From f7a21ec39534b14fe3eb49f8925395ccb999ad12 Mon Sep 17 00:00:00 2001 From: robiscool Date: Sat, 19 Dec 2009 17:42:34 -0800 Subject: snort-dev, add ajax alerts tab --- config/snort-dev/mootools.js | 3 + config/snort-dev/snort.inc | 2 +- config/snort-dev/snort.xml | 5 - config/snort-dev/snort_alerts.php | 441 +++++++++++++++++++++++++-- config/snort-dev/snort_barnyard.php | 2 - config/snort-dev/snort_blocked.php | 2 +- config/snort-dev/snort_define_servers.php | 2 - config/snort-dev/snort_interfaces.php | 2 +- config/snort-dev/snort_interfaces_edit.php | 18 -- config/snort-dev/snort_interfaces_global.php | 107 ++++--- config/snort-dev/snort_preprocessors.php | 2 - config/snort-dev/sortableTable.js | 288 +++++++++++++++++ config/snort-dev/style.css | 183 +++++++++-- 13 files changed, 907 insertions(+), 150 deletions(-) create mode 100644 config/snort-dev/mootools.js create mode 100644 config/snort-dev/sortableTable.js (limited to 'config/snort-dev') diff --git a/config/snort-dev/mootools.js b/config/snort-dev/mootools.js new file mode 100644 index 00000000..e058db83 --- /dev/null +++ b/config/snort-dev/mootools.js @@ -0,0 +1,3 @@ +//MooTools, My Object Oriented Javascript Tools. Copyright (c) 2006 Valerio Proietti, , MIT Style License. + +eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o ay={a6:\'1.11\'};m $5B(N){k(N!=9e)};m $G(N){B(!$5B(N))k U;B(N.4t)k\'L\';o G=5X N;B(G==\'2t\'&&N.a8){21(N.7v){Y 1:k\'L\';Y 3:k(/\\S/).2N(N.91)?\'a9\':\'bo\'}}B(G==\'2t\'||G==\'m\'){21(N.7X){Y 2j:k\'1u\';Y 7u:k\'5e\';Y 1f:k\'7F\'}B(5X N.V==\'3P\'){B(N.2U)k\'bw\';B(N.7b)k\'1b\'}}k G};m $1Q(){o 4f={};M(o i=0;i<1b.V;i++){M(o I 1e 1b[i]){o ap=1b[i][I];o 5z=4f[I];B(5z&&$G(ap)==\'2t\'&&$G(5z)==\'2t\')4f[I]=$1Q(5z,ap);19 4f[I]=ap}}k 4f};o $Q=m(){o 1l=1b;B(!1l[1])1l=[c,1l[0]];M(o I 1e 1l[1])1l[0][I]=1l[1][I];k 1l[0]};o $4d=m(){M(o i=0,l=1b.V;i-1:c.4n(2h)>-1},84:m(){k c.31(/([.*+?^${}()|[\\]\\/\\\\])/g,\'\\\\$1\')}});2j.Q({52:m(1u){B(c.V<3)k U;B(c.V==4&&c[3]==0&&!1u)k\'ba\';o 3i=[];M(o i=0;i<3;i++){o 4B=(c[i]-0).3F(16);3i.1i((4B.V==1)?\'0\'+4B:4B)}k 1u?3i:\'#\'+3i.1V(\'\')},57:m(1u){B(c.V!=3)k U;o 1m=[];M(o i=0;i<3;i++){1m.1i(4X((c[i].V==1)?c[i]+c[i]:c[i],16))}k 1u?1m:\'1m(\'+1m.1V(\',\')+\')\'}});7B.Q({2L:m(C){o T=c;C=$1Q({\'17\':T,\'K\':U,\'1b\':1k,\'2q\':U,\'3G\':U,\'6n\':U},C);B($2w(C.1b)&&$G(C.1b)!=\'1u\')C.1b=[C.1b];k m(K){o 1l;B(C.K){K=K||W.K;1l=[(C.K===1g)?K:O C.K(K)];B(C.1b)1l.Q(C.1b)}19 1l=C.1b||1b;o 3j=m(){k T.3t($4F(C.17,T),1l)};B(C.2q)k 9G(3j,C.2q);B(C.3G)k aa(3j,C.3G);B(C.6n)49{k 3j()}48(aF){k U};k 3j()}},aq:m(1l,17){k c.2L({\'1b\':1l,\'17\':17})},6n:m(1l,17){k c.2L({\'1b\':1l,\'17\':17,\'6n\':1g})()},17:m(17,1l){k c.2L({\'17\':17,\'1b\':1l})},ak:m(17,1l){k c.2L({\'17\':17,\'K\':1g,\'1b\':1l})},2q:m(2q,17,1l){k c.2L({\'2q\':2q,\'17\':17,\'1b\':1l})()},3G:m(9M,17,1l){k c.2L({\'3G\':9M,\'17\':17,\'1b\':1l})()}});9P.Q({2P:m(){k 4X(c)},9A:m(){k 4T(c)},1M:m(2X,1L){k 1c.2X(1L,1c.1L(2X,c))},2c:m(5d){5d=1c.36(10,5d||0);k 1c.2c(c*5d)/5d},b7:m(T){M(o i=0;i\'}F=R.9V(F)}F=$(F);k(!1N||!F)?F:F.26(1N)}});o 1R=O 1f({1w:m(15){k(15)?$Q(15,c):c}});1R.Q=m(1N){M(o 1T 1e 1N){c.1x[1T]=1N[1T];c[1T]=$4d.6c(1T)}};m $(F){B(!F)k 1k;B(F.4t)k 2n.4q(F);B([W,R].1j(F))k F;o G=$G(F);B(G==\'2h\'){F=R.5Q(F);G=(F)?\'L\':U}B(G!=\'L\')k 1k;B(F.4t)k 2n.4q(F);B([\'2t\',\'b3\'].1j(F.5M.4S()))k F;$Q(F,P.1x);F.4t=m(){};k 2n.4q(F)};R.5P=R.2G;m $$(){o 15=[];M(o i=0,j=1b.V;i0&&5p<13)c.1n=\'f\'+5p}c.1n=c.1n||6g.dp(c.5k).4S()}19 B(c.G.2N(/(8t|2Z|dq)/)){c.4k={\'x\':K.7n||K.7Z+R.2D.4Y,\'y\':K.7s||K.7P+R.2D.59};c.dr={\'x\':K.7n?K.7n-W.85:K.7Z,\'y\':K.7s?K.7s-W.8b:K.7P};c.dn=(K.7V==3)||(K.dm==2);21(c.G){Y\'7z\':c.28=K.28||K.dj;1B;Y\'7L\':c.28=K.28||K.9w}c.8B()}k c},1S:m(){k c.5y().5t()},5y:m(){B(c.K.5y)c.K.5y();19 c.K.dk=1g;k c},5t:m(){B(c.K.5t)c.K.5t();19 c.K.dl=U;k c}});2E.5s={28:m(){B(c.28&&c.28.7v==3)c.28=c.28.2Y},8z:m(){49{2E.5s.28.1X(c)}48(e){c.28=c.3m}}};2E.1x.8B=(W.7f)?2E.5s.8z:2E.5s.28;2E.1G=O 3d({\'ds\':13,\'dt\':38,\'dz\':40,\'1H\':37,\'4H\':39,\'dA\':27,\'dy\':32,\'dx\':8,\'du\':9,\'4p\':46});P.2m.2A={29:m(G,T){c.$1a=c.$1a||{};c.$1a[G]=c.$1a[G]||{\'1G\':[],\'1A\':[]};B(c.$1a[G].1G.1j(T))k c;c.$1a[G].1G.1i(T);o 5q=G;o 2d=P.2A[G];B(2d){B(2d.6N)2d.6N.1X(c,T);B(2d.2y)T=2d.2y;B(2d.G)5q=2d.G}B(!c.7c)T=T.2L({\'17\':c,\'K\':1g});c.$1a[G].1A.1i(T);k(P.7k.1j(5q))?c.2S(5q,T):c},4m:m(G,T){B(!c.$1a||!c.$1a[G])k c;o 2e=c.$1a[G].1G.4n(T);B(2e==-1)k c;o 1n=c.$1a[G].1G.5m(2e,1)[0];o J=c.$1a[G].1A.5m(2e,1)[0];o 2d=P.2A[G];B(2d){B(2d.2O)2d.2O.1X(c,T);B(2d.G)G=2d.G}k(P.7k.1j(G))?c.4h(G,J):c},65:m(1O){k P.5n(c,\'29\',1O)},5v:m(G){B(!c.$1a)k c;B(!G){M(o 5U 1e c.$1a)c.5v(5U);c.$1a=1k}19 B(c.$1a[G]){c.$1a[G].1G.1z(m(T){c.4m(G,T)},c);c.$1a[G]=1k}k c},1v:m(G,1l,2q){B(c.$1a&&c.$1a[G]){c.$1a[G].1G.1z(m(T){T.2L({\'17\':c,\'2q\':2q,\'1b\':1l})()},c)}k c},8j:m(12,G){B(!12.$1a)k c;B(!G){M(o 5U 1e 12.$1a)c.8j(12,5U)}19 B(12.$1a[G]){12.$1a[G].1G.1z(m(T){c.29(G,T)},c)}k c}};W.Q(P.2m.2A);R.Q(P.2m.2A);P.Q(P.2m.2A);P.2A=O 3d({\'8i\':{G:\'7z\',2y:m(K){K=O 2E(K);B(K.28!=c&&!c.7a(K.28))c.1v(\'8i\',K)}},\'8h\':{G:\'7L\',2y:m(K){K=O 2E(K);B(K.28!