From b48e4315c1d7fbd8e4a07800724ea989a8871356 Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 10 May 2011 20:19:29 -0700 Subject: snort-dev, add more tabs, update code --- config/snort-dev/base_file.php | 23 +- config/snort-dev/snortDB | Bin 16384 -> 16384 bytes config/snort-dev/snortDBrules | Bin 12288 -> 12288 bytes config/snort-dev/snort_barnyard.php | 259 ++++++++++++++++++ config/snort-dev/snort_define_servers.php | 420 +++++++++++++++++++++++++++++ config/snort-dev/snort_help_info.php | 2 +- config/snort-dev/snort_interfaces_edit.php | 4 +- config/snort-dev/snort_json_post.php | 235 +++++++++------- config/snort-dev/snort_preprocessors.php | 307 +++++++++++++++++++++ 9 files changed, 1146 insertions(+), 104 deletions(-) create mode 100644 config/snort-dev/snort_barnyard.php create mode 100644 config/snort-dev/snort_define_servers.php create mode 100644 config/snort-dev/snort_preprocessors.php diff --git a/config/snort-dev/base_file.php b/config/snort-dev/base_file.php index 003c0b63..168a39fb 100644 --- a/config/snort-dev/base_file.php +++ b/config/snort-dev/base_file.php @@ -80,15 +80,13 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid)
@@ -104,8 +102,11 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid)
- - + + + + +
diff --git a/config/snort-dev/snortDB b/config/snort-dev/snortDB index 59c4d6f4..bb2f5c7b 100644 Binary files a/config/snort-dev/snortDB and b/config/snort-dev/snortDB differ diff --git a/config/snort-dev/snortDBrules b/config/snort-dev/snortDBrules index 24c8207f..7a0acc3f 100644 Binary files a/config/snort-dev/snortDBrules and b/config/snort-dev/snortDBrules differ diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php new file mode 100644 index 00000000..aea0d93d --- /dev/null +++ b/config/snort-dev/snort_barnyard.php @@ -0,0 +1,259 @@ +. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars + +$uuid = $_GET['uuid']; +if (isset($_POST['uuid'])) +$uuid = $_POST['uuid']; + +if ($uuid == '') { + echo 'error: no uuid'; + exit(0); +} + + +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); + + if (!is_array($a_list)) + { + $a_list = array(); + } + + + + $pgtitle = "Snort: Interface: Barnyard2 Edit"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + + + + + + + + +
+


Please Wait...

+
+ + + +
+ + + +
+ +
+
+ + + + + + + + +
+ +
+ +
+ +
+ + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
General Barnyard2 Settings
Enable + > + Enable Barnyard2 on this Interface
+ This will enable barnyard2 for this interface. You will also have to set the database credentials. +
Interface + +
+ Choose which interface this rule applies to.
+ Hint: in most cases, you'll want to use WAN here. +
Mysql Settings
Log to a Mysql Database + +
+ Example: output database: alert, mysql, dbname=snort user=snort host=localhost password=xyz
+ Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz +
Advanced Settings
Advanced configuration pass through + +
+ Arguments here will be automatically inserted into the running barnyard2 configuration. +
  + + + +
  + Note: + Please save your settings befor you click start. +
+
+
+
+ + + + + + + + diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php new file mode 100644 index 00000000..b6b83b56 --- /dev/null +++ b/config/snort-dev/snort_define_servers.php @@ -0,0 +1,420 @@ +. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars + +$uuid = $_GET['uuid']; +if (isset($_POST['uuid'])) +$uuid = $_POST['uuid']; + +if ($uuid == '') { + echo 'error: no uuid'; + exit(0); +} + + +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); + + + $pgtitle = "Snort: Interface Define Servers:"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + +
+


Please Wait...

+
+ + + +
+ + + +
+ +
+
+ + + + + + + + +
+ +
+ +
+ +
+ + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  + Note:
+ Please save your settings before you click start.
+ Please make sure there are no spaces in your definitions. +
Define Servers
Define DNS_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define DNS_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 53. +
Define SMTP_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define SMTP_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25. +
Define Mail_Ports + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,143,465,691. +
Define HTTP_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define WWW_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define HTTP_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 80. +
Define SQL_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define ORACLE_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1521. +
Define MSSQL_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 1433. +
Define TELNET_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define TELNET_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 23. +
Define SNMP_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define SNMP_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 161.
Define FTP_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define FTP_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 21. +
Define SSH_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define SSH_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is Pfsense SSH port. +
Define POP_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define POP2_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 109. +
Define POP3_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 110. +
Define IMAP_SERVERS + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define IMAP_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 143. +
Define SIP_PROXY_IP + +
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave blank to scan all networks. +
Define SIP_PROXY_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768. +
Define AUTH_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 113. +
Define FINGER_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 79. +
Define IRC_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000. +
Define NNTP_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 119. +
Define RLOGIN_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 513. +
Define RSH_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 514. +
Define SSL_PORTS + +
+ Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 25,443,465,636,993,995. +
  + + + +
  + Note: +
+ Please save your settings before you click start. +
+
+
+
+ + + + + + + + diff --git a/config/snort-dev/snort_help_info.php b/config/snort-dev/snort_help_info.php index cd757d3e..2d6b68ce 100644 --- a/config/snort-dev/snort_help_info.php +++ b/config/snort-dev/snort_help_info.php @@ -230,7 +230,7 @@ jQuery(document).ready(function() {

