From a101dddc6796ba2e98645ea326bb87a529b8d19d Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 25 Apr 2013 21:16:01 -0400 Subject: Update Snort package to ver 2.5.7 - bug fixes and new features --- config/snort/snort.inc | 149 +++++++++++------- config/snort/snort.xml | 2 +- config/snort/snort_alerts.php | 2 +- config/snort/snort_barnyard.php | 5 +- config/snort/snort_blocked.php | 89 ++++++----- config/snort/snort_check_for_rule_updates.php | 101 +++++++------ config/snort/snort_define_servers.php | 2 +- config/snort/snort_download_updates.php | 21 ++- config/snort/snort_interfaces.php | 208 ++++++++++++++++---------- config/snort/snort_interfaces_edit.php | 6 +- config/snort/snort_interfaces_global.php | 2 + config/snort/snort_log_view.php | 11 +- config/snort/snort_preprocessors.php | 86 +++++++++-- config/snort/snort_rules.php | 44 +++++- config/snort/snort_rules_edit.php | 18 ++- config/snort/snort_rulesets.php | 27 +++- 16 files changed, 523 insertions(+), 250 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 9988ad48..8062834f 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -33,6 +33,7 @@ require_once("pfsense-utils.inc"); require_once("config.inc"); require_once("functions.inc"); +require_once("service-utils.inc"); // Needed on 2.0 because of filter_get_vpns_list() require_once("filter.inc"); @@ -44,13 +45,16 @@ global $snort_community_rules_filename, $snort_community_rules_url, $emergingthr /* package version */ $snort_version = "2.9.4.1"; -$pfSense_snort_version = "2.5.6"; +$pfSense_snort_version = "2.5.7"; $snort_package_version = "Snort {$snort_version} pkg v. {$pfSense_snort_version}"; // Define SNORTDIR and SNORTLIBDIR constants according to FreeBSD version (PBI support or no PBI) if (floatval(php_uname("r")) >= 8.3) { exec("/usr/local/sbin/pbi_info | grep 'snort-{$snort_version}' | xargs /usr/local/sbin/pbi_info | awk '/Prefix/ {print $2}'",$pbidirarray); $snort_pbidir = "{$pbidirarray[0]}"; + /* In case this is an initial Snort install and pbi_info() above returned null, set a sane default value */ + if (empty($snort_pbidir)) + $snort_pbidir = "/usr/pbi/snort-" . php_uname("m"); define("SNORTDIR", "{$snort_pbidir}/etc/snort"); define("SNORTLIBDIR", "{$snort_pbidir}/lib/snort"); } @@ -325,7 +329,6 @@ function snort_barnyard_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid")) { killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); - @unlink("{$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid"); } } @@ -335,12 +338,11 @@ function snort_stop($snortcfg, $if_real) { $snort_uuid = $snortcfg['uuid']; if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { killbypid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); - exec("/bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"); } snort_barnyard_stop($snortcfg, $if_real); - log_error("Interface Rule STOP for {$snortcfg['descr']}({$if_real})..."); + log_error("Snort STOP for {$snortcfg['descr']}({$if_real})..."); } function snort_barnyard_start($snortcfg, $if_real) { @@ -368,7 +370,7 @@ function snort_start($snortcfg, $if_real) { snort_barnyard_start($snortcfg, $if_real); - log_error("Interface Rule START for {$snortcfg['descr']}({$if_real})..."); + log_error("Snort START for {$snortcfg['descr']}({$if_real})..."); } function snort_get_friendly_interface($interface) { @@ -461,6 +463,7 @@ function snort_postinstall() { $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; + $rcdir = RCFILEPREFIX; /* Set flag for post-install in progress */ $is_postinstall = true; @@ -484,8 +487,8 @@ function snort_postinstall() { /* Remove any previously installed scripts since we rebuild them */ @unlink("{$snortdir}/sid"); - @unlink("/usr/local/etc/rc.d/snort"); - @unlink("/usr/local/etc/rc.d/barnyard2"); + @unlink("{$rcdir}/snort.sh"); + @unlink("{$rcdir}/barnyard2"); /* remove example library files */ $files = glob("{$snortlibdir}/dynamicrules/*_example*"); @@ -497,18 +500,25 @@ function snort_postinstall() { /* remake saved settings */ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { + log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); + log_error(gettext("[Snort] Downloading and updating configured rule types...")); @include_once("/usr/local/pkg/snort/snort_check_for_rule_updates.php"); update_status(gettext("Generating snort.conf configuration file from saved settings...")); $rebuild_rules = "on"; sync_snort_package_config(); $rebuild_rules = "off"; update_output_window(gettext("Finished rebuilding files...")); + log_error(gettext("[Snort] Finished rebuilding installation from saved settings...")); + update_status(gettext("Starting Snort using rebuilt configuration...")); + log_error(gettext("[Snort] Starting Snort using rebuilt configuration...")); + start_service("snort"); } /* Done with post-install, so clear flag */ $is_postinstall = false; + log_error(gettext("[Snort] Package post-installation tasks completed...")); } function snort_Getdirsize($node) { @@ -642,17 +652,20 @@ function snort_rm_blocked_install_cron($should_install) { } switch($should_install) { case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rm_blocked_min"; - $cron_item['hour'] = "$snort_rm_blocked_hr"; - $cron_item['mday'] = "$snort_rm_blocked_mday"; - $cron_item['month'] = "$snort_rm_blocked_month"; - $cron_item['wday'] = "$snort_rm_blocked_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; + $cron_item = array(); + $cron_item['minute'] = "$snort_rm_blocked_min"; + $cron_item['hour'] = "$snort_rm_blocked_hr"; + $cron_item['mday'] = "$snort_rm_blocked_mday"; + $cron_item['month'] = "$snort_rm_blocked_month"; + $cron_item['wday'] = "$snort_rm_blocked_wday"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; + + /* Add cron job if not already installed, else just update the existing one */ + if (!