From ac6c2a7a83a36ecc1fd979db48a042d5edf156df Mon Sep 17 00:00:00 2001
From: robiscool <robrob2626@yahoo.com>
Date: Fri, 2 Oct 2009 21:43:05 -0700
Subject: snort-dev, mirror snort satble with snort-dev

---
 config/snort-dev/snort.inc          | 73 ++++++++++++++++++++++++++++++++-----
 config/snort-dev/snort_blocked.php  | 33 ++++++++++++++++-
 config/snort-dev/snort_rules.php    | 64 +++++++++++++++++++++++++++++++-
 config/snort-dev/snort_rulesets.php | 66 +++++++++++++++++++++++++++++++--
 4 files changed, 220 insertions(+), 16 deletions(-)

diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index ebcab85c..107dfb3e 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -196,7 +196,6 @@ function create_barnyard2_conf() {
         global $bconfig, $bg;
         /* write out barnyard2_conf */
         $barnyard2_conf_text = generate_barnyard2_conf();
-//        conf_mount_rw();
         $bconf = fopen("/usr/local/etc/barnyard2.conf", "w");
         if(!$bconf) {
                 log_error("Could not open /usr/local/etc/barnyard2.conf for writing.");
@@ -204,7 +203,6 @@ function create_barnyard2_conf() {
         }
         fwrite($bconf, $barnyard2_conf_text);
         fclose($bconf);
-//        conf_mount_ro();
 }
 /* open barnyard2.conf for writing" */
 function generate_barnyard2_conf() {
@@ -213,28 +211,56 @@ function generate_barnyard2_conf() {
         conf_mount_rw();
 
 /* define snortbarnyardlog */
+/* TODO add support for the other 5 output plugins */
+
 $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_database'];
+$snortbarnyardlog_hostname_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_hostname'];
+$snortbarnyardlog_interface_info_chk = $config['installedpackages']['snortadvanced']['config'][0]['snortbarnyardlog_interface'];
 
 $barnyard2_conf_text = <<<EOD
 
-        Copyright (C) 2006 Scott Ullrich
-        part of pfSense
-        All rights reserved.
+#	barnyard2.conf
+#   barnyard2 can be found at http://www.securixlive.com/barnyard2/index.php
+
+#	Copyright (C) 2006 Robert Zelaya
+#	part of pfSense
+#	All rights reserved.
+
+#	Redistribution and use in source and binary forms, with or without
+#	modification, are permitted provided that the following conditions are met:
+
+#	1. Redistributions of source code must retain the above copyright notice,
+#	   this list of conditions and the following disclaimer.
+
+#	2. Redistributions in binary form must reproduce the above copyright
+#	   notice, this list of conditions and the following disclaimer in the
+#	   documentation and/or other materials provided with the distribution.
+
+#	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+#	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+#	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+#	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+#	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+#	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+#	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+#	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+#	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+#	POSSIBILITY OF SUCH DAMAGE.
 
 # set the appropriate paths to the file(s) your Snort process is using
 config reference-map:   /usr/local/etc/snort/reference.config
-config class-map:          /usr/local/etc/snort/classification.config
+config class-map:       /usr/local/etc/snort/classification.config
 config gen-msg-map:     /usr/local/etc/snort/gen-msg.map
-config sid-msg-map:         /usr/local/etc/snort/sid-msg.map
+config sid-msg-map:     /usr/local/etc/snort/sid-msg.map
 
-config hostname:       pfsense.local
-config interface:      vr0
+config hostname:       $snortbarnyardlog_hostname_info_chk
+config interface:      $snortbarnyardlog_interface_info_chk
 
 # Step 2: setup the input plugins
 input unified2
 
 # database: log to a variety of databases
-# output database: log, mysql, user=snort password=snort123 dbname=snort host=192.168.1.22
+# output database: log, mysql, user=xxxx password=xxxxxx dbname=xxxx host=xxx.xxx.xxx.xxxx
 
 $snortbarnyardlog_database_info_chk
 
@@ -1006,6 +1032,33 @@ function snort_rules_up_install_cron($should_install) {
 # package manager system
 # see /usr/local/pkg/snort.inc
 # for more information
+#	snort.conf
+#   Snort can be found at http://www.snort.org/
+
+#	Copyright (C) 2006 Robert Zelaya
+#	part of pfSense
+#	All rights reserved.
+
+#	Redistribution and use in source and binary forms, with or without
+#	modification, are permitted provided that the following conditions are met:
+
+#	1. Redistributions of source code must retain the above copyright notice,
+#	   this list of conditions and the following disclaimer.
+
+#	2. Redistributions in binary form must reproduce the above copyright
+#	   notice, this list of conditions and the following disclaimer in the
+#	   documentation and/or other materials provided with the distribution.
+
+#	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+#	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+#	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+#	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+#	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+#	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+#	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+#	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+#	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+#	POSSIBILITY OF SUCH DAMAGE.
 
