From 84f9461274f2d25c1e0a4da0557158a6bb36d817 Mon Sep 17 00:00:00 2001
From: robiscool <robrob2626@yahoo.com>
Date: Mon, 30 Nov 2009 20:42:34 -0800
Subject: snort-dev, add interface gui options, add check if interface is in
 use

---
 config/snort-dev/snort.inc                   | 20 ++++++--------------
 config/snort-dev/snort.xml                   |  2 +-
 config/snort-dev/snort_interfaces.php        | 28 +++++++++++++++++++++++-----
 config/snort-dev/snort_interfaces_edit.php   | 28 ++++++++++++++++++++--------
 config/snort-dev/snort_interfaces_global.php | 21 ---------------------
 5 files changed, 50 insertions(+), 49 deletions(-)

(limited to 'config/snort-dev')

diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 5e49cad2..b1300e1a 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -293,7 +293,7 @@ rc_start_real() {
 
         # Start the interfaces
 
-        /usr/local/bin/snort -G $id$if_real -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q
+        /usr/local/bin/snort -G $id -R $id$if_real -c /usr/local/etc/snort/snort_$id$if_real/snort.conf -l /var/log/snort -D -i $if_real -q
 
         sleep 3
         AFTER_MEM=`/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{print $12}'`
@@ -1295,7 +1295,7 @@ portvar DCERPC_BRIGHTSTORE [6503,6504]
                     #
 #####################
 
-var RULE_PATH /usr/local/etc/snort/rules
+var RULE_PATH /usr/local/etc/snort/snort_$id$if_real/rules
 # var PREPROC_RULE_PATH ./preproc_rules
 
 ################################
@@ -1336,17 +1336,10 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules/
 ###################
 
 preprocessor frag3_global: max_frags 8192
-preprocessor frag3_engine: policy windows
-preprocessor frag3_engine: policy linux
-preprocessor frag3_engine: policy first
 preprocessor frag3_engine: policy bsd detect_anomalies
 
 preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
 track_udp yes, track_icmp yes
-preprocessor stream5_tcp: bind_to any, policy windows
-preprocessor stream5_tcp: bind_to any, policy linux
-preprocessor stream5_tcp: bind_to any, policy vista
-preprocessor stream5_tcp: bind_to any, policy macos
 preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes
 preprocessor stream5_udp
 preprocessor stream5_icmp
@@ -1358,7 +1351,7 @@ preprocessor stream5_icmp
                          #
 ##########################
 
-preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
+preprocessor perfmonitor: time 300 file /var/log/snort/snort_$id$if_real.stats pktcnt 10000
 
 #################
                 #
@@ -1370,7 +1363,6 @@ preprocessor http_inspect: global iis_unicode_map unicode.map 1252
 
 preprocessor http_inspect_server: server default \
                         ports  { 80 8080 }  \
-                        no_alerts \
                         non_strict \
                         non_rfc_char  { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 }  \
                         flow_depth 0  \
@@ -1542,9 +1534,9 @@ $spoink_type
                 #
 #################
 
-include /usr/local/etc/snort/reference.config
-include /usr/local/etc/snort/classification.config
-include /usr/local/etc/snort/threshold.conf
+include /usr/local/etc/snort/snort_$id$if_real/reference.config
+include /usr/local/etc/snort/snort_$id$if_real/classification.config
+include /usr/local/etc/snort/snort_$id$if_real/threshold.conf
 
 # Snort user pass through configuration
 {$snort_config_pass_thru}
diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml
index 99b9b77e..6023a353 100644
--- a/config/snort-dev/snort.xml
+++ b/config/snort-dev/snort.xml
@@ -146,7 +146,7 @@
 	<additional_files_needed>
 		<prefix>/usr/local/www/snort/</prefix>
 		<chmod>077</chmod>
-		<item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php.php</item>
+		<item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item>
 	</additional_files_needed>
 	<additional_files_needed>
 		<prefix>/usr/local/www/snort/</prefix>
diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php
index 6a275ca7..877d6e6c 100644
--- a/config/snort-dev/snort_interfaces.php
+++ b/config/snort-dev/snort_interfaces.php
@@ -32,6 +32,10 @@
 require("guiconfig.inc");
 require("/usr/local/pkg/snort/snort_gui.inc");
 
+$id = $_GET['id'];
+if (isset($_POST['id']))
+	$id = $_POST['id'];
+
 if (!is_array($config['installedpackages']['snortglobal']['rule']))
 	$config['installedpackages']['snortglobal']['rule'] = array();
 
@@ -77,7 +81,7 @@ if (isset($_POST['del_x'])) {
 			/* convert fake interfaces to real */
 			$if_real = convert_friendly_interface_to_real_interface_name($a_nat[$rulei]['interface']);
 			
-			$snort_pid = exec("/bin/ps -auwx | grep -v grep | grep \"ng0 -c\" | awk '{print $2;}'");
+			$snort_pid = exec("/bin/ps -auwx | grep -v grep | grep \"$if_real -c\" | awk '{print $2;}'");
 			
 			if ($snort_pid != "") {
 			exec("/bin/sh /usr/local/etc/rc.d/snort_{$rulei}{$if_real}.sh stop");			
@@ -142,6 +146,18 @@ if (isset($_POST['del_x'])) {
         }
 }
 
