From e8fa9505ad3c402bf4a5b5143842c0028382a658 Mon Sep 17 00:00:00 2001
From: robiscool <robrob2626@yahoo.com>
Date: Wed, 7 Apr 2010 23:40:40 -0700
Subject: snort, add passthrough option

---
 config/snort/snort.inc                 | 11 +++++++++++
 config/snort/snort_barnyard.php        | 20 +++++++++++++++++---
 config/snort/snort_define_servers.php  |  5 ++++-
 config/snort/snort_interfaces.php      |  2 +-
 config/snort/snort_interfaces_edit.php | 12 ++++++++++++
 config/snort/snort_preprocessors.php   |  4 ++++
 pkg_config.7.xml                       |  2 +-
 pkg_config.8.xml                       |  2 +-
 8 files changed, 51 insertions(+), 7 deletions(-)

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index cd2f9946..104c1a5a 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1055,6 +1055,8 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) {
 
 $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql'];
 $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname");
+/* user add arguments */
+$snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru']));
 
 $barnyard2_conf_text = <<<EOD
 
@@ -1094,6 +1096,12 @@ config sid_file:	        /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/sid
 config hostname:       $snortbarnyardlog_hostname_info_chk
 config interface:      {$snort_uuid}_{$if_real}
 
+## START user pass through ##
+
+{$snortbarnyardlog_config_pass_thru}
+
+## END user pass through ##
+
 # Step 2: setup the input plugins
 input unified2
 
@@ -1259,6 +1267,9 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
 	/* XXX: make multi wan friendly */
 	$snort_ext_int = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
 
+	/* user added arguments */
+	$snort_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['configpassthru']));
+	
 	/* create basic files */
 	if(!file_exists("/usr/local/etc/snort/snort/snort_{$snort_uuid}_{$if_real}"))
 	{
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 7a587330..103fba0e 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -114,7 +114,9 @@ if (isset($id) && $a_nat[$id]) {
 	$pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7'];
 	$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
 	$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
-	$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];	
+	$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+	$pconfig['configpassthru'] = $a_nat[$id]['configpassthru'];
+	$pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);	
 	$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
 	$pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
 	$pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
@@ -219,6 +221,8 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
 	if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
 	if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
 	if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+	if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog'];	}
+	if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru'];	}
 	if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
 	if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
 	if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }	
@@ -226,6 +230,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
 		/* post new options */
 		$natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off;
 		$natent['barnyard_mysql'] = $_POST['barnyard_mysql'] ? $_POST['barnyard_mysql'] : $pconfig['barnyard_mysql'];
+		$natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']) ? base64_encode($_POST['barnconfigpassthru']) : $pconfig['barnconfigpassthru'];
 		if ($_POST['barnyard_enable'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['barnyard_enable'] == "") { $natent['snortunifiedlog'] = off; }
 
 		if (isset($id) && $a_nat[$id])
@@ -293,6 +298,7 @@ echo "
 }
 ?>
     document.iform.barnyard_mysql.disabled = endis;
+    document.iform.barnconfigpassthru.disabled = endis;
 }
 //-->
 </script>
@@ -409,8 +415,16 @@ if($id != "")
                 <tr>
                   <td width="22%" valign="top" class="vncell">Log to a Mysql Database</td>
                   <td width="78%" class="vtable">
-                    <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="40" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>">
-                    <br> <span class="vexpl">Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span></td>
+                    <input name="barnyard_mysql" type="text" class="formfld" id="barnyard_mysql" size="100" value="<?=htmlspecialchars($pconfig['barnyard_mysql']);?>">
+                    <br> <span class="vexpl">Example: output database: alert, mysql, dbname=snort user=snort host=localhost password=xyz<br>
+                    Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz</span></td>
+                </tr>
+                <tr> 
+                  <td width="22%" valign="top" class="vncell">Advanced configuration pass through</td>
+                  <td width="78%" class="vtable"> 
+                    <textarea name="barnconfigpassthru" cols="100" rows="7" id="barnconfigpassthru" class="formpre"><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
+                    <br> 
+                    Arguments here will be automatically inserted into the running barnyard2 configuration.</td>
                 </tr>
                 <tr>
                   <td width="22%" valign="top">&nbsp;</td>
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index 5e9b0f31..9641b767 100644
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -117,6 +117,8 @@ if (isset($id) && $a_nat[$id]) {
 	$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
 	$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
 	$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+	$pconfig['configpassthru'] = $a_nat[$id]['configpassthru'];
+	$pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru'];
 	$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
 	$pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
 	$pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
@@ -166,7 +168,8 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
 	if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
 	if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
 	if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
-	
+	if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru'];	}
+	if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru'];	}
 		