=c&&!c.7a(K.28))c.1v(\'8h\',K)}},\'43\':{G:(W.7f)?\'7j\':\'43\'}});P.7k=[\'8t\',\'dv\',\'7l\',\'7e\',\'43\',\'7j\',\'7z\',\'7L\',\'4g\',\'8o\',\'dw\',\'di\',\'3C\',\'7H\',\'8m\',\'dh\',\'d4\',\'d5\',\'d6\',\'9H\',\'d3\',\'d2\',\'3z\',\'8l\',\'79\',\'cZ\',\'45\'];7B.Q({5K:m(17,1l){k c.2L({\'17\':17,\'1b\':1l,\'K\':2E})}});1R.Q({d0:m(2T){k O 1R(c.2R(m(F){k(P.4w(F)==2T)}))},8e:m(1F,2l){o 15=c.2R(m(F){k(F.1F&&F.1F.1j(1F,\' \'))});k(2l)?15:O 1R(15)},8k:m(3D,2l){o 15=c.2R(m(F){k(F.3D==3D)});k(2l)?15:O 1R(15)},89:m(1p,7G,J,2l){o 15=c.2R(m(F){o 2a=P.5b(F,1p);B(!2a)k U;B(!7G)k 1g;21(7G){Y\'=\':k(2a==J);Y\'*=\':k(2a.1j(J));Y\'^=\':k(2a.8C(0,J.V)==J);Y\'$=\':k(2a.8C(2a.V-J.V)==J);Y\'!=\':k(2a!=J);Y\'~=\':k 2a.1j(J,\' \')}k U});k(2l)?15:O 1R(15)}});m $E(1J,2R){k($(2R)||R).8y(1J)};m $d1(1J,2R){k($(2R)||R).5P(1J)};$$.3c={\'5e\':/^(\\w*|\\*)(?:#([\\w-]+)|\\.([\\w-]+))?(?:\\[(\\w+)(?:([!*^$]?=)["\']?([^"\'\\]]*)["\']?)?])?$/,\'3B\':{6t:m(1t,2Q,1d,i){o 2v=[2Q.d7?\'78:\':\'\',1d[1]];B(1d[2])2v.1i(\'[@3D="\',1d[2],\'"]\');B(1d[3])2v.1i(\'[1j(6F(" ", @7F, " "), " \',1d[3],\' ")]\');B(1d[4]){B(1d[5]&&1d[6]){21(1d[5]){Y\'*=\':2v.1i(\'[1j(@\',1d[4],\', "\',1d[6],\'")]\');1B;Y\'^=\':2v.1i(\'[d8-de(@\',1d[4],\', "\',1d[6],\'")]\');1B;Y\'$=\':2v.1i(\'[df(@\',1d[4],\', 2h-V(@\',1d[4],\') - \',1d[6].V,\' + 1) = "\',1d[6],\'"]\');1B;Y\'=\':2v.1i(\'[@\',1d[4],\'="\',1d[6],\'"]\');1B;Y\'!=\':2v.1i(\'[@\',1d[4],\'!="\',1d[6],\'"]\')}}19{2v.1i(\'[@\',1d[4],\']\')}}1t.1i(2v.1V(\'\'));k 1t},6x:m(1t,2Q,2l){o 15=[];o 3B=R.54(\'.//\'+1t.1V(\'//\'),2Q,$$.3c.88,dC.dd,1k);M(o i=0,j=3B.dc;i<\\/2f>\');$(\'6s\').69=m(){B(c.4u==\'6v\')4Z()}}}19{W.2S("3C",4Z);R.2S("dF",4Z)}}};W.dJ=m(T){k c.29(\'6r\',T)};W.Q({8L:m(){B(c.5T)k c.dP;B(c.82)k R.5F.81;k R.2D.81},9Y:m(){B(c.5T)k c.dQ;B(c.82)k R.5F.83;k R.2D.83},9S:m(){B(c.2s)k 1c.1L(R.2D.4L,R.2D.5A);B(c.3L)k R.5F.5A;k R.2D.5A},9F:m(){B(c.2s)k 1c.1L(R.2D.4G,R.2D.5H);B(c.3L)k R.5F.5H;k R.2D.5H},9D:m(){k c.85||R.2D.4Y},9T:m(){k c.8b||R.2D.59},6L:m(){k{\'3S\':{\'x\':c.8L(),\'y\':c.9Y()},\'6M\':{\'x\':c.9S(),\'y\':c.9F()},\'45\':{\'x\':c.9D(),\'y\':c.9T()}}},3Q:m(){k{\'x\':0,\'y\':0}}});o 1h={};1h.2F=O 1f({C:{4P:1f.1r,25:1f.1r,6I:1f.1r,1W:m(p){k-(1c.9p(1c.7C*p)-1)/2},3r:dN,2k:\'4x\',44:1g,9R:50},1w:m(C){c.L=c.L||1k;c.3Z(C);B(c.C.1w)c.C.1w.1X(c)},9I:m(){o 33=$33();B(33=(7-4*a)/11){J=-1c.36((11-6*a-11*p)/4,2)+b*b;1B}}k J},c9:m(p,x){k 1c.36(2,10*--p)*1c.9p(20*p*1c.7C*(x[0]||1)/3)}});[\'cb\',\'bX\',\'bW\',\'bJ\'].1z(m(1W,i){1h.2V[1W]=O 1h.7K(m(p){k 1c.36(p,[i+2])});1h.2V.7g(1W)});o 3X={};3X.2F=O 1f({C:{4M:U,2k:\'4x\',4P:1f.1r,9v:1f.1r,25:1f.1r,9l:1f.1r,9b:1f.1r,1M:U,3A:{x:\'1H\',y:\'1E\'},3T:U,9t:6},1w:m(F,C){c.3Z(C);c.L=$(F);c.4M=$(c.C.4M)||c.L;c.2Z={\'18\':{},\'2e\':{}};c.J={\'1q\':{},\'18\':{}};c.2u={\'1q\':c.1q.5K(c),\'4i\':c.4i.5K(c),\'3H\':c.3H.5K(c),\'1S\':c.1S.17(c)};c.9q();B(c.C.1w)c.C.1w.1X(c)},9q:m(){c.4M.29(\'7e\',c.2u.1q);k c},bK:m(){c.4M.4m(\'7e\',c.2u.1q);k c},1q:m(K){c.1v(\'9v\',c.L);c.2Z.1q=K.4k;o 1M=c.C.1M;c.1M={\'x\':[],\'y\':[]};M(o z 1e c.C.3A){B(!c.C.3A[z])5L;c.J.18[z]=c.L.1Z(c.C.3A[z]).2P();c.2Z.2e[z]=K.4k[z]-c.J.18[z];B(1M&&1M[z]){M(o i=0;i<2;i++){B($2w(1M[z][i]))c.1M[z][i]=($G(1M[z][i])==\'m\')?1M[z][i]():1M[z][i]}}}B($G(c.C.3T)==\'3P\')c.C.3T={\'x\':c.C.3T,\'y\':c.C.3T};R.2S(\'4g\',c.2u.4i);R.2S(\'7l\',c.2u.1S);c.1v(\'4P\',c.L);K.1S()},4i:m(K){o 9u=1c.2c(1c.bL(1c.36(K.4k.x-c.2Z.1q.x,2)+1c.36(K.4k.y-c.2Z.1q.y,2)));B(9u>c.C.9t){R.4h(\'4g\',c.2u.4i);R.2S(\'4g\',c.2u.3H);c.3H(K);c.1v(\'9l\',c.L)}K.1S()},3H:m(K){c.4K=U;c.2Z.18=K.4k;M(o z 1e c.C.3A){B(!c.C.3A[z])5L;c.J.18[z]=c.2Z.18[z]-c.2Z.2e[z];B(c.1M[z]){B($2w(c.1M[z][1])&&(c.J.18[z]>c.1M[z][1])){c.J.18[z]=c.1M[z][1];c.4K=1g}19 B($2w(c.1M[z][0])&&(c.J.18[z]F.1H&&18.xF.1E)},1S:m(){B(c.2I&&!c.4K)c.2I.1v(\'bF\',[c.L,c]);19 c.L.1v(\'bG\',c);c.1o();k c}});P.Q({bM:m(C){k O 3X.9j(c,C)}});o 5W=O 1f({C:{1P:\'42\',9x:1g,8N:1f.1r,4A:1f.1r,6d:1f.1r,9d:1g,4Q:\'bN-8\',98:U,3O:{}},6E:m(){c.2g=(W.66)?O 66():(W.2s?O 9a(\'bT.bU\'):U);k c},1w:m(C){c.6E().3Z(C);c.C.4R=c.C.4R||c.4R;c.3O={};B(c.C.9d&&c.C.1P==\'42\'){o 4Q=(c.C.4Q)?\'; bV=\'+c.C.4Q:\'\';c.4C(\'9X-G\',\'8Y/x-9k-bS-bR\'+4Q)}B(c.C.1w)c.C.1w.1X(c)},8R:m(){B(c.2g.4u!=4||!c.4a)k;c.4a=U;o 41=0;49{41=c.2g.41}48(e){};B(c.C.4R.1X(c,41))c.4A();19 c.6d();c.2g.69=1f.1r},4R:m(41){k((41>=bO)&&(41]*>([\\s\\S]*?)<\\/2f>/cW;62((2f=5e.cT(c.3a.1I)))3b.1i(2f[1]);3b=3b.1V(\'\\n\')}B(3b)(W.9U)?W.9U(3b):W.9G(3b,0)},9C:m(1p){49{k c.2g.cS(1p)}48(e){};k 1k}});6Y.5c=m(1O){o 47=[];M(o I 1e 1O)47.1i(6m(I)+\'=\'+6m(1O[I]));k 47.1V(\'&\')};P.Q({5a:m(C){k O 9B(c.5b(\'cQ\'),$1Q({1K:c.5c()},C,{1P:\'42\'})).9J()}});o 3g=O 3d({C:{6k:U,6i:U,3r:U,4y:U},26:m(1n,J,C){C=$1Q(c.C,C);J=6m(J);B(C.6k)J+=\'; 6k=\'+C.6k;B(C.6i)J+=\'; 6i=\'+C.6i;B(C.3r){o 6h=O 9z();6h.cR(6h.9Q()+C.3r*24*60*60*8A);J+=\'; cC=\'+6h.cp()}B(C.4y)J+=\'; 4y\';R.3K=1n+\'=\'+J;k $Q(C,{\'1n\':1n,\'J\':J})},53:m(1n){o J=R.3K.2M(\'(?:^|;)\\\\s*\'+1n.84()+\'=([^;]*)\');k J?cq(J[1]):U},2O:m(3K,C){B($G(3K)==\'2t\')c.26(3K.1n,\'\',$1Q(3K,{3r:-1}));19 c.26(3K,\'\',$1Q(C,{3r:-1}))}});o 3h={3F:m(N){21($G(N)){Y\'2h\':k\'"\'+N.31(/(["\\\\])/g,\'\\\\$1\')+\'"\';Y\'1u\':k\'[\'+N.2y(3h.3F).1V(\',\')+\']\';Y\'2t\':o 2h=[];M(o I 1e N)2h.1i(3h.3F(I)+\':\'+3h.3F(N[I]));k\'{\'+2h.1V(\',\')+\'}\';Y\'3P\':B(cr(N))1B;Y U:k\'1k\'}k 6g(N)},54:m(3I,4y){k(($G(3I)!