+
+/* start/stop snort */
+if ($_GET['act'] == "toggle" && $_GET['id'] != "") {
+	$if_real2 = convert_friendly_interface_to_real_interface_name($a_nat[$id]['interface']);
+	$snort_pid2 = exec("/bin/ps -auwx | grep -v grep | grep \"$if_real2 -c\" | awk '{print $2;}'");
+	if ($snort_pid2 != "") {
+		exec("/bin/sh /usr/local/etc/rc.d/snort_{$id}{$if_real2}.sh stop");
+	}else{
+		exec("/bin/sh /usr/local/etc/rc.d/snort_{$id}{$if_real2}.sh start");
+	}
+}	
+
 $pgtitle = "Services: Snort 2.8.4.1_5 pkg v. 1.8 alpha";
 include("head.inc");
 
@@ -205,7 +221,7 @@ padding: 15px 10px 50% 50px;
 	<div id="mainarea">
               <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
                 <tr id="frheader">
-		  <td width="3%" class="list">&nbsp;</td>
+				<td width="4%" class="list">&nbsp;</td>
 		          <td width="1%" class="list">&nbsp;</td>
                   <td width="10%" class="listhdrr">If</td>
 				  <td width="10%" class="listhdrr">Snort</td>
@@ -217,25 +233,27 @@ padding: 15px 10px 50% 50px;
                     <table border="0" cellspacing="0" cellpadding="1">
                       <tr>
 			<td width="17"></td>
-                        <td><a href="snort_interfaces_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+                        <td><a href="snort_interfaces_edit.php"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
                       </tr>
                     </table>
 		  </td>
 		</tr>
 	<?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
                 <tr valign="top" id="fr<?=$nnats;?>">
-                  <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td>
-                  <td class="listt" align="center"></td>
 					<?php	
 					/* convert fake interfaces to real and check if iface is up */
 					$if_real = convert_friendly_interface_to_real_interface_name($natent['interface']);
 					$color_up = exec("/bin/ps -auwx | grep -v grep | grep \"{$nnats}{$if_real} -c\" | awk '{print $2;}'");		
 					If ($color_up != "") {
 						$class_color_up = "listbg2";
+						$iconfn = "block";
 					}else{
 						$class_color_up = "listbg";
+						$iconfn = "pass";
 					}			
 					?>
+                  <td class="listt"><a href="?act=toggle&id=<?=$i;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="13" height="13" border="0" title="click to toggle start/stop snort"></a><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 7px; height: 7px;"></td>
+                  <td class="listt" align="center"></td>
                   <td class="<?=$class_color_up;?>" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
 		    <?php
 			if (!$natent['interface'] || ($natent['interface'] == "wan"))
diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php
index 410bb02b..cdf2f3e1 100644
--- a/config/snort-dev/snort_interfaces_edit.php
+++ b/config/snort-dev/snort_interfaces_edit.php
@@ -119,14 +119,28 @@ if ($_POST["Submit"]) {
 //				$input_errors[] = "The target port range must be an integer between 1 and 65535.";
 //		}
 
-		if ($_POST['interface'] == $pconfig['interface']) {
-			$input_errors[] = "The {$pconfig['interface']} interface is in use. Please select another interface.";
-		}
 		
-		if ($pconfig['descr'] == "") {
-			$input_errors[] = "Please  enter a description for your reference.";
-		}
+		// if ($config['installedpackages']['snortglobal']['rule']) {
+			if ($_POST['descr'] == "") {
+				$input_errors[] = "Please  enter a description for your reference.";
+				}
+			
+			if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") {
+
+			$rule_array = $config['installedpackages']['snortglobal']['rule'];
+			$id_c = -1;
+			foreach ($rule_array as $value) {
 
+			$id_c += 1;
+
+			$result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface'];
+			$if_real = convert_friendly_interface_to_real_interface_name($result_lan);
+
+				if ($_POST['interface'] == $result_lan) {	
+				$input_errors[] = "Interface $result_lan is in use. Please select another interface.";
+					}			
+				}
+			}
 
 	/* check for overlaps */
 	foreach ($a_nat as $natent) {
@@ -169,8 +183,6 @@ if ($_POST["Submit"]) {
 
 		write_config();
 		// stop_service("snort");
-		//create_snort_conf();
-		//create_barnyard2_conf();
 
 		if ($pconfig['interface'] != "") {
 		sync_package_snort();
diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php
index a0c0ece2..9ee1a204 100644
--- a/config/snort-dev/snort_interfaces_global.php
+++ b/config/snort-dev/snort_interfaces_global.php
@@ -124,28 +124,7 @@ if ($_POST) {
 include("head.inc");
 ?>
 <?php include("fbegin.inc"); ?>
-<script language="JavaScript">
-<!--
-
-/* make shure all the settings exist or function hide will not work */
-function enable_change(enable_change) {
-	var endis, radius_endis;
-	endis = !(document.iform.enable.checked || enable_change);
-//	radius_endis = !((!endis && document.iform.auth_method[2].checked) || enable_change);
 
-	document.iform.snortdownload[0].disabled = endis;
-	document.iform.snortdownload[1].disabled = endis;
-	document.iform.snortdownload[2].disabled = endis;
-	document.iform.oinkmastercode.disabled = endis;
-	document.iform.emergingthreats.disabled = endis;
-	document.iform.rm_blocked.disabled = endis;
-	document.iform.autorulesupdate7.disabled = endis;
-	document.iform.whitelistvpns.disabled = endis;
-	document.iform.clickablalerteurls.disabled = endis;
-	document.iform.associatealertip.disabled = endis;
-}
-//-->
-</script>
 <p class="pgtitle"><?=$pgtitle?></p>
 <body link="#0000CC" vlink="#0000CC" alink="#0000CC">
 <?php if ($input_errors) print_input_errors($input_errors); ?>
-- 
cgit v1.2.3