
+ title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove all Enable/Disable changes in all Categories"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=disable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='disable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to disable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to disable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Disable all rules in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=enable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='enable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus_mo.gif\"' border='0'
- title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to enable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Enable all rules in the current Category"); ?></td>
</tr>
-
<tr>
<td class="vexpl" valign="middle"><a href="javascript: void(0)"
onclick="wopen('suricata_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
@@ -563,7 +523,6 @@ if ($savemsg) {
title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a>
&nbsp;&nbsp;<?php echo gettext("View full file contents for the current Category"); ?></td>
</tr>
-
<?php if ($currentruleset == 'Auto-Flowbit Rules'): ?>
<tr>
<td colspan="3">&nbsp;</td>
@@ -578,7 +537,6 @@ if ($savemsg) {
</table>
</td>
</tr>
-
<tr>
<td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td>
</tr>
@@ -588,13 +546,12 @@ if ($savemsg) {
<colgroup>
<col width="14" align="left" valign="middle">
<col width="6%" align="center" axis="number">
- <col width="8%" align="center" axis="number">
- <col width="54" align="center" axis="string">
+ <col width="9%" align="center" axis="number">
<col width="52" align="center" axis="string">
- <col width="12%" align="center" axis="string">
- <col width="9%" align="center" axis="string">
- <col width="12%" align="center" axis="string">
- <col width="9%" align="center" axis="string">
+ <col width="14%" align="center" axis="string">
+ <col width="10%" align="center" axis="string">
+ <col width="14%" align="center" axis="string">
+ <col width="10%" align="center" axis="string">
<col axis="string">
</colgroup>
<thead>
@@ -602,12 +559,11 @@ if ($savemsg) {
<th class="list">&nbsp;</th>
<th class="listhdrr"><?php echo gettext("GID"); ?></th>
<th class="listhdrr"><?php echo gettext("SID"); ?></th>
- <th class="listhdrr"><?php echo gettext("Action"); ?></th>
<th class="listhdrr"><?php echo gettext("Proto"); ?></th>
<th class="listhdrr"><?php echo gettext("Source"); ?></th>
- <th class="listhdrr"><?php echo gettext("Port"); ?></th>
+ <th class="listhdrr"><?php echo gettext("SPort"); ?></th>
<th class="listhdrr"><?php echo gettext("Destination"); ?></th>
- <th class="listhdrr"><?php echo gettext("Port"); ?></th>
+ <th class="listhdrr"><?php echo gettext("DPort"); ?></th>
<th class="listhdrr"><?php echo gettext("Message"); ?></th>
</tr>
</thead>
@@ -653,53 +609,50 @@ if ($savemsg) {
$tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp));
$rule_content = preg_split('/[\s]+/', $tmp);
- // Create custom <span> tags for the fields we truncate so we can
+ // Create custom <span> tags for some of the fields so we can
// have a "title" attribute for tooltips to show the full string.
$srcspan = add_title_attribute($textss, $rule_content[2]);
$srcprtspan = add_title_attribute($textss, $rule_content[3]);
$dstspan = add_title_attribute($textss, $rule_content[5]);
$dstprtspan = add_title_attribute($textss, $rule_content[6]);
$protocol = $rule_content[1]; //protocol field
- $source = truncate($rule_content[2], 14); //source field
- $source_port = truncate($rule_content[3], 10); //source port field
- $destination = truncate($rule_content[5], 14); //destination field
- $destination_port = truncate($rule_content[6], 10); //destination port field
+ $source = $rule_content[2]; //source field
+ $source_port = $rule_content[3]; //source port field
+ $destination = $rule_content[5]; //destination field
+ $destination_port = $rule_content[6]; //destination port field
$message = suricata_get_msg($v['rule']);
$sid_tooltip = gettext("View the raw text for this rule");
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss}
- <a href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}'>
- <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
- width=\"11\" height=\"11\" border=\"0\"
- title='{$title}' id=\"rule_{$gid}_{$sid}\"></a>{$textse}
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ <a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/></a>{$textse}
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
<a href=\"javascript: void(0)\"
- onclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&ids={$sid}&gid={$gid}','FileViewer',800,600)\"
+ onclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"
title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a>
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
- {$textss}{$v['action']}{$textse}
- </td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listr\" style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$protocol}{$textse}
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcspan}{$source}</span>
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcprtspan}{$source_port}</span>
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstspan}{$destination}</span>
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listr ellipsis\" nowrap style=\"text-align:center;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstprtspan}{$destination_port}</span>
</td>
- <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line; font-size: 10px; font-color: white;\">
+ <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$message}{$textse}
</td>
</tr>";
@@ -752,15 +705,14 @@ if ($savemsg) {
</tr>
</table>
</form>
-<?php include("fend.inc"); ?>
-
<script language="javascript" type="text/javascript">
function go()
{
- var box = document.iform.selectbox;
- destination = box.options[box.selectedIndex].value;
- if (destination)
- location.href = destination;
+ var box = document.getElementById("selectbox");
+ var ruleset = box.options[box.selectedIndex].value;
+ if (ruleset)
+ document.getElementById("openruleset").value = ruleset;
+ document.getElementById("iform").submit();
}
function wopen(url, name, w, h)
@@ -784,7 +736,8 @@ function wopen(url, name, w, h)
window.scrollBy(0,-60);
<?php endif;?>
-
</script>
+<?php include("fend.inc"); ?>
+
</body>
</html>
diff --git a/config/suricata/suricata_rules_edit.php b/config/suricata/suricata_rules_edit.php
index 0dc4c57b..0a4bd62a 100644
--- a/config/suricata/suricata_rules_edit.php
+++ b/config/suricata/suricata_rules_edit.php
@@ -2,19 +2,30 @@
/*
* suricata_rules_edit.php
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -33,28 +44,29 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
$flowbit_rules_file = FLOWBITS_FILENAME;
$suricatadir = SURICATADIR;
-if (!is_array($config['installedpackages']['suricata']['rule'])) {
- $config['installedpackages']['suricata']['rule'] = array();
-}
-$a_rule = &$config['installedpackages']['suricata']['rule'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
-$id = $_GET['id'];
+// If we were not passed a valid index ID, close the pop-up and exit
if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
+ echo '<html><body link="#000000" vlink="#000000" alink="#000000">';
+ echo '<script language="javascript" type="text/javascript">';
+ echo 'window.close();</script>';
+ echo '</body></html>';
exit;
}
-if (isset($id) && $a_rule[$id]) {
- $pconfig['enable'] = $a_rule[$id]['enable'];
- $pconfig['interface'] = $a_rule[$id]['interface'];
- $pconfig['rulesets'] = $a_rule[$id]['rulesets'];
+if (!is_array($config['installedpackages']['suricata']['rule'])) {
+ $config['installedpackages']['suricata']['rule'] = array();
}
-/* convert fake interfaces to real */
-$if_real = suricata_get_real_interface($pconfig['interface']);
+$a_rule = &$config['installedpackages']['suricata']['rule'];
+
+$if_real = get_real_interface($a_rule[$id]['interface']);
$suricata_uuid = $a_rule[$id]['uuid'];
-$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
-$file = $_GET['openruleset'];
+$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/";
+
+$file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
$contents = '';
$wrap_flag = "off";
@@ -69,13 +81,13 @@ else
// a standard rules file, or a complete file name.
// Test for the special case of an IPS Policy file.
if (substr($file, 0, 10) == "IPS Policy") {
- $rules_map = suricata_load_vrt_policy($a_rule[$id]['ips_policy']);
- if (isset($_GET['ids'])) {
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $rules_map = suricata_load_vrt_policy(strtolower(trim(substr($file, strpos($file, "-")+1))));
+ if (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
else {
- $contents = "# Suricata IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']) . "\n\n";
+ $contents = "# Suricata IPS Policy - " . ucfirst(trim(substr($file, strpos($file, "-")+1))) . "\n\n";
foreach (array_keys($rules_map) as $k1) {
foreach (array_keys($rules_map[$k1]) as $k2) {
$contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n";
@@ -86,33 +98,26 @@ if (substr($file, 0, 10) == "IPS Policy") {
unset($rules_map);
}
// Is it a SID to load the rule text from?
-elseif (isset($_GET['ids'])) {
+elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
// If flowbit rule, point to interface-specific file
if ($file == "Auto-Flowbit Rules")
$rules_map = suricata_load_rules_map("{$suricatacfgdir}rules/" . FLOWBITS_FILENAME);
else
$rules_map = suricata_load_rules_map("{$suricatadir}rules/{$file}");
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
-
// Is it our special flowbit rules file?
elseif ($file == "Auto-Flowbit Rules")
$contents = file_get_contents("{$suricatacfgdir}rules/{$flowbit_rules_file}");
// Is it a rules file in the ../rules/ directory?
elseif (file_exists("{$suricatadir}rules/{$file}"))
$contents = file_get_contents("{$suricatadir}rules/{$file}");
-// Is it a fully qualified path and file?
-elseif (file_exists($file))
- if (substr(realpath($file), 0, strlen(SURICATALOGDIR)) != SURICATALOGDIR)
- $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!");
- else
- $contents = file_get_contents($file);
// It is not something we can display, so exit.
else
$input_errors[] = gettext("Unable to open file: {$displayfile}");
-$pgtitle = array(gettext("Suricata"), gettext("File Viewer"));
+$pgtitle = array(gettext("Suricata"), gettext("Rules File Viewer"));
?>
<?php include("head.inc");?>
@@ -131,7 +136,7 @@ $pgtitle = array(gettext("Suricata"), gettext("File Viewer"));
</tr>
<tr>
<td width="20%">
- <input type="button" class="formbtn" value="Return" onclick="window.close()">
+ <input type="button" class="formbtn" value="Close" onclick="window.close()"/>
</td>
<td align="right">
<b><?php echo gettext("Rules File: ") . '</b>&nbsp;' . $displayfile; ?>&nbsp;&nbsp;&nbsp;&nbsp;
diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php
index ca424344..c5193a8b 100644
--- a/config/suricata/suricata_rules_flowbits.php
+++ b/config/suricata/suricata_rules_flowbits.php
@@ -1,19 +1,31 @@
<?php
/*
* suricata_rules_flowbits.php
+ *
+ * Portions of this code are based on original work done for the
+ * Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -41,34 +53,34 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) {
}
$a_nat = &$config['installedpackages']['suricata']['rule'];
-// Set who called us so we can return to the correct page with
-// the RETURN button. We will just trust this User-Agent supplied
-// string for now.
