Last =$bnentries;?> Blocked. | This page lists hosts that have been blocked by Snort. =$blocked_msg_txt;?> |
Save or Remove Hosts | |
Auto Refresh and Log View |
0) { ob_start(); //important or other posts will fail $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); $file_name = "snort_blocked_{$save_date}.tar.gz"; exec('/bin/mkdir -p /tmp/snort_blocked'); file_put_contents("/tmp/snort_blocked/snort_block.pf", ""); foreach($blocked_ips_array_save as $counter => $fileline) { if (empty($fileline)) continue; $fileline = trim($fileline, " \n\t"); file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND); } exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); if(file_exists("/tmp/{$file_name}")) { header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); header("Pragma: private"); // needed for IE header("Cache-Control: private, must-revalidate"); // needed for IE header('Content-type: application/force-download'); header('Content-Transfer-Encoding: Binary'); header("Content-length: " . filesize("/tmp/{$file_name}")); header("Content-disposition: attachment; filename = {$file_name}"); readfile("/tmp/{$file_name}"); ob_end_clean(); //importanr or other post will fail @unlink("/tmp/snort_blocked_{$save_date}.tar.gz"); @unlink("/tmp/snort_blocked/snort_block.pf"); } else $savemsg = "An error occurred while createing archive"; } else $savemsg = "No content on snort block list"; } if ($_POST['save']) { /* no errors */ if (!$input_errors) { $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; write_config(); header("Location: /snort/snort_blocked.php"); exit; } } /* build filter funcs */ function get_snort_alert_ip_src($fileline) { /* SRC IP */ $re1='.*?'; # Non-greedy match on filler $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) return $matches4[1][0]; return ""; } function get_snort_alert_disc($fileline) { /* disc */ if (preg_match("/\[\*\*\]\s+(\[[0-9:]+\])\s+(.+)\s+(\[\*\*\])/", $fileline, $matches)) return "{$matches[2]}"; return ""; } /* tell the user what settings they have */ $blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; if ($blockedtab_msg_chk == "1h_b") { $blocked_msg = "hour"; } if ($blockedtab_msg_chk == "3h_b") { $blocked_msg = "3 hours"; } if ($blockedtab_msg_chk == "6h_b") { $blocked_msg = "6 hours"; } if ($blockedtab_msg_chk == "12h_b") { $blocked_msg = "12 hours"; } if ($blockedtab_msg_chk == "1d_b") { $blocked_msg = "day"; } if ($blockedtab_msg_chk == "4d_b") { $blocked_msg = "4 days"; } if ($blockedtab_msg_chk == "7d_b") { $blocked_msg = "7 days"; } if ($blockedtab_msg_chk == "28d_b") { $blocked_msg = "28 days"; } if ($blockedtab_msg_chk != "never_b") { $blocked_msg_txt = "Hosts are removed every $blocked_msg."; }else{ $blocked_msg_txt = "Settings are set to never remove hosts."; } $pgtitle = "Services: Snort Blocked Hosts"; include_once("head.inc"); ?>
\n"; ?>