From 080fb922c15c959be4f0bd101d0cf3f529f0e866 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 13 May 2013 16:58:53 -0400 Subject: Snort Pkg 2.5.8 Update - bug fixes and new features --- config/snort/snort_alerts.php | 107 ++++++++++++++++++++++++------------------ 1 file changed, 61 insertions(+), 46 deletions(-) (limited to 'config/snort/snort_alerts.php') diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 3fcbe6b7..eb0912c8 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -38,6 +38,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); $snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; +$supplist = array(); if ($_GET['instance']) $instanceid = $_GET['instance']; @@ -80,8 +81,10 @@ if ($_POST['todelete'] || $_GET['todelete']) { $ip = $_POST['todelete']; else if($_GET['todelete']) $ip = $_GET['todelete']; - if (is_ipaddr($ip)) + if (is_ipaddr($ip)) { exec("/sbin/pfctl -t snort2c -T delete {$ip}"); + $savemsg = "Host IP address {$ip} has been removed from the Bocked Hosts table."; + } } if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { @@ -99,7 +102,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_ $s_list = array(); $s_list['name'] = $a_instance[$instanceid]['interface'] . "suppress"; $s_list['uuid'] = uniqid(); - $s_list['descr'] = "Auto generted list for suppress"; + $s_list['descr'] = "Auto-generated list for suppress"; $s_list['suppresspassthru'] = base64_encode($suppress); $a_suppress[] = $s_list; $a_instance[$instanceid]['suppresslistname'] = $s_list['name']; @@ -115,6 +118,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_ } } } + $savemsg = "GID:SID '{$_GET['gen_id']}:{$_GET['sidid']}' has been added to the Suppress List."; write_config(); sync_snort_package_config(); } @@ -157,6 +161,9 @@ if ($_POST['download']) { exit; } +/* Load up an array with the current Suppression List GID,SID values */ +$supplist = snort_load_suppress_sigs($a_instance[$instanceid]); + $pgtitle = "Services: Snort: Snort Alerts"; include_once("head.inc"); @@ -177,6 +184,9 @@ if ($pconfig['arefresh'] == 'on') if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } + if ($savemsg) { + print_info_box($savemsg); + } ?>
@@ -195,15 +205,14 @@ if ($pconfig['arefresh'] == 'on')
- +
- - + @@ -227,31 +236,32 @@ if ($pconfig['arefresh'] == 'on') - +
-
$instance) { $selected = ""; @@ -212,14 +221,14 @@ if ($pconfig['arefresh'] == 'on') echo "\n"; } ?> -
+   
- -    +
- + > - ', '', '', ''); ?> + ', '', '', ''); ?>   - ', '', '', ''); ?> + ', '', '', ''); ?>


   +
- - - - - - - - - - + + + + + + + + + + - \"Delete\""; + $alert_ip_src .= "
+ \"Remove"; } /* IP SRC Port */ $alert_src_p = $fields[7]; /* IP Destination */ $alert_ip_dst = $fields[8]; if (isset($tmpblocked[$fields[8]])) { - $alert_ip_dst .= " - \"Delete\""; + $alert_ip_dst .= "
+ \"Remove"; } /* IP DST Port */ $alert_dst_p = $fields[9]; /* SID */ - $alert_sid_str = "{$fields[1]}:{$fields[2]}:{$fields[3]}"; + $alert_sid_str = "{$fields[1]}:{$fields[2]}"; + if (!isset($supplist[$fields[1]][$fields[2]])) { + $sidsupplink = ""; + $sidsupplink .= ""; + } + else { + $sidsupplink = ""; + } $alert_class = $fields[11]; echo " - - - - - - - - - - + + + + + + + + + + \n"; $counter++; -- cgit v1.2.3 From 1ef295d754f838935412ddefc8d5fa00c51bcc1c Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Tue, 14 May 2013 00:38:49 -0300 Subject: snort - (re)include two level menu and change start stop icons to toggle status as well show current snort status --- config/snort/snort_alerts.php | 1 + 1 file changed, 1 insertion(+) (limited to 'config/snort/snort_alerts.php') diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index eb0912c8..7919b1f2 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -200,6 +200,7 @@ if ($pconfig['arefresh'] == 'on') $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); + $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array); ?