From 0658a395c7f58ab71ded200da28db4d45f303d8a Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 27 Jul 2014 11:32:17 -0400 Subject: Add missing equals sign in front of string value. --- config/snort/snort_passlist_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config/snort') diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index f501e0fc..1e4eb4aa 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -285,7 +285,7 @@ if ($savemsg) -     "/> -- cgit v1.2.3 From 90de2ad4b64a563f389d7b0f3bef1e97235ed953 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 27 Jul 2014 22:03:04 -0400 Subject: Fix so we don't lose typed field values when selecting an Alias. --- config/snort/snort_passlist_edit.php | 134 +++++++++++++++++++++++------------ 1 file changed, 87 insertions(+), 47 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 1e4eb4aa..d5b89877 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -39,6 +39,8 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +$pconfig = array(); + if ($_POST['cancel']) { header("Location: /snort/snort_passlist.php"); exit; @@ -52,24 +54,63 @@ $a_passlist = &$config['installedpackages']['snortglobal']['whitelist']['item']; if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -elseif (isset($_GET['id']) && is_numericint($_GET['id'])) +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) { $id = htmlspecialchars($_GET['id']); +} /* Should never be called without identifying list index, so bail */ if (is_null($id)) { - header("Location: /snort/snort_interfaces_whitelist.php"); + header("Location: /snort/snort_passlist.php"); exit; } +if (isset($id) && isset($a_passlist[$id])) { + /* Retrieve saved settings */ + $pconfig['name'] = $a_passlist[$id]['name']; + $pconfig['uuid'] = $a_passlist[$id]['uuid']; + $pconfig['address'] = $a_passlist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); + $pconfig['localnets'] = $a_passlist[$id]['localnets']; + $pconfig['wanips'] = $a_passlist[$id]['wanips']; + $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; + $pconfig['vips'] = $a_passlist[$id]['vips']; + $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; +} + +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import") { + + // Retrieve previously typed values we passed to SELECT ALIAS page + $pconfig['name'] = htmlspecialchars($_GET['name']); + $pconfig['uuid'] = htmlspecialchars($_GET['uuid']); + $pconfig['address'] = htmlspecialchars($_GET['address']); + $pconfig['descr'] = htmlspecialchars($_GET['descr']); + $pconfig['localnets'] = htmlspecialchars($_GET['localnets'])? 'yes' : 'no'; + $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; + $pconfig['wangateips'] = htmlspecialchars($_GET['wangateips'])? 'yes' : 'no'; + $pconfig['wandnsips'] = htmlspecialchars($_GET['wandnsips'])? 'yes' : 'no'; + $pconfig['vips'] = htmlspecialchars($_GET['vips'])? 'yes' : 'no'; + $pconfig['vpnips'] = htmlspecialchars($_GET['vpnips'])? 'yes' : 'no'; + + // Now retrieve the "selected alias" returned from SELECT ALIAS page + if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); +} + /* If no entry for this passlist, then create a UUID and treat it like a new list */ -if (!isset($a_passlist[$id]['uuid'])) { +if (!isset($a_passlist[$id]['uuid']) && empty($pconfig['uuid'])) { $passlist_uuid = 0; while ($passlist_uuid > 65535 || $passlist_uuid == 0) { $passlist_uuid = mt_rand(1, 65535); $pconfig['uuid'] = $passlist_uuid; $pconfig['name'] = "passlist_{$passlist_uuid}"; } -} else +} +elseif (!empty($pconfig['uuid'])) { + $passlist_uuid = $pconfig['uuid']; +} +else $passlist_uuid = $a_passlist[$id]['uuid']; /* returns true if $name is a valid name for a pass list file name or ip */ @@ -83,28 +124,6 @@ function is_validpasslistname($name) { return false; } -if (isset($id) && $a_passlist[$id]) { - /* old settings */ - $pconfig = array(); - $pconfig['name'] = $a_passlist[$id]['name']; - $pconfig['uuid'] = $a_passlist[$id]['uuid']; - $pconfig['detail'] = $a_passlist[$id]['detail']; - $pconfig['address'] = $a_passlist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); - $pconfig['localnets'] = $a_passlist[$id]['localnets']; - $pconfig['wanips'] = $a_passlist[$id]['wanips']; - $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; - $pconfig['vips'] = $a_passlist[$id]['vips']; - $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; -} - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import") { - if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) - $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); -} - if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -126,11 +145,11 @@ if ($_POST['save']) { $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); /* check for name conflicts */ - foreach ($a_passlist as $w_list) { - if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list)) + foreach ($a_passlist as $p_list) { + if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $p_list)) continue; - if ($w_list['name'] == $_POST['name']) { + if ($p_list['name'] == $_POST['name']) { $input_errors[] = gettext("A Pass List file name with this name already exists."); break; } @@ -141,27 +160,25 @@ if ($_POST['save']) { $input_errors[] = gettext("A valid alias must be provided"); if (!