=\'2h\')||(4y&&!3I.2N(/^("(\\\\.|[^"\\\\\\n\\r])*?"|[,:{}\\[\\]0-9.\\-+co-u \\n\\r\\t])+?$/)))?1k:ck(\'(\'+3I+\')\')}};3h.cl=5W.Q({1w:m(2r,C){c.2r=2r;c.29(\'4A\',c.25);c.1o(C);c.4C(\'X-cs\',\'ct\')},5a:m(N){k c.1o(c.2r,\'cz=\'+3h.3F(N))},25:m(){c.1v(\'25\',[3h.54(c.3a.1I,c.C.4y)])}});o 8v=O 3d({70:m(1O,1y){1y=$1Q({\'58\':1f.1r},1y);o 2f=O P(\'2f\',{\'3W\':1O}).65({\'3C\':1y.58,\'cA\':m(){B(c.4u==\'6v\')c.1v(\'3C\')}});4p 1y.58;k 2f.6f(1y).34(R.67)},1s:m(1O,1y){k O P(\'cB\',$1Q({\'cy\':\'cx\',\'cu\':\'cv\',\'G\':\'1I/1s\',\'7O\':1O},1y)).34(R.67)},4s:m(1O,1y){1y=$1Q({\'58\':1f.1r,\'cw\':1f.1r,\'c3\':1f.1r},1y);o 4s=O cm();4s.3W=1O;o L=O P(\'7d\',{\'3W\':1O});[\'3C\',\'79\',\'8l\'].1z(m(G){o K=1y[\'51\'+G];4p 1y[\'51\'+G];L.29(G,m(){c.4m(G,1b.7b);K.1X(c)})});B(4s.2H&&4s.3f)L.1v(\'3C\',L,1);k L.6f(1y)},6p:m(4r,C){C=$1Q({25:1f.1r,8F:1f.1r},C);B(!4r.1i)4r=[4r];o 6p=[];o 63=0;4r.1z(m(1O){o 7d=O 8v.4s(1O,{\'58\':m(){C.8F.1X(c,63);63++;B(63==4r.V)C.25()}});6p.1i(7d)});k O 1R(6p)}});o 3k=O 1f({V:0,1w:m(2t){c.N=2t||{};c.55()},53:m(1n){k(c.6o(1n))?c.N[1n]:1k},6o:m(1n){k(1n 1e c.N)},26:m(1n,J){B(!c.6o(1n))c.V++;c.N[1n]=J;k c},55:m(){c.V=0;M(o p 1e c.N)c.V++;k c},2O:m(1n){B(c.6o(1n)){4p c.N[1n];c.V--}k c},1z:m(T,17){$1z(c.N,T,17)},Q:m(N){$Q(c.N,N);k c.55()},1Q:m(){c.N=$1Q.3t(1k,[c.N].Q(1b));k c.55()},1r:m(){c.N={};c.V=0;k c},1G:m(){o 1G=[];M(o I 1e c.N)1G.1i(I);k 1G},1A:m(){o 1A=[];M(o I 1e c.N)1A.1i(c.N[I]);k 1A}});m $H(N){k O 3k(N)};3k.3g=3k.Q({1w:m(1p,C){c.1p=1p;c.C=$Q({\'8x\':1g},C||{});c.3C()},8E:m(){B(c.V==0){3g.2O(c.1p,c.C);k 1g}o 3I=3h.3F(c.N);B(3I.V>cj)k U;3g.26(c.1p,3I,c.C);k 1g},3C:m(){c.N=3h.54(3g.53(c.1p),1g)||{};c.55()}});3k.3g.2m={};[\'Q\',\'26\',\'1Q\',\'1r\',\'2O\'].1z(m(1P){3k.3g.2m[1P]=m(){3k.1x[1P].3t(c,1b);B(c.C.8x)c.8E();k c}});3k.3g.56(3k.3g.2m);o 2x=O 1f({1w:m(2o,G){G=G||(2o.1i?\'1m\':\'3i\');o 1m,1Y;21(G){Y\'1m\':1m=2o;1Y=1m.7o();1B;Y\'1Y\':1m=2o.96();1Y=2o;1B;5Z:1m=2o.57(1g);1Y=1m.7o()}1m.1Y=1Y;1m.3i=1m.52();k $Q(1m,2x.1x)},4f:m(){o 4W=$A(1b);o 6l=($G(4W[4W.V-1])==\'3P\')?4W.cn():50;o 1m=c.6Z();4W.1z(m(2o){2o=O 2x(2o);M(o i=0;i<3;i++)1m[i]=1c.2c((1m[i]/ 3w * (3w - 6l)) + (2o[i] /3w*6l))});k O 2x(1m,\'1m\')},cD:m(){k O 2x(c.2y(m(J){k 4e-J}))},cP:m(J){k O 2x([J,c.1Y[1],c.1Y[2]],\'1Y\')},cV:m(6b){k O 2x([c.1Y[0],6b,c.1Y[2]],\'1Y\')},cO:m(6b){k O 2x([c.1Y[0],c.1Y[1],6b],\'1Y\')}});m $cH(r,g,b){k O 2x([r,g,b],\'1m\')};m $bE(h,s,b){k O 2x([h,s,b],\'1Y\')};2j.Q({7o:m(){o 4O=c[0],4N=c[1],5x=c[2];o 2C,5l,6u;o 1L=1c.1L(4O,4N,5x),2X=1c.2X(4O,4N,5x);o 3R=1L-2X;6u=1L/4e;5l=(1L!=0)?3R/1L:0;B(5l==0){2C=0}19{o 7i=(1L-4O)/3R;o 7A=(1L-4N)/3R;o br=(1L-5x)/3R;B(4O==1L)2C=br-7A;19 B(4N==1L)2C=2+7i-br;19 2C=4+7A-7i;2C/=6;B(2C<0)2C++}k[1c.2c(2C*9Z),1c.2c(5l*3w),1c.2c(6u*3w)]},96:m(){o br=1c.2c(c[2]/3w*4e);B(c[1]==0){k[br,br,br]}19{o 2C=c[0]%9Z;o f=2C%60;o p=1c.2c((c[2]*(3w-c[1]))/dL*4e);o q=1c.2c((c[2]*(a0-c[1]*f))/9O*4e);o t=1c.2c((c[2]*(a0-c[1]*(60-f)))/9O*4e);21(1c.8s(2C/60)){Y 0:k[br,t,p];Y 1:k[q,br,p];Y 2:k[p,br,t];Y 3:k[p,q,br];Y 4:k[t,p,br];Y 5:k[br,p,q]}}k U}});',62,876,'||||||||||||this||||||||return||function||var|||||||||||||if|options|||el|type||property|value|event|element|for|obj|new|Element|extend|document||fn|false|length|window||case||||from||to|elements||bind|now|else|events|arguments|Math|param|in|Class|true|Fx|push|contains|null|args|rgb|key|parent|name|start|empty|css|items|array|fireEvent|initialize|prototype|properties|each|values|break|result|style|top|className|keys|left|text|selector|data|max|limit|props|source|method|merge|Elements|stop|prop|parsed|join|transition|call|hsb|getStyle||switch|overflown|mode||onComplete|set||relatedTarget|addEvent|current|timer|round|custom|pos|script|transport|string|position|Array|unit|nocash|Methods|Garbage|color|opacity|delay|url|ie|object|bound|temp|chk|Color|map|params|Events|parse|hue|documentElement|Event|Base|getElementsByTagName|width|overed|margin|container|create|match|test|remove|toInt|context|filter|addListener|tag|item|Transitions|CSS|min|parentNode|mouse|setStyle|replace||time|inject|option|pow||||response|scripts|shared|Abstract|iCss|height|Cookie|Json|hex|returns|Hash|index|target|offset|iterable|border|tmp|duration|Styles|apply|iTo|getValue|100|scrollTo|previous|select|modifiers|xpath|load|id|val|toString|periodical|drag|str|compute|cookie|webkit|cont|setNow|headers|number|getPosition|delta|size|grid|wrapper|increase|src|Drag|chains|setOptions||status|post|mousewheel|wait|scroll||queryString|catch|try|running|getNow|fx|native|255|mix|mousemove|removeListener|check|results|page|fromTo|removeEvent|indexOf|absolute|delete|collect|sources|image|htmlElement|readyState|len|getTag|px|secure|open|onSuccess|bit|setHeader|next|layout|pick|offsetHeight|right|bottom|walk|out|offsetWidth|handle|green|red|onStart|encoding|isSuccess|toLowerCase|parseFloat|unique|klass|colors|parseInt|scrollLeft|