From e1dbec3e87eeef66c616653f7226ab2276ff6c16 Mon Sep 17 00:00:00 2001 From: robiscool Date: Thu, 11 Mar 2010 02:00:07 -0800 Subject: snort-dev, more GUI fixes, update help and info page --- config/snort-dev/css/style2.css | 111 +++++++++++++++++ config/snort-dev/help_and_info.html | 178 +++++++++++++++++++++------ config/snort-dev/images/footer.jpg | Bin 0 -> 57412 bytes config/snort-dev/images/logo.jpg | Bin 0 -> 74307 bytes config/snort-dev/javascript/tabs.js | 123 ++++++++++++++++++ config/snort-dev/snort.inc | 4 + config/snort-dev/snort.xml | 2 +- config/snort-dev/snort_alerts.php | 6 +- config/snort-dev/snort_barnyard.php | 3 +- config/snort-dev/snort_blocked.php | 6 +- config/snort-dev/snort_define_servers.php | 3 +- config/snort-dev/snort_download_rules.php | 9 +- config/snort-dev/snort_help_info.php | 50 ++++++-- config/snort-dev/snort_interfaces.php | 12 +- config/snort-dev/snort_interfaces_edit.php | 4 +- config/snort-dev/snort_interfaces_global.php | 4 +- config/snort-dev/snort_preprocessors.php | 3 +- config/snort-dev/snort_rules.php | 9 +- config/snort-dev/snort_rulesets.php | 10 +- pkg_config.7.xml | 6 +- 20 files changed, 467 insertions(+), 76 deletions(-) create mode 100644 config/snort-dev/css/style2.css create mode 100644 config/snort-dev/images/footer.jpg create mode 100644 config/snort-dev/images/logo.jpg create mode 100644 config/snort-dev/javascript/tabs.js diff --git a/config/snort-dev/css/style2.css b/config/snort-dev/css/style2.css new file mode 100644 index 00000000..cd253de1 --- /dev/null +++ b/config/snort-dev/css/style2.css @@ -0,0 +1,111 @@ +/* ----------------------------------- +general +----------------------------------- */ + +body +{ + margin: 0px; + padding: 0px; + font: 100%/1.4 helvetica, arial, sans-serif; + color: #444; + background: #fff; +} + +h1, h2, h3, h4, h5, h6 +{ + margin: 0 0 1em; + line-height: 1.1; +} + +h2, h3 { color: #003d5d; } +h2 { font-size: 218.75%; } + + +p +{ +margin-top: 35pt; +margin-right: 0pt; +margin-bottom: -25px; +margin-left: 0pt; +text-indent: 25px; +} + +img { border: none; } +a:link { color: #035389; } +a:visited { color: #09619C; } + +/* ----------------------------------- +Play Hide the tab +----------------------------------- */ + +div.items p:not(:target) {display: none} +div.items p:target {display: block} + + +/* ----------------------------------- +layout +----------------------------------- */ + +#container +{ + margin: 0 0px; + background: #fff; +} + +#header +{ + background: #fff; +} + +#header h1 { margin: 0; } + +#navigation +{ + float: left; + width: 100%; + background: #333; +} + +#navigation ul +{ + margin: 0; + padding: 0; +} + +#navigation ul li +{ + list-style-type: none; + display: inline; +} + +#navigation li a +{ + display: block; + float: left; + padding: 5px 10px; + color: #fff; + text-decoration: none; + border-right: 1px solid #fff; +} + +#navigation li a:hover +{ + background-color: #3366cc; + background-image: none; + background-repeat: repeat; + background-attachment: scroll; + background-position: 0% 0%; +} + +#content +{ + clear: left; + padding: 20px; +} + +#content h2 +{ + color: #000; + font-size: 160%; + margin: 0 0 .5em; +} \ No newline at end of file diff --git a/config/snort-dev/help_and_info.html b/config/snort-dev/help_and_info.html index d3875940..1f790257 100644 --- a/config/snort-dev/help_and_info.html +++ b/config/snort-dev/help_and_info.html @@ -4,47 +4,86 @@ Help & Info - + + - -

 About

- Pfsense Snort Package adds network protection from both internal and external threats
- without the expense of proprietary software. The Snort Package includes alert monitoring,
- blocked hosts monitoring, whitelists, rule editing/selecting, and auto rule downloads from multiple sources.

