From 409def867de5eabfb4295dd74c297daafa4e3641 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 14 Aug 2014 14:58:26 -0400 Subject: Fix-up reverse DNS lookup and table sorting for pfSense 2.2. --- config/snort/snort_alerts.php | 83 ++++++++++++++++++++++++++--------- config/snort/snort_blocked.php | 68 +++++++++++++++++++++++----- config/snort/snort_rules.php | 16 +++---- config/snort/snort_rules_flowbits.php | 4 +- 4 files changed, 128 insertions(+), 43 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 1c9d8492..c04f4e31 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -7,6 +7,7 @@ * Copyright (C) 2003-2004 Manuel Kasper . * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2013,2014 Bill Meeks * All rights reserved. * @@ -164,6 +165,21 @@ if (empty($pconfig['arefresh'])) $pconfig['arefresh'] = 'off'; $anentries = $pconfig['alertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['save']) { if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $config['installedpackages']['snortglobal']['alertsblocks'] = array(); @@ -344,7 +360,6 @@ include_once("head.inc"); ?> - - + @@ -488,16 +503,12 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_src = $fields[6]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_src = str_replace(":", ":", $alert_ip_src); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_src .= "
"; - if ($pfs_version > 2.0) { - $alert_ip_src .= ""; - $alert_ip_src .= "

"; - } - $alert_ip_src .= ""; - $alert_ip_src .= "

"; + $alert_ip_src .= " $\"Icon$ "; /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && @@ -521,16 +532,13 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_dst = $fields[8]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_dst = str_replace(":", ":", $alert_ip_dst); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_dst .= "
"; - if ($pfs_version > 2.0) { - $alert_ip_dst .= ""; - $alert_ip_dst .= "

"; - } - $alert_ip_dst .= ""; - $alert_ip_dst .= "

"; + $alert_ip_dst .= " $\"Icon$ "; + /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) { @@ -580,11 +588,11 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { {$alert_priority} {$alert_proto} {$alert_class} - {$alert_ip_src} + {$alert_ip_src} {$alert_src_p} - {$alert_ip_dst} + {$alert_ip_dst} {$alert_dst_p} - {$alert_sid_str}
{$sidsupplink} {$sid_dsbl_link} + {$alert_sid_str}
{$sidsupplink} {$sid_dsbl_link} {$alert_descr} \n"; $counter++; @@ -622,5 +630,38 @@ function encRuleSig(rulegid,rulesid,srcip,ruledescr) { document.getElementById("descr").value = ruledescr; } + + + + + diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 97301a0f..087724e3 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -7,6 +7,7 @@ * * Modified for the Pfsense snort package v. 1.8+ * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2014 Bill Meeks * * Redistribution and use in source and binary forms, with or without @@ -50,6 +51,21 @@ if (empty($pconfig['blertnumber'])) else $bnentries = $pconfig['blertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['todelete']) { $ip = ""; if ($_POST['ip']) @@ -133,7 +149,6 @@ include_once("head.inc"); ?> - - + # - + @@ -278,20 +293,16 @@ if ($savemsg) { $tmp_ip = str_replace(":", ":", $blocked_ip); /* Add reverse DNS lookup icons (two different links if pfSense version supports them) */ $rdns_link = ""; - if ($pfs_version > 2.0) { - $rdns_link .= ""; - $rdns_link .= "

"; - } - $rdns_link .= ""; - $rdns_link .= "

"; + $rdns_link .= " $\"Icon$ "; + /* use one echo to do the magic*/ echo " {$counter} {$tmp_ip}
{$rdns_link} {$blocked_desc} - + \n"; @@ -325,5 +336,38 @@ if ($savemsg) { + + + + + diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 8c31d55d..8d9aa6ba 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -157,8 +157,8 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, - // and toggle it back to default if present; otherwise, - // add it to the appropriate modified SID list. + // and toggle if present; otherwise, add it to the + // appropriate modified SID list. if (isset($enablesid[$gid][$sid])) { unset($enablesid[$gid][$sid]); $disablesid[$gid][$sid] = "disablesid"; @@ -600,8 +600,8 @@ if ($savemsg) { - - + + @@ -668,7 +668,7 @@ if ($savemsg) { $message = snort_get_msg($v['rule']); // description field $sid_tooltip = gettext("View the raw text for this rule"); - echo "{$textss} + echo "{$textss} - - + + @@ -777,7 +777,7 @@ if ($savemsg) { else $policy = "none"; - echo "{$textss} + echo "{$textss} - + @@ -263,7 +263,7 @@ if ($savemsg) // Use "echo" to write the table HTML row-by-row. echo "" . - "{$sid} {$supplink}" . + "{$sid} {$supplink}" . "{$protocol}" . "{$source}" . "{$destination}" . -- cgit v1.2.3