From 20ded7753eba0d96560e715a0b07c38e6dbf8a07 Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 27 Apr 2010 23:15:56 -0700 Subject: snort, add suppress tab, fix javascript on pfsense 2.0 --- config/snort/javascript/row_helper.js | 69 +++++ config/snort/snort.inc | 119 +++++++-- config/snort/snort.xml | 10 + config/snort/snort_alerts.php | 1 + config/snort/snort_barnyard.php | 2 + config/snort/snort_blocked.php | 1 + config/snort/snort_define_servers.php | 2 + config/snort/snort_download_rules.php | 2 + config/snort/snort_help_info.php | 1 + config/snort/snort_interfaces.php | 3 +- config/snort/snort_interfaces_edit.php | 70 ++++- config/snort/snort_interfaces_global.php | 1 + config/snort/snort_interfaces_suppress.php | 170 ++++++++++++ config/snort/snort_interfaces_suppress_edit.php | 324 +++++++++++++++++++++++ config/snort/snort_interfaces_whitelist.php | 9 +- config/snort/snort_interfaces_whitelist_edit.php | 78 ++++-- config/snort/snort_preprocessors.php | 2 + 17 files changed, 818 insertions(+), 46 deletions(-) create mode 100644 config/snort/javascript/row_helper.js create mode 100644 config/snort/snort_interfaces_suppress.php create mode 100644 config/snort/snort_interfaces_suppress_edit.php (limited to 'config/snort') diff --git a/config/snort/javascript/row_helper.js b/config/snort/javascript/row_helper.js new file mode 100644 index 00000000..aaf6df37 --- /dev/null +++ b/config/snort/javascript/row_helper.js @@ -0,0 +1,69 @@ +// Global Variables +var rowname = new Array(99); +var rowtype = new Array(99); +var newrow = new Array(99); +var rowsize = new Array(99); + +for (i = 0; i < 99; i++) { + rowname[i] = ''; + rowtype[i] = ''; + newrow[i] = ''; + rowsize[i] = '25'; +} + +var field_counter_js = 0; +var loaded = 0; +var is_streaming_progress_bar = 0; +var temp_streaming_text = ""; + +var addRowTo = (function() { + return (function (tableId) { + var d, tbody, tr, td, bgc, i, ii, j; + d = document; + tbody = d.getElementById(tableId).getElementsByTagName("tbody").item(0); + tr = d.createElement("tr"); + totalrows++; + for (i = 0; i < field_counter_js; i++) { + td = d.createElement("td"); + if(rowtype[i] == 'textbox') { + td.innerHTML=" "; + } else if(rowtype[i] == 'select') { + td.innerHTML=" "; + } else { + td.innerHTML=" "; + } + tr.appendChild(td); + } + td = d.createElement("td"); + td.rowSpan = "1"; + + td.innerHTML = ''; + tr.appendChild(td); + tbody.appendChild(tr); + }); +})(); + +function removeRow(el) { + var cel; + while (el && el.nodeName.toLowerCase() != "tr") + el = el.parentNode; + + if (el && el.parentNode) { + cel = el.getElementsByTagName("td").item(0); + el.parentNode.removeChild(el); + } +} + +function find_unique_field_name(field_name) { + // loop through field_name and strip off -NUMBER + var last_found_dash = 0; + for (var i = 0; i < field_name.length; i++) { + // is this a dash, if so, update + // last_found_dash + if (field_name.substr(i,1) == "-" ) + last_found_dash = i; + } + if (last_found_dash < 1) + return field_name; + return(field_name.substr(0,last_found_dash)); +} diff --git a/config/snort/snort.inc b/config/snort/snort.inc index dbad74e8..ea5554cc 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -48,7 +48,7 @@ if ($pfsense_ver_chk == '1.2.3-RELEASE') /* tell me my theme */ $pfsense_theme_is = $config['theme']; -/* func builds custom whitelests */ +/* func builds custom white lists */ function find_whitelist_key($find_wlist_number) { global $config, $g; @@ -63,6 +63,21 @@ function find_whitelist_key($find_wlist_number) { } } +/* func builds custom suppress lists */ +function find_suppress_key($find_slist_number) { + global $config, $g; + + $suppresslist_array = $config['installedpackages']['snortglobal']['suppress']['item']; + $s_key = -1; + + foreach ($suppresslist_array as $value2) { + $s_key += 1; + if ($config['installedpackages']['snortglobal']['suppress']['item'][$s_key]['uuid'] == $find_slist_number) { + return $s_key; + } + } +} + /* func builds custom whitelests */ function build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $userwips) { global $config, $g; @@ -599,6 +614,7 @@ function snort_postinstall() exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/mootools.js'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/sortableTable.js'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/tabs.