- - * Why should I care about my Network Security
- -
 Corporate network attacks have a 50% success rate. 
-
 More than 25% of Home PC's are infected with some spyware.

- - Snort 2.8.4.1_5 pkg v. 1.8 alpha was code by:

-Roberto Zelaya (robiscool)

- Special thanks to:

-Scott Ullrich (sullrich) for providing the basic snort code. -
- -

 Help

- * Where to ask your questions for the Snort Package

-
 Pfsense forums 
-
 Mailing Lists 
-
 Pfsense Snort FAQ 
- -

 Credits

- - -Pfsense Team for the Core GUI and networking.
-
- -pfSense is brought to you by a dedicated group of developers who are security and network professionals by trade. The following people are active developers of the pfSense project. Username is listed in parenthesis (generally also the person's forum username, IRC nickname, etc.).

- -Founders
+ + + + +
+ + +
+
+

+ Snort Package is a GUI based front-end for Sourcefire's Snort ® IDS/IPS software. The Snort Package goal is to be + the best open-source GUI to manage multiple snort sensors and multiple rule snapshots. The project other goal is to be a highly competitive GUI for + network monitoring for both private and enterprise use. Lastly, this project software development should bring programmers and users together to create + software. +

+

+ What is Snort ? Used by fortune 500 companies and goverments Snort is the most widely deployed IDS/IPS technology worldwide. It features rules based logging and + can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port + scans, CGI attacks, SMB probes, and much more. +

+

+ Requirements :
+ Minimum requirement 256 mb ram, 500 MHz CPU.
+ Recommended 500 mb ram, 1 Ghz CPU.
+ The more rules you run the more memory you need.
+ The more interfaces you select the more memory you need.

+ Development is done on a Alix 2D3 system (500 MHz AMD Geode LX800 CPU 256MB DDR DRAM). +

+
+
+

+About Me

+Coming soon............ + +

+
+
+

+Services

+Coming soon............ +

+
+
+

+Change Log

+Coming soon............ +

+
+
+

+PfSense is brought to you by a dedicated group of developers who are security and network professionals by trade. The following people are active developers of the pfSense project. +Username is listed in parenthesis (generally also the person's forum username, IRC nickname, etc.).

+ +Main Snort-dev Package Developer
+Robert Zelaya

+ +Founders
In alphabetical order

Chris Buechler (cmb)
Scott Ullrich (sullrich)

-Active Developers
+Active Developers
Listed in order of seniority along with date of first contribution.

Bill Marquette (billm) - February 2005
@@ -60,7 +99,7 @@ Jim Pingle (jim-p) - February 2009
Rob Zelaya (robiscool) - March 2009
Renato Botelho (rbgarga) - May 2009

-FreeBSD Developer Assistance
+FreeBSD Developer Assistance
We would like to thank the following FreeBSD developers for their assistance.

Max Laier (mlaier)
@@ -70,7 +109,7 @@ Bjoern A. Zeeb (bz)

among many others who help us directly, and everyone who contributes to FreeBSD.

-Inactive Developers
+Inactive Developers
The following individuals are no longer active contributors, having moved on because of other commitments, or employers forbidding contributions. We thank them for their past contributions.

Daniel Berlin (dberlin)
@@ -80,10 +119,71 @@ Scott Kamp (dingo)
Bachman Kharazmi (bkw)
Fernando Tarlá Cardoso Lemos (fernando)
Kyle Mott (kyle)
-Colin Smith (colin)
+Colin Smith (colin)
+

+
+
+

+Heros

+Coming soon............ +

+
+
+

+=========================
+ +Q: Do you have a quick install tutorial and tabs explanation.
+ +A: Yes.
+ + http://doc.pfsense.org/index.php/Setup_Snort_Package
+ +=========================
+ +Q: What interfaces can snort listen on ?
+ +A: Right now all WAN interfaces and LAN interfaces. But if you select a LAN interface you may need to adjust the snort rules to use the LAN interface.
+ +==========================
+ +Q: What logs does the snort package keep. ?
+ +A: Most of the snort logs are keept in the /var/log/snort.
+ Snorts syslogs' are saved to the /var/log/snort/snort_sys_0ng0.
+ +==========================
+ +Q: What is the best Performance setting ? or Snort is using 90% cpu and all my memory.
+ +A: Depends how much memory you have and how many rules you want to run.; lowmem for systems with less than 256 mb memory, ac-bnfa for systems
+ with over 256 mb of memory. The other options are; ac high memory, best performance, ac-std moderate memory, high performance,acs small
+ memory, moderate performance,ac-banded small memory,moderate performance,ac-sparsebands small memory, high performance.
+ + Short version: For most people ac-bnfa is the best setting.
+ +=========================
+ +Q: What is the Oinkmaster code ? How do I get the code ?
+ +A: The Oinkmaster code is your personal password in order to download snort rules.
+ You get a Oinkmaster code when you register with snort.org. It is free to register.
+ Goto https://www.snort.org/signup to get your personal code.
+ +=========================
+ +Q: What is the Snort.org subscriber option? How do I become a Snort.org subscriber?
-