-session_start();
-if(!isset($_SESSION['org_referer']))
- $_SESSION['org_referer'] = $_SERVER['HTTP_REFERER'];
-$referrer = $_SESSION['org_referer'];
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
-if ($_POST['cancel']) {
- session_start();
- unset($_SESSION['org_referer']);
- session_write_close();
- header("Location: {$referrer}");
+if (is_null($id)) {
+ header("Location: /suricata/suricata_interfaces.php");
exit;
}
-$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (is_null($id)) {
- session_start();
- unset($_SESSION['org_referer']);
- session_write_close();
- header("Location: /suricata/suricata_interfaces.php");
+// Set who called us so we can return to the correct page with
+// the RETURN ('cancel') button.
+if ($_POST['referrer'])
+ $referrer = $_POST['referrer'];
+else
+ $referrer = $_SERVER['HTTP_REFERER'];
+
+// Make sure a rule index ID is appended to the return URL
+if (strpos($referrer, "?id={$id}") === FALSE)
+ $referrer .= "?id={$id}";
+
+// If RETURN button clicked, exit to original calling page
+if ($_POST['cancel']) {
+ header("Location: {$referrer}");
exit;
}
-$if_real = suricata_get_real_interface($a_nat[$id]['interface']);
+$if_real = get_real_interface($a_nat[$id]['interface']);
$suricata_uuid = $a_nat[$id]['uuid'];
/* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */
@@ -83,12 +95,13 @@ if ($a_nat[$id]['autoflowbitrules'] == 'on') {
else
$input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!");
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- $descr = suricata_get_msg($rules_map[$_GET['gen_id']][$_GET['sidid']]['rule']);
+if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) {
+ $descr = suricata_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']);
+ $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n");
if (empty($descr))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
+ $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
else
- $suppress = "# {$descr}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
+ $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
if (!is_array($config['installedpackages']['suricata']['suppress']))
$config['installedpackages']['suricata']['suppress'] = array();
if (!is_array($config['installedpackages']['suricata']['suppress']['item']))
@@ -128,7 +141,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
$rebuild_rules = false;
sync_suricata_package_config();
suricata_reload_config($a_nat[$id]);
- $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
+ $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
}
else {
/* We did not find the defined list, so notify the user with an error */
@@ -136,23 +149,10 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
}
}
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 3)) . "...";
- return $string;
-}
-
/* Load up an array with the current Suppression List GID,SID values */
$supplist = suricata_load_suppress_sigs($a_nat[$id]);
-$if_friendly = suricata_get_friendly_interface($a_nat[$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Flowbit Rules");
include_once("head.inc");
@@ -162,12 +162,15 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
if ($input_errors) print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
<form action="suricata_rules_flowbits.php" method="post" name="iform" id="iform">
+<input type="hidden" name="id" value="<?=$id;?>"/>
+<input type="hidden" name="referrer" value="<?=$referrer;?>"/>
+<input type="hidden" name="sid" id="sid" value=""/>
+<input type="hidden" name="gid" id="gid" value=""/>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
@@ -214,13 +217,13 @@ if ($savemsg)
</tr>
<tr>
<td>
- <table id="myTable" width="100%" class="sortable" border="1" cellpadding="0" cellspacing="0">
+ <table id="myTable" width="100%" class="sortable" style="table-layout: fixed;" border="0" cellpadding="0" cellspacing="0">
<colgroup>
<col width="11%" axis="number">
- <col width="10%" axis="string">
+ <col width="52" axis="string">
<col width="14%" axis="string">
<col width="14%" axis="string">
- <col width="20%" axis="string">
+ <col width="24%" axis="string">
<col axis="string">
</colgroup>
<thead>
@@ -248,18 +251,19 @@ if ($savemsg)
$rule_content = preg_split('/[\s]+/', $tmp);
$protocol = $rule_content[1]; //protocol
- $source = truncate($rule_content[2], 14); //source
- $destination = truncate($rule_content[5], 14); //destination
+ $source = $rule_content[2]; //source
+ $destination = $rule_content[5]; //destination
$message = suricata_get_msg($v['rule']);
$flowbits = implode("; ", suricata_get_flowbits($v['rule']));
if (strstr($flowbits, "noalert"))
$supplink = "";
else {
if (!isset($supplist[$gid][$sid])) {
- $supplink = "<a href=\"?id={$id}&act=addsuppress&sidid={$sid}&gen_id={$gid}\">";
- $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
+ $supplink = "<input type=\"image\" name=\"addsuppress[]\" onClick=\"document.getElementById('sid').value='{$sid}';";
+ $supplink .= "document.getElementById('gid').value='{$gid}';\" ";
+ $supplink .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
$supplink .= "width='12' height='12' border='0' title='";
- $supplink .= gettext("Click to add to Suppress List") . "'/></a>";
+ $supplink .= gettext("Click to add to Suppress List") . "'/>";
}
else {
$supplink = "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\" ";
@@ -270,12 +274,12 @@ if ($savemsg)
// Use "echo" to write the table HTML row-by-row.
echo "<tr>" .
- "<td class=\"listr\">{$sid}&nbsp;{$supplink}</td>" .
- "<td class=\"listr\">{$protocol}</td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
+ "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid}&nbsp;{$supplink}</td>" .
+ "<td class=\"listr\" style=\"text-align:center;\">{$protocol}</td>" .
+ "<td class=\"listr ellipsis\" nowrap style=\"text-align:center;\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
+ "<td class=\"listr ellipsis\" nowrap style=\"text-align:center;\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
"<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$flowbits}</td>" .
- "<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" .
+ "<td class=\"listbg\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" .
"</tr>";
$count++;
}
@@ -291,7 +295,6 @@ if ($savemsg)
<td align="center" valign="middle">
<input id="cancel" name="cancel" type="submit" class="formbtn" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
- <input name="id" type="hidden" value="<?=$id;?>" />
</td>
</tr>
<?php endif; ?>
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index a1609d6c..c939ef25 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -2,19 +2,30 @@
/*
* suricata_rulesets.php
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -35,18 +46,21 @@ global $g, $rebuild_rules;
$suricatadir = SURICATADIR;
$flowbit_rules_file = FLOWBITS_FILENAME;
+// Array of default events rules for Suricata
+$default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules",
+ "smtp-events.rules", "stream-events.rules", "tls-events.rules" );
+
if (!is_array($config['installedpackages']['suricata']['rule'])) {
$config['installedpackages']['suricata']['rule'] = array();
}
$a_nat = &$config['installedpackages']['suricata']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+if (is_null($id))
+ $id = 0;
if (isset($id) && $a_nat[$id]) {
$pconfig['enable'] = $a_nat[$id]['enable'];
@@ -89,17 +103,6 @@ if (!file_exists("{$suricatadir}rules/" . GPL_FILE_PREFIX . "community.rules"))
if (($snortdownload != 'on') || ($a_nat[$id]['ips_policy_enable'] != 'on'))
$policy_select_disable = "disabled";
-if ($a_nat[$id]['autoflowbitrules'] == 'on') {
- if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") &&
- filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) {
- $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\"";
- }
- else
- $btn_view_flowb_rules = " disabled";
-}
-else
- $btn_view_flowb_rules = " disabled";
-
// If a Snort VRT policy is enabled and selected, remove all Snort VRT
// rules from the configured rule sets to allow automatic selection.
if ($a_nat[$id]['ips_policy_enable'] == 'on') {
@@ -117,9 +120,7 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') {
else
$disable_vrt_rules = "";
-/* alert file */
-if ($_POST["Submit"]) {
-
+if ($_POST["save"]) {
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
$a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
@@ -129,11 +130,12 @@ if ($_POST["Submit"]) {
unset($a_nat[$id]['ips_policy']);
}
- $enabled_items = "";
+ // Always start with the default events and files rules
+ $enabled_items = implode("||", $default_rules);
if (is_array($_POST['toenable']))
- $enabled_items = implode("||", $_POST['toenable']);
+ $enabled_items .= "||" . implode("||", $_POST['toenable']);
else
- $enabled_items = $_POST['toenable'];
+ $enabled_items .= "||{$_POST['toenable']}";
$a_nat[$id]['rulesets'] = $enabled_items;
@@ -155,12 +157,12 @@ if ($_POST["Submit"]) {
suricata_generate_yaml($a_nat[$id]);
$rebuild_rules = false;
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
+ /* Signal Suricata to "live reload" the rules */
+ suricata_reload_config($a_nat[$id]);
}
-
-if ($_POST['unselectall']) {
- $a_nat[$id]['rulesets'] = "";
+elseif ($_POST['unselectall']) {
+ // Remove all but the default events and files rules
+ $a_nat[$id]['rulesets'] = implode("||", $default_rules);
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -173,13 +175,10 @@ if ($_POST['unselectall']) {
write_config();
sync_suricata_package_config();
-
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
}
-
-if ($_POST['selectall']) {
- $rulesets = array();
+elseif ($_POST['selectall']) {
+ // Start with the required default events and files rules
+ $rulesets = $default_rules;
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -218,10 +217,20 @@ if ($_POST['selectall']) {
write_config();
sync_suricata_package_config();
+}
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
+// See if we have any Auto-Flowbit rules and enable
+// the VIEW button if we do.
