From b2bfa06a394c8fb439aa5064ba3dd2b3c4cdd093 Mon Sep 17 00:00:00 2001 From: robiscool Date: Thu, 3 Jun 2010 22:42:14 -0700 Subject: snort, add stream5 options, fix reload by removing chroot --- config/snort/snort.inc | 37 +- config/snort/snort_interfaces.php | 2 +- config/snort/snort_interfaces_whitelist_edit.php | 952 +++++++++++------------ config/snort/snort_preprocessors.php | 55 +- 4 files changed, 553 insertions(+), 493 deletions(-) (limited to 'config') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 28f933b2..c3fb29b2 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -311,7 +311,7 @@ global $config, $g; $snort_info_chk = $config['installedpackages']['snortglobal']['rule'][$id]['enable']; if ($snort_info_chk == 'on') { - exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}{$if_real}\" -D -q -t /var/log/snort -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); + exec("/usr/local/bin/snort -u snort -g snort -R \"{$snort_uuid}{$if_real}\" -D -q -l /var/log/snort --pid-path /var/log/snort/run -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}"); } /* define snortbarnyardlog_chk */ /* top will have trouble if the uuid is to far back */ @@ -1368,7 +1368,7 @@ $snort_sh_text2[] = << diff --git a/config/snort/snort_interfaces_whitelist_edit.php b/config/snort/snort_interfaces_whitelist_edit.php index 4f2d027b..dbb6ad5a 100644 --- a/config/snort/snort_interfaces_whitelist_edit.php +++ b/config/snort/snort_interfaces_whitelist_edit.php @@ -1,477 +1,477 @@ -. - All rights reserved. - - modified for the pfsense snort package - Copyright (C) 2009-2010 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) - $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); - -$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - - -/* gen uuid for each iface !inportant */ -if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') { - //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); -$whitelist_uuid = 0; -while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { - $whitelist_uuid = mt_rand(1, 65535); - $pconfig['uuid'] = $whitelist_uuid; - } -} - -if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { - $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; -} - -$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; - -$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validwhitelistname($name) { - if (!is_string($name)) - return false; - - if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) - return true; - - return false; -} - - -if (isset($id) && $a_whitelist[$id]) { - - /* old settings */ - $pconfig['name'] = $a_whitelist[$id]['name']; - $pconfig['uuid'] = $a_whitelist[$id]['uuid']; - $pconfig['detail'] = $a_whitelist[$id]['detail']; - $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; - $pconfig['address'] = $a_whitelist[$id]['address']; - $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); - $pconfig['wanips'] = $a_whitelist[$id]['wanips']; - $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; - $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; - $pconfig['vips'] = $a_whitelist[$id]['vips']; - $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; - - - $addresses = explode(' ', $pconfig['address']); - $address = explode(" ", $addresses[0]); - if ($address[1]) - $addresssubnettest = true; - else - $addresssubnettest = false; -} - - /* this will exec when alert says apply */ - if ($_POST['apply']) { - - if (file_exists("$d_snort_whitelist_dirty_path")) { - - write_config(); - - sync_snort_package_config(); - sync_snort_package(); - - unlink("$d_snort_whitelist_dirty_path"); - - } - - } - -if ($_POST['submit']) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "name address"); - $reqdfieldsn = explode(",", "Name,Address"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if(strtolower($_POST['name']) == "defaultwhitelist") - $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; - - $x = is_validwhitelistname($_POST['name']); - if (!isset($x)) { - $input_errors[] = "Reserved word used for whitelist file name."; - } else { - if (is_validwhitelistname($_POST['name']) == false) - $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; - } - - if (is_validwhitelistname($_POST['address']) == false) - $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset."; - - - /* check for name conflicts */ - foreach ($a_whitelist as $w_list) { - if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) - continue; - - if ($w_list['name'] == $_POST['name']) { - $input_errors[] = "A whitelist file name with this name already exists."; - break; - } - } - - - $w_list = array(); - /* post user input */ - $w_list['name'] = $_POST['name']; - $w_list['uuid'] = $whitelist_uuid; - $w_list['snortlisttype'] = $_POST['snortlisttype']; - $w_list['address'] = $_POST['address']; - $w_list['wanips'] = $_POST['wanips']? yes : no; - $w_list['wangateips'] = $_POST['wangateips']? yes : no; - $w_list['wandnsips'] = $_POST['wandnsips']? yes : no; - $w_list['vips'] = $_POST['vips']? yes : no; - $w_list['vpnips'] = $_POST['vpnips']? yes : no; - - - $address = $w_list['address']; - $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto"); - if($final_address_detail <> "") { - $final_address_details .= $final_address_detail; - } else { - $final_address_details .= "Entry added" . " "; - $final_address_details .= date('r'); - } - $final_address_details .= "||"; - $isfirst = 0; - - - /* add another entry code */ - for($x=0; $x<299; $x++) { - $comd = "\$subnet = \$_POST['address" . $x . "'];"; - eval($comd); - $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];"; - eval($comd); - if($subnet <> "") { - $address .= " "; - $address .= $subnet; - if($subnet_address <> "") $address .= "" . $subnet_address; - - /* Compress in details to a single key, data separated by pipes. - Pulling details here lets us only pull in details for valid - address entries, saving us from having to track which ones to - process later. */ - $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');"; - eval($comd); - if($final_address_detail <> "") { - $final_address_details .= $final_address_detail; - } else { - $final_address_details .= "Entry added" . " "; - $final_address_details .= date('r'); - } - $final_address_details .= "||"; - } - } - - if (!$input_errors) { - $w_list['address'] = $address; - $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $w_list['detail'] = $final_address_details; - - if (isset($id) && $a_whitelist[$id]) - $a_whitelist[$id] = $w_list; - else - $a_whitelist[] = $w_list; - - touch($d_snort_whitelist_dirty_path); - - write_config(); - - header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id"); - exit; - } - //we received input errors, copy data to prevent retype - else - { - $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $pconfig['address'] = $address; - $pconfig['detail'] = $final_address_details; - } -} - -include("head.inc"); - -?> - -"> - - - - - - -

- - -
- -
- -'; - - if($savemsg) { - print_info_box_np2("{$savemsg}"); - }else{ - print_info_box_np2(' - The Snort configuration has changed and snort needs to be restarted on this interface.
- You must apply the changes in order for them to take effect.
- '); - } - } -?> - - - - - - -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Add the name and description of the file.
Name - -
- - The list name may only consist of the characters a-z, A-Z and 0-9. Note: No Spaces. - -
Description - -
- - You may enter a description here for your reference (not parsed). - -
List Type -
- Choose the type of list you will like see in your Interface Edit Tab. Hint: Best pratice is to test every list you make. -  Note: NETLIST's are only for defining snort.conf's external or home NETS.
Add auto generated ips.
WAN IPs - /> - - Add WAN IPs to the list. - -
Wan Gateways - /> - - Add WAN Gateways to the list. - -
Wan DNS servers - /> - - Add WAN DNS servers to the list. - -
Virtual IP Addresses - /> - - Add Virtual IP Addresses to the list. - -
VPNs - /> - - Add VPN Addresses to the list. - -
Add your own custom ips.
IP or CIDR items
 - - - - - - - - - - - 0) $tracker = $counter + 1; - ?> - - - - - - - -
-
- Enter only ips or CIDR notations. Example: 192.168.4.1 or 192.168.1.0/24
-
IP or CIDR
Add a Description or leave blank and a date will be added.