 #########################
                         #
diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php
index 42048eff..ff158853 100644
--- a/config/snort-dev/snort_blocked.php
+++ b/config/snort-dev/snort_blocked.php
@@ -129,7 +129,38 @@ if(!$pgtitle_output)
 
 <p>
 
-This page lists hosts that have been blocked by Snort.   Hosts are automatically deleted every 60 minutes.
+<?php
+
+$blockedtab_msg_chk = $config['installedpackages']['snort']['config'][0]['rm_blocked'];
+	if ($blockedtab_msg_chk == "1h_b") {
+		$blocked_msg = "hour";
+	}
+	if ($blockedtab_msg_chk == "3h_b") {
+		$blocked_msg = "3 hours";
+	}
+	if ($blockedtab_msg_chk == "6h_b") {
+		$blocked_msg = "6 hours";
+	}
+	if ($blockedtab_msg_chk == "12h_b") {
+		$blocked_msg = "12 hours";
+	}
+	if ($blockedtab_msg_chk == "1d_b") {
+		$blocked_msg = "day";
+	}
+	if ($blockedtab_msg_chk == "4d_b") {
+		$blocked_msg = "4 days";
+	}
+	if ($blockedtab_msg_chk == "7d_b") {
+		$blocked_msg = "7 days";
+	}
+	if ($blockedtab_msg_chk == "28d_b") {
+		$blocked_msg = "28 days";
+	}
+
+echo "This page lists hosts that have been blocked by Snort. Hosts are automatically deleted every $blocked_msg.";
+
+?>
+
 <?php include("fend.inc"); ?>
 
 </body>
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php
index fa4a5a4a..233841b1 100644
--- a/config/snort-dev/snort_rules.php
+++ b/config/snort-dev/snort_rules.php
@@ -2,7 +2,7 @@
 /* $Id$ */
 /*
     edit_snortrule.php
-    Copyright (C) 2004, 2005 Scott Ullrich
+    Copyright (C) 2004, 2005 Scott Ullrich and Rober Zelaya
     All rights reserved.
 
     Redistribution and use in source and binary forms, with or without
@@ -30,7 +30,67 @@ require("guiconfig.inc");
 require("config.inc");
 
 if(!is_dir("/usr/local/etc/snort/rules"))
-	header("Location: snort_rules.php", false);
+	exec('mkdir /usr/local/etc/snort/rules/');
+
+/* Check if the rules dir is empy if so warn the user */
+/* TODO give the user the option to delete the installed rules rules */
+$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules');
+if ($isrulesfolderempty == "") {
+
+include("head.inc");
+include("fbegin.inc");
+
+echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+
+echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
+<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
+<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+   <tr>\n
+   		<td>\n";
+
+	$tab_array = array();
+	$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+	$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+	$tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Rules"), true, "/snort_rules.php");
+	$tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+	$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+	$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+	$tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+	$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+	$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+	display_top_tabs($tab_array);
+
+echo  		"</td>\n
+  </tr>\n
+  <tr>\n
+    <td>\n
+		<div id=\"mainarea\">\n
+			<table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+				<tr>\n
+					<td>\n
+# The rules directory is empty.\n
+		    		</td>\n
+		  		</tr>\n
+			</table>\n
+		</div>\n
+	</td>\n
+  </tr>\n
+</table>\n
+\n
+</form>\n
+\n
+<p>\n\n";
+
+echo "Please click on the Update Rules tab to install your selected rule sets.";
+include("fend.inc");
+
+echo "</body>";
+echo "</html>";
+
+exit(0);
+
+}
 
 function get_middle($source, $beginning, $ending, $init_pos) {
    $beginning_pos = strpos($source, $beginning, $init_pos);
diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php
index 4f16eadd..8e5179d6 100644
--- a/config/snort-dev/snort_rulesets.php
+++ b/config/snort-dev/snort_rulesets.php
@@ -27,13 +27,73 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
-if(!is_dir("/usr/local/etc/snort/rules"))
-	Header("Location: snort_download_rules.php");
-
 require("guiconfig.inc");
 require_once("service-utils.inc");
 require("/usr/local/pkg/snort.inc");
 
+if(!is_dir("/usr/local/etc/snort/rules"))
+	exec('mkdir /usr/local/etc/snort/rules/');
+
+/* Check if the rules dir is empy if so warn the user */
+/* TODO give the user the option to delete the installed rules rules */
+$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules');
+if ($isrulesfolderempty == "") {
+
+include("head.inc");
+include("fbegin.inc");
+
+echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
+
+echo "<script src=\"/row_toggle.js\" type=\"text/javascript\"></script>\n
+<script src=\"/javascript/sorttable.js\" type=\"text/javascript\"></script>\n
+<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+   <tr>\n
+   		<td>\n";
+
+	$tab_array = array();
+	$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+	$tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php");
+	$tab_array[] = array(gettext("Categories"), true, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Rules"), false, "/snort_rules.php");
+	$tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&amp;id=0");
+	$tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php");
+	$tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+	$tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml");
+	$tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php");
+	$tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+	display_top_tabs($tab_array);
+
+echo  		"</td>\n
+  </tr>\n
+  <tr>\n
+    <td>\n
+		<div id=\"mainarea\">\n
+			<table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
+				<tr>\n
+					<td>\n
+# The rules directory is empty.\n
+		    		</td>\n
+		  		</tr>\n
+			</table>\n
+		</div>\n
+	</td>\n
+  </tr>\n
+</table>\n
+\n
+</form>\n
+\n
+<p>\n\n";
+
+echo "Please click on the Update Rules tab to install your selected rule sets.";
+include("fend.inc");
+
+echo "</body>";
+echo "</html>";
+
+exit(0);
+
+}
+
 if($_POST) {
 	$enabled_items = "";
 	$isfirst = true;
-- 
cgit v1.2.3