domReady||on|rgbToHex|get|evaluate|setLength|implement|hexToRgb|onload|scrollTop|send|getProperty|toQueryString|precision|regexp|iFrom|iNow|_method|xml|HTMLElement|code|saturation|splice|setMany|droppables|fKey|realType|hidden|fix|preventDefault|trash|removeEvents|Listeners|blue|stopPropagation|mp|scrollWidth|defined|visibility|split|every|body|Multi|scrollHeight|brother|setProperty|bindWithEvent|continue|tagName|end|Properties|getElementsBySelector|getElementById|loaded|getElements|webkit419|evType|currentStyle|XHR|typeof|evalScripts|default||forEach|while|counter|included|addEvents|XMLHttpRequest|head|proto|onreadystatechange|Options|percent|generic|onFailure|regex|setProperties|String|date|path|getCoordinates|domain|alpha|encodeURIComponent|attempt|hasKey|images|include|domready|ie_ready|getParam|brightness|complete|flag|getItems|trim|newArray|transitions|insertBefore|first|found|setTransport|concat|Chain|firstChild|onCancel|clear|node|getSize|scrollSize|add|Style|checked|padding|iProps|qs|charAt|disabled|evalResponse|multiple|random|Object|copy|javascript|update|setHTML|innerText|selected|easeType|Dom|cssText|xhtml|abort|hasChild|callee|addEventListener|img|mousedown|gecko|compat|callChain|rr|DOMMouseScroll|NativeEvents|mouseup|appendChild|pageX|rgbToHsb|getLast|merged|hasClass|pageY|fixed|RegExp|nodeType|setStyles|clean|relative|mouseover|gr|Function|PI|toUpperCase|pairs|class|operator|unload|camelCase|getMany|Transition|mouseout|textContent|borderShort|href|clientY|innerHTML|direction|capitalize|Width|picked|which|prefix|constructor|fixStyle|clientX|appendText|clientWidth|opera|clientHeight|escapeRegExp|pageXOffset|Merge|wheelDelta|resolver|filterByAttribute|styleSheet|pageYOffset|pp|0px|filterByClass|getFormElements|normal|mouseleave|mouseenter|cloneEvents|filterById|error|beforeunload|Bottom|keydown|Left|sel|PropertiesIFlag|floor|click|removeEventListener|Asset|textarea|autoSave|getElement|relatedTargetGecko|1000|fixRelatedTarget|substr|input|save|onProgress|extended|Right|shift|Top|slice|getWidth|where|onRequest|cancel|slideOut|getNext|onStateChange|defaultView|sin|hyphenate|checkAgainst|slideIn|childNodes|application|getStyles|styles|nodeValue|injectAfter|adopt|hide|vertical|hsbToRgb|elementsProperty|autoCancel|zoom|ActiveXObject|onDrag|contents|urlEncoded|undefined|addClass|removeClass|getLeft|getTop|Move|www|onSnap|before|setOpacity|visible|cos|attach|after|argument|snap|distance|onBeforeStart|toElement|async|iParsed|Date|toFloat|Ajax|getHeader|getScrollLeft|ie6|getScrollHeight|setTimeout|change|step|request|Single|removeChild|interval|full|600000|Number|getTime|fps|getScrollWidth|getScrollTop|execScript|createElement|wheelStops|Content|getHeight|360|6000|wheel|getText|taintEnabled|clone|attachEvent|version|webkit420|nodeName|textnode|setInterval|cssFloat|detail|120|injectInside|chain|cloneNode|styleFloat|navigator|injectTop|bindAsEventListener|keyCode|replaceChild|control|shiftKey||pass|meta|alt|altKey|ctrlKey|createTextNode|metaKey|khtml|MooTools|replaceWith|BackgroundImageCache|float|CollectGarbage|toggleClass|srcElement|err|getBoxObjectFor|detachEvent|readOnly|getParent|lastChild|some|getChildren|associate|iframe|borderWidth|borderStyle|borderColor|getPrevious|execCommand|getFirst|ie7|DOMElement|attributes|getProperties|removeAttribute|getRandom|removeProperty|boolean|embed|clearInterval|clearTimeout|getAttribute|times|Window|Sibling|transparent|tabIndex|maxlength|tabindex|accessKey|hasLayout|maxLength|readonly|zIndex|all|frameBorder|frameborder|Document|clearChain|whitespace|colSpan|rowspan||colspan|getPropertyValue|htmlFor|rowSpan|collection|accesskey|setText|setAttribute|getComputedStyle|injectBefore|toLeft|over|HSB|drop|emptydrop|leave|makeResizable|Quint|detach|sqrt|makeDraggable|utf|200|300|responseText|urlencoded|form|Microsoft|XMLHTTP|charset|Quart|Cubic|Out|InOut|ease|Pow|In|onerror|easeIn|easeOut|easeInOut|Expo|Circ|Elastic|111|Quad|Bounce|618|acos|Sine|Back|responseXML|overrideMimeType|4096|eval|Remote|Image|pop|Eaeflnr|toGMTString|decodeURIComponent|isFinite|Request|JSON|media|screen|onabort|stylesheet|rel|json|readystatechange|link|expires|invert|With|Accept|html|RGB|Requested|postBody|Connection|close|setRequestHeader|ecma|setBrightness|setHue|action|setTime|getResponseHeader|exec|java|setSaturation|gi|toggle|linear|contextmenu|filterByTag|ES|reset|submit|move|focus|blur|namespaceURI|starts|snapshotItem|http|w3|snapshotLength|UNORDERED_NODE_SNAPSHOT_TYPE|with|substring|show|resize|keyup|fromElement|cancelBubble|returnValue|button|rightClick||fromCharCode|menu|client|enter|up|tab|dblclick|keypress|backspace|space|down|esc|org|XPathResult|Scroll|effects|DOMContentLoaded|defer|https|write|onDomReady|1999|10000|clearTimer|500|effect|innerWidth|innerHeight|protocol|void|checkbox|radio|location|getElementsByClassName|div|horizontal|overflow|Slide|password|offsetParent|toTop|toRight|toBottom|offsetLeft|offsetTop'.split('|'),0,{})) diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 5b4b8fed..ab93a335 