From e8fa9505ad3c402bf4a5b5143842c0028382a658 Mon Sep 17 00:00:00 2001 From: robiscool Date: Wed, 7 Apr 2010 23:40:40 -0700 Subject: snort, add passthrough option --- config/snort/snort.inc | 11 +++++++++++ config/snort/snort_barnyard.php | 20 +++++++++++++++++--- config/snort/snort_define_servers.php | 5 ++++- config/snort/snort_interfaces.php | 2 +- config/snort/snort_interfaces_edit.php | 12 ++++++++++++ config/snort/snort_preprocessors.php | 4 ++++ pkg_config.7.xml | 2 +- pkg_config.8.xml | 2 +- 8 files changed, 51 insertions(+), 7 deletions(-) diff --git a/config/snort/snort.inc b/config/snort/snort.inc index cd2f9946..104c1a5a 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1055,6 +1055,8 @@ function generate_barnyard2_conf($id, $if_real, $snort_uuid) { $snortbarnyardlog_database_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_mysql']; $snortbarnyardlog_hostname_info_chk = exec("/bin/hostname"); +/* user add arguments */ +$snortbarnyardlog_config_pass_thru = str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['rule'][$id]['barnconfigpassthru'])); $barnyard2_conf_text = << document.iform.barnyard_mysql.disabled = endis; + document.iform.barnconfigpassthru.disabled = endis; } //--> @@ -409,8 +415,16 @@ if($id != "") Log to a Mysql Database - -
Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz + +
Example: output database: alert, mysql, dbname=snort user=snort host=localhost password=xyz
+ Example: output database: log, mysql, dbname=snort user=snort host=localhost password=xyz
+ + + Advanced configuration pass through + + +
+ Arguments here will be automatically inserted into the running barnyard2 configuration.   diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 5e9b0f31..9641b767 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -117,6 +117,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['configpassthru'] = $a_nat[$id]['configpassthru']; + $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; $pconfig['rulesets'] = $a_nat[$id]['rulesets']; $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; @@ -166,7 +168,8 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } - + if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } /* post new options */ if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 30fed8e5..5f42725f 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -241,7 +241,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.20"; +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.21"; include("head.inc"); ?> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index cba0cc8a..b63bbfbd 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -138,6 +138,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; + $pconfig['configpassthru'] = base64_decode($a_nat[$id]['configpassthru']); + $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; $pconfig['rulesets'] = $a_nat[$id]['rulesets']; $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; @@ -235,6 +237,7 @@ if ($_POST["Submit"]) { if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } + $natent['configpassthru'] = base64_encode($_POST['configpassthru']) ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; /* if optiion = 0 then the old descr way will not work */ /* rewrite the options that are not in post */ @@ -284,6 +287,7 @@ if ($_POST["Submit"]) { if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } if ($pconfig['barnyard_enable'] != "") { $natent['barnyard_enable'] = $pconfig['barnyard_enable']; } if ($pconfig['barnyard_mysql'] != "") { $natent['barnyard_mysql'] = $pconfig['barnyard_mysql']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } @@ -408,6 +412,7 @@ echo " document.iform.alertsystemlog.disabled = endis; document.iform.tcpdumplog.disabled = endis; document.iform.snortunifiedlog.disabled = endis; + document.iform.configpassthru.disabled = endis; } //--> @@ -580,6 +585,13 @@ if ($a_nat[$id]['interface'] != '') { onClick="enable_change(false)">
Snort will log Alerts to a file in the UNIFIED2 format. This is a requirement for barnyard2. + + Advanced configuration pass through + + +
+ Arguments here will be automatically inserted into the running snort configuration. + diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 0d7fdde3..1d3abf0b 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -110,6 +110,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['configpassthru'] = $a_nat[$id]['configpassthru']; + $pconfig['barnconfigpassthru'] = $a_nat[$id]['barnconfigpassthru']; $pconfig['rulesets'] = $a_nat[$id]['rulesets']; $pconfig['rule_sid_off'] = $a_nat[$id]['rule_sid_off']; $pconfig['rule_sid_on'] = $a_nat[$id]['rule_sid_on']; @@ -195,6 +197,8 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $pconfig['def_rlogin_ports']; } if ($pconfig['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $pconfig['def_rsh_ports']; } if ($pconfig['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $pconfig['def_ssl_ports']; } + if ($pconfig['configpassthru'] != "") { $natent['configpassthru'] = $pconfig['configpassthru']; } + if ($pconfig['barnconfigpassthru'] != "") { $natent['barnconfigpassthru'] = $pconfig['barnconfigpassthru']; } if ($pconfig['rulesets'] != "") { $natent['rulesets'] = $pconfig['rulesets']; } if ($pconfig['rule_sid_off'] != "") { $natent['rule_sid_off'] = $pconfig['rule_sid_off']; } if ($pconfig['rule_sid_on'] != "") { $natent['rule_sid_on'] = $pconfig['rule_sid_on']; } diff --git a/pkg_config.7.xml b/pkg_config.7.xml index 4e541869..413985ac 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -359,7 +359,7 @@ mysql-client-5.1.44_1.tbz snort-2.8.5.3.tbz http://www.pfsense.com/packages/config/snort/snort.xml - 2.8.5.3 pkg v. 1.20 + 2.8.5.3 pkg v. 1.21 1.2.3 Stable /snort.xml diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 05297cc0..c5a7c4b7 100755 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -245,7 +245,7 @@ mysql-client-5.1.45.tbz snort-2.8.5.3.tbz http://www.pfsense.com/packages/config/snort/snort.xml - 2.8.5.3 pkg v. 1.20 + 2.8.5.3 pkg v. 1.21 2.0 Stable /snort.xml -- cgit v1.2.3