+if ($a_nat[$id]['autoflowbitrules'] == 'on') {
+ if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") &&
+ filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) {
+ $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\"";
+ }
+ else
+ $btn_view_flowb_rules = " disabled";
}
+else
+ $btn_view_flowb_rules = " disabled";
$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
@@ -234,7 +243,6 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
@@ -253,13 +261,16 @@ if ($savemsg) {
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -271,7 +282,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -282,9 +293,8 @@ if ($savemsg) {
$isrulesfolderempty = glob("{$suricatadir}rules/*.rules");
$iscfgdirempty = array();
if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"))
- $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules");
- if (empty($isrulesfolderempty)):
-?>
+ $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"); ?>
+<?php if (empty($isrulesfolderempty)): ?>
<tr>
<td class="vexpl"><br/>
<?php printf(gettext("# The rules directory is empty: %s%srules%s"), '<strong>',$suricatadir,'</strong>'); ?> <br/><br/>
@@ -294,14 +304,7 @@ if ($savemsg) {
'</strong></a>' . gettext(" tab."); ?>
</td>
</tr>
-<?php else:
- $colspan = 4;
- if ($emergingdownload != 'on')
- $colspan -= 2;
- if ($snortdownload != 'on')
- $colspan -= 2;
-
-?>
+<?php else: ?>
<tr>
<td>
<table width="100%" border="0"
@@ -393,7 +396,7 @@ if ($savemsg) {
<tr height="45px">
<td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td>
<td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td>
- <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
+ <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
<td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td>
</tr>
</table>
@@ -531,7 +534,7 @@ if ($savemsg) {
</tr>
<tr>
<td colspan="4" align="center" valign="middle">
- <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
+ <input value="Save" type="submit" name="save" id="save" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
</tr>
<?php endif; ?>
</table>
@@ -581,7 +584,7 @@ function enable_change()
for (var i = 0; i < document.iform.elements.length; i++) {
if (document.iform.elements[i].type == 'checkbox') {
var str = document.iform.elements[i].value;
- if (str.substr(0,6) == "suricata_")
+ if (str.substr(0,6) == "snort_")
document.iform.elements[i].disabled = !(endis);
}
}
diff --git a/config/suricata/suricata_select_alias.php b/config/suricata/suricata_select_alias.php
index f1fd4b93..527412d1 100644
--- a/config/suricata/suricata_select_alias.php
+++ b/config/suricata/suricata_select_alias.php
@@ -42,22 +42,29 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
// overwrite it on subsequent POST-BACKs to this page.
if (!isset($_POST['org_querystr']))
$querystr = $_SERVER['QUERY_STRING'];
+else
+ $querystr = $_POST['org_querystr'];
// Retrieve any passed QUERY STRING or POST variables
-$type = $_GET['type'];
-$varname = $_GET['varname'];
-$multi_ip = $_GET['multi_ip'];
-$referrer = urldecode($_GET['returl']);
if (isset($_POST['type']))
$type = $_POST['type'];
+elseif (isset($_GET['type']))
+ $type = htmlspecialchars($_GET['type']);
+
if (isset($_POST['varname']))
$varname = $_POST['varname'];
+elseif (isset($_GET['varname']))
+ $varname = htmlspecialchars($_GET['varname']);
+
if (isset($_POST['multi_ip']))
$multi_ip = $_POST['multi_ip'];
+elseif (isset($_GET['multi_ip']))
+ $multi_ip = htmlspecialchars($_GET['multi_ip']);
+
if (isset($_POST['returl']))
$referrer = urldecode($_POST['returl']);
-if (isset($_POST['org_querystr']))
- $querystr = $_POST['org_querystr'];
+elseif (isset($_GET['returl']))
+ $referrer = urldecode($_GET['returl']);
// Make sure we have a valid VARIABLE name
// and ALIAS TYPE, or else bail out.
@@ -122,11 +129,11 @@ include("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<form action="suricata_select_alias.php" method="post">
-<input type="hidden" name="varname" value="<?=$varname;?>">
-<input type="hidden" name="type" value="<?=$type;?>">
-<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>">
-<input type="hidden" name="returl" value="<?=$referrer;?>">
-<input type="hidden" name="org_querystr" value="<?=$querystr;?>">
+<input type="hidden" name="varname" value="<?=$varname;?>"/>
+<input type="hidden" name="type" value="<?=$type;?>"/>
+<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/>
+<input type="hidden" name="returl" value="<?=$referrer;?>"/>
+<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/>
<?php if ($input_errors) print_input_errors($input_errors); ?>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
@@ -155,6 +162,14 @@ include("head.inc");
<?php $i = 0; foreach ($a_aliases as $alias): ?>
<?php if (!in_array($alias['type'], $a_types))
continue;
+ if ( ($alias['type'] == "network" || $alias['type'] == "host") &&
+ $multi_ip != "yes" &&
+ !suricata_is_single_addr_alias($alias['name'])) {
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $disable = true;
+ $tooltip = gettext("Aliases resolving to multiple address entries cannot be used with the destination target.");
+ }
elseif (($alias['type'] == "network" || $alias['type'] == "host") &&
trim(filter_expand_alias($alias['name'])) == "") {
$textss = "<span class=\"gray\">";
diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php
index 58839dce..4f2e8d0d 100644
--- a/config/suricata/suricata_suppress.php
+++ b/config/suricata/suricata_suppress.php
@@ -1,30 +1,41 @@
<?php
/*
- suricata_suppress.php
-
- Copyright (C) 2014 Bill Meeks
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ * suricata_suppress.php
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
@@ -61,6 +72,28 @@ function suricata_suppresslist_used($supplist) {
return false;
}
+function suricata_find_suppresslist_interface($supplist) {
+
+ /****************************************************************/
+ /* This function finds the first (if more than one) interface */
+ /* configured to use the passed Suppress List and returns the */
+ /* index of the interface in the ['rule'] config array. */
+ /* */
+ /* Returns: index of interface in ['rule'] config array or */
+ /* FALSE if no interface found. */
+ /****************************************************************/
+
+ global $config;
+ $suricataconf = $config['installedpackages']['suricata']['rule'];
+ if (empty($suricataconf))
+ return false;
+ foreach ($suricataconf as $rule => $value) {
+ if ($value['suppresslistname'] == $supplist)
+ return $rule;
+ }
+ return false;
+}
+
if ($_GET['act'] == "del") {
if ($a_suppress[$_GET['id']]) {
// make sure list is not being referenced by any Suricata-configured interface
@@ -100,62 +133,85 @@ if ($input_errors) {
$tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
<tr><td><div id="mainarea">
-<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
- <td width="30%" class="listhdrr"><?php echo gettext("File Name"); ?></td>
- <td width="60%" class="listhdr"><?php echo gettext("Description"); ?></td>
- <td width="10%" class="list"></td>
-</tr>
-<?php $i = 0; foreach ($a_suppress as $list): ?>
-<tr>
- <td class="listlr"
- ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?></td>
- <td class="listbg"
- ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;</font>
- </td>
-
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a
- href="suricata_suppress_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td>
- <td><a
- href="/suricata/suricata_suppress.php?act=del&id=<?=$i;?>"
- onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td>
- </tr>
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <thead>
+ <tr>
+ <th width="30%" class="listhdrr"><?php echo gettext("Suppress List Name"); ?></th>
+ <th width="60%" class="listhdr"><?php echo gettext("Description"); ?></th>
+ <th width="10%" class="list"></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php $i = 0; foreach ($a_suppress as $list): ?>
+ <?php
+ if (suricata_suppresslist_used($list['name'])) {
+ $icon = "<img src=\"/themes/{$g['theme']}/images/icons/icon_frmfld_pwd.png\" " .
+ "width=\"16\" height=\"16\" border=\"0\" title=\"" . gettext("List is in use by an instance") . "\"/>";
+ }
+ else
+ $icon = "";
+ ?>
+ <tr>
+ <td height="20px" class="listlr"
+ ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?>&nbsp;<?=$icon;?></td>
+ <td height="20px" class="listbg"
+ ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;</font>
+ </td>
+ <td height="20px" valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a
+ href="suricata_suppress_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td>
+ <?php if (suricata_suppresslist_used($list['name'])) : ?>
+ <td><img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Assigned Suppress Lists cannot be deleted");?>"/></td>
+ <td><a href="/suricata/suricata_interfaces_edit.php?id=<?=suricata_find_suppresslist_interface($list['name']);?>">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_right.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Goto first instance associated with this Suppress List");?>"/></a>
+ </td>
+ <?php else : ?>
+ <td><a href="/suricata/suricata_suppress.php?act=del&id=<?=$i;?>"
+ onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td>
+ <td>&nbsp;</td>
+ <?php endif; ?>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="2"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a
+ href="suricata_suppress_edit.php?id=<?php echo $id_gen;?> "><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </tbody>
</table>
- </td>
-</tr>
-<?php $i++; endforeach; ?>
-<tr>
- <td class="list" colspan="2"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17">&nbsp;</td>
- <td valign="middle"><a
- href="suricata_suppress_edit.php?id=<?php echo $id_gen;?> "><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
</div>
</td></tr>
<tr>
@@ -163,7 +219,10 @@ if ($input_errors) {
<p><?php echo gettext("Here you can create event filtering and " .
"suppression for your Suricata package rules."); ?><br/><br/>
<?php echo gettext("Please note that you must restart a running Interface so that changes can " .
- "take effect."); ?></p></span></td>
+ "take effect."); ?><br/><br/>
+ <?php echo gettext("You cannot delete a Suppress List that is currently assigned to a Suricata interface (instance).") . "<br/>" .
+ gettext("You must first unassign the Suppress List on the Interface Edit tab."); ?>
+ </p></span></td>
</tr>
</table>
</form>
diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php
index c2c23f10..a46e9e99 100644
--- a/config/suricata/suricata_suppress_edit.php
+++ b/config/suricata/suricata_suppress_edit.php
@@ -1,29 +1,41 @@
<?php
/*
* suricata_suppress_edit.php
- Copyright (C) 2014 Bill Meeks
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
@@ -40,9 +52,10 @@ if (!is_array($config['installedpackages']['suricata']['suppress']['item']))
$config['installedpackages']['suricata']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['suricata']['suppress']['item'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
/* returns true if $name is a valid name for a whitelist file name or ip */
function is_validwhitelistname($name) {
@@ -69,7 +82,7 @@ if (isset($id) && $a_suppress[$id]) {
$pconfig['uuid'] = uniqid();
}
-if ($_POST['submit']) {
+if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
@@ -139,12 +152,16 @@ if ($savemsg)
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php");
- display_top_tabs($tab_array);
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -193,7 +210,7 @@ if ($savemsg)
</td>
</tr>
<tr>
- <td colspan="2"><input id="submit" name="submit" type="submit"
+ <td colspan="2"><input id="save" name="save" type="submit"
class="formbtn" value="Save" />&nbsp;&nbsp;<input id="cancelbutton"
name="cancelbutton" type="button" class="formbtn" value="Cancel"
onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?>
diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php
index 071a89a4..2317578e 100644
--- a/config/suricata/suricata_uninstall.php
+++ b/config/suricata/suricata_uninstall.php
@@ -1,30 +1,41 @@
<?php
/*
- suricata_uninstall.php
-
- Copyright (C) 2014 Bill Meeks
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ * suricata_uninstall.php
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -35,6 +46,7 @@ $suricatadir = SURICATADIR;
$suricatalogdir = SURICATALOGDIR;
$rcdir = RCFILEPREFIX;
$suricata_rules_upd_log = RULES_UPD_LOGFILE;
+$suri_pf_table = SURICATA_PF_TABLE;
log_error(gettext("[Suricata] Suricata package uninstall in progress..."));
@@ -64,6 +76,7 @@ mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true);
/* Remove the Suricata cron jobs. */
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false);
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false);
+install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false);
/* See if we are to keep Suricata log files on uninstall */
if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') {
@@ -73,8 +86,33 @@ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on')
}
/* Remove the Suricata GUI app directories */
-@unlink("/usr/local/pkg/suricata");
-@unlink("/usr/local/www/suricata");
+mwexec("/bin/rm -rf /usr/local/pkg/suricata");
+mwexec("/bin/rm -rf /usr/local/www/suricata");
+
+/* Remove our associated Dashboard widget config and files. */
+/* If "save settings" is enabled, then save old widget */
+/* container settings so we can restore them later. */
+$widgets = $config['widgets']['sequence'];
+if (!empty($widgets)) {
+ $widgetlist = explode(",", $widgets);
+ foreach ($widgetlist as $key => $widget) {
+ if (strstr($widget, "suricata_alerts-container")) {
+ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
+ $config['installedpackages']['suricata']['config'][0]['dashboard_widget'] = $widget;
+ if ($config['widgets']['widget_suricata_display_lines']) {
+ $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows'] = $config['widgets']['widget_suricata_display_lines'];
+ unset($config['widgets']['widget_suricata_display_lines']);
+ }
+ }
+ unset($widgetlist[$key]);
+ }
+ }
+ $config['widgets']['sequence'] = implode(",", $widgetlist);
+ write_config();
+}
+@unlink("/usr/local/www/widgets/include/widget-suricata.inc");
+@unlink("/usr/local/www/widgets/widgets/suricata_alerts.widget.php");
+@unlink("/usr/local/www/widgets/javascript/suricata_alerts.js");
/* Keep this as a last step */
if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] != 'on') {
@@ -83,7 +121,6 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] !