Change Log

-

Changes to this package can be viewed by following pfSense packages repository

+

Changes to this package can be viwed by following pfSense packages repository

diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 223e7b1e..aec03e3b 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -418,8 +418,8 @@ jQuery(document).ready(function() { - - + + diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php index 8aa5b8ea..3fea91c0 100644 --- a/config/snort-dev/snort_json_post.php +++ b/config/snort-dev/snort_json_post.php @@ -23,6 +23,27 @@ $snortJsonReturnCode_fail = ' } '; + function snortJsonReturnCode($returnStatus) + { + + if ($returnStatus == true) + { + echo ' + { + "snortgeneralsettings": "success", "snortUnhideTabs": "true" + } + '; + }else{ + echo ' + { + "snortgeneralsettings": "fail" + } + '; + } + + } + + // row from db by uuid if ($_POST['RMlistDelRow'] == 1) { @@ -65,109 +86,143 @@ if ($_POST['RMlistDelRow'] == 1) // general settings save if ($_POST['snortSaveSettings'] == 1) { - + // Save general settings if ($_POST['dbTable'] == 'SnortSettings') - { - - if ($_POST['ifaceTab'] == 'snort_interfaces_global') - { - // checkboxes when set to off never get included in POST thus this code - $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); - - } - - if ($_POST['ifaceTab'] == 'snort_alerts') - { - - if (!isset($_POST['arefresh'])) - $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); - - } - - if ($_POST['ifaceTab'] == 'snort_blocked') - { - - if (!isset($_POST['brefresh'])) - $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); - - } - - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); - - // update date on every save - $_POST['date'] = date(U); - - - //print_r($_POST); - //return true; - - conf_mount_rw(); - snortSql_updateSettings($_POST['dbName'], $_POST, 'id', '1'); - conf_mount_ro(); - - } // end of dbTable SnortSettings + { + + if ($_POST['ifaceTab'] == 'snort_interfaces_global') + { + // checkboxes when set to off never get included in POST thus this code + $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); + } + + if ($_POST['ifaceTab'] == 'snort_alerts') + { + + if (!isset($_POST['arefresh'])) + $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); + + } + + if ($_POST['ifaceTab'] == 'snort_blocked') + { + + if (!isset($_POST['brefresh'])) + $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); + + } + + // unset POSTs that are markers not in db + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + // update date on every save + $_POST['date'] = date(U); + + //print_r($_POST); + //return true; + + conf_mount_rw(); + snortSql_updateSettings($_POST['dbName'], $_POST, 'id', '1'); + conf_mount_ro(); + + echo ' + { + "snortgeneralsettings": "success" + } + '; + return true; + + } // end of dbTable SnortSettings // Save rules settings if ($_POST['dbTable'] == 'Snortrules') { - - if ($_POST['ifaceTab'] == 'snort_interfaces_edit') - { - - if (!isset($_POST['enable'])) - $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); + + // snort interface edit + if ($_POST['ifaceTab'] == 'snort_interfaces_edit') + { + + if (!isset($_POST['enable'])) + $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); + + if (!isset($_POST['blockoffenders7'])) + $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']); + + if (!isset($_POST['alertsystemlog'])) + $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']); + + if (!isset($_POST['tcpdumplog'])) + $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']); + + if (!isset($_POST['snortunifiedlog'])) + $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']); + + // convert textbox to base64 + $_POST['configpassthru'] = base64_encode($_POST['configpassthru']); - if (!isset($_POST['blockoffenders7'])) - $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']); - - if (!isset($_POST['alertsystemlog'])) - $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']); + } + + // snort preprocessor edit + if ($_POST['ifaceTab'] == 'snort_preprocessors') + { - if (!isset($_POST['tcpdumplog'])) - $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']); + if (!isset($_POST['dce_rpc_2'])) + $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']); + + if (!isset($_POST['dns_preprocessor'])) + $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']); + + if (!isset($_POST['ftp_preprocessor'])) + $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']); + + if (!isset($_POST['http_inspect'])) + $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']); + + if (!isset($_POST['other_preprocs'])) + $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']); + + if (!isset($_POST['perform_stat'])) + $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']); + + if (!isset($_POST['sf_portscan'])) + $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']); + + if (!isset($_POST['smtp_preprocessor'])) + $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']); + + } - if (!isset($_POST['snortunifiedlog'])) - $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']); + // snort barnyard edit + if ($_POST['ifaceTab'] == 'snort_barnyard') + { + // make shure iface is lower case + $_POST['interface'] = strtolower($_POST['interface']); - // convert textbox to base64 - $_POST['configpassthru'] = base64_encode($_POST['configpassthru']); + if (!isset($_POST['barnyard_enable'])) + $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']); + + } + + + // unset POSTs that are markers not in db + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + // update date on every save + $_POST['date'] = date(U); - } - - // unhide tabs Json - if ($_POST['ifaceTab'] == 'snort_interfaces_edit') - { - $snortUnhideTabs = ', "snortUnhideTabs": "true"'; - } - - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); - - // update date on every save - $_POST['date'] = date(U); - - - //print_r($_POST); - //return true; - - conf_mount_rw(); - snortSql_updateSettings($_POST['dbName'], $_POST, 'uuid', $_POST['uuid']); - conf_mount_ro(); + + //print_r($_POST); + //return true; + + snortJsonReturnCode(snortSql_updateSettings($_POST['dbName'], $_POST, 'uuid', $_POST['uuid'])); } // end of dbTable Snortrules - - echo ' - { - "snortgeneralsettings": "success"' . $snortUnhideTabs . ' - } - '; - return true; - -} + + +} // STOP General Settings Save // Suppress settings save if ($_POST['snortSaveSuppresslist'] == 1) diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php new file mode 100644 index 00000000..bca52a65 --- /dev/null +++ b/config/snort-dev/snort_preprocessors.php @@ -0,0 +1,307 @@ +. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars + +$uuid = $_GET['uuid']; +if (isset($_POST['uuid'])) +$uuid = $_POST['uuid']; + +if ($uuid == '') { + echo 'error: no uuid'; + exit(0); +} + + +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); + + $pgtitle = "Snort: Interface Preprocessors and Flow"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + +
+