- - - - - 0) - echo ""; - ?> -
- - -
  - - - - - -
-
-
- - - - - +. + All rights reserved. + + modified for the pfsense snort package + Copyright (C) 2009-2010 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['whitelist']['item'])) + $config['installedpackages']['snortglobal']['whitelist']['item'] = array(); + +$a_whitelist = &$config['installedpackages']['snortglobal']['whitelist']['item']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + + +/* gen uuid for each iface !inportant */ +if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] == '') { + //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); +$whitelist_uuid = 0; +while ($whitelist_uuid > 65535 || $whitelist_uuid == 0) { + $whitelist_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $whitelist_uuid; + } +} + +if ($config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid'] != '') { + $whitelist_uuid = $config['installedpackages']['snortglobal']['whitelist']['item'][$id]['uuid']; +} + +$pgtitle = "Services: Snort: Whitelist: Edit $whitelist_uuid"; + +$d_snort_whitelist_dirty_path = '/var/run/snort_whitelist.dirty'; + +/* returns true if $name is a valid name for a whitelist file name or ip */ +function is_validwhitelistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\.\/]/", $name)) + return true; + + return false; +} + + +if (isset($id) && $a_whitelist[$id]) { + + /* old settings */ + $pconfig['name'] = $a_whitelist[$id]['name']; + $pconfig['uuid'] = $a_whitelist[$id]['uuid']; + $pconfig['detail'] = $a_whitelist[$id]['detail']; + $pconfig['snortlisttype'] = $a_whitelist[$id]['snortlisttype']; + $pconfig['address'] = $a_whitelist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_whitelist[$id]['descr']); + $pconfig['wanips'] = $a_whitelist[$id]['wanips']; + $pconfig['wangateips'] = $a_whitelist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_whitelist[$id]['wandnsips']; + $pconfig['vips'] = $a_whitelist[$id]['vips']; + $pconfig['vpnips'] = $a_whitelist[$id]['vpnips']; + + + $addresses = explode(' ', $pconfig['address']); + $address = explode(" ", $addresses[0]); + if ($address[1]) + $addresssubnettest = true; + else + $addresssubnettest = false; +} + + /* this will exec when alert says apply */ + if ($_POST['apply']) { + + if (file_exists("$d_snort_whitelist_dirty_path")) { + + write_config(); + + sync_snort_package_config(); + sync_snort_package(); + + unlink("$d_snort_whitelist_dirty_path"); + + } + + } + +if ($_POST['submit']) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "name address"); + $reqdfieldsn = explode(",", "Name,Address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultwhitelist") + $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; + + $x = is_validwhitelistname($_POST['name']); + if (!isset($x)) { + $input_errors[] = "Reserved word used for whitelist file name."; + } else { + if (is_validwhitelistname($_POST['name']) == false) + $input_errors[] = "Whitelist file name may only consist of the characters a-z, A-Z and 0-9 _. Note: No Spaces. Press Cancel to reset."; + } + + if (is_validwhitelistname($_POST['address']) == false) + $input_errors[] = "Whitelist address may only consist of the characters 0-9 and /. Note: No Spaces. Press Cancel to reset."; + + + /* check for name conflicts */ + foreach ($a_whitelist as $w_list) { + if (isset($id) && ($a_whitelist[$id]) && ($a_whitelist[$id] === $w_list)) + continue; + + if ($w_list['name'] == $_POST['name']) { + $input_errors[] = "A whitelist file name with this name already exists."; + break; + } + } + + + $w_list = array(); + /* post user input */ + $w_list['name'] = $_POST['name']; + $w_list['uuid'] = $whitelist_uuid; + $w_list['snortlisttype'] = $_POST['snortlisttype']; + $w_list['address'] = $_POST['address']; + $w_list['wanips'] = $_POST['wanips']? yes : no; + $w_list['wangateips'] = $_POST['wangateips']? yes : no; + $w_list['wandnsips'] = $_POST['wandnsips']? yes : no; + $w_list['vips'] = $_POST['vips']? yes : no; + $w_list['vpnips'] = $_POST['vpnips']? yes : no; + + + $address = $w_list['address']; + $final_address_detail = mb_convert_encoding($_POST['detail'],"HTML-ENTITIES","auto"); + if($final_address_detail <> "") { + $final_address_details .= $final_address_detail; + } else { + $final_address_details .= "Entry added" . " "; + $final_address_details .= date('r'); + } + $final_address_details .= "||"; + $isfirst = 0; + + + /* add another entry code */ + for($x=0; $x<299; $x++) { + $comd = "\$subnet = \$_POST['address" . $x . "'];"; + eval($comd); + $comd = "\$subnet_address = \$_POST['address_subnet" . $x . "'];"; + eval($comd); + if($subnet <> "") { + $address .= " "; + $address .= $subnet; + if($subnet_address <> "") $address .= "" . $subnet_address; + + /* Compress in details to a single key, data separated by pipes. + Pulling details here lets us only pull in details for valid + address entries, saving us from having to track which ones to + process later. */ + $comd = "\$final_address_detail = mb_convert_encoding(\$_POST['detail" . $x . "'],'HTML-ENTITIES','auto');"; + eval($comd); + if($final_address_detail <> "") { + $final_address_details .= $final_address_detail; + } else { + $final_address_details .= "Entry added" . " "; + $final_address_details .= date('r'); + } + $final_address_details .= "||"; + } + } + + if (!$input_errors) { + $w_list['address'] = $address; + $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $w_list['detail'] = $final_address_details; + + if (isset($id) && $a_whitelist[$id]) + $a_whitelist[$id] = $w_list; + else + $a_whitelist[] = $w_list; + + touch($d_snort_whitelist_dirty_path); + + write_config(); + + header("Location: /snort/snort_interfaces_whitelist_edit.php?id=$id"); + exit; + } + //we received input errors, copy data to prevent retype + else + { + $pconfig['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $pconfig['address'] = $address; + $pconfig['detail'] = $final_address_details; + } +} + +include("head.inc"); + +?> + +"> + + + + + + +

+ + +
+ +
+ +'; + + if($savemsg) { + print_info_box_np2("{$savemsg}"); + }else{ + print_info_box_np2(' + The Snort configuration has changed and snort needs to be restarted on this interface.