$is_installed) $config['cron']['item'][] = $cron_item; - } + elseif ($is_installed) + $config['cron']['item'][$x] = $cron_item; break; case false: if ($is_installed == true) @@ -722,17 +735,20 @@ function snort_rules_up_install_cron($should_install) { } switch($should_install) { case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "$snort_rules_up_min"; - $cron_item['hour'] = "$snort_rules_up_hr"; - $cron_item['mday'] = "$snort_rules_up_mday"; - $cron_item['month'] = "$snort_rules_up_month"; - $cron_item['wday'] = "$snort_rules_up_wday"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log"; + $cron_item = array(); + $cron_item['minute'] = "$snort_rules_up_min"; + $cron_item['hour'] = "$snort_rules_up_hr"; + $cron_item['mday'] = "$snort_rules_up_mday"; + $cron_item['month'] = "$snort_rules_up_month"; + $cron_item['wday'] = "$snort_rules_up_wday"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log"; + + /* Add cron job if not already installed, else just update the existing one */ + if (!$is_installed) $config['cron']['item'][] = $cron_item; - } + elseif ($is_installed) + $config['cron']['item'][$x] = $cron_item; break; case false: if($is_installed == true) @@ -1553,6 +1569,7 @@ function snort_create_rc() { global $config, $g; $snortdir = SNORTDIR; + $rcdir = RCFILEPREFIX; if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; @@ -1621,11 +1638,18 @@ EOE; ###### For Each Iface # Start snort and barnyard2 - if [ -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then - /bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid + if [ ! -f {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then + pid=`/bin/pgrep -xf '/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}'` + else + pid=`/bin/pgrep -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` + fi + if [ $? = 0 ]; then + /bin/pkill -HUP \$pid + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort SOFT RESTART for {$value['descr']}({$snort_uuid}_{$if_real})..." + else + /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} + /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START for {$value['descr']}({$snort_uuid}_{$if_real})..." fi - /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real} - /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START For {$value['descr']}({$snort_uuid}_{$if_real})..." sleep 2 {$start_barnyard2} @@ -1634,7 +1658,7 @@ EOE; $start_snort_iface_stop[] = << 0) { - log_error(gettext("Warning: auto-disabled {$disabled_count} rules due to disabled preprocessor dependencies.")); + log_error(gettext("[Snort] Warning: auto-disabled {$disabled_count} rules due to disabled preprocessor dependencies.")); natcasesort($log_msg); if ($fp) { /* Only write the header when not persisting the log */ @@ -2093,14 +2135,19 @@ function snort_filter_preproc_rules($snortcfg, &$active_rules, $persist_log = fa @fwrite($fp, "# automatically disabled. This behavior is controlled by the Auto-Rule Disable\n"); @fwrite($fp, "# feature on the Preprocessors tab.\n#\n"); @fwrite($fp, "# WARNING: Using the auto-disable rule feature is not recommended because it can\n"); - @fwrite($fp, "# significantly reduce the threat detection capabilities of Snort!\n#\n"); - @fwrite($fp, "# Log Format is: RULE CATEGORY GID:SID PREPROC METADATA/CONTENT PARAMETER\n#\n"); + @fwrite($fp, "# significantly reduce the threat detection capabilities of Snort!\n#"); + @fwrite($fp, "\n# In the list below, the PREPROCESSOR column is the disabled preprocessor that\n"); + @fwrite($fp, "# triggered the auto-disable of the rule represented by GID:SID. The RULE OPTION\n"); + @fwrite($fp, "# column shows the specific rule option or content modifier contained within\n"); + @fwrite($fp, "# the rule text that requires the preprocessor be enabled in order to execute.\n#"); + @fwrite($fp, "\n# RULE CATEGORY GID:SID PREPROCESSOR RULE OPTION\n"); } foreach ($log_msg as $m) { - @fwrite($fp, $m . "\n"); + $tmp = explode(",", $m); + @fwrite($fp, sprintf("%-30s %-10s %-20s %s", $tmp[0], $tmp[1], $tmp[2], $tmp[3]) . "\n"); } } - log_error(gettext("See '{$file}' for list of auto-disabled rules.")); + log_error(gettext("[Snort] See '{$file}' for list of auto-disabled rules.")); unset($log_msg); } if ($fp) @@ -2603,11 +2650,11 @@ EOD; } else { $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; - log_error("Seems preprocessor/decoder rules are missing, enabling autogeneration of them"); + log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them"); } } else { $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n"; - log_error("Seems preprocessor/decoder rules are missing, enabling autogeneration of them"); + log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them"); } /* generate rule sections to load */ @@ -2615,6 +2662,8 @@ EOD; $selected_rules_sections = "include \$RULE_PATH/{$snort_enforcing_rules_file}\n"; $selected_rules_sections .= "include \$RULE_PATH/{$flowbit_rules_file}\n"; $selected_rules_sections .= "include \$RULE_PATH/custom.rules\n"; + + /* Create the actual rules file and save in the interface directory */ snort_prepare_rule_files($snortcfg, $snortcfgdir); $cksumcheck = "all"; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 1419e3bd..2f60b7ae 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ Currently there are no FAQ items provided. Snort 2.9.4.1 - Services:2.9.4.1 pkg v. 2.5.6 + Services:2.9.4.1 pkg v. 2.5.7 /usr/local/pkg/snort/snort.inc Snort diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index e6ebefeb..3fcbe6b7 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -219,7 +219,7 @@ if ($pconfig['arefresh'] == 'on') - diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 21763745..e1de3efd 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -32,7 +32,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $rebuild_rules; $id = $_GET['id']; if (isset($_POST['id'])) @@ -87,6 +87,9 @@ if ($_POST) { } write_config(); + + /* No need to rebuild rules if just toggling Barnyard2 on or off */ + $rebuild_rules = "off"; sync_snort_package_config(); /* after click go to this page */ diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index def5dd22..295218f6 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -135,21 +135,23 @@ if ($pconfig['brefresh'] == 'on')
- - - + + + + - + +
- -
+
+ +
@@ -164,7 +166,7 @@ if ($pconfig['brefresh'] == 'on') - + @@ -179,17 +181,16 @@ if ($pconfig['brefresh'] == 'on') "number of blocked entries to view. %sDefault%s is %s500%s."), '', '', '', ''); ?> - - - -
- - - - - - - - + +
#
+ + + + + + + + - - - - - \n"; - + echo " + + + + + \n"; } - echo "\n"; - } else - echo "\n"; - - ?> + echo "\n"; + } else + echo "\n"; + ?> +
#
 {$counter} {$blocked_ip} {$blocked_desc} - \"Delete\"
 {$counter} {$blocked_ip} {$blocked_desc} + \"Delete\"
{$counter} items listed.