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -1408,7 +1408,7 @@ preprocessor http_inspect_server: server default \ directory no \ iis_backslash no \ u_encode yes \ - ascii yes \ + ascii no \ chunk_length 500000 \ bare_byte yes \ double_decode yes \ diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 5ce80ddd..7900d07a 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -68,11 +68,6 @@ 077 http://www.pfsense.com/packages/config/snort-dev/snort.inc - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort.xml - /usr/local/bin/ 077 diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index d260aee9..fe466f6d 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -7,6 +7,9 @@ Copyright (C) 2005 Bill Marquette . Copyright (C) 2003-2004 Manuel Kasper . All rights reserved. + + Modified for the Pfsense snort package by + Copyright (C) 2003 Robert Zelaya Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -32,13 +35,8 @@ require("globals.inc"); require("guiconfig.inc"); -require("/usr/local/pkg/snort/snort.inc"); -$snort_logfile = "{$g['varlog_path']}/snort/alert"; - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; +$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; if ($_POST['clear']) { exec("killall syslogd"); @@ -49,11 +47,184 @@ if ($_POST['clear']) { exec("/usr/bin/killall -HUP snort"); } +/* WARNING: took me forever to figure reg expression, dont lose */ +// $fileline = '12/09-18:12:02.086733 [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50'; + +function get_snort_alert_date($fileline) +{ + /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */ + if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1)) + { + $alert_date = "$matches1[0]"; + } + +return $alert_date; + +} + +function get_snort_alert_disc($fileline) +{ + /* disc */ + if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) + { + $alert_disc = "$matches[2]"; + } + +return $alert_disc; + +} + +function get_snort_alert_class($fileline) +{ + /* class */ + if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2)) + { + $alert_class = "$matches2[0]"; + } + +return $alert_class; + +} + +function get_snort_alert_priority($fileline) +{ + /* Priority */ + if (preg_match('/Priority:\s\d/', $fileline, $matches3)) + { + $alert_priority = "$matches3[0]"; + } + +return $alert_priority; + +} + +function get_snort_alert_proto($fileline) +{ + /* Priority */ + if (preg_match('/\{.+\}/', $fileline, $matches3)) + { + $alert_proto = "$matches3[0]"; + } + +return $alert_proto; + +} + +function get_snort_alert_proto_full($fileline) +{ + /* Protocal full */ + if (preg_match('/.+\sTTL/', $fileline, $matches2)) + { + $alert_proto_full = "$matches2[0]"; + } + +return $alert_proto_full; + +} + +function get_snort_alert_ip_src($fileline) +{ + /* SRC IP */ + $re1='.*?'; # Non-greedy match on filler + $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 + + if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) + { + $alert_ip_src = $matches4[1][0]; + } + +return $alert_ip_src; + +} + +function get_snort_alert_src_p($fileline) +{ + /* source port */ + if (preg_match('/:\d+\s/', $fileline, $matches5)) + { + $alert_src_p = "$matches5[0]"; + } + +return $alert_src_p; + +} + +function get_snort_alert_flow($fileline) +{ + /* source port */ + if (preg_match('/(->|<-)/', $fileline, $matches5)) + { + $alert_flow = "$matches5[0]"; + } + +return $alert_flow; + +} + +function get_snort_alert_ip_dst($fileline) +{ + /* DST IP */ + $re1dp='.*?'; # Non-greedy match on filler + $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])'; # Uninteresting: ipaddress + $re3dp='.*?'; # Non-greedy match on filler + $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 + + if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6)) + { + $alert_ip_dst = $matches6[1][0]; + } + +return $alert_ip_dst; + +} + +function get_snort_alert_dst_p($fileline) +{ + /* dst port */ + if (preg_match('/:\d+$/', $fileline, $matches7)) + { + $alert_dst_p = "$matches7[0]"; + } + +return $alert_dst_p; + +} + +function get_snort_alert_dst_p_full($fileline) +{ + /* dst port full */ + if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7)) + { + $alert_dst_p = "$matches7[0]"; + } + +return $alert_dst_p; + +} + +function get_snort_alert_sid($fileline) +{ + /* SID */ + if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8)) + { + $alert_sid = "$matches8[0]"; + } + +return $alert_sid; + +} + +// + $pgtitle = "Services: Snort: Snort Alerts"; include("head.inc"); ?> + + + +

@@ -76,40 +247,244 @@ include("head.inc");
- - -
+ + Last Snort Alert entries

-
- - - - - - - + + +
+
+
+
Filter: + + + + +
+