> -- cgit v1.2.3 From 95074b228255ad3105cd7de8ea159d0015af5daf Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 16 May 2013 19:41:12 -0400 Subject: Tweak HTML for tables to improve word-wrapping and column layouts. --- config/snort/snort_alerts.php | 48 +++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'config/snort/snort_alerts.php') diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 7919b1f2..796e1587 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -83,7 +83,7 @@ if ($_POST['todelete'] || $_GET['todelete']) { $ip = $_GET['todelete']; if (is_ipaddr($ip)) { exec("/sbin/pfctl -t snort2c -T delete {$ip}"); - $savemsg = "Host IP address {$ip} has been removed from the Bocked Hosts table."; + $savemsg = "Host IP address {$ip} has been removed from the Blocked Table."; } } @@ -118,7 +118,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_ } } } - $savemsg = "GID:SID '{$_GET['gen_id']}:{$_GET['sidid']}' has been added to the Suppress List."; + $savemsg = "An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List."; write_config(); sync_snort_package_config(); } @@ -250,18 +250,18 @@ if ($pconfig['arefresh'] == 'on') -
{$alert_date}{$alert_priority}{$alert_proto}{$alert_class}{$alert_ip_src}{$alert_src_p}{$alert_ip_dst}{$alert_dst_p} - {$alert_sid_str} - - - {$alert_descr}{$alert_date}
{$alert_time}		{$alert_priority}{$alert_proto}{$alert_class}{$alert_ip_src}{$alert_src_p}{$alert_ip_dst}{$alert_dst_p}{$alert_sid_str}
{$sidsupplink}		{$alert_descr}
- +
+ - - - + + + - - - - - + + + + + @@ -295,7 +295,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_src = $fields[6]; if (isset($tmpblocked[$fields[6]])) { $alert_ip_src .= "
- \"Remove"; + \"Remove"; } /* IP SRC Port */ $alert_src_p = $fields[7]; @@ -303,7 +303,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_dst = $fields[8]; if (isset($tmpblocked[$fields[8]])) { $alert_ip_dst .= "
- \"Remove"; + \"Remove"; } /* IP DST Port */ $alert_dst_p = $fields[9]; @@ -312,24 +312,24 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { if (!isset($supplist[$fields[1]][$fields[2]])) { $sidsupplink = ""; $sidsupplink .= ""; + $sidsupplink .= "title='" . gettext("Add this gen_id:sig_id to Suppress List") . "'>"; } else { $sidsupplink = ""; + $sidsupplink .= "title='" . gettext("This gen_id:sig_id already in Suppress List") . "'/>"; } $alert_class = $fields[11]; echo " - - - + + + - - - - - + + + + + \n"; -- cgit v1.2.3 From 717af69c8a12e258c61c9fa410b642c80042cfc5 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 16 May 2013 20:25:54 -0400 Subject: Extend SRC and DST columns just a bit to hold long IP addresses. --- config/snort/snort_alerts.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config/snort/snort_alerts.php') diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 796e1587..65ebffc1 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -257,9 +257,9 @@ if ($pconfig['arefresh'] == 'on') - + - + -- cgit v1.2.3 From e80695def53d0c55a0c79108f3d207a938249786 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 21 May 2013 22:00:03 -0400 Subject: HTML edits to fix table layout in Firefox and Chrome. --- config/snort/snort_alerts.php | 54 ++++++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 21 deletions(-) (limited to 'config/snort/snort_alerts.php') diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 65ebffc1..98a58863 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -252,18 +252,30 @@ if ($pconfig['arefresh'] == 'on')
{$alert_date}
{$alert_time}		{$alert_priority}{$alert_proto}{$alert_date}
{$alert_time}		{$alert_priority}{$alert_proto} {$alert_class}{$alert_ip_src}{$alert_src_p}{$alert_ip_dst}{$alert_dst_p}{$alert_sid_str}
{$sidsupplink}		{$alert_ip_src}{$alert_src_p}{$alert_ip_dst}{$alert_dst_p}{$alert_sid_str}
{$sidsupplink}		 {$alert_descr}
- - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - + + + + + + + + + \n"; -- cgit v1.2.3 From e8f8b0ab273baa1d772ec914c51e242c3ff22f56 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 22 May 2013 12:20:35 -0400 Subject: Fix various HTML style issues to tidy up GUI. --- config/snort/snort_alerts.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'config/snort/snort_alerts.php') diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 98a58863..607fba54 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -205,8 +205,8 @@ if ($pconfig['arefresh'] == 'on') ?> -
{$alert_date}
{$alert_time}		{$alert_priority}{$alert_proto}{$alert_class}{$alert_ip_src}{$alert_src_p}{$alert_ip_dst}{$alert_dst_p}{$alert_sid_str}
{$sidsupplink}		{$alert_date}
{$alert_time}		{$alert_priority}{$alert_proto}{$alert_class}{$alert_ip_src}{$alert_src_p}{$alert_ip_dst}{$alert_dst_p}{$alert_sid_str}
{$sidsupplink}		 {$alert_descr}
- +
+ @@ -357,6 +357,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
+
-- cgit v1.2.3