From 20ded7753eba0d96560e715a0b07c38e6dbf8a07 Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 27 Apr 2010 23:15:56 -0700 Subject: snort, add suppress tab, fix javascript on pfsense 2.0 --- config/snort/snort_interfaces_suppress_edit.php | 324 ++++++++++++++++++++++++ 1 file changed, 324 insertions(+) create mode 100644 config/snort/snort_interfaces_suppress_edit.php (limited to 'config/snort/snort_interfaces_suppress_edit.php') diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php new file mode 100644 index 00000000..5b9553f1 --- /dev/null +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -0,0 +1,324 @@ +. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) + $config['installedpackages']['snortglobal']['suppress']['item'] = array(); + +$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + + +/* gen uuid for each iface !inportant */ +if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); +$suppress_uuid = 0; +while ($suppress_uuid > 65535 || $suppress_uuid == 0) { + $suppress_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $suppress_uuid; + } +} + +if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') { + $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid']; +} + +$pgtitle = "Services: Snort: Suppression: Edit $suppress_uuid"; + +$d_snort_suppress_dirty_path = '/var/run/snort_suppress.dirty'; + +/* returns true if $name is a valid name for a whitelist file name or ip */ +function is_validwhitelistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) + return true; + + return false; +} + + +if (isset($id) && $a_suppress[$id]) { + + /* old settings */ + $pconfig['name'] = $a_suppress[$id]['name']; + $pconfig['uuid'] = $a_suppress[$id]['uuid']; + $pconfig['descr'] = $a_suppress[$id]['descr']; + $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); + + + +} + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists("$d_snort_suppress_dirty_path")) { + + write_config(); + + sync_snort_package_config(); + sync_snort_package(); + + unlink("$d_snort_suppress_dirty_path"); + + } + + } + +if ($_POST['submit']) { + + unset($input_errors); + $pconfig = $_POST; + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultwhitelist") + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + + $x = is_validwhitelistname($_POST['name']); + if (!isset($x)) { + $input_errors[] = "Reserved word used for whitelist file name."; + } else { + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + } + + + /* check for name conflicts */ + foreach ($a_suppress as $s_list) { + if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list)) + continue; + + if ($s_list['name'] == $_POST['name']) { + $input_errors[] = "A whitelist file name with this name already exists."; + break; + } + } + + + $s_list = array(); + /* post user input */ + + if (!$input_errors) { + + $s_list['name'] = $_POST['name']; + $s_list['uuid'] = $suppress_uuid; + $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); + + + if (isset($id) && $a_suppress[$id]) + $a_suppress[$id] = $s_list; + else + $a_suppress[] = $s_list; + + touch($d_snort_suppress_dirty_path); + + write_config(); + + header("Location: /snort/snort_interfaces_suppress_edit.php?id=$id"); + exit; + } + +} + +include("head.inc"); + +?> + +"> + + + + +

+ + +
+ +
+ +'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.
+ You must apply the changes in order for them to take effect.
+ '); + } + } +?> + + + + +
+
+ + + + + + + + + + + + + + + + + + + +
Add the name and description of the file.
Name + +

+ NOTE: This list is in use so the name may not be modified! +

+
Name + +
+ + The list name may only consist of the characters a-z, A-Z and 0-9. Note: No Spaces. + +
Description + +
+ + You may enter a description here for your reference (not parsed). + +
+ +
+ + + + + + + + + + + + + + + + +
+
+ + + + + +
+     + + NOTE: +   The threshold keyword is deprecated as of version 2.8.5. Use the event_filter keyword instead. +
+
+
Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'.
+ Example 1; suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54
+ Example 2; event_filter gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60
+ Example 3; rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10 +
+ +
+ + + + + +
+
+ + + +
+ + + \ No newline at end of file -- cgit v1.2.3