There are currently no items being blocked by snort.
{$counter} items listed.

There are currently no items being blocked by snort.
+
-
-
0) { download_file_with_progress_bar("{$snort_rule_url}{$snort_filename}", "{$tmpfname}/{$snort_filename}"); - if (300000 > filesize("{$tmpfname}/$snort_filename")){ + if (5000 > filesize("{$tmpfname}/{$snort_filename}")){ $max_tries--; if ($max_tries > 0) sleep(30); continue; } else break; - } - update_status(gettext("Done downloading Snort VRT rules file.")); - log_error("Snort Rules Attempts: " . (4 - $max_tries + 1)); - error_log(gettext("\tDone downloading rules file.\n"),3, $snort_rules_upd_log); - if (300000 > filesize("{$tmpfname}/$snort_filename")){ + } + if (filesize("{$tmpfname}/{$snort_filename}") == 0) { update_output_window(gettext("Snort VRT rules file download failed...")); - log_error(gettext("Snort VRT rules file download failed...")); - log_error("Failed Rules Filesize: " . filesize("{$tmpfname}/$snort_filename")); + log_error(gettext("[Snort] Snort VRT rules file download failed...")); error_log(gettext("\tSnort VRT rules file download failed. Snort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log); $snortdownload = 'off'; } + else { + update_status(gettext("Done downloading Snort VRT rules file.")); + log_error("[Snort] Snort VRT Rules Attempts: " . (4 - $max_tries + 1)); + error_log(gettext("\tDone downloading rules file.\n"),3, $snort_rules_upd_log); + if (trim(file_get_contents("{$tmpfname}/{$snort_filename_md5}")) != trim(md5_file("{$tmpfname}/{$snort_filename}"))){ + update_output_window(gettext("Snort VRT rules file download failed...")); + log_error(gettext("[Snort] Snort VRT rules file download failed...")); + log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$snort_filename}"))); + log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$snort_filename_md5}"))); + error_log(gettext("\tSnort VRT rules file download failed. Snort VRT rules will not be updated.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tDownloaded Snort VRT file MD5: " . md5_file("{$tmpfname}/{$snort_filename}") . "\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tExpected Snort VRT file MD5: " . file_get_contents("{$tmpfname}/{$snort_filename_md5}") . "\n"), 3, $snort_rules_upd_log); + $snortdownload = 'off'; + } + } } /* download md5 sig from Snort GPLv2 Community Rules */ @@ -172,7 +184,7 @@ if ($snortcommunityrules == 'on') { /* See if the file download was successful, and turn off Snort GPLv2 update if it failed. */ if (0 == filesize("{$tmpfname}/{$snort_community_rules_filename_md5}")){ update_output_window(gettext("Snort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated.")); - log_error(gettext("Snort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated.")); + log_error(gettext("[Snort] Snort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated.")); error_log(gettext("\tSnort GPLv2 Community Rules md5 file download failed. Community Rules will not be updated.\n"), 3, $snort_rules_upd_log); $snortcommunityrules = 'off'; } @@ -183,7 +195,7 @@ if ($snortcommunityrules == 'on') { $snort_comm_md5_check_old = file_get_contents("{$snortdir}/{$snort_community_rules_filename_md5}"); if ($snort_comm_md5_check_new == $snort_comm_md5_check_old) { update_status(gettext("Snort GPLv2 Community Rules are up to date...")); - log_error(gettext("Snort GPLv2 Community Rules are up to date...")); + log_error(gettext("[Snort] Snort GPLv2 Community Rules are up to date...")); error_log(gettext("\tSnort GPLv2 Community Rules are up to date.\n"), 3, $snort_rules_upd_log); $snortcommunityrules = 'off'; } @@ -193,21 +205,24 @@ if ($snortcommunityrules == 'on') { /* download Snort GPLv2 Community rules file */ if ($snortcommunityrules == "on") { update_status(gettext("There is a new set of Snort GPLv2 Community Rules posted. Downloading...")); - log_error(gettext("There is a new set of Snort GPLv2 Community Rules posted. Downloading...")); + log_error(gettext("[Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading...")); error_log(gettext("\tThere is a new set of Snort GPLv2 Community Rules posted. Downloading...\n"), 3, $snort_rules_upd_log); download_file_with_progress_bar("{$snort_community_rules_url}{$snort_community_rules_filename}", "{$tmpfname}/{$snort_community_rules_filename}"); /* Test for a valid rules file download. Turn off Snort Community update if download failed. */ - if (150000 > filesize("{$tmpfname}/{$snort_community_rules_filename}")){ + if (trim(file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}")) != trim(md5_file("{$tmpfname}/{$snort_community_rules_filename}"))){ update_output_window(gettext("Snort GPLv2 Community Rules file download failed...")); - log_error(gettext("Snort GPLv2 Community Rules file download failed...")); - log_error("Failed Rules Filesize: " . filesize("{$tmpfname}/{$snort_community_rules_filename}")); + log_error(gettext("[Snort] Snort GPLv2 Community Rules file download failed...")); + log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}"))); + log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}"))); error_log(gettext("\tSnort GPLv2 Community Rules file download failed. Community Rules will not be updated.