From 595c831d2768547d49e6daf147889c6aee15f9a4 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 18 Nov 2013 18:59:41 -0500 Subject: Snort 2.9.5.5 pkg v3.0.0 update --- config/snort/snort_interfaces_edit.php | 158 +++++++++++++++++++++++++++------ 1 file changed, 129 insertions(+), 29 deletions(-) (limited to 'config/snort/snort_interfaces_edit.php') diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index bbd4338c..9d488207 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -102,6 +102,12 @@ elseif (isset($id) && !isset($a_rule[$id])) { if (isset($_GET['dup'])) unset($id); +// Set defaults for empty key parameters +if (empty($pconfig['blockoffendersip'])) + $pconfig['blockoffendersip'] = "both"; +if (empty($pconfig['performance'])) + $pconfig['performance'] = "ac-bnfa"; + if ($_POST["Submit"]) { if (!$_POST['interface']) $input_errors[] = "Interface is mandatory"; @@ -113,7 +119,7 @@ if ($_POST["Submit"]) { $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; $natent['uuid'] = $pconfig['uuid']; - /* See if the HOME_NET, EXTERNAL_NET, WHITELIST or SUPPRESS LIST values were changed */ + /* See if the HOME_NET, EXTERNAL_NET, or SUPPRESS LIST values were changed */ $snort_reload = false; if ($_POST['homelistname'] && ($_POST['homelistname'] <> $natent['homelistname'])) $snort_reload = true; @@ -121,8 +127,6 @@ if ($_POST["Submit"]) { $snort_reload = true; if ($_POST['suppresslistname'] && ($_POST['suppresslistname'] <> $natent['suppresslistname'])) $snort_reload = true; - if ($_POST['whitelistname'] && ($_POST['whitelistname'] <> $natent['whitelistname'])) - $snort_reload = true; if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = strtoupper($natent['interface']); if ($_POST['performance']) $natent['performance'] = $_POST['performance']; else unset($natent['performance']); @@ -150,8 +154,100 @@ if ($_POST["Submit"]) { exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}"); } $a_rule[$id] = $natent; - } else + } else { + // Adding new interface, so set required interface configuration defaults + $frag3_eng = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", + "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", + "overlap_limit" => 0, "min_frag_len" => 0 ); + + $stream5_eng = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30, + "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0, + "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0, + "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off", + "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default", + "ports_both" => "default", "ports_server" => "none" ); + + $http_eng = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off", + "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on", + "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off", + "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", + "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", + "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, + "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" ); + + $ftp_client_eng = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256, + "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", + "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); + + $ftp_server_eng = array( "name" => "default", "bind_to" => "all", "ports" => "default", + "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", + "ignore_data_chan" => "no", "def_max_param_len" => 100 ); + + $natent['max_attribute_hosts'] = '10000'; + $natent['max_attribute_services_per_host'] = '10'; + $natent['max_paf'] = '16000'; + + $natent['ftp_preprocessor'] = 'on'; + $natent['ftp_telnet_inspection_type'] = "stateful"; + $natent['ftp_telnet_alert_encrypted'] = "off"; + $natent['ftp_telnet_check_encrypted'] = "on"; + $natent['ftp_telnet_normalize'] = "on"; + $natent['ftp_telnet_detect_anomalies'] = "on"; + $natent['ftp_telnet_ayt_attack_threshold'] = "20"; + if (!is_array($natent['ftp_client_engine']['item'])) + $natent['ftp_client_engine']['item'] = array(); + $natent['ftp_client_engine']['item'][] = $ftp_client_eng; + if (!is_array($natent['ftp_server_engine']['item'])) + $natent['ftp_server_engine']['item'] = array(); + $natent['ftp_server_engine']['item'][] = $ftp_server_eng; + + $natent['smtp_preprocessor'] = 'on'; + $natent['dce_rpc_2'] = 'on'; + $natent['dns_preprocessor'] = 'on'; + $natent['ssl_preproc'] = 'on'; + $natent['pop_preproc'] = 'on'; + $natent['imap_preproc'] = 'on'; + $natent['sip_preproc'] = 'on'; + $natent['other_preprocs'] = 'on'; + + $natent['pscan_protocol'] = 'all'; + $natent['pscan_type'] = 'all'; + $natent['pscan_memcap'] = '10000000'; + $natent['pscan_sense_level'] = 'medium'; + + $natent['http_inspect'] = "on"; + $natent['http_inspect_proxy_alert'] = "off"; + $natent['http_inspect_memcap'] = "150994944"; + $natent['http_inspect_max_gzip_mem'] = "838860"; + if (!is_array($natent['http_inspect_engine']['item'])) + $natent['http_inspect_engine']['item'] = array(); + $natent['http_inspect_engine']['item'][] = $http_eng; + + $natent['frag3_max_frags'] = '8192'; + $natent['frag3_memcap'] = '4194304'; + $natent['frag3_detection'] = 'on'; + if (!is_array($natent['frag3_engine']['item'])) + $natent['frag3_engine']['item'] = array(); + $natent['frag3_engine']['item'][] = $frag3_eng; + + $natent['stream5_reassembly'] = 'on'; + $natent['stream5_flush_on_alert'] = 'off'; + $natent['stream5_prune_log_max'] = '1048576'; + $natent['stream5_track_tcp'] = 'on'; + $natent['stream5_max_tcp'] = '262144'; + $natent['stream5_track_udp'] = 'on'; + $natent['stream5_max_udp'] = '131072'; + $natent['stream5_udp_timeout'] = '30'; + $natent['stream5_track_icmp'] = 'off'; + $natent['stream5_max_icmp'] = '65536'; + $natent['stream5_icmp_timeout'] = '30'; + $natent['stream5_mem_cap']= '8388608'; + if (!is_array($natent['stream5_tcp_engine']['item'])) + $natent['stream5_tcp_engine']['item'] = array(); + $natent['stream5_tcp_engine']['item'][] = $stream5_eng; + $a_rule[] = $natent; + } /* If Snort is disabled on this interface, stop any running instance */ if ($natent['enable'] != 'on') @@ -168,9 +264,9 @@ if ($_POST["Submit"]) { /*******************************************************/ /* Signal Snort to reload configuration if we changed */ - /* HOME_NET, the Whitelist, EXTERNAL_NET or Suppress */ - /* list values. The function only signals a running */ - /* Snort instance to safely reload these parameters. */ + /* HOME_NET, EXTERNAL_NET or Suppress list values. */ + /* The function only signals a running Snort instance */ + /* to safely reload these parameters. */ /*******************************************************/ if ($snort_reload == true) snort_reload_config($natent, "SIGHUP"); @@ -187,7 +283,7 @@ if ($_POST["Submit"]) { } $if_friendly = snort_get_friendly_interface($pconfig['interface']); -$pgtitle = "Snort: Interface Edit: {$if_friendly}"; +$pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings"); include_once("head.inc"); ?> @@ -265,28 +361,24 @@ include_once("head.inc");   
-
+  
-
+

- - - onClick="enable_change(false)"> + + > - + @@ -295,14 +387,14 @@ include_once("head.inc"); "Snort alert."); ?> - + > - +    - +
+  " . gettext("Choosing BOTH is suggested, and it is the default value."); ?>
@@ -332,8 +425,8 @@ include_once("head.inc"); foreach ($interfaces2 as $iface2 => $ifacename2): ?> - + +    " . gettext("Default") . "" . gettext(" is ") . "" . gettext("AC-BNFA") . ""; ?>.

@@ -471,17 +564,17 @@ include_once("head.inc"); id="btnWhitelist" title=""/>

 
 
-   + "use."); ?>

+  
+   - + - +