From d3635ba6e576bac2d6d4fee57a0734d1db2903da Mon Sep 17 00:00:00 2001 From: robiscool Date: Fri, 23 Apr 2010 01:34:48 -0700 Subject: snort, add whightlist.php, add options for homenet, externalnet, and whitelist, misc --- config/snort/snort_interfaces_whitelist_edit.php | 449 +++++++++++++++++++++++ 1 file changed, 449 insertions(+) create mode 100644 config/snort/snort_interfaces_whitelist_edit.php (limited to 'config/snort/snort_interfaces_whitelist_edit.php') diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php new file mode 100644 index 00000000..41476c9c --- /dev/null +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -0,0 +1,449 @@ +. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + +aliases_sort(); +$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + + +/* gen uuid for each iface !inportant */ +if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); +$whitelist_uuid = 0; +while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { + $whitelist_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $whitelist_uuid; + } +} + +if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; +} + +$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; + +$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; + +/* returns true if $name is a valid name for a whitelist file name or ip */ +function is_validwhitelistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) + return true; + + return false; +} + + +if (isset($id) && $a_whitelist[$id]) { + + /* old settings */ + $pconfig['name'] = $a_whitelist[$id]['name']; + $pconfig['uuid'] = $a_whitelist[$id]['uuid']; + $pconfig['detail'] = $a_whitelist[$id]['detail']; + $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; + $pconfig['address'] = $a_whitelist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); + $pconfig['wanips'] = $a_whitelist[$id]['wanips']; + $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; + $pconfig['vips'] = $a_whitelist[$id]['vips']; + $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; + + + $addresses = explode(' ', $pconfig['address']); + $address = explode(" ", $addresses[0]); + if ($address[1]) + $addresssubnettest = true; + else + $addresssubnettest = false; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "name address"); + $reqdfieldsn = explode(",", "Name,Address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultwhitelist") + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + + $x = is_validwhitelistname($_POST['name']); + if (!isset($x)) { + $input_errors[] = "Reserved word used for whitelist file name."; + } else { + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + } + + if (is_validwhitelistname($_POST['address']) == false) + $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset."; + + + /* check for name conflicts */ + foreach ($a_whitelist as $w_list) { + if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) + continue; + + if ($w_list['name'] == $_POST['name']) { + $input_errors[] = "A whitelist file name with this name already exists."; + break; + } + } + + + $w_list = array(); + /* post user input */ + $w_list['name'] = $_POST['name']; + $w_list['uuid'] = $whitelist_uuid; + $w_list['snortlisttype'] = $_POST['snortlisttype']; + $w_list['address'] = $_POST['address']; + $w_list['wanips'] = $_POST['wanips']? yes : no; + $w_list['wangateips'] = $_POST['wangateips']? yes : no; + $w_list['wandnsips'] = $_POST['wandnsips']? yes : no; + $w_list['vips'] = $_POST['vips']? yes : no; + $w_list['vpnips'] = $_POST['vpnips']? yes : no; + + + $address = $w_list['address']; + $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto"); + if($final_address_detail <> "") { + $final_address_details .= $final_address_detail; + } else { + $final_address_details .= "Entry added" . " "; + $final_address_details .= date('r'); + } + $final_address_details .= "||"; + $isfirst = 0; + + + /* add another entry code */ + for($x=0; $x<299; $x++) { + $comd = "\$subnet = \$_POST['address" . $x . "'];"; + eval($comd); + $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];"; + eval($comd); + if($subnet <> "") { + $address .= " "; + $address .= $subnet; + if($subnet_address <> "") $address .= "" . $subnet_address; + + /* Compress in details to a single key, data separated by pipes. + Pulling details here lets us only pull in details for valid + address entries, saving us from having to track which ones to + process later. */ + $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');"; + eval($comd); + if($final_address_detail <> "") { + $final_address_details .= $final_address_detail; + } else { + $final_address_details .= "Entry added" . " "; + $final_address_details .= date('r'); + } + $final_address_details .= "||"; + } + } + + if (!$input_errors) { + $w_list['address'] = $address; + $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $w_list['detail'] = $final_address_details; + + if (isset($id) && $a_whitelist[$id]) + $a_whitelist[$id] = $w_list; + else + $a_whitelist[] = $w_list; + + touch($d_snort_whitelist_dirty_path); + + write_config(); + + header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id"); + exit; + } + //we received input errors, copy data to prevent retype + else + { + $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $pconfig['address'] = $address; + $pconfig['detail'] = $final_address_details; + } +} + +include("head.inc"); + + + + +$description_str = gettext("Description"); +$hosts_str = gettext("IP or CIDR items"); +$ip_str = gettext("IP"); + +$update_freq_str = gettext("Update Freq."); + + + +?> + +"> + + + + + + +

+ + +
+ +
+ + + + + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Name + +

+ NOTE: This list is in use so the name may not be modified! +

+
Name + +
+ + The list name may only consist of the characters a-z, A-Z and 0-9. Note: No Spaces. + +
Description + +
+ + You may enter a description here for your reference (not parsed). + +
List Type +
+ Choose the type of list you will like see in your Interface Edit Tab. Hint: Best pratice is to test every list you make. +  Note: NETLIST's are only for defining snort.conf's external or home NETS.
WAN IPs + /> + + Add WAN IPs to the list. + +
Wan Gateways + /> + + Add WAN Gateways to the list. + +
Wan DNS servers + /> + + Add WAN DNS servers to the list. + +
Virtual IP Addresses + /> + + Add Virtual IP Addresses to the list. + +
VPNs + /> + + Add VPN Addresses to the list. + +
IP or CIDR items
 + + + + + + + + + + + 0) $tracker = $counter + 1; + ?> + + + + + + + +
+
+ Enter only ips or CIDR notations. Example: 192.168.4.1 or 192.168.1.0/24
+
IP or CIDR
Add a Description or leave blank and a date will be added.
+ + + + + 0) + echo ""; + ?> +
+ + + +
  + + + + + +
+
+
+ + + + + + \ No newline at end of file -- cgit v1.2.3