$input_errors) { - $w_list = array(); + $p_list = array(); /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $passlist_uuid; - $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; - $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; - $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; - $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; - $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; - $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; - - $w_list['address'] = $_POST['address']; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; + $p_list['name'] = $_POST['name']; + $p_list['uuid'] = $passlist_uuid; + $p_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; + $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; + $p_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; + $p_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; + $p_list['vips'] = $_POST['vips']? 'yes' : 'no'; + $p_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; + $p_list['address'] = $_POST['address']; + $p_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); if (isset($id) && $a_passlist[$id]) - $a_passlist[$id] = $w_list; + $a_passlist[$id] = $p_list; else - $a_passlist[] = $w_list; + $a_passlist[] = $p_list; - write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); + write_config("Snort pkg: modified PASS LIST {$p_list['name']}."); /* create pass list and homenet file, then sync files */ sync_snort_package_config(); @@ -284,8 +301,8 @@ if ($savemsg) -          + "/> @@ -326,6 +343,29 @@ function createAutoSuggest() { setTimeout("createAutoSuggest();", 500); +function selectAlias() { + + var loc; + var fields = [ "name", "descr", "localnets", "wanips", "wangateips", "wandnsips", "vips", "vpnips", "address" ]; + + // Scrape current form field values and add to + // the select alias URL as a query string. + var loc = 'snort_select_alias.php?id=&act=import&type=host|network'; + loc = loc + '&varname=address&multi_ip=yes'; + loc = loc + '&returl='; + loc = loc + '&uuid='; + + // Iterate over just the specific form fields we want to pass to + // the select alias URL. + fields.forEach(function(entry) { + var tmp = $(entry).serialize(); + if (tmp.length > 0) + loc = loc + '&' + tmp; + }); + + window.parent.location = loc; +} + -- cgit v1.2.3 From d6633aedbe39fd7fece739cc41ad517961f6a4d2 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 27 Jul 2014 23:09:35 -0400 Subject: Revert to old behavior for rule forced enable/disable icon. Add save msg. --- config/snort/snort_rules.php | 44 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index df17efc0..8c31d55d 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -159,10 +159,14 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & // See if the target SID is in our list of modified SIDs, // and toggle it back to default if present; otherwise, // add it to the appropriate modified SID list. - if (isset($enablesid[$gid][$sid])) + if (isset($enablesid[$gid][$sid])) { unset($enablesid[$gid][$sid]); - elseif (isset($disablesid[$gid][$sid])) + $disablesid[$gid][$sid] = "disablesid"; + } + elseif (isset($disablesid[$gid][$sid])) { unset($disablesid[$gid][$sid]); + $enablesid[$gid][$sid] = "enablesid"; + } else { if ($rules_map[$gid][$sid]['disabled'] == 1) $enablesid[$gid][$sid] = "enablesid"; @@ -198,6 +202,10 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & /* Update the config.xml file. */ write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}."); + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); + + // Set a scroll-to anchor location $anchor = "rule_{$gid}_{$sid}"; } elseif ($_POST['disable_all'] && !empty($rules_map)) { @@ -237,6 +245,9 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['enable_all'] && !empty($rules_map)) { @@ -274,6 +285,9 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetcategory'] && !empty($rules_map)) { @@ -313,6 +327,9 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetall'] && !empty($rules_map)) { @@ -322,9 +339,13 @@ elseif ($_POST['resetall'] && !empty($rules_map)) { /* Update the config.xml file. */ write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } else if ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); + clear_subsystem_dirty('snort_rules'); } elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); @@ -365,6 +386,8 @@ elseif ($_POST['save']) { $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. "); $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules."); } + + clear_subsystem_dirty('snort_rules'); } else if ($_POST['apply']) { /* Save new configuration */ @@ -382,9 +405,11 @@ else if ($_POST['apply']) { /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('snort_rules'); } -require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); @@ -411,6 +436,11 @@ if ($savemsg) { + +

