"engine_{$eng_id}", "bind_to" => "", "ports" => "default", "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", "ignore_data_chan" => "no", "def_max_param_len" => 100 ); // See if this is initial entry and set to "default" if true if ($eng_id < 1) { $def['name'] = "default"; $def['bind_to'] = "all"; } $pconfig = $def; } else $pconfig = $a_nat[$eng_id]; if ($_POST['Cancel']) { // Clear and close out any session variable we created session_start(); unset($_SESSION['ftp_server_import']); session_write_close(); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; } // Check for returned "selected alias" if action is import if ($_GET['act'] == "import") { session_start(); if (($_GET['varname'] == "bind_to" || $_GET['varname'] == "ports") && !empty($_GET['varvalue'])) { $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); if(!isset($_SESSION['ftp_server_import'])) $_SESSION['ftp_server_import'] = array(); $_SESSION['ftp_server_import'][$_GET['varname']] = $_GET['varvalue']; if (isset($_SESSION['ftp_server_import']['bind_to'])) $pconfig['bind_to'] = $_SESSION['ftp_server_import']['bind_to']; if (isset($_SESSION['ftp_server_import']['ports'])) $pconfig['ports'] = $_SESSION['ftp_server_import']['ports']; } // If "varvalue" is empty, user likely hit CANCEL in Select Dialog, // so restore any saved values. elseif (empty($_GET['varvalue'])) { if (isset($_SESSION['ftp_server_import']['bind_to'])) $pconfig['bind_to'] = $_SESSION['ftp_server_import']['bind_to']; if (isset($_SESSION['ftp_server_import']['ports'])) $pconfig['ports'] = $_SESSION['ftp_server_import']['ports']; } else { unset($_SESSION['ftp_server_import']); session_write_close(); } } if ($_POST['save']) { // Clear and close out any session variable we created session_start(); unset($_SESSION['ftp_server_import']); session_write_close(); /* Grab all the POST values and save in new temp array */ $engine = array(); if ($_POST['ftp_name']) { $engine['name'] = trim($_POST['ftp_name']); } else { $engine['name'] = "default"; } if ($_POST['ftp_bind_to']) { if (is_alias($_POST['ftp_bind_to'])) $engine['bind_to'] = $_POST['ftp_bind_to']; elseif (strtolower(trim($_POST['ftp_bind_to'])) == "all") $engine['bind_to'] = "all"; else $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value."); } else { $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'."); } if ($_POST['ftp_ports']) { if ($_POST['ftp_ports'] == "default") $engine['ports'] = $_POST['ftp_ports']; elseif (is_alias($_POST['ftp_ports'])) $engine['ports'] = $_POST['ftp_ports']; else $input_errors[] = gettext("The value for Ports must be a valid Alias name or the keyword 'default'."); } else $engine['ports'] = 21; $engine['telnet_cmds'] = $_POST['ftp_telnet_cmds'] ? 'yes' : 'no'; $engine['ignore_telnet_erase_cmds'] = $_POST['ftp_ignore_telnet_erase_cmds'] ? 'yes' : 'no'; $engine['ignore_data_chan'] = $_POST['ftp_ignore_data_chan'] ? 'yes' : 'no'; $engine['def_max_param_len'] = $_POST['ftp_def_max_param_len']; /* Can only have one "all" Bind_To address */ if ($engine['bind_to'] == "all" && $engine['name'] <> "default") { $input_errors[] = gettext("Only one default ftp Engine can be bound to all addresses."); $pconfig = $engine; } /* if no errors, write new entry to conf */ if (!$input_errors) { if (isset($eng_id) && $a_nat[$eng_id]) { $a_nat[$eng_id] = $engine; } else $a_nat[] = $engine; /* Reorder the engine array to ensure the */ /* 'bind_to=all' entry is at the bottom */ /* if it contains more than one entry. */ if (count($a_nat) > 1) { $i = -1; foreach ($a_nat as $f => $v) { if ($v['bind_to'] == "all") { $i = $f; break; } } /* Only relocate the entry if we */ /* found it, and it's not already */ /* at the end. */ if ($i > -1 && ($i < (count($a_nat) - 1))) { $tmp = $a_nat[$i]; unset($a_nat[$i]); $a_nat[] = $tmp; } } /* Now write the new engine array to conf */ write_config("Snort pkg: modified ftp_telnet_server engine settings."); // We have saved a preproc config change, so set "dirty" flag mark_subsystem_dirty('snort_preprocessors'); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; } } $if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Server Engine"); include_once("head.inc"); ?>
"default") echo gettext("Name or description for this engine. (Max 25 characters)"); else echo "" . gettext("The name for the 'default' engine is read-only.") . "";?>
" . gettext("default") . ""; ?>.
"default") : ?>
  "/>
.

" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?>   " . gettext("IP address for the default engine is read-only and must be 'all'.") . "";?>
"/>
" . gettext("'default'") . "" . gettext(" Using 'default' will include the FTP Ports defined on the ") . "" . gettext("VARIABLES") . "" . gettext(" tab. Specific ports for this server can be specified here using a pre-defined Alias.");?>

" . gettext("Supplied value must be a pre-configured Alias or the keyword 'default'.");?>
> " . gettext("Not Checked") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
> " . gettext("Not Checked") . ""; ?>.

" . gettext("When checked, NO INSPECTION other than state will be ") . gettext("performed on the data channel. Enabling this option can improve performance for large FTP transfers from trusted servers.");?>
" . gettext("0") . "" . gettext(" to disable. Default is ") . "" . gettext("100.") . "";?>
  ">      ">