unset($config['installedpackages']['suricatasync']);
@unlink("{$suricata_rules_upd_log}");
mwexec("/bin/rm -rf {$suricatalogdir}");
- @unlink(SURICATALOGDIR);
log_error(gettext("[Suricata] The package has been removed from this system..."));
}
diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc
index e62c48eb..c20ca8db 100644
--- a/config/suricata/suricata_yaml_template.inc
+++ b/config/suricata/suricata_yaml_template.inc
@@ -29,6 +29,14 @@ default-log-dir: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}
# Configure the type of alert (and other) logging.
outputs:
+ # alert_pf blocking plugin
+ - alert-pf:
+ enabled: {$suri_blockoffenders}
+ kill-state: {$suri_killstates}
+ pass-list: {$suri_passlist}
+ block-ip: {$suri_blockip}
+ pf-table: {$suri_pf_table}
+
# a line based alerts log similar to Snort's fast.log
- fast:
enabled: yes
@@ -40,9 +48,8 @@ outputs:
- unified2-alert:
enabled: {$barnyard2_enabled}
filename: unified2.alert
- limit: 32mb
- # Sensor ID field of unified2 alerts.
- sensor-id: 0
+ limit: {$unified2_log_limit}
+ sensor-id: {$unified2_sensor_id}
- http-log:
enabled: {$http_log_enabled}
@@ -100,7 +107,7 @@ outputs:
force-md5: {$json_log_md5}
# Magic file. The extension .mgc is added to the value here.
-magic-file: {$suricatacfgdir}/magic
+magic-file: /usr/share/misc/magic
# Specify a threshold config file
threshold-file: {$suricatacfgdir}/threshold.config
@@ -110,7 +117,7 @@ detect-engine:
- sgh-mpm-context: {$sgh_mpm_ctx}
- inspection-recursion-limit: {$inspection_recursion_limit}
- rule-reload: true
- - delayed-detect: yes
+ - delayed-detect: {$delayed_detect}
# Suricata is multi-threaded. Here the threading can be influenced.
threading:
diff --git a/config/suricata/widget-suricata.inc b/config/suricata/widget-suricata.inc
new file mode 100644
index 00000000..48424588
--- /dev/null
+++ b/config/suricata/widget-suricata.inc
@@ -0,0 +1,8 @@
+<?php
+require_once("config.inc");
+
+//set variable for custom title
+$suricata_alerts_title = "Suricata Alerts";
+$suricata_alerts_title_link = "suricata/suricata_alerts.php";
+
+?>
diff --git a/config/syslog-ng/syslog-ng.xml b/config/syslog-ng/syslog-ng.xml
index dbdd4a8d..37df86ec 100644
--- a/config/syslog-ng/syslog-ng.xml
+++ b/config/syslog-ng/syslog-ng.xml
@@ -74,17 +74,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.inc</item>
+ <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/syslog-ng/syslog-ng_advanced.xml</item>
+ <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng_advanced.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/syslog-ng/syslog-ng_log_viewer.php</item>
+ <item>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng_log_viewer.php</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/systempatches/system_patches.php b/config/systempatches/system_patches.php
index 7fe860bd..793448d7 100644
--- a/config/systempatches/system_patches.php
+++ b/config/systempatches/system_patches.php
@@ -67,7 +67,7 @@ if ($_GET['act'] == "del") {
}
if (($_GET['act'] == "fetch") && ($a_patches[$_GET['id']])) {
- $savemsg = patch_fetch(& $a_patches[$_GET['id']]) ? gettext("Patch Fetched Successfully") : gettext("Patch Fetch Failed");
+ $savemsg = patch_fetch($a_patches[$_GET['id']]) ? gettext("Patch Fetched Successfully") : gettext("Patch Fetch Failed");
}
if (($_GET['act'] == "test") && ($a_patches[$_GET['id']])) {
$savemsg = patch_test_apply($a_patches[$_GET['id']]) ? gettext("Patch can be applied cleanly") : gettext("Patch can NOT be applied cleanly");
diff --git a/config/systempatches/system_patches_edit.php b/config/systempatches/system_patches_edit.php
index ffa2fe13..3e63038e 100644
--- a/config/systempatches/system_patches_edit.php
+++ b/config/systempatches/system_patches_edit.php
@@ -86,7 +86,11 @@ if ($_POST) {
$reqdfieldsn = array(gettext("Description"),gettext("URL/Commit ID"));
}
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+ if ($pf_version < 2.1)
+ $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;');
+ else
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (!empty($_POST['location']) && !is_commit_id($_POST['location']) && !is_URL($_POST['location'])) {
$input_errors[] = gettext("The supplied commit ID/URL appears to be invalid.");
diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml
index 73974af0..b9875140 100644
--- a/config/systempatches/systempatches.xml
+++ b/config/systempatches/systempatches.xml
@@ -40,7 +40,7 @@
<requirements>None</requirements>
<faq>Applies patches supplied by the user to the firewall.</faq>
<name>System Patches</name>
- <version>1.0</version>
+ <version>1.0.2</version>
<title>System: Patches</title>
<include_file>/usr/local/pkg/patches.inc</include_file>
<menu>
@@ -52,22 +52,22 @@
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/systempatches/system_patches.php</item>
+ <item>https://packages.pfsense.org/packages/config/systempatches/system_patches.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/systempatches/system_patches_edit.php</item>
+ <item>https://packages.pfsense.org/packages/config/systempatches/system_patches_edit.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>755</chmod>
- <item>http://www.pfsense.com/packages/config/systempatches/apply_patches.php</item>
+ <item>https://packages.pfsense.org/packages/config/systempatches/apply_patches.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.com/packages/config/systempatches/patches.inc</item>
+ <item>https://packages.pfsense.org/packages/config/systempatches/patches.inc</item>
</additional_files_needed>
<custom_php_install_command>
patch_package_install();
diff --git a/config/test_package/test_package.xml b/config/test_package/test_package.xml
index 192a2d54..3e268fee 100644
--- a/config/test_package/test_package.xml
+++ b/config/test_package/test_package.xml
@@ -90,47 +90,47 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort.inc</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/bin/snort2c</item>
+ <item>https://packages.pfsense.org/packages/config/snort/bin/snort2c</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_download_rules.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_download_rules.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_rulesets.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_rulesets.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_whitelist.xml</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_whitelist.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_blocked.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_blocked.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_check_for_rule_updates.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_alerts.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/pf/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/snort_dynamic_ip_reload.php</item>
+ <item>https://packages.pfsense.org/packages/config/snort/snort_dynamic_ip_reload.php</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/tftp/tftp.xml b/config/tftp/tftp.xml
index d6becc6d..18cf2e5a 100644
--- a/config/tftp/tftp.xml
+++ b/config/tftp/tftp.xml
@@ -67,12 +67,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/tftp/tftp.inc</item>
+ <item>https://packages.pfsense.org/packages/config/tftp/tftp.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/tftp/tftp_files.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/tftp/tftp_files.tmp</item>
</additional_files_needed>
<custom_add_php_command>
</custom_add_php_command>
diff --git a/config/tftp2/tftp.xml b/config/tftp2/tftp.xml
index 64f81acf..0a13548c 100644
--- a/config/tftp2/tftp.xml
+++ b/config/tftp2/tftp.xml
@@ -66,12 +66,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/tftp2/tftp.inc</item>
+ <item>https://packages.pfsense.org/packages/config/tftp2/tftp.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/tftp2/tftp_files.php</item>
+ <item>https://packages.pfsense.org/packages/config/tftp2/tftp_files.php</item>
</additional_files_needed>
<custom_php_install_command>
tftp_install_command();
diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml
index 7c067361..f016dd41 100644
--- a/config/tinc/tinc.xml
+++ b/config/tinc/tinc.xml
@@ -62,27 +62,27 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/tinc/tinc.inc</item>
+ <item>https://packages.pfsense.org/packages/config/tinc/tinc.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/tinc/tinc_config.xml</item>
+ <item>https://packages.pfsense.org/packages/config/tinc/tinc_config.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/tinc/tinc_hosts.xml</item>
+ <item>https://packages.pfsense.org/packages/config/tinc/tinc_hosts.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/tinc/status_tinc.php</item>
+ <item>https://packages.pfsense.org/packages/config/tinc/status_tinc.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/tinc/pkg_tinc.inc</item>
+ <item>https://packages.pfsense.org/packages/config/tinc/pkg_tinc.inc</item>
</additional_files_needed>
<service>
diff --git a/config/tinydns/tinydns.xml b/config/tinydns/tinydns.xml
index 546980f1..fa80953c 100644
--- a/config/tinydns/tinydns.xml
+++ b/config/tinydns/tinydns.xml
@@ -95,62 +95,62 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns.inc</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/pf/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_xmlrpc_sync.php</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_xmlrpc_sync.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_domains.xml</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_domains.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_status.php</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_status.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_dhcp_filter.php</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_dhcp_filter.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_filter.php</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_filter.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_down.php</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_down.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_up.php</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_up.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_parse_logs.php</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_parse_logs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_view_logs.php</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_view_logs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/tinydns_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/tinydns_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/wizards/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/tinydns/new_zone_wizard.xml</item>
+ <item>https://packages.pfsense.org/packages/config/tinydns/new_zone_wizard.xml</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/tinydns/tinydns_dhcp_filter.php b/config/tinydns/tinydns_dhcp_filter.php
index c92abcf8..85f5f8e7 100644
--- a/config/tinydns/tinydns_dhcp_filter.php
+++ b/config/tinydns/tinydns_dhcp_filter.php
@@ -42,8 +42,8 @@ require("guiconfig.inc");
$pgtitle = "TinyDNS: DHCP Domains";
include("head.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
?>
diff --git a/config/tinydns/tinydns_status.php b/config/tinydns/tinydns_status.php
index 3a4b8545..ba119da9 100644
--- a/config/tinydns/tinydns_status.php
+++ b/config/tinydns/tinydns_status.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
tinydns_status.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
@@ -41,8 +41,8 @@ if(!$config['installedpackages']['tinydns']['config'][0]['ipaddress'])
$pgtitle = "TinyDNS: Status";
include("head.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
?>
diff --git a/config/tinydns/tinydns_view_logs.php b/config/tinydns/tinydns_view_logs.php
index 66fed993..57daa02e 100644
--- a/config/tinydns/tinydns_view_logs.php
+++ b/config/tinydns/tinydns_view_logs.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
tinydns_view_logs.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
@@ -42,8 +42,8 @@ if($_REQUEST['getactivity']) {
if(!$config['installedpackages']['tinydns']['config'][0])
Header("Location: /pkg_edit.php?xml=tinydns.xml&id=0");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "TinyDNS: View Logs";
diff --git a/config/unbound/unbound.xml b/config/unbound/unbound.xml
index 20f3d250..21f9455f 100644
--- a/config/unbound/unbound.xml
+++ b/config/unbound/unbound.xml
@@ -58,27 +58,27 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/unbound/unbound.inc</item>
+ <item>https://packages.pfsense.org/packages/config/unbound/unbound.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/unbound/unbound_status.php</item>
+ <item>https://packages.pfsense.org/packages/config/unbound/unbound_status.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/unbound/unbound_acls.php</item>
+ <item>https://packages.pfsense.org/packages/config/unbound/unbound_acls.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.org/packages/config/unbound/unbound_advanced.xml</item>
+ <item>https://packages.pfsense.org/packages/config/unbound/unbound_advanced.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/bin/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/unbound/unbound_monitor.sh</item>
+ <item>https://packages.pfsense.org/packages/config/unbound/unbound_monitor.sh</item>
</additional_files_needed>
<system_services>
<dns/>
diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php
index 59738aab..aef1f3d1 100644
--- a/config/unbound/unbound_acls.php
+++ b/config/unbound/unbound_acls.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
unbound_acls.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2011 Warren Baker <warren@decoy.co.za>
All rights reserved.