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tDownloaded Snort GPLv2 file MD5: " . md5_file("{$tmpfname}/{$snort_community_rules_filename}") . "\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tExpected Snort GPLv2 file MD5: " . file_get_contents("{$tmpfname}/{$snort_community_rules_filename_md5}") . "\n"), 3, $snort_rules_upd_log); $snortcommunityrules = 'off'; } else { update_status(gettext('Done downloading Snort GPLv2 Community Rules file.')); - log_error("Snort GPLv2 Community Rules file update downloaded succsesfully"); + log_error("[Snort] Snort GPLv2 Community Rules file update downloaded successfully"); error_log(gettext("\tDone downloading Snort GPLv2 Community Rules file.\n"), 3, $snort_rules_upd_log); } } @@ -234,7 +249,7 @@ if ($snortcommunityrules == 'on') { /* Copy snort community md5 sig to snort dir */ if (file_exists("{$tmpfname}/{$snort_community_rules_filename_md5}")) { update_status(gettext("Copying md5 signature to snort directory...")); - @copy("{$tmpfname}/$snort_community_rules_filename_md5", "{$snortdir}/{$snort_community_rules_filename_md5}"); + @copy("{$tmpfname}/{$snort_community_rules_filename_md5}", "{$snortdir}/{$snort_community_rules_filename_md5}"); } update_status(gettext("Extraction of Snort GPLv2 Community Rules completed...")); error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log); @@ -249,18 +264,18 @@ if ($emergingthreats == 'on') { /* If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules. */ if ($vrt_enabled == "on") - $image = @file_get_contents("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/emerging.rules.tar.gz.md5"); + $image = @file_get_contents("http://rules.emergingthreats.net/open-nogpl/snort-{$emerging_threats_version}/{$emergingthreats_filename_md5}"); else - $image = @file_get_contents("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz.md5"); + $image = @file_get_contents("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/{$emergingthreats_filename_md5}"); update_status(gettext("Done downloading EmergingThreats md5")); error_log(gettext("\tChecking EmergingThreats md5.\n"), 3, $snort_rules_upd_log); @file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image); /* See if the file download was successful, and turn off ET update if it failed. */ - if (0 == filesize("{$tmpfname}/$emergingthreats_filename_md5")){ + if (0 == filesize("{$tmpfname}/{$emergingthreats_filename_md5}")){ update_output_window(gettext("EmergingThreats md5 file download failed. EmergingThreats rules will not be updated.")); - log_error(gettext("EmergingThreats md5 file download failed. EmergingThreats rules will not be updated.")); + log_error(gettext("[Snort] EmergingThreats md5 file download failed. EmergingThreats rules will not be updated.")); error_log(gettext("\tEmergingThreats md5 file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log); $emergingthreats = 'off'; } @@ -271,7 +286,7 @@ if ($emergingthreats == 'on') { $emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}"); if ($emerg_md5_check_new == $emerg_md5_check_old) { update_status(gettext("Emerging Threats rules are up to date...")); - log_error(gettext("Emerging Threat rules are up to date...")); + log_error(gettext("[Snort] Emerging Threat rules are up to date...")); error_log(gettext("\tEmerging Threats rules are up to date.\n"), 3, $snort_rules_upd_log); $emergingthreats = 'off'; } @@ -281,7 +296,7 @@ if ($emergingthreats == 'on') { /* download emergingthreats rules file */ if ($emergingthreats == "on") { update_status(gettext("There is a new set of EmergingThreats rules posted. Downloading...")); - log_error(gettext("There is a new set of EmergingThreats rules posted. Downloading...")); + log_error(gettext("[Snort] There is a new set of EmergingThreats rules posted. Downloading...")); error_log(gettext("\tThere is a new set of EmergingThreats rules posted. Downloading...\n"), 3, $snort_rules_upd_log); /* If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules. */ @@ -291,16 +306,20 @@ if ($emergingthreats == "on") { download_file_with_progress_bar("http://rules.emergingthreats.net/open/snort-{$emerging_threats_version}/emerging.rules.tar.gz", "{$tmpfname}/{$emergingthreats_filename}"); /* Test for a valid rules file download. Turn off ET update if download failed. */ - if (150000 > filesize("{$tmpfname}/$emergingthreats_filename")){ + + if (trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")) != trim(md5_file("{$tmpfname}/{$emergingthreats_filename}"))){ update_output_window(gettext("EmergingThreats rules file download failed...")); - log_error(gettext("EmergingThreats rules file download failed...")); - log_error("Failed Rules Filesize: " . filesize("{$tmpfname}/$emergingthreats_filename")); + log_error(gettext("[Snort] EmergingThreats rules file download