From 69ad0f23207b89c04872cac32aa77ea6a56d3286 Mon Sep 17 00:00:00 2001 From: robiscool Date: Wed, 28 Oct 2009 00:13:49 -0700 Subject: snort-dev, see if snort.xml creates directories --- config/snort-dev/snort_interfaces_edit.php | 466 +++++++++++++++-------------- 1 file changed, 241 insertions(+), 225 deletions(-) (limited to 'config/snort-dev/snort_interfaces_edit.php') diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 4ee9203e..49f40638 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -1,11 +1,11 @@ . - Copyright (C) 2003-2004 Robert Zelaya + Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -48,14 +48,17 @@ if (isset($_GET['dup'])) { } if (isset($id) && $a_nat[$id]) { - $pconfig['proto'] = $a_nat[$id]['protocol']; - list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']); - $pconfig['localip'] = $a_nat[$id]['target']; - $pconfig['localbeginport'] = $a_nat[$id]['local-port']; - $pconfig['descr'] = $a_nat[$id]['descr']; + + $pconfig['enable'] = $a_nat[$id]['enable']; $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['block'] = isset($a_nat[$id]['block']); - $pconfig['inline'] = isset($a_nat[$id]['inline']); + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['performance'] = $a_nat[$id]['performance']; + $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; + $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; + $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; + $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; + $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + if (!$pconfig['interface']) $pconfig['interface'] = "wan"; } else { @@ -67,65 +70,49 @@ if (isset($_GET['dup'])) if ($_POST) { - if ($_POST['beginport_cust'] && !$_POST['beginport']) - $_POST['beginport'] = $_POST['beginport_cust']; - if ($_POST['endport_cust'] && !$_POST['endport']) - $_POST['endport'] = $_POST['endport_cust']; - if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) - $_POST['localbeginport'] = $_POST['localbeginport_cust']; - - if (!$_POST['endport']) - $_POST['endport'] = $_POST['beginport']; - /* Make beginning port end port if not defined and endport is */ - if (!$_POST['beginport'] && $_POST['endport']) - $_POST['beginport'] = $_POST['endport']; - - unset($input_errors); - $pconfig = $_POST; - /* input validation */ - if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { - $reqdfields = explode(" ", "interface proto beginport endport localip localbeginport"); - $reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port"); - } else { - $reqdfields = explode(" ", "interface proto localip"); - $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP"); - } +// if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { +// $reqdfields = explode(" ", "interface proto beginport endport localip localbeginport"); +// $reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port"); +// } else { +// $reqdfields = explode(" ", "interface proto localip"); +// $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP"); +// } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); +// do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); // if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { -// $input_errors[] = "\"{$_POST['localip']}\" is not valid subnet address."; +// $input_errors[] = "\"{$_POST['localip']}\" is not valid NAT IP address or host alias."; // } /* only validate the ports if the protocol is TCP, UDP or TCP/UDP */ - if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { +// if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { - if (($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport']))) { - $input_errors[] = "The start port must be an integer between 1 and 65535."; - } +// if (($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport']))) { +// $input_errors[] = "The start port must be an integer between 1 and 65535."; +// } - if (($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport']))) { - $input_errors[] = "The end port must be an integer between 1 and 65535."; - } +// if (($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport']))) { +// $input_errors[] = "The end port must be an integer between 1 and 65535."; +// } - if (($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport']))) { - $input_errors[] = "The local port must be an integer between 1 and 65535."; - } +// if (($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport']))) { +// $input_errors[] = "The local port must be an integer between 1 and 65535."; +// } - if ($_POST['beginport'] > $_POST['endport']) { +// if ($_POST['beginport'] > $_POST['endport']) { /* swap */ - $tmp = $_POST['endport']; - $_POST['endport'] = $_POST['beginport']; - $_POST['beginport'] = $tmp; - } +// $tmp = $_POST['endport']; +// $_POST['endport'] = $_POST['beginport']; +// $_POST['beginport'] = $tmp; +// } - if (!