From db0ddbab80d8fe9c99c8529124a9df143a3c31cc Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 24 Sep 2010 09:42:12 -0400 Subject: Git insists I modified these files, though I did not. Please watch line endings when commiting. autocrlf is your friend. --- config/snort/snort_download_updates.php | 804 ++++++++++----------- config/snort/snort_interfaces.php | 1174 +++++++++++++++---------------- 2 files changed, 989 insertions(+), 989 deletions(-) diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 40431b89..7441a442 100644 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -1,402 +1,402 @@ -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -/* load only javascript that is needed */ -$snort_load_jquery = 'yes'; -$snort_load_jquery_colorbox = 'yes'; - - -/* quick md5s chk */ -if(file_exists('/usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5')) -{ - $snort_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5'); -}else{ - $snort_org_sig_chk_local = 'N/A'; -} - -if(file_exists('/usr/local/etc/snort/version.txt')) -{ - $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/version.txt'); -}else{ - $emergingt_net_sig_chk_local = 'N/A'; -} - -if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5')) -{ - $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5'); -}else{ - $pfsense_org_sig_chk_local = 'N/A'; -} - -/* define checks */ -$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; -$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; -$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; - -if ($snortdownload != 'on' && $emergingthreats != 'on') -{ - $snort_emrging_info = 'stop'; -} - -if ($oinkid == '' && $snortdownload != 'off') -{ - $snort_oinkid_info = 'stop'; -} - -if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop') { - $error_stop = 'true'; -} - - -/* check if main rule directory is empty */ -$if_mrule_dir = "/usr/local/etc/snort/rules"; -$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; - -/* check for logfile */ -if(file_exists('/usr/local/etc/snort/snort_update.log')) -{ - $update_logfile_chk = 'yes'; -}else{ - $update_logfile_chk = 'no'; -} - -header("snort_help_info.php"); -header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); -header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); -header( "Cache-Control: no-cache, must-revalidate" ); -header( "Pragma: no-cache" ); - - -$pgtitle = "Services: Snort: Updates"; -include_once("/usr/local/pkg/snort/snort_head.inc"); - -?> - - - - - - - - - -
-
- -' . $pgtitle . '

';}?> - - - - - - - - - - - - - - - -
- - - -
- - - -
-
- - - - -
- - - - -
-
-
-
- -
- - - - - -
-
- - INSTALLED SIGNATURE RULESET
-
-

SNORT.ORG >>>  
- EMERGINGTHREATS.NET >>>  
- PFSENSE.ORG >>>  
-

- -
-
- -
- - - - - - -
-
-
-
- -
- - - - - -
-
- - UPDATE YOUR RULES
-
- - Update Rules    
-

- WARNING:  No rule types have been selected for download. "Global Settings Tab"
- '; - - if ($mfolder_chk == 'empty') { - - echo ' - WARNING:  The main rules directory is empty. /usr/local/etc/snort/rules - ' . "\n"; - } - - echo '

' . "\n"; - - }else{ - - echo ' - - - - ' . "\n"; - - if ($mfolder_chk == 'empty') { - - echo ' -