failed...")); + log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}"))); + log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}"))); error_log(gettext("\tEmergingThreats rules file download failed. EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tDownloaded ET file MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}") . "\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tExpected ET file MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}") . "\n"), 3, $snort_rules_upd_log); $emergingthreats = 'off'; } else { update_status(gettext('Done downloading EmergingThreats rules file.')); - log_error("EmergingThreats rules file update downloaded succsesfully"); + log_error("[Snort] EmergingThreats rules file update downloaded successfully"); error_log(gettext("\tDone downloading EmergingThreats rules file.\n"), 3, $snort_rules_upd_log); } } @@ -331,9 +350,9 @@ if ($emergingthreats == 'on') { } /* Copy emergingthreats md5 sig to snort dir */ - if (file_exists("{$tmpfname}/$emergingthreats_filename_md5")) { + if (file_exists("{$tmpfname}/{$emergingthreats_filename_md5}")) { update_status(gettext("Copying md5 signature to snort directory...")); - @copy("{$tmpfname}/$emergingthreats_filename_md5", "{$snortdir}/$emergingthreats_filename_md5"); + @copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$snortdir}/{$emergingthreats_filename_md5}"); } update_status(gettext("Extraction of EmergingThreats.org rules completed...")); error_log(gettext("\tInstallation of EmergingThreats.org rules completed.\n"), 3, $snort_rules_upd_log); @@ -376,11 +395,11 @@ if ($snortdownload == 'on') { $snort_arch = php_uname("m"); $nosorules = false; if ($snort_arch == 'i386'){ - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/"); exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/$freebsd_version_so/i386/{$snort_version}/* {$snortlibdir}/dynamicrules/"); } elseif ($snort_arch == 'amd64') { - exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/"); - exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/$freebsd_version_so/x86-64/{$snort_version}/* {$snortlibdir}/dynamicrules/"); + exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/"); + exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/* {$snortlibdir}/dynamicrules/"); } else $nosorules = true; exec("rm -r {$snortdir}/tmp/so_rules"); @@ -425,7 +444,7 @@ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { update_status(gettext("Copying md5 signature to snort directory...")); - @copy("{$tmpfname}/$snort_filename_md5", "{$snortdir}/$snort_filename_md5"); + @copy("{$tmpfname}/{$snort_filename_md5}", "{$snortdir}/{$snort_filename_md5}"); } update_status(gettext("Extraction of Snort VRT rules completed...")); error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $snort_rules_upd_log); @@ -485,9 +504,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = } elseif (($vrt_enabled == 'on') && ($et_enabled == 'on')) { /* Both VRT and ET rules are enabled, so build combined */ - /* reference.config and classification.config files, but */ - /* only if we downloaded both rule sets. Otherwise we */ - /* risk creating an incomplete file. */ + /* reference.config and classification.config files. */ $cfgs = glob("{$snortdir}/tmp/*reference.config"); $cfgs[] = "{$snortdir}/reference.config"; snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config"); @@ -545,15 +562,15 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = if (is_process_running("snort")) { update_status(gettext('Restarting Snort to activate the new set of rules...')); error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, $snort_rules_upd_log); - exec("/bin/sh /usr/local/etc/rc.d/snort.sh restart"); + restart_service("snort"); update_output_window(gettext("Snort has restarted with your new set of rules...")); - log_error(gettext("Snort has restarted with your new set of rules...")); + log_error(gettext("[Snort] Snort has restarted with your new set of rules...")); error_log(gettext("\tSnort has restarted with your new set of rules.\n"), 3, $snort_rules_upd_log); } } update_status(gettext("The Rules update has finished...")); -log_error(gettext("The Rules update has finished.")); +log_error(gettext("[Snort] The Rules update has finished.")); error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $snort_rules_upd_log); conf_mount_ro(); diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 7fb435ed..b1d71631 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -33,7 +33,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $rebuild_rules; $id = $_GET['id']; if (isset($_POST['id'])) diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 369e3094..36319977 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -99,6 +99,22 @@ function popup(url) if (window.focus) {newwin.focus()} return false; } + +function wopen(url, name, w, h) +{ +// Fudge factors for window decoration space. +// In my tests these work well on all platforms & browsers. +w += 32; +h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); +} +
@@ -161,7 +177,8 @@ function popup(url) echo '