+ + + + + + + + + + + + + + + + \n"; - echo "\n"; - echo "\n"; - } -} + /* Discription */ + $alert_disc_str = get_snort_alert_disc($fileline); + + if($alert_disc_str != '') + { + $alert_disc = $alert_disc_str; + }else{ + $alert_disc = 'empty'; + } + + /* Classification */ + $alert_class_str = get_snort_alert_class($fileline); + + if($alert_class_str != '') + { + + $alert_class_match = array('[Classification:',']'); + $alert_class = str_replace($alert_class_match, '', "$alert_class_str"); + }else{ + $alert_class = 'Prep'; + } + + /* Priority */ + $alert_priority_str = get_snort_alert_priority($fileline); + + if($alert_priority_str != '') + { + $alert_priority_match = array('Priority: ',']'); + $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str"); + }else{ + $alert_priority = 'empty'; + } + + /* Protocol */ + /* Detect alert file type */ + if ($snortalertlogt == 'full') + { + $alert_proto_str = get_snort_alert_proto_full($fileline); + }else{ + $alert_proto_str = get_snort_alert_proto($fileline); + } + + if($alert_proto_str != '') + { + $alert_proto_match = array(" TTL",'{','}'); + $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str"); + }else{ + $alert_proto = 'empty'; + } + + /* IP SRC */ + $alert_ip_src_str = get_snort_alert_ip_src($fileline); + + if($alert_ip_src_str != '') + { + $alert_ip_src = $alert_ip_src_str; + }else{ + $alert_ip_src = 'empty'; + } + + /* IP SRC Port */ + $alert_src_p_str = get_snort_alert_src_p($fileline); + + if($alert_src_p_str != '') + { + $alert_src_p_match = array(' ',':'); + $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str"); + }else{ + $alert_src_p = 'empty'; + } + + /* Flow */ + $alert_flow_str = get_snort_alert_flow($fileline); + + if($alert_flow_str != '') + { + $alert_flow = $alert_flow_str; + }else{ + $alert_flow = 'empty'; + } + + /* IP Destination */ + $alert_ip_dst_str = get_snort_alert_ip_dst($fileline); + + if($alert_ip_dst_str != '') + { + $alert_ip_dst = $alert_ip_dst_str; + }else{ + $alert_ip_dst = 'empty'; + } + + /* IP DST Port */ + if ($snortalertlogt == 'full') + { + $alert_dst_p_str = get_snort_alert_dst_p_full($fileline); + }else{ + $alert_dst_p_str = get_snort_alert_dst_p($fileline); + } + + if($alert_dst_p_str != '') + { + $alert_dst_p_match = array(':',"\n"," TTL"); + $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str"); + $alert_dst_p_match2 = array('/[A-Z]/'); + $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2"); + }else{ + $alert_dst_p = 'empty'; + } + + /* SID */ + $alert_sid_str = get_snort_alert_sid($fileline); + + if($alert_sid_str != '') + { + $alert_sid_match = array('[',']'); + $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str"); + }else{ + $alert_sid_str = 'empty'; + } + + /* NOTE: using one echo improves performance by 2x */ + echo " + + + + + + + + + + + + + \n"; + +// + + } -?> \ No newline at end of file +?> + +
#PRIPROTODESCRIPTIONCLASSSRCSPORTFLOWDSTDPORTSIDDate
" . make_clickable($ww_logent) . " 
{$counter}{$alert_priority}{$alert_proto}{$alert_disc}{$alert_class}{$alert_ip_src}{$alert_src_p}{$alert_flow}{$alert_ip_dst}{$alert_dst_p}{$alert_sid}{$alert_date}
+
+ + + + + + + \ No newline at end of file diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index 3aa6d4a8..d608311b 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -108,7 +108,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; @@ -147,7 +146,6 @@ if ($_POST) { if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; } if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php index b7e92395..182d60d3 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/snort_blocked.php @@ -133,7 +133,7 @@ $blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); sleep(1); $ips_array = file('/tmp/snort_block.cache'); - // $ips_array = split("\n", $ips); + //$ips_array = split("\n", $ips); $counter = 0; foreach($ips_array as $ip) { if(!$ip) diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php index 779598b0..6520280a 100644 --- a/config/snort-dev/snort_define_servers.php +++ b/config/snort-dev/snort_define_servers.php @@ -108,7 +108,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; @@ -136,7 +135,6 @@ if ($_POST) { if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; } if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index 20453335..eef871bb 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -278,7 +278,7 @@ if ($_GET['act'] == "toggle" && $_GET['id'] != "") } -$pgtitle = "Services: Snort 2.8.4.1_7 pkg v. 1.8 alpha"; +$pgtitle = "Services: Snort 2.8.4.1_7 pkg v. 1.8 RC4"; include("head.inc"); ?> diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 3c837349..32fa911e 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -101,7 +101,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; @@ -209,7 +208,6 @@ if ($_POST["Submit"]) { $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; /* if post = on use on off or rewrite the conf */ if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } @@ -343,7 +341,6 @@ echo " ?> document.iform.performance.disabled = endis; document.iform.blockoffenders7.disabled = endis; - document.iform.snortalertlogtype.disabled = endis; document.iform.alertsystemlog.disabled = endis; document.iform.tcpdumplog.disabled = endis; document.iform.snortunifiedlog.disabled = endis; @@ -494,21 +491,6 @@ if($id != "") Checking this option will automatically block hosts that generate a snort alert. - Alerts Tab description type - -
- Please choose the type of Alert logging you will like see in the Alerts Tab.
