From e8a4ccbfca3f54ddee4bcd337471cfa140c2373e Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 16 Oct 2013 19:38:17 -0400 Subject: Backout custom handler for Alias expansion and revert to native function. --- config/snort/snort.inc | 89 ++++---------------------------------------------- 1 file changed, 6 insertions(+), 83 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 81cb276c..98b80d66 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -80,83 +80,6 @@ $rebuild_rules = false; if (!is_array($config['installedpackages']['snortglobal'])) $config['installedpackages']['snortglobal'] = array(); -function snort_get_alias_value($alias) { - /***************************************************/ - /* This function returns the value of the passed */ - /* Alias, or an empty string if the value cannot */ - /* be determined. */ - /* */ - /* On Entry: $alias ==> Alias to be evaluated */ - /* Returns: Alias value as a string or an empty */ - /* string */ - /***************************************************/ - - global $config; - - $entries = array(); - $tmp = ""; - - // If no Aliases are defined in the configuration, - // return an empty string. - if (empty($config['aliases'])) - return $tmp; - - // See if we were passed a valid Alias and return - // an empty string if not. - if (!is_alias($alias)) - return $tmp; - - // We have a valid Alias, so find its value or - // values and return as a string. - return snort_unpack_alias($alias); -} - -function snort_unpack_alias($alias) { - - /**************************************************/ - /* This function unpacks an Alias to determine */ - /* the actual values it represents. Any nested */ - /* Aliases encountered are also unpacked via */ - /* recursive calls to this function. */ - /* */ - /* Fully-qualified-domain-name (FQDN) aliases */ - /* are detected and resolved via DNS. */ - /**************************************************/ - - global $config; - $value = ""; - - // Find the matching Alias entry in config - foreach ($config['aliases']['alias'] as $aliased) { - if($aliased['name'] == $alias) { - $addr = array(); - $addr = explode(" ", trim($aliased['address'])); - foreach ($addr as $a) { - if (!is_alias($a) && !empty($a)) { - if (is_ipaddr($a) || is_subnet($a) || is_port($a)) - // If address, subnet or port, we found the final value - $value .= $a . " "; - elseif (is_hostname($a)) { - // Found a FQDN value for this Alias, so resolve it - $entries = gethostbynamel($a); - if ($entries !== FALSE) - $value .= trim(implode(" ", $entries)) . " "; - else - log_error(gettext("[Snort] Failed to resolve FQDN '{$a}' in Alias '{$alias}'...")); - } - else - continue; - } - elseif (is_alias($a)) - // Found a nested Alias, so recursively resolve it - $value .= snort_unpack_alias($a) . " "; - } - return trim($value); - } - } - return $value; -} - function snort_is_single_addr_alias($alias) { /***************************************************/ /* This function evaluates the passed Alias to */ @@ -171,7 +94,7 @@ function snort_is_single_addr_alias($alias) { /***************************************************/ /* If spaces in expanded Alias, it's not a single entity */ - if (strpos(snort_get_alias_value($alias), " ") !== false) + if (strpos(trim(filter_expand_alias($alias)), " ") !== false) return false; else return true; @@ -396,7 +319,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) { $vips = $list['vips']; $vpns = $list['vpnips']; if (!empty($list['address']) && is_alias($list['address'])) { - $home_net = explode(" ", trim(snort_get_alias_value($list['address']))); + $home_net = explode(" ", trim(filter_expand_alias($list['address']))); } } @@ -2738,7 +2661,7 @@ function snort_generate_conf($snortcfg) { $portvardef = ""; foreach ($snort_ports as $alias => $avalue) { if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) - $snort_ports[$alias] = snort_get_alias_value($snortcfg["def_{$alias}"]); + $snort_ports[$alias] = trim(filter_expand_alias($snortcfg["def_{$alias}"])); $snort_ports[$alias] = preg_replace('/\s+/', ',', trim($snort_ports[$alias])); $portvardef .= "portvar " . strtoupper($alias) . " [" . $snort_ports[$alias] . "]\n"; } @@ -2931,7 +2854,7 @@ EOD; $sf_pscan_sense_level = $snortcfg['pscan_sense_level']; $sf_pscan_ignore_scanners = "\$HOME_NET"; if (!empty($snortcfg['pscan_ignore_scanners']) && is_alias($snortcfg['pscan_ignore_scanners'])) { - $sf_pscan_ignore_scanners = snort_get_alias_value($snortcfg['pscan_ignore_scanners']); + $sf_pscan_ignore_scanners = trim(filter_expand_alias($snortcfg['pscan_ignore_scanners'])); $sf_pscan_ignore_scanners = preg_replace('/\s+/', ',', trim($sf_pscan_ignore_scanners)); } @@ -3095,8 +3018,8 @@ EOD; $vardef = ""; foreach ($snort_servers as $alias => $avalue) { if (!empty($snortcfg["def_{$alias}"]) && is_alias($snortcfg["def_{$alias}"])) { - $avalue = snort_get_alias_value($snortcfg["def_{$alias}"]); - $avalue = str_replace(" ", ",", trim($avalue)); + $avalue = trim(filter_expand_alias($snortcfg["def_{$alias}"])); + $avalue = preg_replace('/\s+/', ',', trim($avalue)); } $vardef .= "var " . strtoupper($alias) . " [{$avalue}]\n"; } -- cgit v1.2.3