/tmp/snort_block.pf'); $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); if ($blocked_ips_array_save[0] != '') { /* build the list */ $counter = 0; foreach($blocked_ips_array_save as $fileline3) { $counter++; exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf"); } } exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); if(file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) { $file = "/tmp/snort_blocked_{$save_date}.tar.gz"; header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); header("Pragma: private"); // needed for IE header("Cache-Control: private, must-revalidate"); // needed for IE header('Content-type: application/force-download'); header('Content-Transfer-Encoding: Binary'); header("Content-length: ".filesize($file)); header("Content-disposition: attachment; filename = {$file_name}"); readfile("$file"); exec("/bin/rm /tmp/snort_blocked_{$save_date}.tar.gz"); exec("/bin/rm /tmp/snort_block.pf"); exec("/bin/rm /tmp/snort_blocked/snort_block.pf"); od_end_clean(); //importanr or other post will fail }else{ echo 'Error no saved file.'; } } if ($_POST['save']) { /* input validation */ if ($_POST['save']) { } /* no errors */ if (!$input_errors) { $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? on : off; $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; conf_mount_rw(); write_config(); //conf_mount_ro(); sleep(2); header("Location: /snort/snort_blocked.php"); } } /* build filter funcs */ function get_snort_alert_ip_src($fileline) { /* SRC IP */ $re1='.*?'; # Non-greedy match on filler $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1 if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4)) { $alert_ip_src = $matches4[1][0]; } return $alert_ip_src; } function get_snort_alert_disc($fileline) { /* disc */ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) { $alert_disc = "$matches[2]"; } return $alert_disc; } /* build sec filters */ function get_snort_block_ip($fileline) { /* ip */ if (preg_match("/\[\d+\.\d+\.\d+\.\d+\]/", $fileline, $matches)) { $alert_block_ip = "$matches[0]"; } return $alert_block_ip; } function get_snort_block_disc($fileline) { /* disc */ if (preg_match("/\]\s\[.+\]$/", $fileline, $matches)) { $alert_block_disc = "$matches[0]"; } return $alert_block_disc; } /* tell the user what settings they have */ $blockedtab_msg_chk = $config['installedpackages']['snortglobal']['rm_blocked']; if ($blockedtab_msg_chk == "1h_b") { $blocked_msg = "hour"; } if ($blockedtab_msg_chk == "3h_b") { $blocked_msg = "3 hours"; } if ($blockedtab_msg_chk == "6h_b") { $blocked_msg = "6 hours"; } if ($blockedtab_msg_chk == "12h_b") { $blocked_msg = "12 hours"; } if ($blockedtab_msg_chk == "1d_b") { $blocked_msg = "day"; } if ($blockedtab_msg_chk == "4d_b") { $blocked_msg = "4 days"; } if ($blockedtab_msg_chk == "7d_b") { $blocked_msg = "7 days"; } if ($blockedtab_msg_chk == "28d_b") { $blocked_msg = "28 days"; } if ($blockedtab_msg_chk != "never_b") { $blocked_msg_txt = "Hosts are removed every $blocked_msg."; }else{ $blocked_msg_txt = "Settings are set to never remove hosts."; } $pgtitle = "Services: Snort Blocked Hosts"; include("/usr/local/pkg/snort/snort_head.inc"); ?> \n"; } ?>
' . $pgtitle . '

';}?>
Last Blocked. This page lists hosts that have been blocked by Snort.  
Save or Remove Hosts
All blocked hosts will be saved. Warning: all hosts will be removed.
Auto Refresh and Log View
Refresh > Default is ON. Enter the number of blocked entries to view. Default is 500.

"; }else{ echo "\n"; } ?>
/tmp/snort_block.cache'); $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert')))); $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); $logent = $bnentries; if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') { /* build the list and compare blocks to alerts */ $counter = 0; foreach($alerts_array as $fileline) { $counter++; $alert_ip_src = get_snort_alert_ip_src($fileline); $alert_ip_disc = get_snort_alert_disc($fileline); $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); if (in_array("$alert_ip_src", $blocked_ips_array)) { $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n"; } } foreach($blocked_ips_array as $alert_block_ip) { if (!in_array($alert_block_ip, $alert_ip_src_array)) { $input[] = "[$alert_block_ip] " . "[N\A]\n"; } } /* reduce double occurrences */ $result = array_unique($input); /* buil final list, preg_match, buld html */ $counter2 = 0; foreach($result as $fileline2) { if($logent <= $counter2) continue; $counter2++; $alert_block_ip_str = get_snort_block_ip($fileline2); if($alert_block_ip_str != '') { $alert_block_ip_match = array('[',']'); $alert_block_ip = str_replace($alert_block_ip_match, '', "$alert_block_ip_str"); }else{ $alert_block_ip = 'empty'; } $alert_block_disc_str = get_snort_block_disc($fileline2); if($alert_block_disc_str != '') { $alert_block_disc_match = array('] [',']'); $alert_block_disc = str_replace($alert_block_disc_match, '', "$alert_block_disc_str"); }else{ $alert_block_disc = 'empty'; } /* use one echo to do the magic*/ echo "\n"; } }else{ /* if alerts file is empty and blocked table is not empty */ $counter2 = 0; foreach($blocked_ips_array as $alert_block_ip) { if($logent <= $counter2) continue; $counter2++; $alert_block_disc = 'N/A'; /* use one echo to do the magic*/ echo "\n"; } } echo '
Remove # IP Alert Description
\"Delete\"  {$counter2}  {$alert_block_ip}  {$alert_block_disc}
\"Delete\"  {$counter2}  {$alert_block_ip}  {$alert_block_disc}
' . "\n"; if ($blocked_ips_array[0] == '') { echo "\n

There are currently no items being blocked by snort.
{$counter2} items listed.