+" . gettext("Click APPLY when finished to send the changes to the running configuration."));?> + + @@ -2205,6 +2215,29 @@ function wopen(url, name, w, h) win.focus(); } +function selectAlias() { + + var loc; + var fields = [ "sf_portscan", "pscan_protocol", "pscan_type", "pscan_sense_level", "pscan_memcap", "pscan_ignore_scanners" ]; + + // Scrape current form field values and add to + // the select alias URL as a query string. + var loc = 'snort_select_alias.php?id=&act=import&type=host|network'; + loc = loc + '&varname=pscan_ignore_scanners&multi_ip=yes'; + loc = loc + '&returl='; + loc = loc + '&uuid='; + + // Iterate over just the specific form fields we want to pass to + // the select alias URL. + fields.forEach(function(entry) { + var tmp = $(entry).serialize(); + if (tmp.length > 0) + loc = loc + '&' + tmp; + }); + + window.parent.location = loc; +} + // Set initial state of form controls enable_change_all(); -- cgit v1.2.3 From 29d04728a1f94feeefe8a8df07a6343fa554ca9b Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 28 Jul 2014 11:42:51 -0400 Subject: Bump Snort GUI package version to v3.1.2 -- bug fixes. --- config/snort/snort.inc | 2 +- config/snort/snort.xml | 4 ++-- config/snort/snort_migrate_config.php | 2 +- config/snort/snort_post_install.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 2a6d006a..44a14c9e 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -51,7 +51,7 @@ $snortver = array(); exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); /* Used to indicate latest version of this include file has been loaded */ -$pfSense_snort_version = "3.1.1"; +$pfSense_snort_version = "3.1.2"; /* get installed package version for display */ $snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 3feede80..663ce4eb 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ Currently there are no FAQ items provided. Snort 2.9.6.2 - Services:2.9.6.2 pkg v3.1.1 + Services:2.9.6.2 pkg v3.1.2 /usr/local/pkg/snort/snort.inc Snort @@ -279,7 +279,7 @@ diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 5e1e5113..af02261f 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -459,7 +459,7 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.1"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.2"; log_error("[Snort] Saving configuration settings in new format..."); write_config("Snort pkg: migrate existing settings to new format as part of package upgrade."); log_error("[Snort] Settings successfully migrated to new configuration format..."); diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 25be448a..c1be72cc 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -178,7 +178,7 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.1"; +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.1.2"; write_config("Snort pkg: post-install configuration saved."); /* Done with post-install, so clear flag */ -- cgit v1.2.3 From b352a0d92278a3c94d536cd44b1ec0807a7c4980 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 29 Jul 2014 15:52:48 -0400 Subject: Fix-up URLs for Snort rule subscription sign-ups. --- config/snort/snort_interfaces_global.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 849dea8f..195e1a5e 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -219,8 +219,8 @@ if ($input_errors) -
"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = ""; @@ -608,7 +638,7 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; @@ -714,7 +744,7 @@ if ($savemsg) { $textse = ""; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = ""; @@ -727,7 +757,7 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; -- cgit v1.2.3 From 976b82312d5ed896c4858d6d0823e40f312b3b4f Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 28 Jul 2014 11:34:31 -0400 Subject: Fix Port Scan select alias behavior to not lose previous values. --- config/snort/snort_preprocessors.php | 37 ++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index da1c515e..133c0513 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -240,7 +240,17 @@ $disabled_rules_log = "{$if_friendly}_disabled_preproc_rules.log"; // Check for returned "selected alias" if action is import if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); + + // Retrieve previously typed values we passed to SELECT ALIAS page + $pconfig['sf_portscan'] = htmlspecialchars($_GET['sf_portscan'])? 