.
* Copyright (C) 2003-2004 Manuel Kasper .
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2012 Ermal Luci
* All rights reserved.
*
* Modified for the Pfsense snort package v. 1.8+
* Copyright (C) 2009 Robert Zelaya Sr. Developer
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
$supplist = array();
if ($_GET['instance'])
$instanceid = $_GET['instance'];
if ($_POST['instance'])
$instanceid = $_POST['instance'];
if (empty($instanceid))
$instanceid = 0;
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_instance = &$config['installedpackages']['snortglobal']['rule'];
$snort_uuid = $a_instance[$instanceid]['uuid'];
$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
$pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
$anentries = $pconfig['alertnumber'];
} else {
$anentries = '250';
$pconfig['alertnumber'] = '250';
$pconfig['arefresh'] = 'off';
}
if ($_POST['save']) {
if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
$config['installedpackages']['snortglobal']['alertsblocks'] = array();
$config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
$config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
write_config();
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
if ($_POST['todelete'] || $_GET['todelete']) {
$ip = "";
if($_POST['todelete'])
$ip = $_POST['todelete'];
else if($_GET['todelete'])
$ip = $_GET['todelete'];
if (is_ipaddr($ip)) {
exec("/sbin/pfctl -t snort2c -T delete {$ip}");
$savemsg = "Host IP address {$ip} has been removed from the Bocked Hosts table.";
}
}
if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
if (empty($_GET['descr']))
$suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
else
$suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}";
if (!is_array($config['installedpackages']['snortglobal']['suppress']))
$config['installedpackages']['snortglobal']['suppress'] = array();
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item']))
$config['installedpackages']['snortglobal']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['snortglobal']['suppress']['item'];
if (empty($a_instance[$instanceid]['suppresslistname']) || $a_instance[$instanceid]['suppresslistname'] == 'default') {
$s_list = array();
$s_list['name'] = $a_instance[$instanceid]['interface'] . "suppress";
$s_list['uuid'] = uniqid();
$s_list['descr'] = "Auto-generated list for suppress";
$s_list['suppresspassthru'] = base64_encode($suppress);
$a_suppress[] = $s_list;
$a_instance[$instanceid]['suppresslistname'] = $s_list['name'];
} else {
foreach ($a_suppress as $a_id => $alist) {
if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) {
if (!empty($alist['suppresspassthru'])) {
$tmplist = base64_decode($alist['suppresspassthru']);
$tmplist .= "\n{$suppress}";
$alist['suppresspassthru'] = base64_encode($tmplist);
$a_suppress[$a_id] = $alist;
}
}
}
}
$savemsg = "GID:SID '{$_GET['gen_id']}:{$_GET['sidid']}' has been added to the Suppress List.";
write_config();
sync_snort_package_config();
}
if ($_GET['action'] == "clear" || $_POST['delete']) {
conf_mount_rw();
snort_post_delete_logs($snort_uuid);
$fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+");
if ($fd)
fclose($fd);
conf_mount_ro();
/* XXX: This is needed is snort is run as snort user */
//mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
mwexec('/bin/chmod 660 /var/log/snort/*', true);
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
if ($_POST['download']) {
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}_{$if_real}.tar.gz";
exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/snort_{$if_real}{$snort_uuid}");
if (file_exists("/tmp/{$file_name}")) {
$file = "/tmp/snort_logs_{$save_date}.tar.gz";
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
header("Pragma: private"); // needed for IE
header("Cache-Control: private, must-revalidate"); // needed for IE
header('Content-type: application/force-download');
header('Content-Transfer-Encoding: Binary');
header("Content-length: ".filesize($file));
header("Content-disposition: attachment; filename = {$file_name}");
readfile("$file");
@unlink("/tmp/{$file_name}");
}
header("Location: /snort/snort_alerts.php?instance={$instanceid}");
exit;
}
/* Load up an array with the current Suppression List GID,SID values */
$supplist = snort_load_suppress_sigs($a_instance[$instanceid]);
$pgtitle = "Services: Snort: Snort Alerts";
include_once("head.inc");
?>
\n";
?>
' . $pgtitle . '
';}
/* Display Alert message */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
if ($savemsg) {
print_info_box($savemsg);
}
?>