. * All rights reserved. * * modified for the pfsense snort package * Copyright (C) 2009-2010 Robert Zelaya. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; $snortdir = SNORTDIR; // Grab the incoming QUERY STRING or POST variables $id = $_GET['id']; $eng_id = $_GET['eng_id']; if (isset($_POST['id'])) $id = $_POST['id']; if (isset($_POST['eng_id'])) $eng_id = $_POST['eng_id']; if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; } if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['frag3_engine']['item'])) $config['installedpackages']['snortglobal']['rule'][$id]['frag3_engine']['item'] = array(); $a_nat = &$config['installedpackages']['snortglobal']['rule'][$id]['frag3_engine']['item']; $pconfig = array(); if (empty($a_nat[$eng_id])) { $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "policy" => "bsd", "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", "overlap_limit" => 0, "min_frag_len" => 0 ); // See if this is initial entry and set to "default" if true if ($eng_id < 1) { $def['name'] = "default"; $def['bind_to'] = "all"; } $pconfig = $def; } else { $pconfig = $a_nat[$eng_id]; // Check for any empty values and set sensible defaults if (empty($pconfig['policy'])) $pconfig['policy'] = "bsd"; if (empty($pconfig['timeout'])) $pconfig['timeout'] = 60; if (empty($pconfig['min_ttl'])) $pconfig['min_ttl'] = 1; if (empty($pconfig['detect_anomalies'])) $pconfig['detect_anomalies'] = "on"; if (empty($pconfig['overlap_limit'])) $pconfig['overlap_limit'] = 0; if (empty($pconfig['min_frag_len'])) $pconfig['min_frag_len'] = 0; } if ($_POST['Cancel']) { header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row"); exit; } // Check for returned "selected alias" if action is import if ($_GET['act'] == "import") { if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue'])) $pconfig[$_GET['varname']] = $_GET['varvalue']; } if ($_POST['Submit']) { /* Grab all the POST values and save in new temp array */ $engine = array(); if ($_POST['frag3_name']) { $engine['name'] = trim($_POST['frag3_name']); } else { $engine['name'] = "default"; } if ($_POST['frag3_bind_to']) { if (is_alias($_POST['frag3_bind_to'])) $engine['bind_to'] = $_POST['frag3_bind_to']; elseif (strtolower(trim($_POST['frag3_bind_to'])) == "all") $engine['bind_to'] = "all"; else $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value."); } else { $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'."); } /* Validate the text input fields before saving */ if (!empty($_POST['frag3_timeout']) || $_POST['frag3_timeout'] == 0) { $engine['timeout'] = $_POST['frag3_timeout']; if (!is_numeric($_POST['frag3_timeout']) || $_POST['frag3_timeout'] < 1) $input_errors[] = gettext("The value for Timeout must be numeric and greater than zero."); } else $engine['timeout'] = 60; if (!empty($_POST['frag3_min_ttl']) || $_POST['frag3_min_ttl'] == 0) { $engine['min_ttl'] = $_POST['frag3_min_ttl']; if ($_POST['frag3_min_ttl'] < 1 || $_POST['frag3_min_ttl'] > 255) $input_errors[] = gettext("The value for Minimum_Time-To-Live must be between 1 and 255."); } else $engine['min_ttl'] = 1; if (!empty($_POST['frag3_overlap_limit']) || $_POST['frag3_overlap_limit'] == 0) { $engine['overlap_limit'] = $_POST['frag3_overlap_limit']; if (!is_numeric($_POST['frag3_overlap_limit']) || $_POST['frag3_overlap_limit'] < 0) $input_errors[] = gettext("The value for Overlap_Limit must be a number greater than or equal to zero."); } else $engine['overlap_limit'] = 0; if (!empty($_POST['frag3_min_frag_len']) || $_POST['frag3_min_frag_len'] == 0) { $engine['min_frag_len'] = $_POST['frag3_min_frag_len']; if (!is_numeric($_POST['frag3_min_frag_len']) || $_POST['frag3_min_frag_len'] < 0) $input_errors[] = gettext("The value for Min_Fragment_Length must be a number greater than or equal to zero."); } else $engine['min_frag_len'] = 0; if ($_POST['frag3_policy']) { $engine['policy'] = $_POST['frag3_policy']; } else { $engine['policy'] = "bsd"; } $engine['detect_anomalies'] = $_POST['frag3_detect_anomalies'] ? 'on' : 'off'; /* Can only have one "all" Bind_To address */ if ($engine['bind_to'] == "all" && $engine['name'] <> "default") { $input_errors[] = gettext("Only one default Frag3 Engine can be bound to all addresses."); $pconfig = $engine; } /* if no errors, write new entry to conf */ if (!$input_errors) { if (isset($eng_id) && $a_nat[$eng_id]) { $a_nat[$eng_id] = $engine; } else $a_nat[] = $engine; /* Reorder the engine array to ensure the */ /* 'bind_to=all' entry is at the bottom */ /* if it contains more than one entry. */ if (count($a_nat) > 1) { $i = -1; foreach ($a_nat as $f => $v) { if ($v['bind_to'] == "all") { $i = $f; break; } } /* Only relocate the entry if we */ /* found it, and it's not already */ /* at the end. */ if ($i > -1 && ($i < (count($a_nat) - 1))) { $tmp = $a_nat[$i]; unset($a_nat[$i]); $a_nat[] = $tmp; } } /* Now write the new engine array to conf */ write_config(); header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row"); exit; } } $if_friendly = snort_get_friendly_interface($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} Frag3 Preprocessor Engine"); include_once("head.inc"); ?>
"default") echo gettext("Name or description for this engine. (Max 25 characters)"); else echo "" . gettext("The name for the 'default' engine is read-only.") . "";?>
" . gettext("default") . ""; ?>.
"default") : ?>
  "/>
" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?>        " . gettext("IP List for the default engine is read-only and must be 'all'.") . "";?>

  " . gettext("BSD") . ""; ?>.




" . gettext("60 ") . "" . gettext("seconds."); ?>


" . gettext("1") . ""; ?>.
onclick="frag3_enable_change();"> " . gettext("Checked") . ""; ?>.

" . gettext("In order to customize the Overlap Limit and Minimum Fragment Length parameters for this engine, Anomaly Detection must be enabled."); ?>
0" . gettext(" (unlimited). Values greater than zero set the overlapped limit."); ?>

0" . gettext(" (unlimited)."); ?>
0" . gettext(" (check is disabled). Values greater than zero enable the check."); ?>

0" . gettext(" (check is disabled)."); ?>
  ">      ">