From 8c0fcc9d45f382d5f171adaf5bba112b0172d566 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 3 Aug 2011 15:43:43 +0000 Subject: Another round of fixes for whitelist and suppress. Also correct behaviour of some GUI. --- config/snort/snort.inc | 128 +++++++++-------------- config/snort/snort_interfaces.php | 3 +- config/snort/snort_interfaces_edit.php | 27 ++--- config/snort/snort_interfaces_suppress_edit.php | 14 ++- config/snort/snort_interfaces_whitelist_edit.php | 6 +- 5 files changed, 69 insertions(+), 109 deletions(-) (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index c375766f..cbbebf26 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -79,7 +79,7 @@ function find_whitelist_key($find_wlist_number) { return 0; /* XXX */ foreach ($config['installedpackages']['snortglobal']['whitelist']['item'] as $w_key => $value) { - if ($value['uuid'] == $find_wlist_number) + if ($value['name'] == $find_wlist_number) return $w_key; } } @@ -93,8 +93,8 @@ function find_suppress_key($find_slist_number) { if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) return 0; /* XXX */ - foreach ($config['installedpackages']['snortglobal']['supppress']['item'] as $s_key => $value) { - if ($value['uuid'] == $find_slist_number) + foreach ($config['installedpackages']['snortglobal']['suppress']['item'] as $s_key => $value) { + if ($value['name'] == $find_slist_number) return $s_key; } } @@ -1023,12 +1023,6 @@ function sync_snort_package_all($id, $if_real, $snort_uuid) $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; $if_real = snort_get_real_interface($result_lan); - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); - /* only build whitelist when needed */ if ($config['installedpackages']['snortglobal']['rule'][$id]['blockoffenders7'] == 'on') create_snort_whitelist($id, $if_real); @@ -1037,6 +1031,12 @@ function sync_snort_package_all($id, $if_real, $snort_uuid) if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') create_snort_suppress($id, $if_real); + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); + /* create snort bootup file snort.sh only create once */ create_snort_sh(); @@ -1073,12 +1073,6 @@ function sync_snort_package_empty() $snort_uuid = $value['uuid']; if ($if_real != '' && $snort_uuid != '') { - - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - - /* if rules exist cp rules to each iface */ - create_rules_iface($id, $if_real, $snort_uuid); /* only build whitelist when needed */ if ($value['blockoffenders7'] == 'on') @@ -1088,6 +1082,12 @@ function sync_snort_package_empty() if ($value['suppresslistname'] != 'default') create_snort_suppress($id, $if_real); + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + + /* if rules exist cp rules to each iface */ + create_rules_iface($id, $if_real, $snort_uuid); + /* create barnyard2 configuration file */ $snortbarnyardlog_info_chk = $value['barnyard_enable']; if ($snortbarnyardlog_info_chk == 'on') @@ -1130,9 +1130,6 @@ function sync_snort_package_config() if (!empty($if_real) && !empty($snort_uuid)) { - /* create snort configuration file */ - create_snort_conf($id, $if_real, $snort_uuid); - /* only build whitelist when needed */ if ($value['blockoffenders7'] == 'on') create_snort_whitelist($id, $if_real); @@ -1141,6 +1138,9 @@ function sync_snort_package_config() if ($value['suppresslistname'] != 'default') create_snort_suppress($id, $if_real); + /* create snort configuration file */ + create_snort_conf($id, $if_real, $snort_uuid); + /* create barnyard2 configuration file */ if ($value['barnyard_enable'] == 'on') create_barnyard2_conf($id, $if_real, $snort_uuid); @@ -1167,28 +1167,21 @@ function create_snort_suppress($id, $if_real) { return; if ($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'] != 'default') { + $whitelist_key_s = find_suppress_key($config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname']); + if (empty($whitelist_key_s)) + return ""; - if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['suppresslistname'], $slist_num_wrt)) { - $whitelist_key_s = find_suppress_key($slist_num_wrt[0]); + /* file name */ + $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; - /* file name */ - $suppress_file_name = $config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['name']; - - /* Message */ - $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; + /* Message */ + $s_data .= '# This file is auto generated by the snort package. Please do not edit this file by hand.' . "\n\n"; - /* user added arguments */ - $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); + /* user added arguments */ + $s_data .