- Hint: in most cases, short descriptions are best.
- - Send alerts to main System logs onClick="enable_change(false)">
diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php index d6e8679d..09d34887 100644 --- a/config/snort-dev/snort_interfaces_global.php +++ b/config/snort-dev/snort_interfaces_global.php @@ -4,7 +4,10 @@ part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + Copyright (C) 2008-2009 Robert Zelaya + Modified for the Pfsense snort package. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -42,6 +45,7 @@ $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['auto $pconfig['whitelistvpns'] = $config['installedpackages']['snortglobal']['whitelistvpns']; $pconfig['clickablalerteurls'] = $config['installedpackages']['snortglobal']['clickablalerteurls']; $pconfig['associatealertip'] = $config['installedpackages']['snortglobal']['associatealertip']; +$pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; if ($_POST) { @@ -50,55 +54,38 @@ if ($_POST) { $pconfig = $_POST; /* input validation */ - if ($_POST['enable']) { - $reqdfields = explode(" ", "interface"); - $reqdfieldsn = explode(",", "Interface"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if ($_POST['httpslogin_enable']) { - if (!$_POST['cert'] || !$_POST['key']) { - $input_errors[] = "Certificate and key must be specified for HTTPS login."; - } else { - if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")) - $input_errors[] = "This certificate does not appear to be valid."; - if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY")) - $input_errors[] = "This key does not appear to be valid."; - } + if ($_POST['enable']) + { - if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) { - $input_errors[] = "The HTTPS server name must be specified for HTTPS login."; - } - } - } +// if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) { +// $input_errors[] = "The timeout must be at least 1 minute."; +// } +// if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) { +// $input_errors[] = "The idle timeout must be at least 1 minute."; +// } +// if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { +// $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]"; +// } +// if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) { +// $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]"; +// } +// if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) { +// $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]"; +// } +// if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) { +// $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]"; +// } +// if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { +// $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; +// } +// if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) { +// $input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100."; +// } +// $mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16; +// if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) { +// $input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum."; +// } - if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) { - $input_errors[] = "The timeout must be at least 1 minute."; - } - if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) { - $input_errors[] = "The idle timeout must be at least 1 minute."; - } - if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { - $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]"; - } - if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) { - $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]"; - } - if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]"; - } - if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]"; - } - if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; - } - if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) { - $input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100."; - } - $mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16; - if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) { - $input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum."; } if (!$input_errors) { @@ -111,6 +98,7 @@ if ($_POST) { $config['installedpackages']['snortglobal']['whitelistvpns'] = $_POST['whitelistvpns'] ? on : off; $config['installedpackages']['snortglobal']['clickablalerteurls'] = $_POST['clickablalerteurls'] ? on : off; $config['installedpackages']['snortglobal']['associatealertip'] = $_POST['associatealertip'] ? on : off; + $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; write_config(); sleep(2); @@ -247,12 +235,21 @@ include("head.inc"); onClick="enable_change(false)">
Checking this option will install whitelists for all VPNs. - - Convert Snort alerts urls to clickable links - - onClick="enable_change(false)">
- Checking this option will automatically convert URLs in the Snort alerts tab to clickable links. - + + Alerts file description type + +
+ Please choose the type of Alert logging you will like see in your alert file.
+ Hint: Best pratice is to chose full logging.
 WARNING: On change, alert file will be cleared. + Associate events on Blocked tab @@ -267,8 +264,8 @@ include("head.inc");   - Note:
-
Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work.
+ Note:
+ Changing any settings on this page will affect all interfaces. Please, double check if your oink code is correct and the type of snort.org account you hold.
diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php index 8fb437eb..49020893 100644 --- a/config/snort-dev/snort_preprocessors.php +++ b/config/snort-dev/snort_preprocessors.php @@ -110,7 +110,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; - $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; $pconfig['snortunifiedlog'] = $a_nat[$id]['snortunifiedlog']; @@ -139,7 +138,6 @@ if ($_POST) { if ($pconfig['descr'] != "") { $natent['descr'] = $pconfig['descr']; } if ($pconfig['performance'] != "") { $natent['performance'] = $pconfig['performance']; } if ($pconfig['blockoffenders7'] != "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } - if ($pconfig['snortalertlogtype'] != "") { $natent['snortalertlogtype'] = $pconfig['snortalertlogtype']; } if ($pconfig['alertsystemlog'] != "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } if ($pconfig['tcpdumplog'] != "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } if ($pconfig['snortunifiedlog'] != "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } diff --git a/config/snort-dev/sortableTable.js b/config/snort-dev/sortableTable.js new file mode 100644 index 00000000..02c83ab5 --- /dev/null +++ b/config/snort-dev/sortableTable.js @@ -0,0 +1,288 @@ + + +/************************************************************** + + Script : Sortable Table + Version : 1.4 + Authors : Samuel Birch + Desc : Sorts and filters table elements + Licence : Open Source MIT Licence + +**************************************************************/ + +var sortableTable = new Class({ + + getOptions: function(){ + return { + overCls: false, + onClick: false, + sortOn: 0, + sortBy: 'ASC', + filterHide: true, + filterHideCls: 'hide', + filterSelectedCls: 'selected' + }; + }, + + initialize: function(table, options){ + this.setOptions(this.getOptions(), options); + this.table = $(table); + this.tHead = this.table.getElement('thead'); + this.tBody = this.table.getElement('tbody'); + this.tFoot = this.table.getElement('tfoot'); + this.elements = this.tBody.getElements('tr'); + this.filtered = false; + + /*for(i=0;i<10;i++){ + this.elements.clone().injectInside(this.tBody); + } + this.elements = this.tBody.getElements('tr');*/ + + this.elements.each(function(el,i){ + if(this.options.overCls){ + el.addEvent('mouseover', function(){ + el.addClass(options.overCls); + }, this); + el.addEvent('mouseout', function(){ + el.removeClass(options.overCls); + }); + } + if(this.options.onClick){ + el.addEvent('click', options.onClick); + } + }, this); + + //setup header + this.tHead.getElements('th').each(function(el,i){ + if(el.axis){ + el.addEvent('click', this.sort.bind(this,i)); + el.addEvent('mouseover', function(){ + el.addClass('tableHeaderOver'); + }); + el.addEvent('mouseout', function(){ + el.removeClass('tableHeaderOver'); + }); + el.getdate = function(str){ + // inner util function to convert 2-digit years to 4 + function fixYear(yr) { + yr = +yr; + if (yr<50) { yr += 2000; } + else if (yr<100) { yr += 1900; } + return yr; + }; + var ret; + // + if (str.length>12){ + strtime = str.substring(str.lastIndexOf(' ')+1); + strtime = strtime.substring(0,2)+strtime.substr(-2) + }else{ + strtime = '0000'; + } + // + // YYYY-MM-DD + if (ret=str.match(/(\d{2,4})-(\d{1,2})-(\d{1,2})/)) { + return (fixYear(ret[1])*10000) + (ret[2]*100) + (+ret[3]) + strtime; + } + // DD/MM/YY[YY] or DD-MM-YY[YY] + if (ret=str.match(/(\d{1,2})[\/-](\d{1,2})[\/-](\d{2,4})/)) { + return (fixYear(ret[3])*10000) + (ret[2]*100) + (+ret[1]) + strtime; + } + return 999999990000; // So non-parsed dates will be last, not first + }; + // + el.findData = function(elem){ + var child = elem.getFirst(); + if(child){ + return el.findData(child); + }else{ + return elem.innerHTML.trim(); + } + }; + // + el.compare = function(a,b){ + var1 = el.findData(a.getChildren()[i]); + var2 = el.findData(b.getChildren()[i]); + //var1 = a.getChildren()[i].firstChild.data; + //var2 = b.getChildren()[i].firstChild.data; + + if(el.axis == 'number'){ + var1 = parseFloat(var1); + var2 = parseFloat(var2); + + if(el.sortBy == 'ASC'){ + return var1-var2; + }else{ + return var2-var1; + } + + }else if(el.axis == 'string'){ + var1 = var1.toUpperCase(); + var2 = var2.toUpperCase(); + + if(var1==var2){return 0}; + if(el.sortBy == 'ASC'){ + if(var1var2){return -1}; + } + return 1; + + }else if(el.axis == 'date'){ + var1 = parseFloat(el.getdate(var1)); + var2 = parseFloat(el.getdate(var2)); + + if(el.sortBy == 'ASC'){ + return var1-var2; + }else{ + return var2-var1; + } + + }else if(el.axis == 'currency'){ + var1 = parseFloat(var1.substr(1).replace(',','')); + var2 = parseFloat(var2.substr(1).replace(',','')); + + if(el.sortBy == 'ASC'){ + return var1-var2; + }else{ + return var2-var1; + } + + } + + } + + if(i == this.options.sortOn){ + el.fireEvent('click'); + } + } + }, this); + }, + + sort: function(index){ + if(this.options.onStart){ + this.fireEvent('onStart'); + } + // + this.options.sortOn = index; + var header = this.tHead.getElements('th'); + var el = header[index]; + + header.each(function(e,i){ + if(i != index){ + e.removeClass('sortedASC'); + e.removeClass('sortedDESC'); + } + }); + + if(el.hasClass('sortedASC')){ + el.removeClass('sortedASC'); + el.addClass('sortedDESC'); + el.sortBy = 'DESC'; + }else if(el.hasClass('sortedDESC')){ + el.removeClass('sortedDESC'); + el.addClass('sortedASC'); + el.sortBy = 'ASC'; + }else{ + if(this.options.sortBy == 'ASC'){ + el.addClass('sortedASC'); + el.sortBy = 'ASC'; + }else if(this.options.sortBy == 'DESC'){ + el.addClass('sortedDESC'); + el.sortBy = 'DESC'; + } + } + // + this.elements.sort(el.compare); + this.elements.injectInside(this.tBody); + // + if(this.filtered){ + this.filteredAltRow(); + }else{ + this.altRow(); + } + + // + if(this.options.onComplete){ + this.fireEvent('onComplete'); + } + }, + + altRow: function(){ + this.elements.each(function(el,i){ + if(i % 2){ + el.removeClass('altRow'); + }else{ + el.addClass('altRow'); + } + }); + }, + + filteredAltRow: function(){ + this.table.getElements('.'+this.options.filterSelectedCls).each(function(el,i){ + if(i % 2){ + el.removeClass('altRow'); + }else{ + el.addClass('altRow'); + } + }); + }, + + filter: function(form){ + var form = $(form); + var col = 0; + var key = ''; + + form.getChildren().each(function(el,i){ + if(el.id == 'column'){ + col = Number(el.value); + } + if(el.id == 'keyword'){ + key = el.value.toLowerCase(); + } + if(el.type == 'reset'){ + el.addEvent('click',this.clearFilter.bind(this)); + } + }, this); + + if(key){ + this.elements.each(function(el,i){ + if(this.options.filterHide){ + el.removeClass('altRow'); + } + if(el.getChildren()[col].firstChild.data.toLowerCase().indexOf(key) > -1){ + el.addClass(this.options.filterSelectedCls); + if(this.options.filterHide){ + el.removeClass(this.options.filterHideCls); + } + }else{ + el.removeClass(this.options.filterSelectedCls); + if(this.options.filterHide){ + el.addClass(this.options.filterHideCls); + } + } + }, this); + if(this.options.filterHide){ + this.filteredAltRow(); + this.filtered = true; + } + } + }, + + clearFilter: function(){ + this.elements.each(function(el,i){ + el.removeClass(this.options.filterSelectedCls); + if(this.options.filterHide){ + el.removeClass(this.options.filterHideCls); + } + }, this); + if(this.options.filterHide){ + this.altRow(); + this.filtered = false; + } + } + +}); +sortableTable.implement(new Events); +sortableTable.implement(new Options); + +/*************************************************************/ diff --git a/config/snort-dev/style.css b/config/snort-dev/style.css index e2d44a01..f7d2136b 100644 --- a/config/snort-dev/style.css +++ b/config/snort-dev/style.css @@ -1,30 +1,153 @@ -@charset "utf-8"; -.textstyle { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - background-color: #666; - color: #CCC; -} -.textstyle p2 a { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - font-style: normal; - color: #CCC; -} - -.textstyle p { - font-family: Arial, Helvetica, sans-serif; - font-size: 24px; - font-weight: bold; - color: #FFF; - text-decoration: underline; -} -.textstyle p2 { - font-family: Arial, Helvetica, sans-serif; - font-size: 12px; - color: #CCC; -} - -/// - +/* Start of main css Pfsense */ +/* Start of main css Pfsense */ + +@charset "utf-8"; +.textstyle { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + font-style: normal; + background-color: #666; + color: #CCC; +} +.textstyle p2 a { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + font-style: normal; + color: #CCC; +} + +.textstyle p { + font-family: Arial, Helvetica, sans-serif; + font-size: 24px; + font-weight: bold; + color: #FFF; + text-decoration: underline; +} +.textstyle p2 { + font-family: Arial, Helvetica, sans-serif; + font-size: 12px; + color: #CCC; +} + +/* Start of main css for table sort */ +/* Start of main css for table sort */ + +table { + margin: 0; + padding: 0; + border: 0; + font-weight: inherit; + font-style: inherit; + font-size: 9; + font-family: Arial, Helvetica, sans-serif; + vertical-align: baseline; +} + +/* Tables still need 'cellspacing="0"' in the markup. */ +table { border-collapse: separate; border-spacing: 0; } +caption, th, td { text-align: left; font-weight:400; } + +/* Remove possible quote marks (") from ,
. */ +blockquote:before, blockquote:after, q:before, q:after { content: ""; } +blockquote, q { quotes: "" ""; } + +#container { + width: auto; + margin: 0px; + padding-top: 10px; + padding-bottom: 10px; +} + + + +/************************************************************** + + Sortable Table + v 1.4 + +**************************************************************/ + + + +th { + background-color: #eee; + background: #eee url(images/icon-table-sort.png) no-repeat 2px 8px; + padding: 4px 4px 4px 14px; +} + +.allRow { + background-color: #eee; + padding: 4px; +} + +tr.altRow { + background-color: #fff; +} + +.leftAlign { + text-align: left; +} + +.centerAlign { + text-align: center; +} + +.rightAlign { + text-align: right; +} + +.sortedASC { + background: url(images/icon-table-sort-asc.png) no-repeat 2px 4px #eee; +} + +.sortedDESC { + background: url(images/icon-table-sort-desc.png) no-repeat 2px 10px #eee; +} + +.tableHeaderOver { + cursor: pointer; + color: #354158; +} + + +tr.selected { + background-color: 9999ff; + color: #000000; +} + +tr.over { + background-color: #993333; + color: #fff; + cursor: pointer; +} + +tr.hide { + display: none; +} +/***************************/ + +.mainTableFilter { + position: absolute; + top: 0; + left: -10px; + width: auto; +} + +.tableFilter { + border: 1px solid #ccc; + padding: 2px; + margin: 5px 0 10px 0; +} + +.tableFilter input { + border: 1px solid #ccc; +} + +.tableFilter select { + border: 1px solid #ccc; +} + + +/*************************************************************/ + + -- cgit v1.2.3