"", "bind_to" => "", "policy" => "bsd", "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", "overlap_limit" => 0, "min_frag_len" => 0 ); $def_ftp_server = array( "name" => "", "bind_to" => "", "ports" => "default", "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", "ignore_data_chan" => "no", "def_max_param_len" => 100 ); $def_ftp_client = array( "name" => "", "bind_to" => "", "max_resp_len" => 256, "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); $def_http_inspect = array( "name" => "", "bind_to" => "", "server_profile" => "all", "enable_xff" => "off", "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on", "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off", "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" ); $def_stream5 = array( "name" => "", "bind_to" => "", "policy" => "bsd", "timeout" => 30, "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0, "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0, "no_reassemble_async" => "off", "dont_store_lg_pkts" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off", "check_session_hijacking" => "off", "ports_client" => "default", "ports_both" => "default", "ports_server" => "none" ); // Figure out which engine type we are importing and set up default engine array $engine = array(); switch ($eng) { case "frag3_engine": $engine = $def_frag3; break; case "http_inspect_engine": $engine = $def_http_inspect; break; case "stream5_tcp_engine": $engine = $def_stream5; break; case "ftp_server_engine": $engine = $def_ftp_server; break; case "ftp_client_engine": $engine = $def_ftp_client; break; default: $engine = ""; $input_errors[] = gettext("Invalid ENGINE TYPE passed in query string. Aborting operation."); } // See if anything was checked to import if (is_array($_POST['toimport']) && count($_POST['toimport']) > 0) { foreach ($_POST['toimport'] as $item) { $engine['name'] = strtolower($item); $engine['bind_to'] = $item; $a_nat[] = $engine; } } else $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); // if no errors, write new entry to conf if (!$input_errors) { // Reorder the engine array to ensure the // 'bind_to=all' entry is at the bottom if // the array contains more than one entry. if (count($a_nat) > 1) { $i = -1; foreach ($a_nat as $f => $v) { if ($v['bind_to'] == "all") { $i = $f; break; } } // Only relocate the entry if we // found it, and it's not already // at the end. if ($i > -1 && ($i < (count($a_nat) - 1))) { $tmp = $a_nat[$i]; unset($a_nat[$i]); $a_nat[] = $tmp; } } // Now write the new engine array to conf and return write_config(); header("Location: /snort/snort_preprocessors.php?id={$id}{$anchor}"); exit; } } $pgtitle = gettext("Snort: Import Host/Network Alias for {$title}"); include("head.inc"); ?>