From 140efc422969d411e620174501aa292ae1345534 Mon Sep 17 00:00:00 2001 From: robiscool Date: Mon, 16 Aug 2010 16:53:15 -0700 Subject: snort, major changes, fix pid bug, add jquery lightbox, update gui --- config/snort/snort_interfaces.php | 1142 ++++++++++++++++++------------------- 1 file changed, 543 insertions(+), 599 deletions(-) (limited to 'config/snort/snort_interfaces.php') diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 24d230d6..1c26af8a 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -1,599 +1,543 @@ -. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* TODO: redo check if snort is up */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (!is_array($config['installedpackages']['snortglobal']['rule'])) - $config['installedpackages']['snortglobal']['rule'] = array(); - -$a_nat = &$config['installedpackages']['snortglobal']['rule']; - -if (isset($config['installedpackages']['snortglobal']['rule'])) { -$id_gen = count($config['installedpackages']['snortglobal']['rule']); -}else{ -$id_gen = '0'; -} - -/* alert file */ -$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if ($d_snortconfdirty_path_ls != '') { - - write_config(); - - sync_snort_package_empty(); - sync_snort_package(); - - exec('/bin/rm /var/run/snort_conf_*.dirty'); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - - exit; - - } - - } - - - -if (isset($_POST['del_x'])) { - /* delete selected rules */ - if (is_array($_POST['rule']) && count($_POST['rule'])) { - foreach ($_POST['rule'] as $rulei) { - - /* convert fake interfaces to real */ - $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$rulei]['interface']); - $snort_uuid = $a_nat[$rulei]['uuid']; - - /* cool code to check if any snort is up */ - $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); - - if ($snort_up_ck != "") - { - - $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'"); - $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); - - $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid"); - $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); - - - if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") - { - - /* dont flood the syslog code */ - //exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); - //sleep(3); - - - /* remove only running instances */ - if ($start_up_s != "") - { - exec("/bin/kill {$start_up_s}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_s != "") - { - exec("/bin/kill {$start2_upb_s}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - if ($start_up_r != "") - { - exec("/bin/kill {$start_up_r}"); - exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); - } - - if ($start2_upb_r != "") - { - exec("/bin/kill {$start2_upb_r}"); - exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); - } - - /* stop syslog flood code */ - //$if_real_wan_rulei = $a_nat[$rulei]['interface']; - //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei); - //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc"); - //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log"); - //exec("/usr/bin/killall syslogd"); - //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); - //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); - //sleep(2); - //exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); - //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); - //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'"); - //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'"); - - } - - } - - /* for every iface do these steps */ - conf_mount_rw(); - exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); - exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); - - conf_mount_ro(); - - unset($a_nat[$rulei]); - - } - - write_config(); - sleep(2); - - /* if there are no ifaces do not create snort.sh */ - if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) { - create_snort_sh(); - }else{ - conf_mount_rw(); - exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); - conf_mount_ro(); - } - - //touch("/var/run/snort_conf_delete.dirty"); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - //exit; - } - -} - - -/* start/stop snort */ -if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -{ - - $if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']); - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); - - $tester2 = Running_Ck($snort_uuid, $if_real, $id); - - if ($tester2 == 'yes') { - - /* Log Iface stop */ - exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'"); - - Running_Stop($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - - }else{ - - sync_snort_package_all($id, $if_real, $snort_uuid); - sync_snort_package(); - - Running_Start($snort_uuid, $if_real, $id); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - sleep(2); - header("Location: /snort/snort_interfaces.php"); - } -} - - - -$pgtitle = "Services: Snort 2.8.6 pkg v. 1.31"; -include("head.inc"); - -?> - - -

- - - - - -
- -'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed for one or more interfaces.
- You must apply the changes in order for them to take effect.
- '); - } - } - -?> - - - - - - -
- -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  IfSnortPerformanceBlockBarnyard2Description - - - - - -
-
- - - - - - - - - - - - - - - -   - - - - - -
-
- - - - -
-
-
-
- -
- - -
- Note: -
- This is the Snort Menu where you can see an over view of all your interface settings. -
- Please edit the Global Settings tab before adding an interface. -