'on' : 'off'; + $pconfig['pscan_ignore_scanners'] = htmlspecialchars($_GET['pscan_ignore_scanners']); + $pconfig['pscan_protocol'] = htmlspecialchars($_GET['pscan_protocol']); + $pconfig['pscan_type'] = htmlspecialchars($_GET['pscan_type']); + $pconfig['pscan_memcap'] = htmlspecialchars($_GET['pscan_memcap']); + $pconfig['pscan_sense_level'] = htmlspecialchars($_GET['pscan_sense_level']); + + // Now retrieve the "selected alias" returned from SELECT ALIAS page + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); } // Handle deleting of any of the multiple configuration engines @@ -1237,7 +1247,7 @@ if ($savemsg) { value="" title="">  " . gettext("\$HOME_NET") . ""; ?>. - "/>
 
- +

+
-- cgit v1.2.3 From 51b3fc2899bc8d38552d003a8f9a92d991b90d59 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 29 Jul 2014 18:26:35 -0400 Subject: Include Link-Local address in HOME_NET and default Pass List --- config/snort/snort.inc | 83 +++++++++++++++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 32 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 44a14c9e..7bf148ca 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -363,27 +363,33 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } } - /* Handle IPv6 if available (2.1 and higher) */ - if (function_exists('get_interface_ipv6')) { - $snortip = get_interface_ipv6($snortcfg['interface']); - if (!$whitelist || $localnet == 'yes' || empty($localnet)) { - if (is_ipaddrv6($snortip)) { - if ($snortcfg['interface'] <> "wan") { - $sn = get_interface_subnetv6($snortcfg['interface']); - $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + $snortip = get_interface_ipv6($snortcfg['interface']); + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { + if (is_ipaddrv6($snortip)) { + if ($snortcfg['interface'] <> "wan") { + $sn = get_interface_subnetv6($snortcfg['interface']); + $ip = gen_subnetv6($snortip, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; } } - else { - if (is_ipaddrv6($snortip)) { - if (!in_array($snortip, $home_net)) - $home_net[] = $snortip; - } + } + else { + if (is_ipaddrv6($snortip)) { + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } + // Add link-local address + $snortip = get_interface_linklocal($snortcfg['interface']); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; + } + if (!$whitelist || $localnet == 'yes' || empty($localnet)) { /*************************************************************************/ /* Iterate through the interface list and write out whitelist items and */ @@ -402,16 +408,22 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - if ($int == "wan") - continue; - $subnet = get_interface_ipv6($int); - if (is_ipaddrv6($subnet)) { - $sn = get_interface_subnetv6($int); - $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + + $subnet = get_interface_ipv6($int); + if (is_ipaddrv6($subnet)) { + $sn = get_interface_subnetv6($int); + $ip = gen_subnetv6($subnet, $sn). "/{$sn}"; + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + + // Add link-local address + $snortip = get_interface_linklocal($int); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } } @@ -422,12 +434,19 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { if (!in_array($ip, $home_net)) $home_net[] = $ip; } - if (function_exists("get_interface_ipv6")) { - $ip = get_interface_ipv6("wan"); - if (is_ipaddrv6($ip)) { - if (!in_array($ip, $home_net)) - $home_net[] = $ip; - } + $ip = get_interface_ipv6("wan"); + if (is_ipaddrv6($ip)) { + if (!in_array($ip, $home_net)) + $home_net[] = $ip; + } + + // Add link-local address + $snortip = get_interface_linklocal("wan"); + if (!empty($snortip)) { + // Trim off the interface designation (e.g., %em1) + $snortip = substr($snortip, 0, strpos($snortip, "%")); + if (!in_array($snortip, $home_net)) + $home_net[] = $snortip; } } -- cgit v1.2.3 From 7a3029b2666932137ced2cf276f2c957c1ec8dd8 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 29 Jul 2014 19:37:48 -0400 Subject: Fix typo in hyperlink to GLOBAL SETTINGS tab. --- config/snort/snort_download_updates.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config/snort') diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 7f8bc7a1..ff05bdfd 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -251,7 +251,7 @@ include_once("head.inc");

  Global Settings Tab' . gettext(' to select rule types.'); ?> + gettext('Visit the ') . 'Global Settings Tab' . gettext(' to select rule types.'); ?>


