0) { ob_start(); //important or other posts will fail $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); $file_name = "snort_blocked_{$save_date}.tar.gz"; exec('/bin/mkdir -p /tmp/snort_blocked'); file_put_contents("/tmp/snort_blocked/snort_block.pf", ""); foreach($blocked_ips_array_save as $counter => $fileline) { if (empty($fileline)) continue; $fileline = trim($fileline, " \n\t"); file_put_contents("/tmp/snort_blocked/snort_block.pf", "{$fileline}\n", FILE_APPEND); } exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); if(file_exists("/tmp/{$file_name}")) { header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); header("Pragma: private"); // needed for IE header("Cache-Control: private, must-revalidate"); // needed for IE header('Content-type: application/force-download'); header('Content-Transfer-Encoding: Binary'); header("Content-length: " . filesize("/tmp/{$file_name}")); header("Content-disposition: attachment; filename = {$file_name}"); readfile("/tmp/{$file_name}"); ob_end_clean(); //importanr or other post will fail @unlink("/tmp/snort_blocked_{$save_date}.tar.gz"); @unlink("/tmp/snort_blocked/snort_block.pf"); } else $savemsg = "An error occurred while createing archive"; } else $savemsg = "No content on snort block list"; } if ($_POST['save']) { /* no errors */ if (!$input_errors) { $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; write_config(); header("Location: /snort/snort_blocked.php"); exit; } } /* build filter funcs */ function get_snort_alert_ip_src($fileline) { /* SRC IP */ $re1='.*?'; # Non-greedy match on filler $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) return $matches4[1][0]; return ""; } function get_snort_alert_disc($fileline) { /* disc */ if (preg_match("/\[\*\*\]\s+(\[[0-9:]+\])\s+(.+)\s+(\[\*\*\])/", $fileline, $matches)) return "{$matches[2]}"; return ""; } /* tell the user what settings they have */ $blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; if ($blockedtab_msg_chk == "1h_b") { $blocked_msg = "hour"; } if ($blockedtab_msg_chk == "3h_b") { $blocked_msg = "3 hours"; } if ($blockedtab_msg_chk == "6h_b") { $blocked_msg = "6 hours"; } if ($blockedtab_msg_chk == "12h_b") { $blocked_msg = "12 hours"; } if ($blockedtab_msg_chk == "1d_b") { $blocked_msg = "day"; } if ($blockedtab_msg_chk == "4d_b") { $blocked_msg = "4 days"; } if ($blockedtab_msg_chk == "7d_b") { $blocked_msg = "7 days"; } if ($blockedtab_msg_chk == "28d_b") { $blocked_msg = "28 days"; } if ($blockedtab_msg_chk != "never_b") { $blocked_msg_txt = "Hosts are removed every $blocked_msg."; }else{ $blocked_msg_txt = "Settings are set to never remove hosts."; } $pgtitle = "Services: Snort Blocked Hosts"; include_once("head.inc"); ?> \n"; ?>
' . $pgtitle . '

';}?>
Last Blocked. This page lists hosts that have been blocked by Snort.  
Save or Remove Hosts
All blocked hosts will be saved. Warning: all hosts will be removed.
Auto Refresh and Log View
Refresh > Default is ON. Enter the number of blocked entries to view. Default is 500.

"; } else echo "\n"; ?>
$fileline) { if (empty($fileline)) continue; $alert_ip_src = get_snort_alert_ip_src($fileline); $alert_ip_disc = get_snort_alert_disc($fileline); $alert_ip_src_array[] = $alert_ip_src; if (!empty($blocked_ips_array) && in_array("$alert_ip_src", $blocked_ips_array)) { if (!isset($input[$alert_ip_src])) $input[$alert_ip_src] = "{$alert_ip_disc}\n"; } } } foreach($blocked_ips_array as $blocked_ip) { if (is_ipaddr($blocked_ip) && !isset($input[$blocked_ip])) $input[] = "N\A\n"; } /* buil final list, preg_match, buld html */ $counter = 0; foreach($input as $blocked_ip => $blocked_desc) { if($counter > $bnentries) break; else $counter++; /* use one echo to do the magic*/ echo "\n"; } echo '
Remove # IP Alert Description
\"Delete\"  {$counter}  {$blocked_ip}  {$blocked_desc}
' . "\n"; echo "\n
{$counter} items listed.

There are currently no items being blocked by snort.