From a42356458f46215de8718088c2f9143294532bca Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 16 Jul 2012 08:43:35 +0000 Subject: Force use of aliases from pfSense for replacing snort var settings. Also make snort var settings generic and overridable in all of its definitions --- config/snort/snort.inc | 55 ++- config/snort/snort_alerts.php | 70 ++- config/snort/snort_blocked.php | 10 +- config/snort/snort_define_servers.php | 542 ++++++----------------- config/snort/snort_interfaces_whitelist_edit.php | 156 ++----- 5 files changed, 251 insertions(+), 582 deletions(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 26542341..27598f3d 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -49,6 +49,24 @@ define("SNORTLOGDIR", "/var/log/snort"); if (!is_array($config['installedpackages']['snortglobal'])) $config['installedpackages']['snortglobal'] = array(); +function snort_get_blocked_ips() { + $blocked_ips = ""; + exec('/sbin/pfctl -t snort2c -T show', $blocked_ips); + $blocked_ips_array = array(); + if (!empty($blocked_ips)) { + $blocked_ips_array = array(); + if (is_array($blocked_ips)) { + foreach ($blocked_ips as $blocked_ip) { + if (empty($blocked_ip)) + continue; + $blocked_ips_array[] = trim($blocked_ip, " \n\t"); + } + } + } + + return $blocked_ips_array; +} + function snort_get_rule_part($source, $beginning, $ending, $start_pos) { $beginning_pos = strpos($source, $beginning, $start_pos); @@ -114,8 +132,8 @@ function snort_build_list($snortcfg, $listname = "") { $wandns = $whitelist['wandnsips']; $vips = $whitelist['vips']; $vpns = $whitelist['vpnips']; - if (!empty($whitelist['address'])) { - $home_net .= trim($whitelist['address']); + if (!empty($whitelist['address']) && is_alias($whitelist['address'])) { + $home_net .= trim(filter_expand_alias($whitelist['address'])); $home_net .= " "; } } @@ -1044,7 +1062,7 @@ function snort_generate_conf($snortcfg) { $ssh_port = $config['system']['ssh']['port']; else $ssh_port = "22"; - $ports = array( + $snort_ports = array( "dns_ports" => "53", "smtp_ports" => "25", "mail_ports" => "25,143,465,691", "http_ports" => "80", "oracle_ports" => "1521", "mssql_ports" => "1433", "telnet_ports" => "23","snmp_ports" => "161", "ftp_ports" => "21", @@ -1075,7 +1093,7 @@ EOD; if (!empty($snortcfg['flow_depth'])) $def_flow_depth_type = $snortcfg['flow_depth']; - $http_ports = str_replace(",", " ", $ports['http_ports']); + $http_ports = str_replace(",", " ", $snort_ports['http_ports']); /* def http_inspect */ $http_inspect = << "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", "www_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", "snmp_servers" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET", @@ -1243,19 +1261,22 @@ EOD; ); $vardef = ""; - foreach ($servers as $alias => $avalue) { - if (!empty($snortcfg[$alias])) - $avalue = $snortcfg[$alias]; + foreach ($snort_servers as $alias => $avalue) { + if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) { + $avalue = filter_expand_alias($snortcfg["def_{$alias}"]); + $avalue = str_replace(" ", ",", trim($avalue)); + } $vardef .= "var " . strtoupper($alias) . " [{$avalue}]\n"; } $portvardef = ""; - foreach ($ports as $alias => $avalue) { - if (!empty($snortcfg["def_{$alias}"])) - $ports[$alias] = $snortcfg["def_{$alias}"]; - $portvardef .= "portvar " . strtoupper($alias) . " [" . $ports[$alias] . "]\n"; + foreach ($snort_ports as $alias => $avalue) { + if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) + $snort_ports[$alias] = filter_expand_alias($snortcfg["def_{$alias}"]); + $snort_ports[$alias] = str_replace(" ", ",", trim($snort_ports[$alias])); + $portvardef .= "portvar " . strtoupper($alias) . " [" . $snort_ports[$alias] . "]\n"; } - $def_ssl_ports_ignore = str_replace(",", " ", $ports['ssl_ports']); + $def_ssl_ports_ignore = str_replace(",", " ", $snort_ports['ssl_ports']); $snort_preproc = array ( "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index ea5c6cb5..939381c5 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -74,6 +74,16 @@ if ($_POST['save']) { exit; } +if ($_POST['todelete'] || $_GET['todelete']) { + $ip = ""; + if($_POST['todelete']) + $ip = $_POST['todelete']; + else if($_GET['todelete']) + $ip = $_GET['todelete']; + if (is_ipaddr($ip)) + exec("/sbin/pfctl -t snort2c -T delete {$ip}"); +} + if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n"; if (!is_array($config['installedpackages']['snortglobal']['suppress'])) @@ -165,6 +175,7 @@ if ($pconfig['arefresh'] == 'on') print_input_errors($input_errors); // TODO: add checks } ?> +
- + + + - - - - - -
-
- - - + @@ -224,34 +232,11 @@ if ($pconfig['arefresh'] == 'on') Enter the number of log entries to view. Default is 250. -
Last Alert Entries.Last Alert Entries. Latest Alert Entries Are Listed First.