- ' . gettext("WARNING:") . '  ' . gettext('No rule types have been selected for download. "Global Settings Tab"') . '
'; + ' . gettext("WARNING:") . '  ' . gettext('No rule types have been selected for download. ') . + gettext('Visit the ') . 'Global Settings Tab' . gettext(' to select rule types.') . '
'; echo '

' . "\n"; } else { @@ -191,7 +208,7 @@ function popup(url) if ($snort_rules_upd_logfile_chk == 'yes') { echo " - "; + "; echo "          \n"; }else{ echo " diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 4f85c1f4..5419e7c0 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -28,11 +28,17 @@ * POSSIBILITY OF SUCH DAMAGE. */ +// Turn on buffering to speed up rendering +ini_set('output_buffering','true'); + +// Start buffering with a cache size of 100000 +ob_start(null, "1000"); + $nocsrf = true; require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $rebuild_rules; $snortdir = SNORTDIR; @@ -97,11 +103,11 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) { $if_friendly = snort_get_friendly_interface($snortcfg['interface']); if (snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2') == 'no') { - log_error("Toggle(barnyard starting) for {$if_friendly}({$snortcfg['descr']}}..."); + log_error("Toggle (barnyard starting) for {$if_friendly}({$if_real})..."); sync_snort_package_config(); snort_barnyard_start($snortcfg, $if_real); } else { - log_error("Toggle(barnyard stopping) for {$if_friendly}({$snortcfg['descr']}}..."); + log_error("Toggle (barnyard stopping) for {$if_friendly}({$if_real})..."); snort_barnyard_stop($snortcfg, $if_real); } @@ -117,7 +123,7 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { $if_friendly = snort_get_friendly_interface($snortcfg['interface']); if (snort_is_running($snortcfg['uuid'], $if_real) == 'yes') { - log_error("Toggle(snort stopping) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (snort stopping) for {$if_friendly}({$if_real})..."); snort_stop($snortcfg, $if_real); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -126,8 +132,12 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); } else { - log_error("Toggle(snort starting) for {$if_friendly}({$snortcfg['descr']})..."); + log_error("Toggle (snort starting) for {$if_friendly}({$if_real})..."); + + /* set flag to rebuild interface rules before starting Snort */ + $rebuild_rules = "on"; sync_snort_package_config(); + $rebuild_rules = "off"; snort_start($snortcfg, $if_real); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -194,10 +204,9 @@ if ($pfsense_stable == 'yes')
- +
- + @@ -205,18 +214,26 @@ if ($pfsense_stable == 'yes') - - + + + + + ?> + + ?> + +
   - +
- - +
- @@ -253,6 +284,7 @@ if ($pfsense_stable == 'yes') "; + echo ($no_rules) ? " " : ""; } else echo strtoupper("disabled"); ?> @@ -267,7 +299,8 @@ if ($pfsense_stable == 'yes') }else{ $check_performance = "lowmem"; } - ?> @@ -279,7 +312,8 @@ if ($pfsense_stable == 'yes') } else { $check_blockoffenders = disabled; } - ?> @@ -297,33 +331,40 @@ if ($pfsense_stable == 'yes') -   +   - - - - -
- -
+ + + +
+
+ + - + + +
+    +   + + - - - - -
" border="0">" - onclick="return confirm('Do you really want to delete the selected Snort mapping?')">
+ + + + +
" border="0"> + " + onclick="return confirm('Do you really want to delete the selected Snort mapping?')">
@@ -336,46 +377,59 @@ if ($pfsense_stable == 'yes') -
-
- - - - -