diff --git a/config/unbound/unbound_status.php b/config/unbound/unbound_status.php
index d7371f29..8a362c2b 100644
--- a/config/unbound/unbound_status.php
+++ b/config/unbound/unbound_status.php
@@ -2,7 +2,7 @@
/* $Id$ */
/*
unbound_status.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
diff --git a/config/urltables/urltables.xml b/config/urltables/urltables.xml
index 16fe50c3..c9a9062b 100644
--- a/config/urltables/urltables.xml
+++ b/config/urltables/urltables.xml
@@ -52,12 +52,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/urltables/urltables.inc</item>
+ <item>https://packages.pfsense.org/packages/config/urltables/urltables.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/urltables/urltables.patch</item>
+ <item>https://packages.pfsense.org/packages/config/urltables/urltables.patch</item>
</additional_files_needed>
<custom_php_install_command>
urltables_install();
diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc
index 2a986710..4883af15 100644
--- a/config/varnish3/varnish.inc
+++ b/config/varnish3/varnish.inc
@@ -41,7 +41,7 @@ else
define('VARNISH_LOCALBASE','/usr/local');
-function varnish_settings_post_validate($post, $input_errors) {
+function varnish_settings_post_validate($post, &$input_errors) {
if( !is_numeric($post['storagesize']))
$input_errors[] = "A valid number is required for the field 'Storage size'";
if($post['listeningport'] && !is_numeric($post['listeningport']))
@@ -64,7 +64,7 @@ function varnish_settings_post_validate($post, $input_errors) {
}
-function varnish_lb_directors_post_validate($post, $input_errors) {
+function varnish_lb_directors_post_validate($post, &$input_errors) {
if (preg_match("/[^a-zA-Z0-9]/", $post['directorname'])){
$input_errors[] = "The directorname name must only contain the characters a-Z or 0-9";
}
@@ -78,7 +78,7 @@ function varnish_lb_directors_post_validate($post, $input_errors) {
$input_errors[] = "A valid number with a time reference is required for the field 'Req grace'";
}
-function varnish_backends_post_validate($post, $input_errors) {
+function varnish_backends_post_validate($post, &$input_errors) {
if (!$post['backendname'] || preg_match("/[^a-zA-Z0-9]/", $post['backendname']))
$input_errors[] = "The backend name must only contain the characters a-Z or 0-9";
if(!is_ipaddr($post['ipaddress']))
diff --git a/config/varnish3/varnish.widget.php b/config/varnish3/varnish.widget.php
index 35980db5..35723e95 100755
--- a/config/varnish3/varnish.widget.php
+++ b/config/varnish3/varnish.widget.php
@@ -2,7 +2,7 @@
/*
Copyright 2011 Thomas Schaefer - Tomschaefer.org
Copyright 2011 Marcello Coutinho
- Part of pfSense widgets (www.pfsense.com)
+ Part of pfSense widgets (www.pfsense.org)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/varnish3/varnish_backends.xml b/config/varnish3/varnish_backends.xml
index 58216279..1bcb822c 100644
--- a/config/varnish3/varnish_backends.xml
+++ b/config/varnish3/varnish_backends.xml
@@ -48,47 +48,47 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish3/varnish_lb_directors.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish3/varnish_lb_directors.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish3/varnish_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish3/varnish_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish3/varnish_custom_vcl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish3/varnish_custom_vcl.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish3/varnish.widget.php</item>
+ <item>https://packages.pfsense.org/packages/config/varnish3/varnish.widget.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish3/varnish.inc</item>
+ <item>https://packages.pfsense.org/packages/config/varnish3/varnish.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish3/varnish_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish3/varnish_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish3/varnish_view_config.php</item>
+ <item>https://packages.pfsense.org/packages/config/varnish3/varnish_view_config.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish3/varnishstat.php</item>
+ <item>https://packages.pfsense.org/packages/config/varnish3/varnishstat.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/shortcuts/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.org/packages/config/varnish3/pkg_varnish.inc</item>
+ <item>https://packages.pfsense.org/packages/config/varnish3/pkg_varnish.inc</item>
</additional_files_needed>
<menu>
<name>Varnish</name>
@@ -305,6 +305,6 @@
varnish_start();
</custom_php_resync_config_command>
<custom_php_validation_command>
- varnish_backends_post_validate($_POST, &amp;$input_errors);
+ varnish_backends_post_validate($_POST, $input_errors);
</custom_php_validation_command>
</packagegui>
diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml
index 99a945d5..1946860c 100644
--- a/config/varnish3/varnish_lb_directors.xml
+++ b/config/varnish3/varnish_lb_directors.xml
@@ -49,17 +49,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish_custom_vcl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish_custom_vcl.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish.inc</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish.inc</item>
</additional_files_needed>
<menu>
<name>Varnish </name>
@@ -273,6 +273,6 @@
varnish_start();
</custom_php_resync_config_command>
<custom_php_validation_command>
- varnish_lb_directors_post_validate($_POST, &amp;$input_errors);
+ varnish_lb_directors_post_validate($_POST, $input_errors);
</custom_php_validation_command>
</packagegui>
diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml
index bbb8d321..a5ff5ef9 100644
--- a/config/varnish3/varnish_settings.xml
+++ b/config/varnish3/varnish_settings.xml
@@ -280,6 +280,6 @@
varnish_start();
</custom_php_resync_config_command>
<custom_php_validation_command>
- varnish_settings_post_validate($_POST, &amp;$input_errors);
+ varnish_settings_post_validate($_POST, $input_errors);
</custom_php_validation_command>
</packagegui> \ No newline at end of file
diff --git a/config/varnish3/varnish_view_config.php b/config/varnish3/varnish_view_config.php
index 2e449b51..69a9fabb 100644
--- a/config/varnish3/varnish_view_config.php
+++ b/config/varnish3/varnish_view_config.php
@@ -1,7 +1,7 @@
<?php
/*
varnish_view_config.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
@@ -29,8 +29,8 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Varnish: View Configuration";
diff --git a/config/varnish3/varnishstat.php b/config/varnish3/varnishstat.php
index 6374525a..10d9ceb9 100644
--- a/config/varnish3/varnishstat.php
+++ b/config/varnish3/varnishstat.php
@@ -1,7 +1,7 @@
<?php
/*
varnishstat_view_logs.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
@@ -36,8 +36,8 @@ if($_REQUEST['getactivity']) {
exit;
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Varnish: VarnishSTAT";
diff --git a/config/varnish64/varnish.inc b/config/varnish64/varnish.inc
index ec7ef0c4..88ad32fa 100644
--- a/config/varnish64/varnish.inc
+++ b/config/varnish64/varnish.inc
@@ -33,7 +33,7 @@
*/
/* ========================================================================== */
-function varnish_settings_post_validate($post, $input_errors) {
+function varnish_settings_post_validate($post, &$input_errors) {
if($post['storagesize'] && !is_numeric($post['storagesize']))
$input_errors[] = "A valid number is required for the field 'Storage size'";
if($post['listeningport'] && !is_numeric($post['listeningport']))
@@ -56,7 +56,7 @@ function varnish_settings_post_validate($post, $input_errors) {
}
-function varnish_lb_directors_post_validate($post, $input_errors) {
+function varnish_lb_directors_post_validate($post, &$input_errors) {
if (preg_match("/[^a-zA-Z0-9]/", $post['directorname']))
$input_errors[] = "The directorname name must only contain the characters a-Z or 0-9";
if(stristr($post['directorurl'], 'http'))
@@ -65,7 +65,7 @@ function varnish_lb_directors_post_validate($post, $input_errors) {
$input_errors[] = "A valid number with a time reference is required for the field 'Req grace'";
}
-function varnish_backends_post_validate($post, $input_errors) {