- -


-
-
-
- Filter: -
-
-
+ @@ -259,7 +244,7 @@ if ($pconfig['arefresh'] == 'on') - + @@ -272,6 +257,7 @@ if ($pconfig['arefresh'] == 'on') if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { exec("tail -{$anentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert | sort -r > /tmp/alert_{$snort_uuid}"); if (file_exists("/tmp/alert_{$snort_uuid}")) { + $tmpblocked = array_flip(snort_get_blocked_ips()); $counter = 0; /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ @@ -291,17 +277,25 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_proto = $fields[5]; /* IP SRC */ $alert_ip_src = $fields[6]; + if (isset($tmpblocked[$fields[6]])) { + $alert_ip_src .= " + \"Delete\""; + } /* IP SRC Port */ $alert_src_p = $fields[7]; /* IP Destination */ $alert_ip_dst = $fields[8]; + if (isset($tmpblocked[$fields[8]])) { + $alert_ip_dst .= " + \"Delete\""; + } /* IP DST Port */ $alert_dst_p = $fields[9]; /* SID */ $alert_sid_str = "{$fields[1]}:{$fields[2]}:{$fields[3]}"; $alert_class = $fields[11]; - echo " + echo " @@ -330,14 +324,10 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
DatePROTO CLASS SRCSRCPORtSRCPORT DST DSTPORT SID
{$alert_date} {$alert_priority} {$alert_proto}
- - - + + + diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 70838ed8..b88b85e9 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -203,10 +203,6 @@ if ($pconfig['brefresh'] == 'on') "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", +"www_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", +"snmp_servers" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET", +"pop_servers" => "\$HOME_NET", "imap_servers" => "\$HOME_NET", "sip_proxy_ip" => "\$HOME_NET", +"sip_servers" => "\$HOME_NET", "rpc_servers" => "\$HOME_NET", +"aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24" +); - /* old options */ - $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; - $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; - $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; - $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; - $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; - $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; - $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; - $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; - $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; - $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; - $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; - $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; - $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; - $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; - $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; - $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; - $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; - $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; - $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; - $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; - $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; - $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; - $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; - $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; - $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; - $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers']; - $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; - $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; - $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; - $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; - $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; - $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; - $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; - $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; - $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; -} +/* if user has defined a custom ssh port, use it */ +if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port'])) + $ssh_port = $config['system']['ssh']['port']; +else + $ssh_port = "22"; +$snort_ports = array( +"dns_ports" => "53", "smtp_ports" => "25", "mail_ports" => "25,143,465,691", +"http_ports" => "80", "oracle_ports" => "1521", "mssql_ports" => "1433", +"telnet_ports" => "23","snmp_ports" => "161", "ftp_ports" => "21", +"ssh_ports" => $ssh_port, "pop2_ports" => "109", "pop3_ports" => "110", +"imap_ports" => "143", "sip_proxy_ports" => "5060:5090,16384:32768", +"sip_ports" => "5060:5090,16384:32768", "auth_ports" => "113", "finger_ports" => "79", +"irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445", +"nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514", +"ssl_ports" => "443,465,563,636,989,990,992,993,994,995", +"file_data_ports" => "\$HTTP_PORTS,110,143", "shellcode_ports" => "!80", +"sun_rpc_ports" => "111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779", +"DCERPC_NCACN_IP_TCP" => "139,445", "DCERPC_NCADG_IP_UDP" => "138,1024:", +"DCERPC_NCACN_IP_LONG" => "135,139,445,593,1024:", "DCERPC_NCACN_UDP_LONG" => "135,1024:", +"DCERPC_NCACN_UDP_SHORT" => "135,593,1024:", "DCERPC_NCACN_TCP" => "2103,2105,2107", +"DCERPC_BRIGHTSTORE" => "6503,6504" +); + +$pconfig = $a_nat[$id]; /* convert fake interfaces to real */ $if_real = snort_get_real_interface($pconfig['interface']); @@ -105,51 +99,20 @@ if ($_POST) { /* if no errors write to conf */ if (!