$input_errors) { - if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535) - $input_errors[] = "The target port range must be an integer between 1 and 65535."; - } +// if (!$input_errors) { +// if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535) +// $input_errors[] = "The target port range must be an integer between 1 and 65535."; +// } - } +// } /* check for overlaps */ foreach ($a_nat as $natent) { @@ -133,48 +120,21 @@ if ($_POST) { continue; if ($natent['interface'] != $_POST['interface']) continue; - if ($natent['external-address'] != $_POST['extaddr']) - continue; - if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) - continue; - - list($begp,$endp) = explode("-", $natent['external-port']); - if (!$endp) - $endp = $begp; - - if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) - || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { - - $input_errors[] = "The external port range overlaps with an existing entry."; - break; - } } +/* if no errors write to conf */ if (!$input_errors) { $natent = array(); - if ($_POST['extaddr']) - $natent['external-address'] = $_POST['extaddr']; - $natent['protocol'] = $_POST['proto']; - - if ($_POST['beginport'] == $_POST['endport']) - $natent['external-port'] = $_POST['beginport']; - else - $natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport']; - - $natent['target'] = $_POST['localip']; - $natent['local-port'] = $_POST['localbeginport']; - $natent['interface'] = $_POST['interface']; + $natent['enable'] = $_POST['enable'] ? on : off; + /* if option is diabled add a default answer */ + $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface']; $natent['descr'] = $_POST['descr']; - - if($_POST['block'] == "yes") - $natent['block'] = true; - else - unset($natent['block']); - - if($_POST['inline'] == "yes") - $natent['inline'] = true; - else - unset($natent['inline']); + $natent['performance'] = $_POST['performance']; + $natent['blockoffenders7'] = $_POST['blockoffenders7'] ? on : off; + $natent['snortalertlogtype'] = $_POST['snortalertlogtype']; + $natent['alertsystemlog'] = $_POST['alertsystemlog'] ? on : off; + $natent['tcpdumplog'] = $_POST['tcpdumplog'] ? on : off; + $natent['flow_depth'] = $_POST['flow_depth']; if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -183,7 +143,9 @@ if ($_POST) { array_splice($a_nat, $after+1, 0, array($natent)); else $a_nat[] = $natent; - } + } + + touch($d_natconfdirty_path); write_config(); @@ -192,21 +154,66 @@ if ($_POST) { } } -$pgtitle = "Services: Snort Interfaces"; +$pgtitle = "Services: Snort Interfaces Edit"; include("head.inc"); ?> - + + + +

+ -
- + + + + -
return; } } + + /* do for the selected interface */ foreach($snortInterfaces as $snortIf) - - $tab_array = array(); - $tab_array[] = array("Interfaces", false, "snort_interfaces.php"); - $tab_array[] = array("Settings", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_{$snortIf}.xml&id=0"); - $tab_array[] = array("Categories", false, "snort/snort_{$snortIf}/snort_rulesets_{$snortIf}.php"); - $tab_array[] = array("Rules", false, "snort/snort_{$snortIf}/snort_rules_{$snortIf}.php"); - $tab_array[] = array("Servers", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_define_servers_{$snortIf}.xml&id=0"); - $tab_array[] = array("Threshold", false, "/pkg.php?xml=snort/snort_{$snortIf}/snort_threshold_{$snortIf}.xml"); - $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}/snort_barnyard2_{$snortIf}.xml&id=0"); - display_top_tabs($tab_array); - - } + { + + /* if base directories dont exist create them */ + if(!file_exists("/usr/local/pkg/snort/snort_{$snortIf}_{$id}/")) + { + exec("/bin/mkdir -p /usr/local/pkg/snort/snort_{$snortIf}_{$id}/"); + if(!file_exists("/usr/local/www/snort/snort_{$snortIf}_{$id}/")) + exec("/bin/mkdir -p /usr/local/www/snort/snort_{$snortIf}_{$id}/"); + } + + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort_interfaces.php"); + $tab_array[] = array("If Settings", true, "/snort_interfaces_edit.php"); + $tab_array[] = array("Categories", false, "/snort/snort_{$snortIf}_{$id}/snort_rulesets_{$snortIf}_{$id}.php"); + $tab_array[] = array("Rules", false, "/snort/snort_{$snortIf}_{$id}/snort_rules_{$snortIf}_{$id}.php"); + $tab_array[] = array("Servers", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_define_servers_{$snortIf}_{$id}.xml&id=0"); + $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0"); + $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0"); + $tab_array[] = array("Barnyard2", false, "/pkg_edit.php?xml=snort/snort_{$snortIf}_{$id}/snort_barnyard2_{$snortIf}_{$id}.xml&id=0"); + display_top_tabs($tab_array); + } +} ?> -
- + + + + + + + +
+ + + + + \n"; + } + ?> + + + \n\n"; + ?> + + - - - - - - - - - - - - - - - - - - - - - - - - - + - - + + + + + + + + + + + + + + + + + + + + + + + + -
 Note:
+ You will be redirected to the Snort Interfaces Menu to aprove changes.