+function varnish_backends_post_validate($post, &$input_errors) {
if (!$post['backendname'] || preg_match("/[^a-zA-Z0-9]/", $post['backendname']))
$input_errors[] = "The backend name must only contain the characters a-Z or 0-9";
if(!is_ipaddr($post['ipaddress']))
diff --git a/config/varnish64/varnish.widget.php b/config/varnish64/varnish.widget.php
index 35980db5..35723e95 100755
--- a/config/varnish64/varnish.widget.php
+++ b/config/varnish64/varnish.widget.php
@@ -2,7 +2,7 @@
/*
Copyright 2011 Thomas Schaefer - Tomschaefer.org
Copyright 2011 Marcello Coutinho
- Part of pfSense widgets (www.pfsense.com)
+ Part of pfSense widgets (www.pfsense.org)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/varnish64/varnish_backends.xml b/config/varnish64/varnish_backends.xml
index d6aaa261..1684727c 100644
--- a/config/varnish64/varnish_backends.xml
+++ b/config/varnish64/varnish_backends.xml
@@ -48,42 +48,42 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish_lb_directors.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish_lb_directors.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish_custom_vcl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish_custom_vcl.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish.widget.php</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish.widget.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish.inc</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish_sync.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish_view_config.php</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish_view_config.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnishstat.php</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnishstat.php</item>
</additional_files_needed>
<menu>
<name>Varnish</name>
@@ -281,6 +281,6 @@
varnish_start();
</custom_php_resync_config_command>
<custom_php_validation_command>
- varnish_backends_post_validate($_POST, &amp;$input_errors);
+ varnish_backends_post_validate($_POST, $input_errors);
</custom_php_validation_command>
</packagegui>
diff --git a/config/varnish64/varnish_lb_directors.xml b/config/varnish64/varnish_lb_directors.xml
index 4c46414e..f61d66cb 100644
--- a/config/varnish64/varnish_lb_directors.xml
+++ b/config/varnish64/varnish_lb_directors.xml
@@ -49,17 +49,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish_settings.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish_settings.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish_custom_vcl.xml</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish_custom_vcl.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/varnish64/varnish.inc</item>
+ <item>https://packages.pfsense.org/packages/config/varnish64/varnish.inc</item>
</additional_files_needed>
<menu>
<name>Varnish </name>
@@ -275,6 +275,6 @@
varnish_start();
</custom_php_resync_config_command>
<custom_php_validation_command>
- varnish_lb_directors_post_validate($_POST, &amp;$input_errors);
+ varnish_lb_directors_post_validate($_POST, $input_errors);
</custom_php_validation_command>
</packagegui> \ No newline at end of file
diff --git a/config/varnish64/varnish_settings.xml b/config/varnish64/varnish_settings.xml
index 0576caad..f5a8bdcd 100644
--- a/config/varnish64/varnish_settings.xml
+++ b/config/varnish64/varnish_settings.xml
@@ -279,6 +279,6 @@
varnish_start();
</custom_php_resync_config_command>
<custom_php_validation_command>
- varnish_settings_post_validate($_POST, &amp;$input_errors);
+ varnish_settings_post_validate($_POST, $input_errors);
</custom_php_validation_command>
</packagegui> \ No newline at end of file
diff --git a/config/varnish64/varnish_view_config.php b/config/varnish64/varnish_view_config.php
index 2e449b51..69a9fabb 100644
--- a/config/varnish64/varnish_view_config.php
+++ b/config/varnish64/varnish_view_config.php
@@ -1,7 +1,7 @@
<?php
/*
varnish_view_config.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
@@ -29,8 +29,8 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Varnish: View Configuration";
diff --git a/config/varnish64/varnishstat.php b/config/varnish64/varnishstat.php
index 6374525a..10d9ceb9 100644
--- a/config/varnish64/varnishstat.php
+++ b/config/varnish64/varnishstat.php
@@ -1,7 +1,7 @@
<?php
/*
varnishstat_view_logs.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
@@ -36,8 +36,8 @@ if($_REQUEST['getactivity']) {
exit;
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Varnish: VarnishSTAT";
diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc
index 651b79b2..aa602fdd 100644
--- a/config/vhosts/vhosts.inc
+++ b/config/vhosts/vhosts.inc
@@ -736,31 +736,31 @@ function vhosts_install_command() {
if(stristr(php_uname('r'), '7.2') == TRUE) {
if (!file_exists('/usr/local/php5')) {
chdir('/usr/local/');
- exec ("fetch http://files.pfsense.org/packages/7/vhosts/php5.tar.gz");
+ exec ("fetch https://files.pfsense.org/packages/7/vhosts/php5.tar.gz");
exec("tar zxvf /usr/local/php5.tar.gz -C /usr/local/");
exec("rm /usr/local/php5.tar.gz");
}
if (!file_exists('/usr/local/lib/libxml2.so.5')) {
chdir('/usr/local/lib/');
- exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so.5");
+ exec ("fetch https://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so.5");
}
if (!file_exists('/usr/local/lib/libxml2.so')) {
chdir('/usr/local/lib/');
- exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so");
+ exec ("fetch https://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so");
}
if (!file_exists('/usr/local/lib/libxml2.la')) {
chdir('/usr/local/lib/');
- exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.la");
+ exec ("fetch https://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.la");
}
if (!file_exists('/usr/local/lib/libxml2.a')) {
chdir('/usr/local/lib/');
- exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/lib/libxml2.a");
+ exec ("fetch https://files.pfsense.org/packages/7/vhosts/usr.local.lib/lib/libxml2.a");
}
}
if(stristr(php_uname('r'), '8.1') == TRUE) {
if (!file_exists('/usr/local/php5')) {
chdir('/usr/local/');
- exec ("fetch http://files.pfsense.org/packages/8/vhosts/php5.tar.gz");
+ exec ("fetch https://files.pfsense.org/packages/8/vhosts/php5.tar.gz");
exec("tar zxvf /usr/local/php5.tar.gz -C /usr/local/");
exec("rm /usr/local/php5.tar.gz");
}
@@ -774,7 +774,7 @@ function vhosts_install_command() {
unlink_if_exists("/tmp/vhosts_php_edit.tmp");
chdir('/tmp/');
- exec ("fetch http://www.pfsense.com/packages/config/vhosts/system_advanced_create_certs.tmp");
+ exec ("fetch https://packages.pfsense.org/packages/config/vhosts/system_advanced_create_certs.tmp");
exec("cp /tmp/system_advanced_create_certs.tmp /usr/local/www/packages/vhosts/system_advanced_create_certs.php");
unlink_if_exists("/tmp/system_advanced_create_certs.tmp");
diff --git a/config/vhosts/vhosts.xml b/config/vhosts/vhosts.xml
index 9bfb73e0..91c50079 100644
--- a/config/vhosts/vhosts.xml
+++ b/config/vhosts/vhosts.xml
@@ -73,22 +73,22 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/vhosts/vhosts.xml</item>
+ <item>https://packages.pfsense.org/packages/config/vhosts/vhosts.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/vhosts/vhosts.inc</item>
+ <item>https://packages.pfsense.org/packages/config/vhosts/vhosts.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/vhosts/vhosts_php.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/vhosts/vhosts_php.tmp</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/tmp/</prefix>
<chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/vhosts/vhosts_php_edit.tmp</item>
+ <item>https://packages.pfsense.org/packages/config/vhosts/vhosts_php_edit.tmp</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/vhosts/vhosts_php.tmp b/config/vhosts/vhosts_php.tmp
index 09b20ef7..d2777dc9 100644
--- a/config/vhosts/vhosts_php.tmp
+++ b/config/vhosts/vhosts_php.tmp
@@ -82,7 +82,7 @@ include("head.inc");
System -> Advanced -> Enable Secure Shell. Then SFTP can be used to access the files at /usr/local/vhosts.
After adding or updating an entry make sure to restart the <a href='/status_services.php'>service</a> to apply the settings.