- Snort Menu where you can see an over ' . - 'view of all your interface settings.
' . - 'Please edit the Global Settings tab before adding ' . - 'an interface.'); ?>
-
-
- -
-
- Click on the "> icon to add a - interface.                                            Click - on the "> icon to start - snort and barnyard2.
- Click on the "> icon to edit a - interface and settings.                        Click - on the "> icon to stop - snort and barnyard2.
- Click on the "> icon to - delete a interface and settings.
-
- + + + + + + + + + + + + + + + + + + + + + + + + + +

+ Snort Menu where you can see an over ' . + 'view of all your interface settings. ' . + 'Please visit the Global Settings tab before adding ' . 'an interface.'); ?> +

+

+ +

+
Click on the "> icon to add + an interface. +   + Click on the "> icon to start + snort and barnyard2. +
Click on the "> icon to edit + an interface and settings. +   + Click on the "> icon to stop + snort and barnyard2. +
Click on the "> icon to + delete an interface and settings. +
+
- +
@@ -441,7 +500,8 @@ include_once("head.inc"); type="checkbox" value="on" onClick="enable_change(false)">
- + " . gettext("Checked") . ""; ?> + " . gettext("Checked") . ""; ?> + " . gettext("Checked") . ""; ?> + " . gettext("Checked") . ""; ?> + " . gettext("Checked") . ""; ?> + " . gettext("Checked") . ""; ?> + " . gettext("Checked") . ""; ?> + " . gettext("Checked") . ""; ?> @@ -521,7 +588,8 @@ include_once("head.inc"); onClick="enable_change(false)">
- + " . gettext("Checked") . ""; ?> diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 5e8e145d..59bf1339 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -212,10 +212,22 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) { exit; } +if ($_POST['clear']) { + unset($a_rule[$id]['customrules']); + write_config(); + $rebuild_rules = "on"; + snort_generate_conf($a_rule[$id]); + $rebuild_rules = "off"; + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); + exit; +} + if ($_POST['customrules']) { $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); write_config(); - sync_snort_package_config(); + $rebuild_rules = "on"; + snort_generate_conf($a_rule[$id]); + $rebuild_rules = "off"; $output = ""; $retcode = ""; exec("snort -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -T 2>&1", $output, $retcode); @@ -299,6 +311,22 @@ function popup(url) if (window.focus) {newwin.focus()} return false; } + +function wopen(url, name, w, h) +{ +// Fudge factors for window decoration space. +// In my tests these work well on all platforms & browsers. +w += 32; +h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); +} + @@ -375,11 +403,15 @@ function popup(url) + + + - @@ -390,7 +422,7 @@ function popup(url)    
+ + + @@ -81,6 +84,6 @@ $pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
Snort: Log File Viewer
@@ -71,8 +74,8 @@ $pgtitle = array(gettext("Snort"), gettext("Log File Viewer"));
-
- +
+
- + diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 5cd5a408..cf6146cf 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -35,6 +35,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; +$snortlogdir = SNORTLOGDIR; if (!is_array($config['installedpackages']['snortglobal'])) { $config['installedpackages']['snortglobal'] = array(); @@ -89,8 +90,36 @@ if (isset($id) && $a_nat[$id]) { /* the Sensitive Data (sdf) preprocessor. */ if ($vrt_enabled == "off") $pconfig['sensitive_data'] = "off"; + + /**********************************************************/ + /* To keep new users from shooting themselves in the foot */ + /* enable the most common and necessary preprocessors by */ + /* default. */ + /**********************************************************/ + if (empty($pconfig['ftp_preprocessor'])) + $pconfig['ftp_preprocessor'] = 'on'; + if (empty($pconfig['smtp_preprocessor'])) + $pconfig['smtp_preprocessor'] = 'on'; + if (empty($pconfig['dce_rpc_2'])) + $pconfig['dce_rpc_2'] = 'on'; + if (empty($pconfig['dns_preprocessor'])) + $pconfig['dns_preprocessor'] = 'on'; + if (empty($pconfig['ssl_preproc'])) + $pconfig['ssl_preproc'] = 'on'; + if (empty($pconfig['pop_preproc'])) + $pconfig['pop_preproc'] = 'on'; + if (empty($pconfig['imap_preproc'])) + $pconfig['imap_preproc'] = 'on'; + if (empty($pconfig['sip_preproc'])) + $pconfig['sip_preproc'] = 'on'; + if (empty($pconfig['other_preprocs'])) + $pconfig['other_preprocs'] = 'on'; } +/* Define the "disabled_preproc_rules.log" file for this interface */ +$iface = snort_get_friendly_interface($pconfig['interface']); +$disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log"; + if ($_POST) { $natent = array(); $natent = $pconfig; @@ -135,6 +164,10 @@ if ($_POST) { $natent['preproc_auto_rule_disable'] = $_POST['preproc_auto_rule_disable'] ? 'on' : 'off'; $natent['protect_preproc_rules'] = $_POST['protect_preproc_rules'] ? 'on' : 'off'; + /* If 'preproc_auto_rule_disable' is off, then clear log file */ + if ($natent['preproc_auto_rule_disable'] == 'off') + @unlink("{$disabled_rules_log}"); + if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; else { @@ -193,6 +226,25 @@ include_once("head.inc"); + + +
@@ -261,6 +313,13 @@ include_once("head.inc"); "disabled preprocessors, but can substantially compromise the level of protection by " . "automatically disabling detection rules."); ?> + 0): ?> + + + + +
  +    