- WARNING:  The main rules directory is empty. /usr/local/etc/snort/rules -

- '; - } - - } - - ?>
- -
-
- -
- - - - - -
-
- - VIEW UPDATE LOG
-
- - Update Log    ' . "\n"; - }else{ - echo ' - ' . "\n"; - } - - ?>
-
- -
-
- -
- - - - - -
-
-
-
- -
- - - - - -
-
- - NOTE:  Snort.org and Emergingthreats.net - will go down from time to time. Please be patient.
-
- -
- - - - - -
-
-
-
- -
-
- - - - - -
-
-
- - - - - - - - - - - - - - - - - +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +/* load only javascript that is needed */ +$snort_load_jquery = 'yes'; +$snort_load_jquery_colorbox = 'yes'; + + +/* quick md5s chk */ +if(file_exists('/usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5')) +{ + $snort_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/snortrules-snapshot-2860.tar.gz.md5'); +}else{ + $snort_org_sig_chk_local = 'N/A'; +} + +if(file_exists('/usr/local/etc/snort/version.txt')) +{ + $emergingt_net_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/version.txt'); +}else{ + $emergingt_net_sig_chk_local = 'N/A'; +} + +if(file_exists('/usr/local/etc/snort/pfsense_rules.tar.gz.md5')) +{ + $pfsense_org_sig_chk_local = exec('/bin/cat /usr/local/etc/snort/pfsense_rules.tar.gz.md5'); +}else{ + $pfsense_org_sig_chk_local = 'N/A'; +} + +/* define checks */ +$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; + +if ($snortdownload != 'on' && $emergingthreats != 'on') +{ + $snort_emrging_info = 'stop'; +} + +if ($oinkid == '' && $snortdownload != 'off') +{ + $snort_oinkid_info = 'stop'; +} + +if ($snort_emrging_info == 'stop' || $snort_oinkid_info == 'stop') { + $error_stop = 'true'; +} + + +/* check if main rule directory is empty */ +$if_mrule_dir = "/usr/local/etc/snort/rules"; +$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full'; + +/* check for logfile */ +if(file_exists('/usr/local/etc/snort/snort_update.log')) +{ + $update_logfile_chk = 'yes'; +}else{ + $update_logfile_chk = 'no'; +} + +header("snort_help_info.php"); +header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" ); +header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" ); +header( "Cache-Control: no-cache, must-revalidate" ); +header( "Pragma: no-cache" ); + + +$pgtitle = "Services: Snort: Updates"; +include_once("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + + + + + + + +
+
+ +' . $pgtitle . '

';}?> + + + + + + + + + + + + + + + +
+ + + +
+ + + +
+
+ + + + +
+ + + + +
+
+
+
+ +
+ + + + + +
+
+ + INSTALLED SIGNATURE RULESET
+
+

SNORT.ORG >>>  
+ EMERGINGTHREATS.NET >>>  
+ PFSENSE.ORG >>>  
+

+ +
+
+ +
+ + + + + + +
+
+
+
+ +
+ + + + + +
+
+ + UPDATE YOUR RULES
+
+ + Update Rules    
+

+ WARNING:  No rule types have been selected for download. "Global Settings Tab"
+ '; + + if ($mfolder_chk == 'empty') { + + echo ' + WARNING:  The main rules directory is empty. /usr/local/etc/snort/rules + ' . "\n"; + } + + echo '

' . "\n"; + + }else{ + + echo ' + + + + ' . "\n"; + + if ($mfolder_chk == 'empty') { + + echo ' +