<br /><br />
- For more information see: <a href='http://doc.pfsense.org/index.php/vhosts'>http://doc.pfsense.org/index.php/vhosts</a>
+ For more information see: <a href='https://doc.pfsense.org/index.php/vhosts'>https://doc.pfsense.org/index.php/vhosts</a>
</p></td>
</tr>
</table>
diff --git a/config/vnstat/vnstat.xml b/config/vnstat/vnstat.xml
index 63a121a0..6e3ae3ac 100644
--- a/config/vnstat/vnstat.xml
+++ b/config/vnstat/vnstat.xml
@@ -20,12 +20,12 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat/vnstat.inc</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat/vnstat.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://files.pfsense.org/packages/7/vnstat/vnstat_php_frontend-1.4.1.tar.gz</item>
+ <item>https://files.pfsense.org/packages/7/vnstat/vnstat_php_frontend-1.4.1.tar.gz</item>
</additional_files_needed>
<custom_php_resync_config_command></custom_php_resync_config_command>
<custom_php_install_command>vnstat_install_config();</custom_php_install_command>
diff --git a/config/vnstat2/vnstat2.xml b/config/vnstat2/vnstat2.xml
index 9bca9726..ab07f004 100644
--- a/config/vnstat2/vnstat2.xml
+++ b/config/vnstat2/vnstat2.xml
@@ -43,157 +43,157 @@
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat2.inc</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstati.xml</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstati.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstatoutput.xml</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstatoutput.xml</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/</prefix>
<chmod>0744</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat2.sh</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.sh</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/www/diag_vnstat.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/www/diag_vnstat.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/www/diag_vnstat2.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/www/diag_vnstat2.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/www/vnstat2_img.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/www/vnstat2_img.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/www/vnstati.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/www/vnstati.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/lang/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/lang/cs.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/lang/cs.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/lang/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/lang/en.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/lang/en.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/lang/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/lang/nl.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/lang/nl.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/dark/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/dark/style.css</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/dark/style.css</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/dark/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/dark/theme.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/espresso/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/espresso/style.css</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/espresso/style.css</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/espresso/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/espresso/theme.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/light/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/light/style.css</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/light/style.css</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/light/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/light/theme.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/light/theme.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/pfSense/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/pfSense/style.css</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/pfSense/style.css</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/pfSense/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/pfSense/theme.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/pfSense/theme.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/red/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/red/style.css</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/red/style.css</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/themes/red/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/themes/red/theme.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/themes/red/theme.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/config.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/config.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/COPYING</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/COPYING</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/graph.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/graph.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/graph_svg.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/graph_svg.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/index.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/index.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/localize.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/localize.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/README</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/README</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/vera_copyright.txt</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/vera_copyright.txt</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/VeraBd.ttf</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/VeraBd.ttf</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/vnstat2/vnstat_php_frontend/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/vnstat2/vnstat_php_frontend/vnstat.php</item>
+ <item>https://packages.pfsense.org/packages/config/vnstat2/vnstat_php_frontend/vnstat.php</item>
</additional_files_needed>
<fields>
<field>
diff --git a/config/vnstat2/vnstat_php_frontend/lang/cs.php b/config/vnstat2/vnstat_php_frontend/lang/cs.php
index 8704a503..e6955964 100644
--- a/config/vnstat2/vnstat_php_frontend/lang/cs.php
+++ b/config/vnstat2/vnstat_php_frontend/lang/cs.php
@@ -34,6 +34,6 @@ $L['datefmt_days'] = '%d. %B';
$L['datefmt_days_img'] = '%d';
$L['datefmt_months'] = '%B %Y';
$L['datefmt_months_img'] = '%b';
-$L['datefmt_hours'] = '%k%P';
+$L['datefmt_hours'] = '%k%p';
$L['datefmt_hours_img'] = '%k';
$L['datefmt_top'] = '%d. %B %Y';
diff --git a/config/vnstat2/vnstat_php_frontend/lang/en.php b/config/vnstat2/vnstat_php_frontend/lang/en.php
index b930ef2b..b5e6cf0b 100644
--- a/config/vnstat2/vnstat_php_frontend/lang/en.php
+++ b/config/vnstat2/vnstat_php_frontend/lang/en.php
@@ -34,6 +34,6 @@ $L['datefmt_days'] = '%d %B';
$L['datefmt_days_img'] = '%d';
$L['datefmt_months'] = '%B %Y';
$L['datefmt_months_img'] = '%b';
-$L['datefmt_hours'] = '%l%P';
+$L['datefmt_hours'] = '%l%p';
$L['datefmt_hours_img'] = '%l';
$L['datefmt_top'] = '%d %B %Y';
diff --git a/config/vnstat2/www/diag_vnstat.php b/config/vnstat2/www/diag_vnstat.php
index afef3849..04e03911 100644
--- a/config/vnstat2/www/diag_vnstat.php
+++ b/config/vnstat2/www/diag_vnstat.php
@@ -41,7 +41,7 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
$pgtitle = gettext("Vnstat2 summary ");
if($_REQUEST['getactivity']) {
@@ -77,7 +77,7 @@ include("head.inc");
<div id='maincontent'>
<?php
include("fbegin.inc");
- if(strstr($pfSversion, "1.2"))
+ if ($pf_version < 2.0)
echo "<p class=\"pgtitle\">{$pgtitle}</p>";
echo "<a href=$myurl/pkg_edit.php?xml=vnstatoutput.xml&id=0>Go Back</a><br />";
if($savemsg) {
diff --git a/config/vnstat2/www/diag_vnstat2.php b/config/vnstat2/www/diag_vnstat2.php
index ec19a0b2..e5ce1de5 100644
--- a/config/vnstat2/www/diag_vnstat2.php
+++ b/config/vnstat2/www/diag_vnstat2.php
@@ -43,7 +43,7 @@ global $config;
$aaaa = $config['installedpackages']['vnstat2']['config'][0]['vnstat_interface2'];
$bbbb = convert_real_interface_to_friendly_descr($aaaa);
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
$pgtitle = gettext("Vnstat2 info for $bbbb ($aaaa)");
if($_REQUEST['getactivity']) {
@@ -87,7 +87,7 @@ else
<div id='maincontent'>
<?php
include("fbegin.inc");
- if(strstr($pfSversion, "1.2"))
+ if ($pf_version < 2.0)
echo "<p class=\"pgtitle\">{$pgtitle}</p>";
echo "<a href=$myurl/pkg_edit.php?xml=vnstatoutput.xml&id=0>Go Back</a><br />";
if($savemsg) {
diff --git a/config/widescreen/bin/fbegin.inc_ b/config/widescreen/bin/fbegin.inc_
index a7a96e0f..73f26aaa 100644
--- a/config/widescreen/bin/fbegin.inc_
+++ b/config/widescreen/bin/fbegin.inc_
@@ -211,13 +211,13 @@ $diagnostics_menu = msort(array_merge($diagnostics_menu, return_ext_menu("Diagno
if(! $g['disablehelpmenu']) {
$help_menu = array();
$help_menu[] = array("About this Page", $helpurl);
- $help_menu[] = array("User Forum", "http://www.pfsense.org/j.php?jumpto=forum");
- $help_menu[] = array("Documentation", "http://www.pfsense.org/j.php?jumpto=doc");
- $help_menu[] = array("Developers Wiki", "http://www.pfsense.org/j.php?jumpto=devwiki");
- $help_menu[] = array("Paid Support", "http://www.pfsense.org/j.php?jumpto=portal");
- $help_menu[] = array("pfSense Book", "http://www.pfsense.org/j.php?jumpto=book");
- $help_menu[] = array("Search portal", "http://www.pfsense.org/j.php?jumpto=searchportal");
- $help_menu[] = array("FreeBSD Handbook", "http://www.pfsense.org/j.php?jumpto=fbsdhandbook");
+ $help_menu[] = array("User Forum", "https://www.pfsense.org/j.php?jumpto=forum");
+ $help_menu[] = array("Documentation", "https://www.pfsense.org/j.php?jumpto=doc");
+ $help_menu[] = array("Developers Wiki", "https://www.pfsense.org/j.php?jumpto=devwiki");
+ $help_menu[] = array("Paid Support", "https://www.pfsense.org/j.php?jumpto=portal");
+ $help_menu[] = array("pfSense Book", "https://www.pfsense.org/j.php?jumpto=book");
+ $help_menu[] = array("Search portal", "https://www.pfsense.org/j.php?jumpto=searchportal");
+ $help_menu[] = array("FreeBSD Handbook", "https://www.pfsense.org/j.php?jumpto=fbsdhandbook");
$help_menu = msort(array_merge($help_menu, return_ext_menu("Help")),0);
}
diff --git a/config/widescreen/widescreen.xml b/config/widescreen/widescreen.xml
index 98dd9daa..0692b533 100644
--- a/config/widescreen/widescreen.xml
+++ b/config/widescreen/widescreen.xml
@@ -10,57 +10,57 @@
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/widescreen.inc</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/widescreen.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/all.css_</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/all.css_</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/fbegin.inc_</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/fbegin.inc_</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/fend.inc_</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/fend.inc_</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/footer-left.png</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/footer-left.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/footer-middle.png</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/footer-middle.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/footer-right.png</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/footer-right.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/header-mid.png</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/header-mid.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/horiz-left.png</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/horiz-left.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/horiz-right.png</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/horiz-right.png</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/pkg/widescreen/</prefix>
<chmod>644</chmod>
- <item>http://www.pfsense.org/packages/config/widescreen/bin/index.php_</item>
+ <item>https://packages.pfsense.org/packages/config/widescreen/bin/index.php_</item>
</additional_files_needed>
<custom_php_install_command>
widescreen_custom_php_install_command();
diff --git a/config/widget-antivirus/antivirus_status.widget.php b/config/widget-antivirus/antivirus_status.widget.php
index c08ffeb8..6bca68a2 100644
--- a/config/widget-antivirus/antivirus_status.widget.php
+++ b/config/widget-antivirus/antivirus_status.widget.php
@@ -2,7 +2,7 @@
/*
$Id: antivirus_statistics.widget.php
Copyright (C) 2010 Serg Dvoriancev <dv_serg@mail.ru>.
- Part of pfSense widgets (www.pfsense.com)
+ Part of pfSense widgets (www.pfsense.org)
originally based on m0n0wall (http://m0n0.ch/wall)
Copyright (C) 2004-2005 T. Lechat <dev@lechat.org>, Manuel Kasper <mk@neon1.net>
diff --git a/config/widget-antivirus/widget-antivirus.xml b/config/widget-antivirus/widget-antivirus.xml
index 90580769..468baf13 100644
--- a/config/widget-antivirus/widget-antivirus.xml
+++ b/config/widget-antivirus/widget-antivirus.xml
@@ -52,17 +52,17 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/widget-antivirus/widget-antivirus.inc</item>
+ <item>https://packages.pfsense.org/packages/config/widget-antivirus/widget-antivirus.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/include/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-antivirus/antivirus_status.inc</item>
+ <item>https://packages.pfsense.org/packages/config/widget-antivirus/antivirus_status.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-antivirus/antivirus_status.widget.php</item>
+ <item>https://packages.pfsense.org/packages/config/widget-antivirus/antivirus_status.widget.php</item>
</additional_files_needed>
<custom_php_deinstall_command>
widget_antivirus_uninstall();
diff --git a/config/widget-havp/widget-havp.xml b/config/widget-havp/widget-havp.xml
index cb127f36..f99d99de 100644
--- a/config/widget-havp/widget-havp.xml
+++ b/config/widget-havp/widget-havp.xml
@@ -52,32 +52,32 @@
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
<chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/widget-havp/widget-havp.inc</item>
+ <item>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/includes/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc.php</item>
+ <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/helpers/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts_helper.php</item>
+ <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts_helper.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/include/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc</item>
+ <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/javascript/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.js</item>
+ <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.js</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-havp/havp_alerts.widget.php</item>
+ <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.widget.php</item>
</additional_files_needed>
<custom_php_deinstall_command>
widget_havp_uninstall();
diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml
index 1a371ca5..959f9529 100644
--- a/config/widget-snort/widget-snort.xml
+++ b/config/widget-snort/widget-snort.xml
@@ -52,17 +52,17 @@
<additional_files_needed>
<prefix>/usr/local/www/widgets/javascript/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.js</item>
+ <item>https://packages.pfsense.org/packages/config/widget-snort/snort_alerts.js</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/widgets/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php</item>
+ <item>https://packages.pfsense.org/packages/config/widget-snort/snort_alerts.widget.php</item>
</additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/include/</prefix>
<chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item>
+ <item>https://packages.pfsense.org/packages/config/widget-snort/widget-snort.inc</item>
</additional_files_needed>
<custom_php_deinstall_command>
widget_snort_uninstall();
diff --git a/config/xsl/package.xsl b/config/xsl/package.xsl
index 933cc700..947a9324 100644
--- a/config/xsl/package.xsl
+++ b/config/xsl/package.xsl
@@ -4,7 +4,8 @@
/* ========================================================================== */
/*
package.xsl
- part of pfSense (http://www.pfSense.com)
+ part of pfSense (https://www.pfsense.org)
+ Copyright (C) 2004-2014 Electric Sheep Fencing, LLC
Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name>
All rights reserved.