- Warning: -
- New settings will not take effect until interface restart. -

- Click on the icon to add a interface.                                            Click on the icon to start snort and barnyard2. -
- Click on the icon to edit a interface and settings.                       Click on the icon to stop snort and barnyard2. -
- Click on the icon to delete a interface and settings. -
- - "") { - echo ""; -} -?> - -
- - - -#footer2 -{ - position: relative; - top: -17px; - background-color: #cccccc; - background-image: none; - background-repeat: repeat; - background-attachment: scroll; - background-position: 0% 0%; - font-size: 0.8em; - text-align: center; - padding-top: 0px; - padding-right: 0px; - padding-bottom: 0px; - padding-left: 10px; - clear: both; -} - - - -
- \"Apps\" - Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, - Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com -
\n"; -} - -if ($pfsense_theme_is == 'pfsense_ng') { -$footer3 = " - - - -
- Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, - Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com -
\n"; -} -?> - - - - - - - - - - - - - - +. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* TODO: redo check if snort is up */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); + +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +if (isset($config['installedpackages']['snortglobal']['rule'])) { +$id_gen = count($config['installedpackages']['snortglobal']['rule']); +}else{ +$id_gen = '0'; +} + +/* alert file */ +$d_snortconfdirty_path_ls = exec('/bin/ls /var/run/snort_conf_*.dirty'); + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if ($d_snortconfdirty_path_ls != '') { + + write_config(); + + sync_snort_package_empty(); + sync_snort_package(); + + exec('/bin/rm /var/run/snort_conf_*.dirty'); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + + exit; + + } + + } + + + +if (isset($_POST['del_x'])) { + /* delete selected rules */ + if (is_array($_POST['rule']) && count($_POST['rule'])) { + foreach ($_POST['rule'] as $rulei) { + + /* convert fake interfaces to real */ + $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$rulei]['interface']); + $snort_uuid = $a_nat[$rulei]['uuid']; + + /* cool code to check if any snort is up */ + $snort_up_ck = exec("/bin/ps -auwx | /usr/bin/grep -v grep | /usr/bin/grep snort | /usr/bin/awk '{print \$2;}' | sed 1q"); + + if ($snort_up_ck != "") + { + + $start_up_pre = exec("/usr/bin/top -a -U snort -u | grep -v grep | grep \"R {$snort_uuid}{$if_real}\" | awk '{print \$1;}'"); + $start_up_s = exec("/usr/bin/top -U snort -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + $start_up_r = exec("/usr/bin/top -U root -u | grep snort | grep {$start_up_pre} | awk '{ print $1; }'"); + + $start2_upb_pre = exec("/bin/cat /var/run/barnyard2_{$snort_uuid}_{$if_real}.pid"); + $start2_upb_s = exec("/usr/bin/top -U snort -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + $start2_upb_r = exec("/usr/bin/top -U root -u | grep barnyard2 | grep {$start2_upb_pre} | awk '{ print $1; }'"); + + + if ($start_up_s != "" || $start_up_r != "" || $start2_upb_s != "" || $start2_upb_r != "") + { + + /* dont flood the syslog code */ + //exec("/bin/cp /var/log/system.log /var/log/system.log.bk"); + //sleep(3); + + + /* remove only running instances */ + if ($start_up_s != "") + { + exec("/bin/kill {$start_up_s}"); + exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); + } + + if ($start2_upb_s != "") + { + exec("/bin/kill {$start2_upb_s}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + } + + if ($start_up_r != "") + { + exec("/bin/kill {$start_up_r}"); + exec("/bin/rm /var/run/snort_{$snort_uuid}_{$if_real}*"); + } + + if ($start2_upb_r != "") + { + exec("/bin/kill {$start2_upb_r}"); + exec("/bin/rm /var/run/barnyard2_{$snort_uuid}_{$if_real}*"); + } + + /* stop syslog