From bc2c451e729f31303e687605af16dce80185a646 Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 12 Jun 2012 20:18:47 -0700 Subject: snort-dev2, add updated snort.conf for 2.9.2.3 --- config/snort-dev2/snort_define_servers.php | 541 +++++++++++++++++++++++++++++ 1 file changed, 541 insertions(+) create mode 100644 config/snort-dev2/snort_define_servers.php (limited to 'config/snort-dev2/snort_define_servers.php') diff --git a/config/snort-dev2/snort_define_servers.php b/config/snort-dev2/snort_define_servers.php new file mode 100644 index 00000000..497f0a79 --- /dev/null +++ b/config/snort-dev2/snort_define_servers.php @@ -0,0 +1,541 @@ +. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +/* + +TODO: Nov 12 09 +Clean this code up its ugly +Important add error checking + +*/ + +//require_once("globals.inc"); +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; +} + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$pconfig = array(); +if (isset($id) && $a_nat[$id]) { + $pconfig = $a_nat[$id]; + + /* old options */ + $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers']; + $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports']; + $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers']; + $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports']; + $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports']; + $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers']; + $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers']; + $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports']; + $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers']; + $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports']; + $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports']; + $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers']; + $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports']; + $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers']; + $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports']; + $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers']; + $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports']; + $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers']; + $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports']; + $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers']; + $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports']; + $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports']; + $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; + $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; + $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers']; + $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; + $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; + $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; + $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; + $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports']; + $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports']; + $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports']; + $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports']; + $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports']; +} + +/* convert fake interfaces to real */ +$if_real = snort_get_real_interface($pconfig['interface']); +$snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + +/* alert file */ +$d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; + +if ($_POST) { + + $natent = array(); + $natent = $pconfig; + + /* if no errors write to conf */ + if (!$input_errors) { + /* post new options */ + if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; } + if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; } + if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; } + if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; } + if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; } + if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; } + if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; } + if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; } + if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; } + if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; } + if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; } + if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; } + if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; } + if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; } + if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; } + if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; } + if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; } + if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; } + if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; } + if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; } + if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; } + if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; } + if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; } + if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } + if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } + if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } + if ($_POST['def_sip_servers'] != "") { $natent['def_sip_servers'] = $_POST['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; } + if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } + if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } + if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } + if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } + if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; } + if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; } + if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; } + if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; } + + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + write_config(); + + sync_snort_package_config(); + + /* after click go to this page */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: snort_define_servers.php?id=$id"); + exit; + } +} + +$pgtitle = "Snort: Interface $id$if_real Define Servers"; +include_once("head.inc"); + +?> + + +' . $pgtitle . '

';} + +echo "{$snort_general_css}\n"; +?> + +
+ + + + +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
 Note:
+ Please save your settings before you click start.
+ Please make sure there are no spaces in your + definitions.
Define Servers
Define DNS_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define DNS_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 53.
Define SMTP_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define SMTP_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 25.
Define Mail_Ports
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 25,143,465,691.
Define HTTP_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define WWW_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define HTTP_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 80.
Define SQL_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define ORACLE_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 1521.
Define MSSQL_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 1433.
Define TELNET_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define TELNET_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 23.
Define SNMP_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define SNMP_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 161.
Define FTP_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define FTP_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 21.
Define SSH_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define SSH_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is the firewall's SSH port.
Define POP_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define POP2_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 109.
Define POP3_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 110.
Define IMAP_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define IMAP_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 143.
Define SIP_PROXY_IP
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define SIP_PROXY_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 5060:5090,16384:32768.
Define SIP_SERVERS
+ Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.
Define SIP_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 5060:5090,16384:32768.
Define AUTH_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 113.
Define FINGER_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 79.
Define IRC_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 6665,6666,6667,6668,6669,7000.
Define NNTP_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 119.
Define RLOGIN_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 513.
Define RSH_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 514.
Define SSL_PORTS
+ Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 25,443,465,636,993,995.
  + + +
 Note: +
+ Please save your settings before you click start.
+ +
+
+ + + -- cgit v1.2.3