 Thank Yous

+A: Snort.org subscribers get the the latest rule updates 30 days faster than registered users.
+ Goto http://www.snort.org/vrt/buy-a-subscription/. + It is highly suggested that you get a paid subscription so that you can always have the latest rules.
+ +=========================
+Q: When did you start working on the snort package.
+A: I started working on the snort package in May 2009.
+

+
+
- + \ No newline at end of file diff --git a/config/snort-dev/images/footer.jpg b/config/snort-dev/images/footer.jpg new file mode 100644 index 00000000..0cf9675a Binary files /dev/null and b/config/snort-dev/images/footer.jpg differ diff --git a/config/snort-dev/images/logo.jpg b/config/snort-dev/images/logo.jpg new file mode 100644 index 00000000..75abf478 Binary files /dev/null and b/config/snort-dev/images/logo.jpg differ diff --git a/config/snort-dev/javascript/tabs.js b/config/snort-dev/javascript/tabs.js new file mode 100644 index 00000000..c042d74d --- /dev/null +++ b/config/snort-dev/javascript/tabs.js @@ -0,0 +1,123 @@ +// CSS helper functions +CSS = { + // Adds a class to an element. + AddClass: function (e, c) { + if (!e.className.match(new RegExp("\\b" + c + "\\b", "i"))) + e.className += (e.className ? " " : "") + c; + }, + + // Removes a class from an element. + RemoveClass: function (e, c) { + e.className = e.className.replace(new RegExp(" \\b" + c + "\\b|\\b" + c + "\\b ?", "gi"), ""); + } +}; + +// Functions for handling tabs. +Tabs = { + // Changes to the tab with the specified ID. + GoTo: function (contentId, skipReplace) { + // This variable will be true if a tab for the specified + // content ID was found. + var foundTab = false; + + // Get the TOC element. + var toc = document.getElementById("toc"); + if (toc) { + var lis = toc.getElementsByTagName("li"); + for (var j = 0; j < lis.length; j++) { + var li = lis[j]; + + // Give the current tab link the class "current" and + // remove the class from any other TOC links. + var anchors = li.getElementsByTagName("a"); + for (var k = 0; k < anchors.length; k++) { + if (anchors[k].hash == "#" + contentId) { + CSS.AddClass(li, "current"); + foundTab = true; + break; + } else { + CSS.RemoveClass(li, "current"); + } + } + } + } + + // Show the content with the specified ID. + var divsToHide = []; + var divs = document.getElementsByTagName("div"); + for (var i = 0; i < divs.length; i++) { + var div = divs[i]; + + if (div.className.match(/\bcontent\b/i)) { + if (div.id == "_" + contentId) + div.style.display = "block"; + else + divsToHide.push(div); + } + } + + // Hide the other content boxes. + for (var i = 0; i < divsToHide.length; i++) + divsToHide[i].style.display = "none"; + + // Change the address bar. + if (!skipReplace) window.location.replace("#" + contentId); + }, + + OnClickHandler: function (e) { + // Stop the event (to stop it from scrolling or + // making an entry in the history). + if (!e) e = window.event; + if (e.preventDefault) e.preventDefault(); else e.returnValue = false; + + // Get the name of the anchor of the link that was clicked. + Tabs.GoTo(this.hash.substring(1)); + }, + + Init: function () { + if (!document.getElementsByTagName) return; + + // Attach an onclick event to all the anchor links on the page. + var anchors = document.getElementsByTagName("a"); + for (var i = 0; i < anchors.length; i++) { + var a = anchors[i]; + if (a.hash) a.onclick = Tabs.OnClickHandler; + } + + var contentId; + if (window.location.hash) contentId = window.location.hash.substring(1); + + var divs = document.getElementsByTagName("div"); + for (var i = 0; i < divs.length; i++) { + var div = divs[i]; + + if (div.className.match(/\bcontent\b/i)) { + if (!contentId) contentId = div.id; + div.id = "_" + div.id; + } + } + + if (contentId) Tabs.GoTo(contentId, true); + } +}; + +// Hook up the OnLoad event to the tab initialization function. +window.onload = Tabs.Init; + +// Hide the content while waiting for the onload event to trigger. +var contentId = window.location.hash || "#Introduction"; + +if (document.createStyleSheet) { + var style = document.createStyleSheet(); + style.addRule("div.content", "display: none;"); + style.addRule("div" + contentId, "display: block;"); +} else { + var head = document.getElementsByTagName("head")[0]; + if (head) { + var style = document.createElement("style"); + style.setAttribute("type", "text/css"); + style.appendChild(document.createTextNode("div.content { display: none; }")); + style.appendChild(document.createTextNode("div" + contentId + " { display: block; }")); + head.appendChild(style); + } +} \ No newline at end of file diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 0bc1223a..4294966f 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -155,6 +155,7 @@ function snort_postinstall() chdir ("/usr/local/www/snort/css/"); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style.css'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style2.css'); chdir ("/usr/local/www/snort/images/"); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down.gif'); @@ -164,11 +165,14 @@ function snort_postinstall() exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-desc.png'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up.gif'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg'); chdir ("/usr/local/www/snort/javascript/"); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.blockUI.js'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.3.2.js'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/mootools.js'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/sortableTable.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/tabs.js'); /* back to default */ chdir ("/root/"); diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 39adcf25..6ab6ee7a 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -46,7 +46,7 @@ Describe your package requirements here Currently there are no FAQ items provided. Snort - 2.8.5.2 + 2.8.5.3 Services: Snort 2.8.5.2 pkg v. 1.9 /usr/local/pkg/snort/snort.inc diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index 4194f769..453fc765 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -36,6 +36,7 @@ require("globals.inc"); require("guiconfig.inc"); +require("/usr/local/pkg/snort/snort.inc"); $snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; $snort_logfile = '/var/log/snort/alert'; @@ -312,6 +313,10 @@ include("head.inc"); include("fbegin.inc"); +echo "