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort/javascript/row_helper.js'); /* install barnyard2 for 2.0 and 1.2.3 */ chdir ("/usr/local/bin/"); @@ -944,18 +960,13 @@ function sync_snort_package() exec('/usr/sbin/chown -R snort:snort /usr/local/lib/snort'); exec('/usr/sbin/chown snort:snort /tmp/snort*'); exec('/usr/sbin/chown snort:snort /var/db/whitelist'); - exec('/bin/chmod 770 /usr/local/lib/snort'); - exec('/bin/chmod 770 /var/log/snort'); - exec('/bin/chmod 770 /var/log/snort/run'); - exec('/bin/chmod 770 /var/log/snort/barnyard2'); - exec('/bin/chmod 660 /var/log/snort/alert'); - exec('/bin/chmod 660 /var/db/whitelist'); - exec('/bin/chmod -R 660 /usr/local/etc/snort/*'); - exec('/bin/chmod -R 660 /tmp/snort*'); - exec('/bin/chmod -R 660 /var/run/snort*'); - exec('/bin/chmod -R 660 /var/snort/run/*'); - exec('/bin/chmod 770 /usr/local/etc/snort/'); - exec('/bin/chmod 770 /usr/local/etc/whitelist/'); + + exec('/bin/chmod 770 /var/db/whitelist'); + exec('/bin/chmod 770 /var/run/snort*'); + exec('/bin/chmod 770 /tmp/snort*'); + exec('/bin/chmod -R 770 /var/log/snort'); + exec('/bin/chmod -R 770 /usr/local/lib/snort'); + exec('/bin/chmod -R 770 /usr/local/etc/snort/'); conf_mount_ro(); } @@ -997,6 +1008,11 @@ if ($id != '' && $if_real != '') //new create_snort_whitelist($id, $if_real); } + /* only build threshold when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){ + create_snort_suppress($id, $if_real); + } + /* create snort bootup file snort.sh only create once */ create_snort_sh(); @@ -1051,6 +1067,11 @@ function sync_snort_package_empty() if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ create_snort_whitelist($id, $if_real); } + + /* only build threshold when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){ + create_snort_suppress($id, $if_real); + } /* create barnyard2 configuration file */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; @@ -1106,7 +1127,12 @@ function sync_snort_package_config() if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on'){ create_snort_whitelist($id, $if_real); } - + + /* only build threshold when needed */ + if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default'){ + create_snort_suppress($id, $if_real); + } + /* create barnyard2 configuration file */ $snortbarnyardlog_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable']; if ($snortbarnyardlog_info_chk == 'on') @@ -1126,6 +1152,48 @@ function sync_snort_package_config() /* Start of main config files */ /* Start of main config files */ +/* create threshold file */ +/* TODO: other func should mirror this code */ +function create_snort_suppress($id, $if_real) { + + global $config, $g; + conf_mount_rw(); + + /* make sure dir is there */ + if (!file_exists('/usr/local/etc/snort/suppress/')) { + exec('/bin/mkdir -p /usr/local/etc/snort/suppress/'); + } + + if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') { + + preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt); + + $whitelist_key_s = find_suppress_key($slist_num_wrt[0]); + + /* file name */ + $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; + + /* Message */ + $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; + + /* user added arguments */ + $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); + + /* open snort's whitelist for writing */ + $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w"); + if(!$suppresslist_w) { + log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing."); + return; + } + + fwrite($suppresslist_w, $s_data); + fclose($suppresslist_w); + conf_mount_ro(); + + } + +} + function create_snort_whitelist($id, $if_real) { global $config, $g; @@ -1465,6 +1533,13 @@ function create_barnyard2_conf($id, $if_real, $snort_uuid) { { exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf"); } + + if(!file_exists("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo")) + { + exec("/bin//usr/bin/touch /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo"); + exec("/usr/sbin/chown snort:snort /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo"); + exec("/bin/chmod 770 /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.waldo"); + } $barnyard2_conf_text = generate_barnyard2_conf($id, $if_real, $snort_uuid); $bconf = fopen("/usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/barnyard2.conf", "w"); @@ -1752,7 +1827,7 @@ $snortunifiedlog_info_chk = $config['installedpackages']['snortglobal']['rule'][ if ($snortunifiedlog_info_chk == on) $snortunifiedlog_type = "output unified2: filename snort_{$snort_uuid}_{$if_real}.u2, limit 