From a42356458f46215de8718088c2f9143294532bca Mon Sep 17 00:00:00 2001
From: Ermal
Date: Mon, 16 Jul 2012 08:43:35 +0000
Subject: Force use of aliases from pfSense for replacing snort var settings.
Also make snort var settings generic and overridable in all of its
definitions
---
config/snort/snort_define_servers.php | 542 +++++++++-------------------------
1 file changed, 142 insertions(+), 400 deletions(-)
(limited to 'config/snort/snort_define_servers.php')
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index f69209e5..3cf70bc9 100644
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -48,47 +48,41 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
}
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-$pconfig = array();
-if (isset($id) && $a_nat[$id]) {
- $pconfig = $a_nat[$id];
+/* NOTE: KEEP IN SYNC WITH SNORT.INC since global do not work quite well with package */
+/* define servers and ports snortdefservers */
+$snort_servers = array (
+"dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET",
+"www_servers" => "\$HOME_NET", "sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET",
+"snmp_servers" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET",
+"pop_servers" => "\$HOME_NET", "imap_servers" => "\$HOME_NET", "sip_proxy_ip" => "\$HOME_NET",
+"sip_servers" => "\$HOME_NET", "rpc_servers" => "\$HOME_NET",
+"aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24"
+);
- /* old options */
- $pconfig['def_dns_servers'] = $a_nat[$id]['def_dns_servers'];
- $pconfig['def_dns_ports'] = $a_nat[$id]['def_dns_ports'];
- $pconfig['def_smtp_servers'] = $a_nat[$id]['def_smtp_servers'];
- $pconfig['def_smtp_ports'] = $a_nat[$id]['def_smtp_ports'];
- $pconfig['def_mail_ports'] = $a_nat[$id]['def_mail_ports'];
- $pconfig['def_http_servers'] = $a_nat[$id]['def_http_servers'];
- $pconfig['def_www_servers'] = $a_nat[$id]['def_www_servers'];
- $pconfig['def_http_ports'] = $a_nat[$id]['def_http_ports'];
- $pconfig['def_sql_servers'] = $a_nat[$id]['def_sql_servers'];
- $pconfig['def_oracle_ports'] = $a_nat[$id]['def_oracle_ports'];
- $pconfig['def_mssql_ports'] = $a_nat[$id]['def_mssql_ports'];
- $pconfig['def_telnet_servers'] = $a_nat[$id]['def_telnet_servers'];
- $pconfig['def_telnet_ports'] = $a_nat[$id]['def_telnet_ports'];
- $pconfig['def_snmp_servers'] = $a_nat[$id]['def_snmp_servers'];
- $pconfig['def_snmp_ports'] = $a_nat[$id]['def_snmp_ports'];
- $pconfig['def_ftp_servers'] = $a_nat[$id]['def_ftp_servers'];
- $pconfig['def_ftp_ports'] = $a_nat[$id]['def_ftp_ports'];
- $pconfig['def_ssh_servers'] = $a_nat[$id]['def_ssh_servers'];
- $pconfig['def_ssh_ports'] = $a_nat[$id]['def_ssh_ports'];
- $pconfig['def_pop_servers'] = $a_nat[$id]['def_pop_servers'];
- $pconfig['def_pop2_ports'] = $a_nat[$id]['def_pop2_ports'];
- $pconfig['def_pop3_ports'] = $a_nat[$id]['def_pop3_ports'];
- $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
- $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
- $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
- $pconfig['def_sip_servers'] = $a_nat[$id]['def_sip_servers'];
- $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
- $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
- $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
- $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
- $pconfig['def_irc_ports'] = $a_nat[$id]['def_irc_ports'];
- $pconfig['def_nntp_ports'] = $a_nat[$id]['def_nntp_ports'];