+ WARNING:  The main rules directory is empty. /usr/local/etc/snort/rules +

+ '; + } + + } + + ?>
+ +
+
+ +
+ + + + + +
+
+ + VIEW UPDATE LOG
+
+ + Update Log    ' . "\n"; + }else{ + echo ' + ' . "\n"; + } + + ?>
+
+ +
+
+ +
+ + + + + +
+
+
+
+ +
+ + + + + +
+
+ + NOTE:  Snort.org and Emergingthreats.net + will go down from time to time. Please be patient.
+
+ +
+ + + + + +
+
+
+
+ +
+
+ + + + + +
+
+
+ + + + + + + + + + + + + + + + + diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 62205ff2..e917b9da 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -1,587 +1,587 @@ -. -Copyright (C) 2008-2009 Robert Zelaya. -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. -*/ - -/* TODO: redo check if snort is up */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -$id = $_GET['id']; -if (isset($_POST['id'])) -$id = $_POST['id']; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) -$config['installedpackages']['snortglobal']['rule'] = array(); - -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -if (isset($config['installedpackages']['snortglobal']['rule'])) { - $id_gen = count($config['installedpackages']['snortglobal']['rule']); -}else{ - $id_gen = '0'; -} - -/* alert file */ -$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); - -/* this will exec when alert says apply */ -if ($_POST['apply']) { - - if ($d_snortconfdirty_path_ls != '') { - - write_config(); - - sync_snort_package_empty(); - sync_snort_package(); - - exec('/bin/rm /var/run/snort_conf_*.dirty'); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - - exit; - - } - -} - - - -if (isset($_POST['del_x'])) { - /* delete selected rules */ - if (is_array($_POST['rule']) && count($_POST['rule'])) { - foreach ($_POST['rule'] as $rulei) { - - /* convert fake interfaces to real */ - $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$rulei]['interface']); - $snort_uuid = $a_nat[$rulei]['uuid']; - - /* cool code to check if any snort is up */ - $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); - - if ($snort_up_ck != "") - { - - $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'"); - $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - - $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid"); - $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - - - if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") - { - - /* dont flood the syslog code */ - //exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); - //sleep(3); - - - /* remove only running instances */ - if ($start_up_s != "") - { - exec("/bin/kill {$start_up_s}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_s != "") - { - exec("/bin/kill {$start2_upb_s}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - if ($start_up_r != "") - { - exec("/bin/kill {$start_up_r}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_r != "") - { - exec("/bin/kill {$start2_upb_r}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - /* stop syslog flood code */ - //$if_real_wan_rulei = $a_nat[$rulei]['interface']; - //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei); - //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc"); - //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log"); - //exec("/usr/bin/killall syslogd"); - //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); - //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); - //sleep(2); - //exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); - //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); - //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'"); - //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'"); - - } - - } - - /* for every iface do these steps */ - conf_mount_rw(); - exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); - exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - - conf_mount_ro(); - - unset($a_nat[$rulei]); - - } - - write_config(); - sleep(2); - - /* if there are no ifaces do not create snort.sh */ - if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) { - create_snort_sh(); - }else{ - conf_mount_rw(); - exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); - conf_mount_ro(); - } - - //touch("/var/run/snort_conf_delete.dirty"); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - //exit; - } - -} - - -/* start/stop snort */ -if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -{ - - $if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); - - $tester2 = Running_Ck($snort_uuid, $if_real, $id); - - if ($tester2 == 'yes') { - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'"); - - Running_Stop($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - - }else{ - - sync_snort_package_all($id, $if_real, $snort_uuid); - sync_snort_package(); - - Running_Start($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - } -} - - -$pgtitle = "Services: $snort_package_version"; -include_once("/usr/local/pkg/snort/snort_head.inc"); - -?> - - - - - - - - - -
-
- -' . $pgtitle . '