128"; -/* define spoink (DISABLED)*/ +/* define spoink */ $spoink_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7']; if ($spoink_info_chk == on) { @@ -1767,6 +1842,18 @@ if ($spoink_info_chk == on) { $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/$spoink_whitelist_name,snort2c"; } + +/* define threshold file */ +$threshold_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']; +if ($threshold_info_chk != 'default') { + + preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_name_file2); + + $threshold_name = $slist_name_file2[0]; + + $threshold_file_name = "include /usr/local/etc/snort/suppress/$threshold_name"; + +} /* define servers and ports snortdefservers */ /* def DNS_SERVSERS */ @@ -2499,7 +2586,7 @@ $spoink_type include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/reference.config include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/classification.config -include /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/threshold.conf +$threshold_file_name # Snort user pass through configuration {$snort_config_pass_thru} diff --git a/config/snort/snort.xml b/config/snort/snort.xml index d2603aec..7bc4d63a 100644 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -183,6 +183,16 @@ 077 http://www.pfsense.com/packages/config/snort/snort_interfaces_whitelist_edit.php + + /usr/local/www/snort/ + 077 + http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress.php + + + /usr/local/www/snort/ + 077 + http://www.pfsense.com/packages/config/snort/snort_interfaces_suppress_edit.phpp + /usr/local/etc/rc.d/ 755 diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index c135187a..c3f0a9dc 100644 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -331,6 +331,7 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '') $tab_array[] = array("Alerts", true, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index d88b354c..0c1920ac 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -113,6 +113,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; $pconfig['homelistname'] = $a_nat[$id]['homelistname']; $pconfig['externallistname'] = $a_nat[$id]['externallistname']; + $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; @@ -233,6 +234,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } + if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; } /* post new options */ $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? on : off; diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index e09e8928..2abe1d1d 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -260,6 +260,7 @@ if ($pconfig['brefresh'] == 'on' || $pconfig['brefresh'] == '') $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", true, "/snort/snort_blocked.php"); $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 974f9cb4..8dfd0bd8 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -114,6 +114,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; $pconfig['homelistname'] = $a_nat[$id]['homelistname']; $pconfig['externallistname'] = $a_nat[$id]['externallistname']; + $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname']; $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['performance'] = $a_nat[$id]['performance']; $pconfig['blockoffenders7'] = $a_nat[$id]['blockoffenders7']; @@ -176,6 +177,7 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; if ($pconfig['whitelistname'] != "") { $natent['whitelistname'] = $pconfig['whitelistname']; } if ($pconfig['homelistname'] != "") { $natent['homelistname'] = $pconfig['homelistname']; } if ($pconfig['externallistname'] != "") { $natent['externallistname'] = $pconfig['externallistname']; } + if ($pconfig['suppresslistname'] != "") { $natent['suppresslistname'] = $pconfig['suppresslistname']; } /* post new options */ diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php index f1970910..6ba3c5df 100644 --- a/config/snort/snort_download_rules.php +++ b/config/snort/snort_download_rules.php @@ -143,6 +143,7 @@ echo "\n $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); @@ -268,6 +269,7 @@ setTimeout($.unblockUI, 2000); $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> diff --git a/config/snort/snort_help_info.php b/config/snort/snort_help_info.php index 4c795b6d..62a15e06 100644 --- a/config/snort/snort_help_info.php +++ b/config/snort/snort_help_info.php @@ -87,6 +87,7 @@ clear: both; $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); $tab_array[] = array("Help", true, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index eff63e5f..b644d567 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -241,7 +241,7 @@ if ($_GET['act'] == 'toggle' && $_GET['id'] != '') -$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.22"; +$pgtitle = "Services: Snort 2.8.5.3 pkg v. 1.21"; include("head.inc"); ?