- $pconfig['def_rlogin_ports'] = $a_nat[$id]['def_rlogin_ports'];
- $pconfig['def_rsh_ports'] = $a_nat[$id]['def_rsh_ports'];
- $pconfig['def_ssl_ports'] = $a_nat[$id]['def_ssl_ports'];
-}
+/* if user has defined a custom ssh port, use it */
+if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port']))
+ $ssh_port = $config['system']['ssh']['port'];
+else
+ $ssh_port = "22";
+$snort_ports = array(
+"dns_ports" => "53", "smtp_ports" => "25", "mail_ports" => "25,143,465,691",
+"http_ports" => "80", "oracle_ports" => "1521", "mssql_ports" => "1433",
+"telnet_ports" => "23","snmp_ports" => "161", "ftp_ports" => "21",
+"ssh_ports" => $ssh_port, "pop2_ports" => "109", "pop3_ports" => "110",
+"imap_ports" => "143", "sip_proxy_ports" => "5060:5090,16384:32768",
+"sip_ports" => "5060:5090,16384:32768", "auth_ports" => "113", "finger_ports" => "79",
+"irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445",
+"nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514",
+"ssl_ports" => "443,465,563,636,989,990,992,993,994,995",
+"file_data_ports" => "\$HTTP_PORTS,110,143", "shellcode_ports" => "!80",
+"sun_rpc_ports" => "111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779",
+"DCERPC_NCACN_IP_TCP" => "139,445", "DCERPC_NCADG_IP_UDP" => "138,1024:",
+"DCERPC_NCACN_IP_LONG" => "135,139,445,593,1024:", "DCERPC_NCACN_UDP_LONG" => "135,1024:",
+"DCERPC_NCACN_UDP_SHORT" => "135,593,1024:", "DCERPC_NCACN_TCP" => "2103,2105,2107",
+"DCERPC_BRIGHTSTORE" => "6503,6504"
+);
+
+$pconfig = $a_nat[$id];
/* convert fake interfaces to real */
$if_real = snort_get_real_interface($pconfig['interface']);
@@ -105,51 +99,20 @@ if ($_POST) {
/* if no errors write to conf */
if (!$input_errors) {
/* post new options */
- if ($_POST['def_dns_servers'] != "") { $natent['def_dns_servers'] = $_POST['def_dns_servers']; }else{ $natent['def_dns_servers'] = ""; }
- if ($_POST['def_dns_ports'] != "") { $natent['def_dns_ports'] = $_POST['def_dns_ports']; }else{ $natent['def_dns_ports'] = ""; }
- if ($_POST['def_smtp_servers'] != "") { $natent['def_smtp_servers'] = $_POST['def_smtp_servers']; }else{ $natent['def_smtp_servers'] = ""; }
- if ($_POST['def_smtp_ports'] != "") { $natent['def_smtp_ports'] = $_POST['def_smtp_ports']; }else{ $natent['def_smtp_ports'] = ""; }
- if ($_POST['def_mail_ports'] != "") { $natent['def_mail_ports'] = $_POST['def_mail_ports']; }else{ $natent['def_mail_ports'] = ""; }
- if ($_POST['def_http_servers'] != "") { $natent['def_http_servers'] = $_POST['def_http_servers']; }else{ $natent['def_http_servers'] = ""; }
- if ($_POST['def_www_servers'] != "") { $natent['def_www_servers'] = $_POST['def_www_servers']; }else{ $natent['def_www_servers'] = ""; }
- if ($_POST['def_http_ports'] != "") { $natent['def_http_ports'] = $_POST['def_http_ports']; }else{ $natent['def_http_ports'] = ""; }
- if ($_POST['def_sql_servers'] != "") { $natent['def_sql_servers'] = $_POST['def_sql_servers']; }else{ $natent['def_sql_servers'] = ""; }
- if ($_POST['def_oracle_ports'] != "") { $natent['def_oracle_ports'] = $_POST['def_oracle_ports']; }else{ $natent['def_oracle_ports'] = ""; }
- if ($_POST['def_mssql_ports'] != "") { $natent['def_mssql_ports'] = $_POST['def_mssql_ports']; }else{ $natent['def_mssql_ports'] = ""; }
- if ($_POST['def_telnet_servers'] != "") { $natent['def_telnet_servers'] = $_POST['def_telnet_servers']; }else{ $natent['def_telnet_servers'] = ""; }