';}?> - - - - -
- - '; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed for one or more interfaces.
- You must apply the changes in order for them to take effect.
- '); - } - } - - ?> - - - - - - - - -
- - - -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  IfSnortPerformanceBlockBarnyard2Description - - - - - -
-
- - - - - -   - - - - - -
- -
- - - - -
-
-
-
- -
- - - - -
-
- - - - -
Note:
- This is the Snort Menu where you can see an over - view of all your interface settings.
- Please edit the Global Settings tab before adding - an interface.
-
- Warning:
- New settings will not take effect until interface restart. -
-
- Click on the icon to add a - interface.                                            Click - on the icon to start - snort and barnyard2.
- Click on the icon to edit a - interface and settings.                       Click - on the icon to stop - snort and barnyard2.
- Click on the icon to - delete a interface and settings.
-
- -
- - "") { - echo ""; - } - ?>
-
- -
-
-
- - - -
SNORT registered � by Sourcefire, Inc, Barnyard2 -registered � by securixlive.com, Orion registered � by Robert Zelaya, -Emergingthreats registered � by emergingthreats.net, Mysql registered � -by Mysql.com
- - - - - - - - +. +Copyright (C) 2008-2009 Robert Zelaya. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. +*/ + +/* TODO: redo check if snort is up */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +$id = $_GET['id']; +if (isset($_POST['id'])) +$id = $_POST['id']; + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) +$config['installedpackages']['snortglobal']['rule'] = array(); + +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +if (isset($config['installedpackages']['snortglobal']['rule'])) { + $id_gen = count($config['installedpackages']['snortglobal']['rule']); +}else{ + $id_gen = '0'; +} + +/* alert file */ +$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); + +/* this will exec when alert says apply */ +if ($_POST['apply']) { + + if ($d_snortconfdirty_path_ls != '') { + + write_config(); + + sync_snort_package_empty(); + sync_snort_package(); + + exec('/bin/rm /var/run/snort_conf_*.dirty'); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + + exit; + + } + +} + + + +if (isset($_POST['del_x'])) { + /* delete selected rules */ + if (is_array($_POST['rule']) && count($_POST['rule'])) { + foreach ($_POST['rule'] as $rulei) { + + /* convert fake interfaces to real */ + $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$rulei]['interface']); + $snort_uuid = $a_nat[$rulei]['uuid']; + + /* cool code to check if any snort is up */ + $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); + + if ($snort_up_ck != "") + { + + $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'"); + $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + + $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid"); + $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + + + if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") + { + + /* dont flood the syslog code */ + //exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); + //sleep(3); + + + /* remove only running instances */ + if ($start_up_s != "") + { + exec("/bin/kill {$start_up_s}"); + exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); + } + + if ($start2_upb_s != "") + { + exec("/bin/kill {$start2_upb_s}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + } + + if ($start_up_r != "") + { + exec("/bin/kill {$start_up_r}"); + exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); + } + + if ($start2_upb_r != "") + { + exec("/bin/kill {$start2_upb_r}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + } + + /* stop syslog flood code */ + //$if_real_wan_rulei = $a_nat[$rulei]['interface']; + //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei); + //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc"); + //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log"); + //exec("/usr/bin/killall syslogd"); + //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); + //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); + //sleep(2); + //exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); + //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); + //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'"); + //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'"); + + } + + } + + /* for every iface do these steps */ + conf_mount_rw(); + exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); + exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + + conf_mount_ro(); + + unset($a_nat[$rulei]); + + } + + write_config(); + sleep(2); + + /* if there are no ifaces do not create snort.sh */ + if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) { + create_snort_sh(); + }else{ + conf_mount_rw(); + exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); + conf_mount_ro(); + } + + //touch("/var/run/snort_conf_delete.dirty"); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + //exit; + } + +} + + +/* start/stop snort */ +if ($_GET['act'] == 'toggle' && $_GET['id'] != '') +{ + + $if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); + + $tester2 = Running_Ck($snort_uuid, $if_real, $id); + + if ($tester2 == 'yes') { + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'"); + + Running_Stop($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + + }else{ + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + Running_Start($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + } +} + + +$pgtitle = "Services: $snort_package_version"; +include_once("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + + + + + + + +
+
+ +' . $pgtitle . '

';}?> + + + + +
+ + '; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed for one or more interfaces.
+ You must apply the changes in order for them to take effect.
+ '); + } + } + + ?> + + + + + + + + +
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  IfSnortPerformanceBlockBarnyard2Description + + + + + +
+
+ + + + + +   + + + + + +
+ +
+ + + + +
+
+
+
+ +
+ + + + +
+
+ + + + +
Note:
+ This is the Snort Menu where you can see an over + view of all your interface settings.
+ Please edit the Global Settings tab before adding + an interface.
+
+ Warning:
+ New settings will not take effect until interface restart. +
+
+ Click on the icon to add a + interface.                                            Click + on the icon to start + snort and barnyard2.
+ Click on the icon to edit a + interface and settings.                       Click + on the icon to stop + snort and barnyard2.
+ Click on the icon to + delete a interface and settings.
+
+ +
+ + "") { + echo ""; + } + ?>
+
+ +
+
+
+ + + +
SNORT registered � by Sourcefire, Inc, Barnyard2 +registered � by securixlive.com, Orion registered � by Robert Zelaya, +Emergingthreats registered � by emergingthreats.net, Mysql registered � +by Mysql.com
+ + + + + + + + -- cgit v1.2.3