= str_replace("\r", "", base64_decode($config['installedpackages']['snortglobal']['suppress']['item'][$whitelist_key_s]['suppresspassthru'])); - /* open snort's whitelist for writing */ - $suppresslist_w = fopen("/usr/local/etc/snort/suppress/$suppress_file_name", "w"); - if(!$suppresslist_w) { - log_error("Could not open /usr/local/etc/snort/suppress/$suppress_file_name for writing."); - return; - } - fwrite($suppresslist_w, $s_data); - fclose($suppresslist_w); - } + /* open snort's whitelist for writing */ + @file_put_contents("/usr/local/etc/snort/suppress/$suppress_file_name", $s_data); } } @@ -1204,39 +1197,20 @@ function create_snort_whitelist($id, $if_real) { $w_data = build_base_whitelist('whitelist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); /* open snort's whitelist for writing */ - $whitelist_w = fopen("/usr/local/etc/snort/whitelist/defaultwlist", "w"); - if (!$whitelist_w) { - log_error("Could not open /usr/local/etc/snort/whitelist/defaultwlist for writing."); - return; - } - fwrite($whitelist_w, $w_data); - fclose($whitelist_w); - - } else if (preg_match('/^([a-zA-z0-9]+)/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_name_wrt)) { - if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $wlist_num_wrt)) { - $whitelist_key_w = find_whitelist_key($wlist_num_wrt[0]); + @file_put_contents("/usr/local/etc/snort/whitelist/defaultwlist", $w_data); - if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - return; + } else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'])) { + $whitelist_key_w = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['whitelistname']); - $build_netlist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['snortlisttype']; - $wanip = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wanips']; - $wangw = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wangateips']; - $wandns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['wandnsips']; - $vips = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vips']; - $vpns = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]['vpnips']; + if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + return; - $w_data = build_base_whitelist($build_netlist, $wanip, $wangw, $wandns, $vips, $vpns, $whitelist_key_w); + $whitelist = $config['installedpackages']['snortglobal']['whitelist']['item'][$whitelist_key_w]; + $w_data = build_base_whitelist($whitelist['snortlisttype'], $whitelist['wanips'], $whitelist['wangateips'], + $whitelist['wandnsips'], $whitelist['vips'], $whitelist['vpnips'], $whitelist_key_w); - /* open snort's whitelist for writing */ - $whitelist_w = fopen("/usr/local/etc/snort/whitelist/$wlist_name_wrt[0]", "w"); - if(!$whitelist_w) { - log_error("Could not open /usr/local/etc/snort/whitelist/$wlist_name_wrt[0] for writing."); - return; - } - fwrite($whitelist_w, $w_data); - fclose($whitelist_w); - } + /* open snort's whitelist for writing */ + @file_put_contents("/usr/local/etc/snort/whitelist/" . $config['installedpackages']['snortglobal']['rule'][$id]['whitelistname'], $w_data); } } @@ -1245,8 +1219,8 @@ function create_snort_homenet($id, $if_real) { if ($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == 'default' || $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'] == '') return build_base_whitelist('netlist', 'yes', 'yes', 'yes', 'yes', 'yes', 'no'); - else if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['homelistname'], $hlist_num_wrt)) { - $whitelist_key_h = find_whitelist_key($hlist_num_wrt[0]); + else if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['homelistname'])) { + $whitelist_key_h = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['homelistname']); if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) return; @@ -1265,8 +1239,8 @@ function create_snort_homenet($id, $if_real) { function create_snort_externalnet($id, $if_real) { global $config, $g; - if (preg_match('/([0-9]+)$/', $config['installedpackages']['snortglobal']['rule'][$id]['externallistname'], $exlist_num_wrt)) { - $whitelist_key_ex = find_whitelist_key($exlist_num_wrt[0]); + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['externallistname'])) { + $whitelist_key_ex = find_whitelist_key($config['installedpackages']['snortglobal']['rule'][$id]['externallistname']); if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) return; @@ -1740,23 +1714,19 @@ function generate_snort_conf($id, $if_real, $snort_uuid) /* define spoink */ $spoink_type = ""; if ($snortcfg['blockoffenders7'] == "on") { - if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['whitelistname'], $wlist_name_file)) { - if ($wlist_name_file[0] == 'default') - $spoink_whitelist_name = 'defaultwlist'; - else - $spoink_whitelist_name = $wlist_name_file[0]; + if ($snortcfg['whitelistname'] == "default") + $spoink_whitelist_name = 'defaultwlist'; + else if (file_exists("/usr/local/etc/snort/whitelist/{$snortcfg['whitelistname']}")) + $spoink_whitelist_name = $snortcfg['whitelistname']; - $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c"; - } + $spoink_type = "output alert_pf: /usr/local/etc/snort/whitelist/{$spoink_whitelist_name},snort2c"; } /* define threshold file */ $threshold_file_name = ""; if ($snortcfg['suppresslistname'] != 'default') { - if (preg_match('/^([a-zA-z0-9]+)/', $snortcfg['suppresslistname'], $slist_name_file2)) { - $threshold_name = $slist_name_file2[0]; + if (file_exists("/usr/local/etc/snort/suppress/{$snortcfg['suppresslistname']}")) $threshold_file_name = "include /usr/local/etc/snort/suppress/{$threshold_name}"; - } } /* define servers and ports snortdefservers */ diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index a192ca43..1d91eda8 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -157,7 +157,6 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces.php"); }else{ @@ -168,8 +167,8 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) { header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - header("Location: /snort/snort_interfaces.php"); } + header("Location: /snort/snort_interfaces.php"); exit; } diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index a67ba2ac..019a8af0 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -648,24 +648,19 @@ function enable_change(enable_change) { class="formfld" id="suppresslistname"> default - "; - foreach ($slist_select as $value): - $sid += 1; - $ilistname = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['name']; - $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$sid]['uuid']; - if ($ilistname == $slist_sub[0]){ - echo ""; + if (is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { + $slist_select = $config['installedpackages']['snortglobal']['suppress']['item']; + foreach ($slist_select as $value) { + $ilistname = $value['name']; + if ($ilistname == $pconfig['suppresslistname']) + echo "'; + } } - echo htmlspecialchars($ilistname) . ' - '; - endforeach; ?>
Choose the suppression or filtering file you diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index bf916500..7303349f 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -52,8 +52,8 @@ if (!is_numeric($id)) $id = 0; // XXX: safety belt -/* gen uuid for each iface !inportant */ -if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) { +/* gen uuid for each iface */ +if (is_array($config['installedpackages']['snortglobal']['suppress']['item'][$id])) { if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] == '') { //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); $suppress_uuid = 0; @@ -61,9 +61,7 @@ if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'][$i $suppress_uuid = mt_rand(1, 65535); $pconfig['uuid'] = $suppress_uuid; } - } - - if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') { + } else if ($config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid'] != '') { $suppress_uuid = $config['installedpackages']['snortglobal']['suppress']['item'][$id]['uuid']; } } @@ -98,14 +96,14 @@ if ($_POST['submit']) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; $x = is_validwhitelistname($_POST['name']); if (!isset($x)) { $input_errors[] = "Reserved word used for whitelist file name."; } else { if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; } @@ -137,7 +135,7 @@ if ($_POST['submit']) { sync_snort_package_config(); - header("Location: /snort/snort_interfaces_suppress_edit.php?id=$id"); + header("Location: /snort/snort_interfaces_suppress.php"); exit; } diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 40f92318..8c54ac5a 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -58,9 +58,7 @@ if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid' $whitelist_uuid = mt_rand(1, 65535); $pconfig['uuid'] = $whitelist_uuid; } -} - -if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { +} else if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; } @@ -209,7 +207,7 @@ if ($_POST['submit']) { /* create whitelist and homenet file then sync files */ sync_snort_package_empty(); - header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id"); + header("Location: /snort/snort_interfaces_whitelist.php"); exit; } //we received input errors, copy data to prevent retype -- cgit v1.2.3