$input_errors) { /* post new options */ - if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } - if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } - if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; } - if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; } - if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; } - if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } - if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; } - if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; } - if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; } - if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } - if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; } - if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; } - if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; } - if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } - if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; } - if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; } - if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; } - if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } - if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; } - if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; } - if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; } - if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } - if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; } - if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } - if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } - if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } - if ($_POST['def_sip_servers'] != "") { $natent['def_sip_servers'] = $_POST['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; } - if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } - if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } - if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } - if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } - if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } - if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; } - if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; } - if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; } - - - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); + foreach ($snort_servers as $key => $server) { + if ($_POST["def_{$key}"]) + $natent["def_{$key}"] = $_POST["def_{$key}"]; else - $a_nat[] = $natent; + unset($natent["def_{$key}"]); } + foreach ($snort_ports as $key => $server) { + if ($_POST["def_{$key}"]) + $natent["def_{$key}"] = $_POST["def_{$key}"]; + else + unset($natent["def_{$key}"]); + } + + $a_nat[$id] = $natent; write_config(); @@ -171,30 +134,23 @@ $pgtitle = "Snort: Interface {$if_friendly} Define Servers"; include_once("head.inc"); ?> - + ' . $pgtitle . '

';} +/* Display Alert message */ +if ($input_errors) + print_input_errors($input_errors); // TODO: add checks +if ($savemsg) + print_info_box($savemsg); ?> - - - -
+ + + + + + +
' . $pgtitle . '

';}
+ + + + $server): + if (strlen($server) > 40) + $server = substr($server, 0, 40) . "..."; + $label = strtoupper($key); + $value = ""; + if (!empty($pconfig["def_{$key}"])) + $value = htmlspecialchars($pconfig["def_{$key}"]); +?> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + $server): + $server = substr($server, 0, 20); + $label = strtoupper($key); + $value = ""; + if (!empty($pconfig["def_{$key}"])) + $value = htmlspecialchars($pconfig["def_{$key}"]); +?> - - + + -
Define Servers
 Note:
- Please save your settings before you click start.
- Please make sure there are no spaces in your - definitions.
Define Servers
Define DNS_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define DNS_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 53.
Define SMTP_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define SMTP_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 25.
Define Mail_Ports
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 25,143,465,691.
Define HTTP_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define WWW_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define HTTP_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 80.
Define SQL_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define ORACLE_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 1521.
Define MSSQL_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 1433.
Define TELNET_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define TELNET_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 23.
Define SNMP_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define SNMP_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 161.
Define FTP_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define FTP_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 21.
Define SSH_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define SSH_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is the firewall's SSH port.
Define POP_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define POP2_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 109.
Define POP3_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 110.
Define IMAP_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define IMAP_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 143.
Define SIP_PROXY_IP
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define SIP_PROXY_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 5060:5090,16384:32768.
Define SIP_SERVERS
- Example: "192.168.1.3/24,192.168.1.4/24". Leave - blank to scan all networks.
