From a9356103959a9aeb0a466cd3c1adcf730e630076 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 28 Jan 2014 11:15:14 -0500 Subject: Tweak new Reverse DNS feature based on pfSense version --- config/snort/snort_alerts.php | 30 ++++++++++++++++++++---------- config/snort/snort_blocked.php | 24 +++++++++++++++--------- 2 files changed, 35 insertions(+), 19 deletions(-) diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index eb6190f5..804c6e8a 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -146,6 +146,9 @@ $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); $enablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_on']); $disablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_off']); +// Grab pfSense version so we can refer to it later on this page +$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); + $pconfig = array(); if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) { $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; @@ -465,13 +468,17 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_src = $fields[6]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_src = str_replace(":", ":​", $alert_ip_src); - /* Add Reverse DNS lookup icons */ - $alert_ip_src .= "
"; - $alert_ip_src .= ""; - $alert_ip_src .= " "; + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ + $alert_ip_src .= "
"; + if ($pfs_version > 2.0) { + $alert_ip_src .= "
"; + $alert_ip_src .= " "; + } + $alert_ip_src .= ""; $alert_ip_src .= ""; + /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) { @@ -495,11 +502,14 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_dst = $fields[8]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); - /* Add Reverse DNS lookup icons */ - $alert_ip_dst .= "
"; - $alert_ip_dst .= ""; - $alert_ip_dst .= " "; + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ + $alert_ip_dst .= "
"; + if ($pfs_version > 2.0) { + $alert_ip_dst .= "
"; + $alert_ip_dst .= " "; + } + $alert_ip_dst .= ""; $alert_ip_dst .= ""; /* Add icons for auto-adding to Suppress List if appropriate */ diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index f190413c..4fc470d3 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -7,6 +7,7 @@ * * Modified for the Pfsense snort package v. 1.8+ * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2014 Bill Meeks * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -33,6 +34,9 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +// Grab pfSense version so we can refer to it later on this page +$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); + if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $config['installedpackages']['snortglobal']['alertsblocks'] = array(); @@ -261,23 +265,25 @@ if ($pconfig['brefresh'] == 'on') /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $tmp_ip = str_replace(":", ":​", $blocked_ip); - + /* Add reverse DNS lookup icons (two different links if pfSense version supports them) */ + $rdns_link = ""; + if ($pfs_version > 2.0) { + $rdns_link .= ""; + $rdns_link .= " "; + } + $rdns_link .= ""; + $rdns_link .= ""; /* use one echo to do the magic*/ echo " {$counter} - {$tmp_ip}
- - - - + {$tmp_ip}
{$rdns_link} {$blocked_desc} \"Delete \n"; } - } ?> -- cgit v1.2.3