> @@ -329,6 +329,7 @@ padding: 15px 10px 50% 50px; $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); $tab_array[] = array("Whitelists", false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 8cc97a75..aa87ed45 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -137,6 +137,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['whitelistname'] = $a_nat[$id]['whitelistname']; $pconfig['homelistname'] = $a_nat[$id]['homelistname']; $pconfig['externallistname'] = $a_nat[$id]['externallistname']; + $pconfig['suppresslistname'] = $a_nat[$id]['suppresslistname']; $pconfig['snortalertlogtype'] = $a_nat[$id]['snortalertlogtype']; $pconfig['alertsystemlog'] = $a_nat[$id]['alertsystemlog']; $pconfig['tcpdumplog'] = $a_nat[$id]['tcpdumplog']; @@ -238,7 +239,8 @@ if ($_POST["Submit"]) { if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname']; $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname']; - $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; + $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; + $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname']; $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } @@ -396,6 +398,11 @@ border-top:2px solid #DBAC48; border-bottom:2px solid #DBAC48; padding: 15px 10px 85% 50px; } + +.formpre { +font-family: Tahoma,Verdana,Arial,Helvetica,sans-serif; +font-size: 1.1em; +} + + Apply suppression or filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'. + + + + Example 1; suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54
+ Example 2; event_filter gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60
+ Example 3; rate_filter gen_id 135, sig_id 1, track by_src, count 100, seconds 1, new_action log, timeout 10 + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/config/snort/snort_interfaces_whitelist.php b/config/snort/snort_interfaces_whitelist.php index c55e0352..87da2f57 100644 --- a/config/snort/snort_interfaces_whitelist.php +++ b/config/snort/snort_interfaces_whitelist.php @@ -107,6 +107,7 @@ include("head.inc"); $tab_array[] = array("Alerts", false, "/snort/snort_alerts.php"); $tab_array[] = array("Blocked", false, "/snort/snort_blocked.php"); $tab_array[] = array("Whitelists", true, "/snort/snort_interfaces_whitelist.php"); + $tab_array[] = array("Suppress", false, "/snort/snort_interfaces_suppress.php"); $tab_array[] = array("Help", false, "/snort/snort_help_info.php"); display_top_tabs($tab_array); ?> @@ -116,9 +117,9 @@ include("head.inc"); - - - + + + @@ -170,7 +171,7 @@ include("head.inc");
File NameValuesDescriptionFile NameValuesDescription
Note: -

Here you can create whitelist files for your snort package rules. Please add all the ips or networks you want to protect against snort block decisions. Remember that the default whitelist only includes local networks. Be careful, it is very easy to get locked out of you system.

+

Here you can create whitelist files for your snort package rules.
Please add all the ips or networks you want to protect against snort block decisions.
Remember that the default whitelist only includes local networks.
Be careful, it is very easy to get locked out of you system.

diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 8fea1a65..ef96c429 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -35,7 +35,9 @@ POSSIBILITY OF SUCH DAMAGE. */ -require("guiconfig.inc"); +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); @@ -101,7 +103,23 @@ if (isset($id) && $a_whitelist[$id]) { $addresssubnettest = false; } -if ($_POST) { + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists("$d_snort_whitelist_dirty_path")) { + + write_config(); + + sync_snort_package_config(); + sync_snort_package(); + + unlink("$d_snort_whitelist_dirty_path"); + + } + + } + +if ($_POST['submit']) { unset($input_errors); $pconfig = $_POST; @@ -219,17 +237,6 @@ if ($_POST) { include("head.inc"); - - - -$description_str = gettext("Description"); -$hosts_str = gettext("IP or CIDR items"); -$ip_str = gettext("IP"); - -$update_freq_str = gettext("Update Freq."); - - - ?> "> @@ -238,7 +245,7 @@ $update_freq_str = gettext("Update Freq."); echo $jscriptstr; ?> - +