-- cgit v1.2.3 From 12ae9bfc819ec6cdf3742db9bd8897c10e2b20c8 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 6 Aug 2014 13:29:15 -0400 Subject: Fix error preventing rules rebuild when duplicating an interface. --- config/snort/snort_interfaces_edit.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index ca8d03ee..fb573a73 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -176,6 +176,9 @@ if ($_POST["save"] && !$input_errors) { /* if no errors write to conf */ if (!$input_errors) { + /* Most changes don't require a rules rebuild, so default to "off" */ + $rebuild_rules = false; + $natent = $a_rule[$id]; $natent['interface'] = $_POST['interface']; $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; @@ -360,9 +363,6 @@ if ($_POST["save"] && !$input_errors) { /* Save configuration changes */ write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); - /* Most changes don't require a rules rebuild, so default to "off" */ - $rebuild_rules = false; - /* Update snort.conf and snort.sh files for this interface */ sync_snort_package_config(); -- cgit v1.2.3 From a7282dff6730944265a74a5df9fb78f8ae57a3a8 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 11 Aug 2014 10:26:44 -0400 Subject: More fixes for Link-Local addresses in HOME_NET and Pass Lists. --- config/snort/snort.inc | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 7bf148ca..e442755a 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -333,9 +333,11 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $home_net = explode(" ", trim(filter_expand_alias($list['address']))); } - /* Always add loopback to HOME_NET and whitelist (ftphelper) */ + /* Always add loopback addresses to HOME_NET and whitelist */ if (!in_array("127.0.0.1", $home_net)) $home_net[] = "127.0.0.1"; + if (!in_array("::1", $home_net)) + $home_net[] = "::1"; /********************************************************************/ /* Always put the interface running Snort in HOME_NET and whitelist */ @@ -376,6 +378,9 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } else { if (is_ipaddrv6($snortip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); if (!in_array($snortip, $home_net)) $home_net[] = $snortip; } @@ -384,8 +389,9 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { // Add link-local address $snortip = get_interface_linklocal($snortcfg['interface']); if (!empty($snortip)) { - // Trim off the interface designation (e.g., %em1) - $snortip = substr($snortip, 0, strpos($snortip, "%")); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); if (!in_array($snortip, $home_net)) $home_net[] = $snortip; } @@ -420,8 +426,9 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { // Add link-local address $snortip = get_interface_linklocal($int); if (!empty($snortip)) { - // Trim off the interface designation (e.g., %em1) - $snortip = substr($snortip, 0, strpos($snortip, "%")); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); if (!in_array($snortip, $home_net)) $home_net[] = $snortip; } @@ -436,6 +443,9 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { } $ip = get_interface_ipv6("wan"); if (is_ipaddrv6($ip)) { + // Trim off the interface designation (e.g., %em1) if present + if (strpos($ip, "%") !== FALSE) + $ip = substr($ip, 0, strpos($ip, "%")); if (!in_array($ip, $home_net)) $home_net[] = $ip; } @@ -443,8 +453,9 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { // Add link-local address $snortip = get_interface_linklocal("wan"); if (!empty($snortip)) { - // Trim off the interface designation (e.g., %em1) - $snortip = substr($snortip, 0, strpos($snortip, "%")); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($snortip, "%") !== FALSE) + $snortip = substr($snortip, 0, strpos($snortip, "%")); if (!in_array($snortip, $home_net)) $home_net[] = $snortip; } @@ -460,11 +471,12 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $gw = get_interface_gateway($snortcfg['interface']); if (is_ipaddr($gw) && !in_array($gw, $home_net)) $home_net[] = $gw; - if (function_exists("get_interface_gateway_v6")) { - $gw = get_interface_gateway_v6($snortcfg['interface']); - if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) - $home_net[] = $gw; - } + $gw = get_interface_gateway_v6($snortcfg['interface']); + // Trim off the interface designation (e.g., %em1) if present + if (strpos($gw, "%") !== FALSE) + $gw = substr($gw, 0, strpos($gw, "%")); + if (is_ipaddrv6($gw) && !in_array($gw, $home_net)) + $home_net[] = $gw; } if ($wandns == 'yes') { -- cgit v1.2.3 From 409def867de5eabfb4295dd74c297daafa4e3641 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 14 Aug 2014 14:58:26 -0400 Subject: Fix-up reverse DNS lookup and table sorting for pfSense 2.2. --- config/snort/snort_alerts.php | 83 ++++++++++++++++++++++++++--------- config/snort/snort_blocked.php | 68 +++++++++++++++++++++++----- config/snort/snort_rules.php | 16 +++---- config/snort/snort_rules_flowbits.php | 4 +- 4 files changed, 128 insertions(+), 43 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 1c9d8492..c04f4e31 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -7,6 +7,7 @@ * Copyright (C) 2003-2004 Manuel Kasper . * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2013,2014 Bill Meeks * All rights reserved. * @@ -164,6 +165,21 @@ if (empty($pconfig['arefresh'])) $pconfig['arefresh'] = 'off'; $anentries = $pconfig['alertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['save']) { if (!is_array($config['installedpackages']['snortglobal']['alertsblocks'])) $config['installedpackages']['snortglobal']['alertsblocks'] = array(); @@ -344,7 +360,6 @@ include_once("head.inc"); ?