 		/* post new options */
 		if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; }
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 30fed8e5..5f42725f 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -241,7 +241,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '')
 
 
 
-$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.20";
+$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.21";
 include("head.inc");
 
 ?>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index cba0cc8a..b63bbfbd 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -138,6 +138,8 @@ if (isset($id) && $a_nat[$id]) {
 	$pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog'];
 	$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
 	$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
+	$pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']);
+	$pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru'];
 	$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
 	$pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
 	$pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
@@ -235,6 +237,7 @@ if ($_POST["Submit"]) {
 		if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; }
 		if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; }
 		if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; }
+		$natent['configpassthru'] = base64_encode($_POST['configpassthru']) ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru'];
 		/* if optiion = 0 then the old descr way will not work */
 
 	/* rewrite the options that are not in post */
@@ -284,6 +287,7 @@ if ($_POST["Submit"]) {
 	if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
 	if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; }
 	if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql'];	}
+	if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru'];	}
 	if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
 	if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
 	if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on'];	}
@@ -408,6 +412,7 @@ echo "
 	document.iform.alertsystemlog.disabled = endis;
 	document.iform.tcpdumplog.disabled = endis;
 	document.iform.snortunifiedlog.disabled = endis;
+	document.iform.configpassthru.disabled = endis;
 }
 //-->
 </script>
@@ -580,6 +585,13 @@ if ($a_nat[$id]['interface'] != '') {
 					<input name="snortunifiedlog" type="checkbox" value="on" <?php if ($pconfig['snortunifiedlog'] == "on") echo "checked"; ?> onClick="enable_change(false)"><br>
 					Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2.</td>
 				</tr>
+                <tr> 
+                  <td width="22%" valign="top" class="vncell">Advanced configuration pass through</td>
+                  <td width="78%" class="vtable"> 
+                    <textarea name="configpassthru" cols="100" rows="7" id="configpassthru" class="formpre"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea>
+                    <br> 
+                    Arguments here will be automatically inserted into the running snort configuration.</td>
+                </tr>
                 <tr>
                   <td width="22%" valign="top"></td>
                   <td width="78%">
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 0d7fdde3..1d3abf0b 100644
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -110,6 +110,8 @@ if (isset($id) && $a_nat[$id]) {
 	$pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog'];
 	$pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog'];
 	$pconfig['flow_depth'] = $a_nat[$id]['flow_depth'];
+	$pconfig['configpassthru'] = $a_nat[$id]['configpassthru'];
+	$pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru'];
 	$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
 	$pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off'];
 	$pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on'];
@@ -195,6 +197,8 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty";
 	if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; }
 	if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; }
 	if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; }
+	if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru'];	}
+	if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; }
 	if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; }
 	if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; }
 	if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; }
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index 4e541869..413985ac 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -359,7 +359,7 @@
       <depends_on_package>mysql-client-5.1.44_1.tbz</depends_on_package>
 	  <depends_on_package>snort-2.8.5.3.tbz</depends_on_package>
       <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
-      <version>2.8.5.3 pkg v. 1.20</version>
+      <version>2.8.5.3 pkg v. 1.21</version>
       <required_version>1.2.3</required_version>
       <status>Stable</status>
       <configurationfile>/snort.xml</configurationfile>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 05297cc0..c5a7c4b7 100755
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -245,7 +245,7 @@
       <depends_on_package>mysql-client-5.1.45.tbz</depends_on_package>
 	  <depends_on_package>snort-2.8.5.3.tbz</depends_on_package>
       <config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
-      <version>2.8.5.3 pkg v. 1.20</version>
+      <version>2.8.5.3 pkg v. 1.21</version>
       <required_version>2.0</required_version>
       <status>Stable</status>
       <configurationfile>/snort.xml</configurationfile>
-- 
cgit v1.2.3