@@ -68,7 +69,6 @@
<meta name="DC.rights" content="All rights reserved" />
<meta http-equiv="Keywords" content="bsd license, altq, traffic shaping, packet, rule, Linux, OpenBSD, DragonFlyBSD, freebsd 5.3, vpn, stateful failover, carp, packet filter, m0n0wall, firewall" />
<style type="text/css">
- @import url('http://www.pfsense.com/assets/site/style.css');
</style>
<script type="text/javascript" language="utf-8">
//<![CDATA[
@@ -148,16 +148,14 @@
<table style="width: 802px; text-align: left; margin-left: auto; margin-right: auto;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
- <td style="background-image: url(http://www.pfsense.com/assets/images/header1.gif); width: 811px; text-align: left; vertical-align: bottom; background-color: transparent; height: 65px;"></td>
</tr>
<tr>
- <td style="background-image: url(http://www.pfsense.com/assets/images/header2.gif); height: 25px; width: 802px;">
<font color="#ffffff"><span class="headers"></span></font>
</td>
</tr>
<tr>
<td>
- <table style="background-image: url(http://www.pfsense.com/assets/images/horizontal.gif); text-align: left; width: 802px;" border="0" cellpadding="0" cellspacing="0">
+ <table style="text-align: left; width: 802px;" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="width: 200px; text-align: center; vertical-align: top;">
@@ -168,7 +166,6 @@
</tr>
<tr style="padding: 0px; margin: 0px;">
<td height="100%" align="left" valign="top" class="navigation" style="padding: 0px; margin: 0px;">
- <img src="http://www.pfsense.com/manager/media/images/_tx_.gif" alt="" height="4" />
<br />
<a href='#' id="infoa" onclick="toggleContentItem('info-div');">Info</a>
<a href='#' id="licensea" onclick="toggleContentItem('license-div');">License</a>
@@ -182,7 +179,6 @@
<a href='#' id="rsynca" onclick="toggleContentItem('rsync-div');">custom_php_resync_config_command</a>
<a href='#' id="installa" onclick="toggleContentItem('install-div');">custom_php_install_command</a>
<a href='#' id="deinstalla" onclick="toggleContentItem('deinstall-div');">custom_php_deinstall_command</a>
- <img src="http://www.pfsense.com/manager/media/images/_tx_.gif" height="4" alt="" />
</td>
</tr>
</tbody>
@@ -300,7 +296,6 @@
</td>
</tr>
<tr style="color: rgb(255, 255, 255);">
- <td style="background-image: url(http://www.pfsense.com/assets/images/footer.gif); width: 802px; height: 60px; text-align: center; vertical-align: middle;">
pfSense is Copyright 2004-2014 Electric Sheep Fencing LLC. All Rights Reserved.
<br />
</td>
diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml
index 3f8e84db..57ef7be3 100644
--- a/config/zabbix2/zabbix2-agent.xml
+++ b/config/zabbix2/zabbix2-agent.xml
@@ -41,13 +41,13 @@
<name>zabbixagent</name>
<title>Services: Zabbix-2 Agent</title>
<category>Monitoring</category>
- <version>0.8_0</version>
+ <version>0.8.1</version>
<include_file>/usr/local/pkg/zabbix2.inc</include_file>
<addedit_string>Zabbix Agent has been created/modified.</addedit_string>
<delete_string>Zabbix Agent has been deleted.</delete_string>
<restart_command>/usr/local/etc/rc.d/zabbix2_agentd.sh restart</restart_command>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zabbix2/zabbix2.inc</item>
+ <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
@@ -172,7 +172,7 @@
<custom_php_command_before_form></custom_php_command_before_form>
<custom_php_after_head_command></custom_php_after_head_command>
<custom_php_after_form_command></custom_php_after_form_command>
- <custom_php_validation_command>validate_input_zabbix2($_POST, &amp;$input_errors);</custom_php_validation_command>
+ <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command>
<custom_add_php_command></custom_add_php_command>
<custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command>
<custom_php_deinstall_command>php_deinstall_zabbix2_agent();</custom_php_deinstall_command>
diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml
index c857bec1..b51d1d6b 100644
--- a/config/zabbix2/zabbix2-proxy.xml
+++ b/config/zabbix2/zabbix2-proxy.xml
@@ -41,13 +41,13 @@
<name>zabbixproxy</name>
<title>Services: Zabbix-2 Proxy</title>
<category>Monitoring</category>
- <version>0.8_0</version>
+ <version>0.8.1</version>
<include_file>/usr/local/pkg/zabbix2.inc</include_file>
<addedit_string>Zabbix Proxy has been created/modified.</addedit_string>
<delete_string>Zabbix Proxy has been deleted.</delete_string>
<restart_command>/usr/local/etc/rc.d/zabbix2_proxy.sh restart</restart_command>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zabbix2/zabbix2.inc</item>
+ <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
@@ -129,12 +129,21 @@
<size>10</size>
<required>true</required>
</field>
+ <field>
+ <fielddescr>Advanced Parameters</fielddescr>
+ <fieldname>advancedparams</fieldname>
+ <encoding>base64</encoding>
+ <type>textarea</type>
+ <rows>5</rows>
+ <cols>50</cols>
+ <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Value has form, example: StartDiscoverers=10</description>
+ </field>
</fields>
<custom_php_install_command>sync_package_zabbix2();</custom_php_install_command>
<custom_php_command_before_form></custom_php_command_before_form>
<custom_php_after_head_command></custom_php_after_head_command>
<custom_php_after_form_command></custom_php_after_form_command>
- <custom_php_validation_command>validate_input_zabbix2($_POST, &amp;$input_errors);</custom_php_validation_command>
+ <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command>
<custom_add_php_command></custom_add_php_command>
<custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command>
<custom_php_deinstall_command>php_deinstall_zabbix2_proxy();</custom_php_deinstall_command>
diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2.inc
index 92aad309..c2ff4244 100644
--- a/config/zabbix2/zabbix2.inc
+++ b/config/zabbix2/zabbix2.inc
@@ -99,7 +99,7 @@ function php_deinstall_zabbix2_proxy(){
conf_mount_ro();
}
-function validate_input_zabbix2($post,&$input_errors){
+function validate_input_zabbix2($post, &$input_errors){
if (isset($post['proxyenabled'])){
if (!is_numericint($post['serverport'])) {
@@ -193,6 +193,7 @@ function sync_package_zabbix2(){
$zbproxy_config = $config['installedpackages']['zabbixproxy']['config'][0];
if ($zbproxy_config['proxyenabled']=="on"){
$Mode=(is_numericint($zbproxy_config['proxymode'])?$zbproxy_config['proxymode'] : 0);
+ $AdvancedParams=base64_decode($zbproxy_config['advancedparams']);
$zbproxy_conf_file = <<< EOF
Server={$zbproxy_config['server']}
@@ -206,6 +207,7 @@ FpingLocation=/usr/local/sbin/fping
#there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin
Fping6Location=/usr/local/sbin/fping6
ProxyMode={$Mode}
+{$AdvancedParams}
EOF;
file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => "")));
diff --git a/config/zebedee/zebedee.xml b/config/zebedee/zebedee.xml
index b56fa1a6..db7bfddf 100644
--- a/config/zebedee/zebedee.xml
+++ b/config/zebedee/zebedee.xml
@@ -62,52 +62,52 @@
<description>Tunneling Service</description>
</service>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee.inc</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee.inc</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee_tunnels.xml</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_tunnels.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee_key_details.xml</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_key_details.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee_sync.xml</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_sync.xml</item>
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee_del_key.php</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_del_key.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee_get_key.php</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_get_key.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee_keys.php</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_keys.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee_log.php</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_log.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee_view_config.php</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee_view_config.php</item>
<prefix>/usr/local/www/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.org/packages/config/zebedee/zebedee.sh</item>
+ <item>https://packages.pfsense.org/packages/config/zebedee/zebedee.sh</item>
<prefix>/usr/local/etc/rc.d/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
diff --git a/config/zebedee/zebedee_del_key.php b/config/zebedee/zebedee_del_key.php
index e6cfa955..9b52bbd9 100644
--- a/config/zebedee/zebedee_del_key.php
+++ b/config/zebedee/zebedee_del_key.php
@@ -1,7 +1,7 @@
<?php
/*
zebedee_del_key.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2010 Marcello Coutinho
Copyright (C) 2010 Jorge Lustosa
@@ -32,8 +32,8 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$zebede_keys = $config['installedpackages']['zebedeekeys']['config'] ;
diff --git a/config/zebedee/zebedee_keys.php b/config/zebedee/zebedee_keys.php
index 14b39078..58adc79d 100644
--- a/config/zebedee/zebedee_keys.php
+++ b/config/zebedee/zebedee_keys.php
@@ -1,7 +1,7 @@
<?php
/*
zebedee_keys.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2010 Marcello Coutinho
Copyright (C) 2010 Jorge Lustosa
@@ -34,8 +34,8 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Zebedee Tunneling";
diff --git a/config/zebedee/zebedee_log.php b/config/zebedee/zebedee_log.php
index e397ca08..4e7911c6 100644
--- a/config/zebedee/zebedee_log.php
+++ b/config/zebedee/zebedee_log.php
@@ -1,7 +1,7 @@
<?php
/*
varnishstat_view_logs.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2006 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
@@ -36,8 +36,8 @@ if($_REQUEST['getactivity']) {
exit;
}
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Zebedee: Logs";
diff --git a/config/zebedee/zebedee_view_config.php b/config/zebedee/zebedee_view_config.php
index 78a0bca9..26e0f1ff 100644
--- a/config/zebedee/zebedee_view_config.php
+++ b/config/zebedee/zebedee_view_config.php
@@ -1,7 +1,7 @@
<?php
/*
varnish_view_config.php
- part of pfSense (http://www.pfsense.com/)
+ part of pfSense (https://www.pfsense.org/)
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
All rights reserved.
@@ -29,8 +29,8 @@
require("guiconfig.inc");
-$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
-if(strstr($pfSversion, "1.2"))
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version < 2.0)
$one_two = true;
$pgtitle = "Zebedee: View Configuration";