flood code */ + //$if_real_wan_rulei = $a_nat[$rulei]['interface']; + //$if_real_wan_rulei2 = convert_friendly_interface_to_real_interface_name2($if_real_wan_rulei); + //exec("/sbin/ifconfig $if_real_wan_rulei2 -promisc"); + //exec("/bin/cp /var/log/system.log /var/log/snort/snort_sys_$rulei$if_real.log"); + //exec("/usr/bin/killall syslogd"); + //exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); + //exec("/usr/sbin/syslogd -c -ss -f /var/etc/syslog.conf"); + //sleep(2); + //exec("/bin/cp /var/log/system.log.bk /var/log/system.log"); + //$after_mem = exec("/usr/bin/top | /usr/bin/grep Wired | /usr/bin/awk '{ print $2 }'"); + //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'MEM after {$rulei}{$if_real} STOP {$after_mem}'"); + //exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule removed for {$rulei}{$if_real}...'"); + + } + + } + + /* for every iface do these steps */ + conf_mount_rw(); + exec("/bin/rm /var/log/snort/snort.u2_{$snort_uuid}_{$if_real}*"); + exec("/bin/rm -r /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}"); + + conf_mount_ro(); + + unset($a_nat[$rulei]); + + } + + write_config(); + sleep(2); + + /* if there are no ifaces do not create snort.sh */ + if (isset($config['installedpackages']['snortglobal']['rule'][0]['enable'])) { + create_snort_sh(); + }else{ + conf_mount_rw(); + exec('/bin/rm /usr/local/etc/rc.d/snort.sh'); + conf_mount_ro(); + } + + //touch("/var/run/snort_conf_delete.dirty"); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + //exit; + } + +} + + +/* start/stop snort */ +if ($_GET['act'] == 'toggle' && $_GET['id'] != '') +{ + + $if_real = convert_friendly_interface_to_real_interface_name2($config['installedpackages']['snortglobal']['rule'][$id]['interface']); + $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Toggle for {$snort_uuid}_{$if_real}...'"); + + $tester2 = Running_Ck($snort_uuid, $if_real, $id); + + if ($tester2 == 'yes') { + + /* Log Iface stop */ + exec("/usr/bin/logger -p daemon.info -i -t SnortStartup '{$tester2} yn for {$snort_uuid}_{$if_real}...'"); + + Running_Stop($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + + }else{ + + sync_snort_package_all($id, $if_real, $snort_uuid); + sync_snort_package(); + + Running_Start($snort_uuid, $if_real, $id); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + sleep(2); + header("Location: /snort/snort_interfaces.php"); + } +} + + +$pgtitle = "Services: $snort_package_version"; +include_once("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + + + + +' . $pgtitle . '

';}?> + + + + +
+ + + + +
+ +'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed for one or more interfaces.
+ You must apply the changes in order for them to take effect.
+ '); + } + } + +?> + + + + + + +
+ +
+ + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  IfSnortPerformanceBlockBarnyard2Description + + + + + +
+
+ + + + + + + + + + + + + + + +   + + + + + +
+
+ + + + +
+
+
+
+ +
+ + +
+
+ + + + +
+ Note: +
+ This is the Snort Menu where you can see an over view of all your interface settings. +
+ Please edit the Global Settings tab before adding an interface. +

+ Warning: +
+ New settings will not take effect until interface restart. +

+ Click on the icon to add a interface.                                            Click on the icon to start snort and barnyard2. +
+ Click on the icon to edit a interface and settings.                       Click on the icon to stop snort and barnyard2. +
+ Click on the icon to delete a interface and settings. +
+
+
+ + "") { + echo ""; +} +?> + +
+
+ +

+ + + +
+ Snort is a registered trademark of Sourcefire, Inc, Barnyard2 is a registered trademark of securixlive.com, Orion copyright Robert Zelaya, + Emergingthreats is a registered trademark of emergingthreats.net, Mysql is a registered trademark of Mysql.com +
+ + + + + + + -- cgit v1.2.3