+ You must apply the changes in order for them to take effect.
+ '); + } + } +?> + + + + + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Add the name and description of the file.
Name + +
+ + The list name may only consist of the characters a-z, A-Z and 0-9. Note: No Spaces. + +
Description + +
+ + You may enter a description here for your reference (not parsed). + +
List Type +
+ Choose the type of list you will like see in your Interface Edit Tab. Hint: Best pratice is to test every list you make. +  Note: NETLIST's are only for defining snort.conf's external or home NETS.
Add auto generated ips.
WAN IPs + /> + + Add WAN IPs to the list. + +
Wan Gateways + /> + + Add WAN Gateways to the list. + +
Wan DNS servers + /> + + Add WAN DNS servers to the list. + +
Virtual IP Addresses + /> + + Add Virtual IP Addresses to the list. + +
VPNs + /> + + Add VPN Addresses to the list. + +
Add your own custom ips.
IP or CIDR items
 + + + + + + + + + + + 0) $tracker = $counter + 1; + ?> + + + + + + + +
+
+ Enter only ips, do not enter CIDRs. Example: 192.168.4.1
+
IP
Add a Description or leave blank and a date will be added.
+ + + + + 0) + echo ""; + ?> +
+ + +
  + + + + + +
+
+
+ + + + + \ No newline at end of file diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index a96c866a..85de29b6 100644 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -55,6 +55,8 @@ if (isset($id) && $a_nat[$id]) { /* new options */ $pconfig['def_ssl_ports_ignore'] = $a_nat[$id]['def_ssl_ports_ignore']; $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; + $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; + $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; @@ -216,6 +218,9 @@ $d_snortconfdirty_path = "/var/run/snort_conf_{$snort_uuid}_{$if_real}.dirty"; $natent['perform_stat'] = $_POST['perform_stat']; if ($_POST['def_ssl_ports_ignore'] != "") { $natent['def_ssl_ports_ignore'] = $_POST['def_ssl_ports_ignore']; }else{ $natent['def_ssl_ports_ignore'] = ""; } if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } + if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; } + if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; } + $natent['perform_stat'] = $_POST['perform_stat'] ? on : off; $natent['http_inspect'] = $_POST['http_inspect'] ? on : off; $natent['other_preprocs'] = $_POST['other_preprocs'] ? on : off; @@ -352,20 +357,26 @@ if($id != "")   Note:
Rules may be dependent on preprocessors!
- Please save your settings before you click start.
+ Defaults will be used when there is no user input.
+ + Performance Statistics + - Enable
Performance Statistics + Enable - onClick="enable_change(false)">
+ onClick="enable_change(false)"> Performance Statistics for this interface. + + HTTP Inspect Settings + - Enable
HTTP Inspect + Enable - onClick="enable_change(false)">
- Normalize/Decode and detect HTTP traffic and protocol anomalies. + onClick="enable_change(false)"> + Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies. HTTP server flow depth @@ -376,9 +387,37 @@ if($id != "") Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value.
- Setting this value too low may cause false negatives. Values above 0 are specified in bytes.
- Default value is 0 + Setting this value too low may cause false negatives. Values above 0 are specified in bytes. Default value is 0
+ + + Stream5 Settings + + + Max Queued Bytes + + + + + +
Minimum is 1024, Maximum is 1073741824 ( default value is 1048576, 0 means Maximum )
+ The number of bytes to be queued for reassembly for TCP sessions in memory. Default value is 1048576
+ + + + Max Queued Segs + + + + + +
Minimum is 2, Maximum is 1073741824 ( default value is 2621, 0 means Maximum )
+ The number of segments to be queued for reassembly for TCP sessions in memory. Default value is 2621
+ + + + General Preprocessor Settings + Enable
RPC Decode and Back Orifice detector -- cgit v1.2.3