"; +if($pfsense_stable == 'yes'){echo $pgtitle;} +echo "

\n"; + /* refresh every 60 secs */ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') { @@ -333,7 +338,6 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') ?> -
diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index 0e0bbf33..10afa183 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -39,6 +39,7 @@ Important add error checking */ require("guiconfig.inc"); +require("/usr/local/pkg/snort/snort.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); @@ -229,6 +230,7 @@ include("head.inc"); +

+ @@ -60,12 +84,24 @@ include('head.inc'); ?> - -
- -
+
+ +
+
+
+ Apps + Snort® is a registered trademark of Sourcefire, Inc., Barnyard2® is a registered trademark of securixlive.com., Orion® copyright Robert Zelaya., + Emergingthreats is a registered trademark of emergingthreats.net., Mysql® is a registered trademark of Mysql.com. +
+ + diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index 04627064..e5b42e4d 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -31,7 +31,7 @@ require("guiconfig.inc"); require("/usr/local/pkg/snort/snort_gui.inc"); -include_once("/usr/local/pkg/snort/snort.inc"); +require("/usr/local/pkg/snort/snort.inc"); $id = $_GET['id']; if (isset($_POST['id'])) @@ -178,12 +178,13 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "") header("Location: snort_interfaces.php"); } -$pgtitle = "Services: Snort 2.8.5.2 pkg v. 1.9"; +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.10 Alpha"; include("head.inc"); ?> +

@@ -252,7 +247,6 @@ padding-left :15px; display_top_tabs($tab_array); ?> -
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 1a02715c..9d2301f0 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -300,7 +300,7 @@ if ($_POST["Submit"]) { } $ifname = strtoupper($pconfig['interface']); -$pgtitle = "Snort: Interface: {$ifname} Settings Edit"; +$pgtitle = "Snort: Interface: $id$if_real Settings Edit"; include("head.inc"); ?> @@ -308,6 +308,7 @@ include("head.inc"); +