- if ($_POST['def_telnet_ports'] != "") { $natent['def_telnet_ports'] = $_POST['def_telnet_ports']; }else{ $natent['def_telnet_ports'] = ""; }
- if ($_POST['def_snmp_servers'] != "") { $natent['def_snmp_servers'] = $_POST['def_snmp_servers']; }else{ $natent['def_snmp_servers'] = ""; }
- if ($_POST['def_snmp_ports'] != "") { $natent['def_snmp_ports'] = $_POST['def_snmp_ports']; }else{ $natent['def_snmp_ports'] = ""; }
- if ($_POST['def_ftp_servers'] != "") { $natent['def_ftp_servers'] = $_POST['def_ftp_servers']; }else{ $natent['def_ftp_servers'] = ""; }
- if ($_POST['def_ftp_ports'] != "") { $natent['def_ftp_ports'] = $_POST['def_ftp_ports']; }else{ $natent['def_ftp_ports'] = ""; }
- if ($_POST['def_ssh_servers'] != "") { $natent['def_ssh_servers'] = $_POST['def_ssh_servers']; }else{ $natent['def_ssh_servers'] = ""; }
- if ($_POST['def_ssh_ports'] != "") { $natent['def_ssh_ports'] = $_POST['def_ssh_ports']; }else{ $natent['def_ssh_ports'] = ""; }
- if ($_POST['def_pop_servers'] != "") { $natent['def_pop_servers'] = $_POST['def_pop_servers']; }else{ $natent['def_pop_servers'] = ""; }
- if ($_POST['def_pop2_ports'] != "") { $natent['def_pop2_ports'] = $_POST['def_pop2_ports']; }else{ $natent['def_pop2_ports'] = ""; }
- if ($_POST['def_pop3_ports'] != "") { $natent['def_pop3_ports'] = $_POST['def_pop3_ports']; }else{ $natent['def_pop3_ports'] = ""; }
- if ($_POST['def_imap_servers'] != "") { $natent['def_imap_servers'] = $_POST['def_imap_servers']; }else{ $natent['def_imap_servers'] = ""; }
- if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; }
- if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; }
- if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; }
- if ($_POST['def_sip_servers'] != "") { $natent['def_sip_servers'] = $_POST['def_sip_servers']; }else{ $natent['def_sip_servers'] = ""; }
- if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
- if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; }
- if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; }
- if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; }
- if ($_POST['def_nntp_ports'] != "") { $natent['def_nntp_ports'] = $_POST['def_nntp_ports']; }else{ $natent['def_nntp_ports'] = ""; }
- if ($_POST['def_rlogin_ports'] != "") { $natent['def_rlogin_ports'] = $_POST['def_rlogin_ports']; }else{ $natent['def_rlogin_ports'] = ""; }
- if ($_POST['def_rsh_ports'] != "") { $natent['def_rsh_ports'] = $_POST['def_rsh_ports']; }else{ $natent['def_rsh_ports'] = ""; }
- if ($_POST['def_ssl_ports'] != "") { $natent['def_ssl_ports'] = $_POST['def_ssl_ports']; }else{ $natent['def_ssl_ports'] = ""; }
-
-
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
- else {
- if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
+ foreach ($snort_servers as $key => $server) {
+ if ($_POST["def_{$key}"])
+ $natent["def_{$key}"] = $_POST["def_{$key}"];
else
- $a_nat[] = $natent;
+ unset($natent["def_{$key}"]);
}
+ foreach ($snort_ports as $key => $server) {
+ if ($_POST["def_{$key}"])
+ $natent["def_{$key}"] = $_POST["def_{$key}"];
+ else
+ unset($natent["def_{$key}"]);
+ }
+
+ $a_nat[$id] = $natent;
write_config();
@@ -171,30 +134,23 @@ $pgtitle = "Snort: Interface {$if_friendly} Define Servers";
include_once("head.inc");
?>
-
+
' . $pgtitle . '
';}
+/* Display Alert message */
+if ($input_errors)
+ print_input_errors($input_errors); // TODO: add checks
+if ($savemsg)
+ print_info_box($savemsg);
?>
-
-
-
-
+
+
--
cgit v1.2.3