Please Wait...

+
+ + + +
+ + + +
+ +
+
+ + + + + + + + +
+ +
+ +
+ +
+ + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  + Note: +
+ Rules may be dependent on preprocessors!
+ Defaults will be used when there is no user input.
+
Performance Statistics
Enable + > + Performance Statistics for this interface. +
HTTP Inspect Settings
Enable + > + Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies. +
HTTP server flow depth + + + + +
+ + -1 to 1460 (-1 disables HTTP inspect, 0 enables all HTTP inspect) +
+ Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value. +
+ Setting this value too low may cause false negatives. Values above 0 are specified in bytes. Default value is 0 +
+
Stream5 Settings
Max Queued Bytes + + + + +
+ + Minimum is 1024, Maximum is 1073741824 ( default value is 1048576, 0means Maximum ) +
+ The number of bytes to be queued for reassembly for TCP sessions in memory. Default value is 1048576 +
+
Max Queued Segs + + + + +
+ + Minimum is 2, Maximum is 1073741824 ( default value is 2621, 0 means Maximum ) +
+ The number of segments to be queued for reassembly for TCP sessions in memory. Default value is 2621 +
+
General Preprocessor Settings
+ Enable
+ RPC Decode and Back Orifice detector + 		+ > +
+ Normalize/Decode RPC traffic and detects Back Orifice traffic on the network. +
+ Enable +
+ FTP and Telnet Normalizer + 		+ > +
+ Normalize/Decode FTP and Telnet traffic and protocol anomalies. +
+ Enable +
+ SMTP Normalizer + 		+ > +
+ Normalize/Decode SMTP protocol for enforcement and buffer overflows. +
+ Enable +
+ Portscan Detection + 		+ > +
+ Detects various types of portscans and portsweeps. +
+ Enable +
+ DCE/RPC2 Detection + 		+ > +
+ The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic. +
+ Enable +
+ DNS Detection + 		+ > +
+ The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities. +
Define SSL_IGNORE + +
+ Encrypted traffic should be ignored by Snort for both performance reasons and to reduce false positives. +
+ Default: "443 465 563 636 989 990 992 993 994 995". Please use spaces and not commas. +
  + + + +
  + Note: Please save your settings before you click Start. +
+
+
+
+ + + + + + + + -- cgit v1.2.3