> - - + @@ -488,16 +503,12 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_src = $fields[6]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_src = str_replace(":", ":​", $alert_ip_src); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_src .= "
"; - if ($pfs_version > 2.0) { - $alert_ip_src .= ""; - $alert_ip_src .= " "; - } - $alert_ip_src .= ""; - $alert_ip_src .= ""; + $alert_ip_src .= "\"Icon"; /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && @@ -521,16 +532,13 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { $alert_ip_dst = $fields[8]; /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); + /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */ $alert_ip_dst .= "
"; - if ($pfs_version > 2.0) { - $alert_ip_dst .= ""; - $alert_ip_dst .= " "; - } - $alert_ip_dst .= ""; - $alert_ip_dst .= ""; + $alert_ip_dst .= "\"Icon"; + /* Add icons for auto-adding to Suppress List if appropriate */ if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) && !isset($supplist[$fields[1]][$fields[2]]['by_dst'][$fields[8]])) { @@ -580,11 +588,11 @@ if (file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert")) { {$alert_priority} {$alert_proto} {$alert_class} - {$alert_ip_src} + {$alert_ip_src} {$alert_src_p} - {$alert_ip_dst} + {$alert_ip_dst} {$alert_dst_p} - {$alert_sid_str}
{$sidsupplink}  {$sid_dsbl_link} + {$alert_sid_str}
{$sidsupplink}  {$sid_dsbl_link} {$alert_descr} \n"; $counter++; @@ -622,5 +630,38 @@ function encRuleSig(rulegid,rulesid,srcip,ruledescr) { document.getElementById("descr").value = ruledescr; } + + + + + diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index 97301a0f..087724e3 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -7,6 +7,7 @@ * * Modified for the Pfsense snort package v. 1.8+ * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2014 Jim Pingle jim@pingle.org * Copyright (C) 2014 Bill Meeks * * Redistribution and use in source and binary forms, with or without @@ -50,6 +51,21 @@ if (empty($pconfig['blertnumber'])) else $bnentries = $pconfig['blertnumber']; +# --- AJAX REVERSE DNS RESOLVE Start --- +if (isset($_POST['resolve'])) { + $ip = strtolower($_POST['resolve']); + $res = (is_ipaddr($ip) ? gethostbyaddr($ip) : ''); + + if ($res && $res != $ip) + $response = array('resolve_ip' => $ip, 'resolve_text' => $res); + else + $response = array('resolve_ip' => $ip, 'resolve_text' => gettext("Cannot resolve")); + + echo json_encode(str_replace("\\","\\\\", $response)); // single escape chars can break JSON decode + exit; +} +# --- AJAX REVERSE DNS RESOLVE End --- + if ($_POST['todelete']) { $ip = ""; if ($_POST['ip']) @@ -133,7 +149,6 @@ include_once("head.inc"); ?> - - + # - + @@ -278,20 +293,16 @@ if ($savemsg) { $tmp_ip = str_replace(":", ":​", $blocked_ip); /* Add reverse DNS lookup icons (two different links if pfSense version supports them) */ $rdns_link = ""; - if ($pfs_version > 2.0) { - $rdns_link .= ""; - $rdns_link .= " "; - } - $rdns_link .= ""; - $rdns_link .= ""; + $rdns_link .= "\"Icon"; + /* use one echo to do the magic*/ echo " {$counter} {$tmp_ip}
{$rdns_link} {$blocked_desc} - + \n"; @@ -325,5 +336,38 @@ if ($savemsg) { + + + + + diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 8c31d55d..8d9aa6ba 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -157,8 +157,8 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, - // and toggle it back to default if present; otherwise, - // add it to the appropriate modified SID list. + // and toggle if present; otherwise, add it to the + // appropriate modified SID list. if (isset($enablesid[$gid][$sid])) { unset($enablesid[$gid][$sid]); $disablesid[$gid][$sid] = "disablesid"; @@ -600,8 +600,8 @@ if ($savemsg) { - -   + +   @@ -668,7 +668,7 @@ if ($savemsg) { $message = snort_get_msg($v['rule']); // description field $sid_tooltip = gettext("View the raw text for this rule"); - echo "{$textss} + echo "{$textss} - -   + +   @@ -777,7 +777,7 @@ if ($savemsg) { else $policy = "none"; - echo "{$textss} + echo "{$textss} - + @@ -263,7 +263,7 @@ if ($savemsg) // Use "echo" to write the table HTML row-by-row. echo "" . - "{$sid} {$supplink}" . + "{$sid} {$supplink}" . "{$protocol}" . "{$source}" . "{$destination}" . -- cgit v1.2.3