+ After approval, interface options will be made available. +

+ Please select a interface and a description. +
  + + // care with spaces + if ($pconfig['enable'] == "on") + $checked = checked; + if($id != "") + { + $onclick_enable = "onClick=\"enable_change(false)\">"; + } + echo " + Enable Interface
Interface
Choose which interface this rule applies to.
Hint: in most cases, you'll want to use WAN here.
Block all offenders - >
- HINT: Block all offenders that trigger an alert on the selected interface. -
Enable Inline Mode - >
- HINT: This will enable Snort Inline mode on the selected interafce. -
Inline listening port - -
- Specify the port Snort Inline should lissten on.
- Hint: Never enter a port that is already being used by the system.
Inline Divert Protocol -
Choose which IP protocol Snort Inline should divert.
- Hint: in most cases, you should specify All  here.
Inline Divert External port range - - - - - - - - - -
from:  
to:
-
Specify the port or port range Snort Inline should divert on the firewall's external address.
- Hint: you can leave the 'to' field empty if you only want to divert a single port
- Hint: you can leave from and to empty to divert all ports.
Inline IP Subnet - -
Enter the internal IP subnet address you wish to sniff. Leave blank for all.
- e.g. 192.168.1.0/24
DescriptionDescription
You may enter a description here for your reference (not parsed).
Memory Performance +
+ Lowmem and ac-bnfa are recommended for low end systems, Ac: high memory, best performance, ac-std: moderate memory,high performance, acs: small memory, moderateperformance, ac-banded: small memory,moderate performance, ac-sparsebands: small memory, high performance.
+ Hint: in most cases, you'll want to use WAN here.
Block offenders + onClick="enable_change(false)">
+ Checking this option will automatically block hosts that generate a snort alert.
Alerts Tab description type +
+ Please choose the type of Alert logging you will like see in the Alerts Tab.
+ Hint: in most cases, short descriptions are best.
Send alerts to main System logs + onClick="enable_change(false)">
+ Snort will send Alerts to the Pfsense system logs.
Log to a Tcpdump file + onClick="enable_change(false)">
+ Snort will log packets to a tcpdump-formatted file. The file then can be analyzed by a wireshark type of application. WARNING: File may become large.
HTTP server flow depth + + + + +
-1 to 1460 (-1 disables HTTP inspect, 0 enables all HTTP inspect)
+ Amount of HTTP server response payload to inspect. Snort's performance may increase by ajusting this value.
+ Setting this value too low may cause false negatives. Value above 0 is in bytes.
+ Default value is 0
  - +
+
 Note: +
+ Please save your settings befor you click start.
+
+ - "") - foreach($config['aliases']['alias'] as $alias_name) { - if(!stristr($alias_name['address'], ".")) { - if($isfirst == 1) $aliases .= ","; - $aliases .= "'" . $alias_name['name'] . "'"; - $isfirst = 1; - } else { - if($addrisfirst == 1) $aliasesaddr .= ","; - $aliasesaddr .= "'" . $alias_name['name'] . "'"; - $addrisfirst = 1; - } - } -?> - -- cgit v1.2.3