From 30a4ccf0d0a6a0a46e93a0eb1e754d97ba68285c Mon Sep 17 00:00:00 2001 From: Ermal Date: Sun, 22 Jul 2012 12:43:02 +0000 Subject: Leave only neccesary files --- config/widget-snort/snort_alerts.inc | 20 ------- config/widget-snort/snort_alerts.inc.php | 92 ----------------------------- config/widget-snort/snort_alerts.js | 57 +----------------- config/widget-snort/snort_alerts.widget.php | 29 ++++++--- config/widget-snort/snort_alerts_helper.php | 20 ------- config/widget-snort/widget-snort.inc | 13 ---- config/widget-snort/widget-snort.xml | 26 +------- pkg_config.xml | 6 +- 8 files changed, 26 insertions(+), 237 deletions(-) delete mode 100644 config/widget-snort/snort_alerts.inc delete mode 100644 config/widget-snort/snort_alerts.inc.php delete mode 100644 config/widget-snort/snort_alerts_helper.php delete mode 100644 config/widget-snort/widget-snort.inc diff --git a/config/widget-snort/snort_alerts.inc b/config/widget-snort/snort_alerts.inc deleted file mode 100644 index 159452dd..00000000 --- a/config/widget-snort/snort_alerts.inc +++ /dev/null @@ -1,20 +0,0 @@ - diff --git a/config/widget-snort/snort_alerts.inc.php b/config/widget-snort/snort_alerts.inc.php deleted file mode 100644 index 46d2b9a7..00000000 --- a/config/widget-snort/snort_alerts.inc.php +++ /dev/null @@ -1,92 +0,0 @@ -= $nentries) - break; - - $alert = parse_snort_alert_line($logent); - if ($alert != "") { - $counter++; - $snortalerts[] = $alert; - } - - } - /* Since the rules are in reverse order, flip them around if needed based on the user's preference */ - return isset($config['syslog']['reverse']) ? $snortalerts : array_reverse($snortalerts); -} - -function parse_snort_alert_line($line) { - $log_split = ""; - $datesplit = ""; - preg_match("/^(.*)\s+\[\*\*\]\s+\[(\d+\:\d+:\d+)\]\s(.*)\s(.*)\s+\[\*\*\].*\s+\[Priority:\s(\d+)\]\s{(.*)}\s+(.*)\s->\s(.*)$/U", $line, $log_split); - - list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'], - $alert['priority'], $alert['proto'], $alert['src'], $alert['dst']) = $log_split; - - $usableline = true; - - if(trim($alert['src']) == "") - $usableline = false; - if(trim($alert['dst']) == "") - $usableline = false; - - if($usableline == true) { - preg_match("/^(\d+)\/(\d+)-(\d+\:\d+\:\d+).\d+$/U", $alert['time'], $datesplit); - $now_time = strtotime("now"); - $checkdate = $datesplit[1] . "/" . $datesplit[2] . "/" . date("Y"); - $fulldate = $datesplit[2] . "/" . $datesplit[1] . "/" . date("Y"); - $logdate = $checkdate . " " . $datesplit[3]; - if ($now_time < strtotime($logdate)) { - $fulldate = $datesplit[2] . "/" . $datesplit[1] . "/" . ((int)date("Y") - 1); - } - - $alert['dateonly'] = $fulldate; - $alert['timeonly'] = $datesplit[3]; - $alert['category'] = strtoupper( substr($alert["category"],0 , 1) ) . strtolower( substr($alert["category"],1 ) ); - return $alert; - } else { - if($g['debug']) { - log_error("There was a error parsing line: $line. Please report to mailing list or forum."); - } - return ""; - } -} - -/* AJAX specific handlers */ -function handle_snort_ajax($snort_alerts_logfile, $nentries = 5, $tail = 50) { - if($_GET['lastsawtime'] or $_POST['lastsawtime']) { - if($_GET['lastsawtime']) - $lastsawtime = $_GET['lastsawtime']; - if($_POST['lastsawtime']) - $lastsawtime = $_POST['lastsawtime']; - /* compare lastsawrule's time stamp to alert logs. - * afterwards return the newer records so that client - * can update AJAX interface screen. - */ - $new_rules = ""; - $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries); - foreach($snort_alerts as $log_row) { - $time_regex = ""; - preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex); - $logdate = $time_regex[1] . "/" . $time_regex[2] . "/" . date("Y") . " " . $time_regex[3]; - //preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $testsplit[1], $time_regex); - // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex); - $row_time = strtotime($logdate); - $now_time = strtotime("now"); - if($row_time > $lastsawtime and $row_time <= $nowtime) { - $new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||" . time() . "||{$log_row['timeonly']}||{$log_row['dateonly']}" . "||\n"; - } - } - echo $new_rules; - } -} -?> diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js index 0cc76ab1..0c2d9ca6 100644 --- a/config/widget-snort/snort_alerts.js +++ b/config/widget-snort/snort_alerts.js @@ -1,63 +1,10 @@ -snortlastsawtime = ''; var snortlines = Array(); var snorttimer; var snortupdateDelay = 25500; var snortisBusy = false; var snortisPaused = false; - - -if (typeof getURL == 'undefined') { - getURL = function(url, callback) { - if (!url) - throw 'No URL for getURL'; - try { - if (typeof callback.operationComplete == 'function') - callback = callback.operationComplete; - } catch (e) {} - if (typeof callback != 'function') - throw 'No callback function for getURL'; - var http_request = null; - if (typeof XMLHttpRequest != 'undefined') { - http_request = new XMLHttpRequest(); - } - else if (typeof ActiveXObject != 'undefined') { - try { - http_request = new ActiveXObject('Msxml2.XMLHTTP'); - } catch (e) { - try { - http_request = new ActiveXObject('Microsoft.XMLHTTP'); - } catch (e) {} - } - } - if (!http_request) - throw 'Both getURL and XMLHttpRequest are undefined'; - http_request.onreadystatechange = function() { - if (http_request.readyState == 4) { - callback( { success : true, - content : http_request.responseText, - contentType : http_request.getResponseHeader("Content-Type") } ); - } - } - http_request.open('GET', url, true); - http_request.send(null); - } -} - -function snort_alerts_fetch_new_rules() { - if(snortisPaused) - return; - if(snortisBusy) - return; - snortisBusy = true; - getURL('widgets/helpers/snort_alerts_helper.php?lastsawtime=' + snortlastsawtime, snort_alerts_fetch_new_rules_callback); -} function snort_alerts_fetch_new_rules_callback(callback_data) { if(snortisPaused) return; @@ -75,8 +22,6 @@ function snort_alerts_fetch_new_rules_callback(callback_data) { line = '' + row_split[6] + '
' + row_split[7]+ ''; line += '' + row_split[3] + '
' + row_split[4] + ''; line += '' + 'Pri : ' + row_split[1] + '
' + 'Cat : ' + row_split[2] + ''; - snortlastsawtime = row_split[5]; - //alert(row_split[0]); new_data_to_add[new_data_to_add.length] = line; } snort_alerts_update_div_rows(new_data_to_add); @@ -131,7 +76,7 @@ function snort_alerts_update_div_rows(data) { } } /* rechedule AJAX interval */ - //snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay); + snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay); } function snort_alerts_toggle_pause() { if(snortisPaused) { diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php index ad7827b7..c579a35e 100644 --- a/config/widget-snort/snort_alerts.widget.php +++ b/config/widget-snort/snort_alerts.widget.php @@ -26,6 +26,8 @@ POSSIBILITY OF SUCH DAMAGE. */ global $config, $g; +$snort_alerts_title = "Snort Alerts"; +$snort_alerts_title_link = "snort/snort_alerts.php"; /* retrieve snort variables */ require_once("/usr/local/pkg/snort/snort.inc"); @@ -38,12 +40,14 @@ $a_instance = &$config['installedpackages']['snortglobal']['rule']; $snort_alerts = array(); $tmpblocked = array_flip(snort_get_blocked_ips()); foreach ($a_instance as $instanceid => $instance) { - $snort_uuid = $a_instance[$instanceid]['uuid']; - $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); - $tmpfile = "{$g['tmp_path']}/.widget_alert_{$snort_uuid}"; + if ($instance['enable'] != 'on') + continue; /* make sure alert file exists */ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { + $snort_uuid = $instance['uuid']; + $if_real = snort_get_real_interface($instance['interface']); + $tmpfile = "{$g['tmp_path']}/.widget_alert_{$snort_uuid}"; if (isset($config['syslog']['reverse'])) exec("tail -10 /var/log/snort/snort_{$if_real}{$snort_uuid}/alert | sort -r > {$tmpfile}"); else @@ -58,7 +62,7 @@ foreach ($a_instance as $instanceid => $instance) { $fields = explode(",", $fileline); $snort_alert = array(); - $snort_alert[]['instanceid'] = snort_get_friendly_interface($a_instance[$instanceid]['interface']); + $snort_alert[]['instanceid'] = snort_get_friendly_interface($instance['interface']); $snort_alert[]['timestamp'] = $fields[0]; $snort_alert[]['timeonly'] = substr($fields[0], 6, -8); $snort_alert[]['dateonly'] = substr($fields[0], 0, -17); @@ -69,13 +73,21 @@ foreach ($a_instance as $instanceid => $instance) { $snort_alert[]['priority'] = $fields[12]; $snort_alert[]['category'] = $fields[11]; $snort_alerts[] = $snort_alert; - }; + } fclose($fd); @unlink($tmpfile); - }; - }; -}; + } + } +} + +if ($_GET['evalScripts']) { + /* AJAX specific handlers */ + $new_rules = ""; + foreach($snort_alerts as $log_row) + $new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||{$log_row['timestamp']}||{$log_row['timeonly']}||{$log_row['dateonly']}\n"; + echo $new_rules; +} else { /* display the result */ ?> @@ -96,3 +108,4 @@ foreach ($snort_alerts as $counter => $alert) { ?>
+ diff --git a/config/widget-snort/snort_alerts_helper.php b/config/widget-snort/snort_alerts_helper.php deleted file mode 100644 index 5df0da04..00000000 --- a/config/widget-snort/snort_alerts_helper.php +++ /dev/null @@ -1,20 +0,0 @@ - - - - diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc deleted file mode 100644 index 584e5f2d..00000000 --- a/config/widget-snort/widget-snort.inc +++ /dev/null @@ -1,13 +0,0 @@ - \ No newline at end of file diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml index 1644181c..785ac5b1 100644 --- a/config/widget-snort/widget-snort.xml +++ b/config/widget-snort/widget-snort.xml @@ -46,29 +46,8 @@ Dashboard package and Snort Currently there are no FAQ items provided. widget-snort - 0.2 + 0.5 Widget - Snort - /usr/local/pkg/widget-snort.inc - - /usr/local/pkg/ - 077 - http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc - - - /usr/local/www/includes/ - 0644 - http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc.php - - - /usr/local/www/widgets/helpers/ - 0644 - http://www.pfsense.com/packages/config/widget-snort/snort_alerts_helper.php - - - /usr/local/www/widgets/include/ - 0644 - http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc - /usr/local/www/widgets/javascript/ 0644 @@ -79,7 +58,4 @@ 0644 http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php - - widget_snort_uninstall(); - diff --git a/pkg_config.xml b/pkg_config.xml index 270bbf3a..6d7a2a1c 100644 --- a/pkg_config.xml +++ b/pkg_config.xml @@ -115,9 +115,9 @@ technique called multipoint relaying for message flooding. Dashboard widget for Snort. System http://www.pfsense.com/packages/config/widget-snort/widget-snort.xml - 0.3 - BETA - 1.2 + 0.5 + Stable + 2.0 widget-snort.xml -- cgit v1.2.3