Define SIP_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 5060:5090,16384:32768.
Define AUTH_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 113.
Define FINGER_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 79.
Define IRC_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.
Define NNTP_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 119.
Define RLOGIN_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 513.
Define RSH_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 514.
Define SSL_PORTS
- Example: Specific ports "25,443" or All ports - betwen "5060:5090 . Default is 25,443,465,636,993,995.
  - - + Define +
+ Default value: ""
Leave + blank for default value.
Define Ports
 Note: -
- Please save your settings before you click start. 		Define
+ Default value: ""
Leave + blank for default value. +
+ +
  + + +
+ + diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index aa6ca238..c86f60d3 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -85,8 +85,6 @@ if (isset($id) && $a_whitelist[$id]) { $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; $pconfig['vips'] = $a_whitelist[$id]['vips']; $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; - $addresses = explode(' ', $pconfig['address']); - $address = explode(" ", $addresses[0]); } if ($_POST['submit']) { @@ -103,13 +101,8 @@ if ($_POST['submit']) { if(strtolower($_POST['name']) == "defaultwhitelist") $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - $x = is_validwhitelistname($_POST['name']); - if (!isset($x)) { - $input_errors[] = "Reserved word used for whitelist file name."; - } else { - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; - } + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; /* check for name conflicts */ foreach ($a_whitelist as $w_list) { @@ -122,33 +115,9 @@ if ($_POST['submit']) { } } - $isfirst = 0; - $address = ""; - $final_address_details .= ""; - /* add another entry code */ - for($x=0; $x<499; $x++) { - if (!empty($_POST["address{$x}"])) { - if ($is_first > 0) - $address .= " "; - $address .= $_POST["address{$x}"]; - if ($_POST["address_subnet{$x}"] <> "") - $address .= "" . $_POST["address_subnet{$x}"]; - - /* Compress in details to a single key, data separated by pipes. - Pulling details here lets us only pull in details for valid - address entries, saving us from having to track which ones to - process later. */ - $final_address_detail = mb_convert_encoding($_POST["detail{$x}"],'HTML-ENTITIES','auto'); - if ($final_address_detail <> "") - $final_address_details .= $final_address_detail; - else { - $final_address_details .= "Entry added" . " "; - $final_address_details .= date('r'); - } - $final_address_details .= "||"; - $is_first++; - } - } + if ($_POST['address']) + if (!is_alias($_POST['address'])) + $input_errors[] = "A valid alias need to be provided"; if (!$input_errors) { $w_list = array(); @@ -161,7 +130,7 @@ if ($_POST['submit']) { $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - $w_list['address'] = $address; + $w_list['address'] = $_POST['address']; $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); $w_list['detail'] = $final_address_details; @@ -177,12 +146,7 @@ if ($_POST['submit']) { header("Location: /snort/snort_interfaces_whitelist.php"); exit; - } else { - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $pconfig['address'] = $address; - $pconfig['detail'] = $final_address_details; } - } $pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; @@ -193,27 +157,15 @@ include_once("head.inc"); - - - - -' . $pgtitle . '

';} if ($input_errors) print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> - + +
+ + @@ -350,17 +252,33 @@ if ($savemsg)
@@ -282,61 +234,11 @@ if ($savemsg)
-
IP or CIDR items
+
Alias of IP's
 - - - - - - - - - - - ""): - $item = explode(" ", $address); - $item3 = explode("||", $pconfig['detail']); - foreach($item as $ww): - $address = $item[$counter]; - $item4 = $item3[$counter]; - ?> - - - - - - - -
-
For WHITELIST's enter ONLY - IPs not CIDRs. Example: 192.168.4.1
-
- For NETLIST's you may enter IPs and - CIDRs. Example: 192.168.4.1 or 192.168.4.0/24
-
-
IP or CIDR
- 		-
Add a Description or leave blank and a date - will be added.
-
- "; ?> -
-
 
- + var addressarray=new Array(); +function createAutoSuggest() { + +} + +setTimeout("createAutoSuggest();", 500); + + -- cgit v1.2.3