@@ -450,7 +510,8 @@ include_once("head.inc"); type="checkbox" value="on" onClick="enable_change(false)">
-

@@ -459,7 +520,8 @@ include_once("head.inc"); type="checkbox" value="on" onClick="enable_change(false)">
-

@@ -468,7 +530,8 @@ include_once("head.inc"); type="checkbox" value="on" onClick="enable_change(false)">
-

@@ -477,7 +540,8 @@ include_once("head.inc"); type="checkbox" value="on" onClick="enable_change(false)">
-

@@ -486,7 +550,8 @@ include_once("head.inc"); type="checkbox" value="on" onClick="enable_change(false)">
-

@@ -495,7 +560,8 @@ include_once("head.inc"); type="checkbox" value="on" onClick="enable_change(false)">
-

@@ -513,7 +579,8 @@ include_once("head.inc"); type="checkbox" value="on" onClick="enable_change(false)">
-

 
 
  - - + +    +    +  
+ onclick="wopen('snort_rules_edit.php?id=&openruleset=','FileViewer',800,600)"> @@ -475,7 +507,7 @@ function popup(url) ?> " width="17" height="17" border="0"> diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 8ee6a645..7005d1f8 100755 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -113,7 +113,7 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer")); - + @@ -121,14 +121,20 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer")); - -- cgit v1.2.3
- + + + + - @@ -137,6 +143,6 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
+ Snort: Rules Viewer
+  ' . $file; ?>     +
-
- +
+
+
- + diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 1bf815fb..64998810 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -82,8 +82,10 @@ if (($snortdownload == 'off') || ($a_nat[$id]['ips_policy_enable'] != 'on')) $policy_select_disable = "disabled"; if ($a_nat[$id]['autoflowbitrules'] == 'on') { - if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) + if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && + filesize("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { $btn_view_flowb_rules = ""; + } else $btn_view_flowb_rules = " disabled"; } @@ -220,6 +222,22 @@ function popup(url) if (window.focus) {newwin.focus()} return false; } + +function wopen(url, name, w, h) +{ +// Fudge factors for window decoration space. +// In my tests these work well on all platforms & browsers. +w += 32; +h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); +} + function enable_change() { var endis = !(document.iform.ips_policy_enable.checked); @@ -265,7 +283,10 @@ function enable_change()

',$snortdir,''); ?>

- ' ,'', '' ,''); ?> + ' . gettext("Updates") . + '' . gettext(" tab to download the rules configured on the ") . + '' . gettext("Global") . + '' . gettext(" tab."); ?>
/> + />