'WAN', 'lan' => 'LAN'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; } // See if interface is already configured, and use its values if (isset($id) && $a_rule[$id]) { /* old options */ $pconfig = $a_rule[$id]; if (!empty($pconfig['configpassthru'])) $pconfig['configpassthru'] = base64_decode($pconfig['configpassthru']); if (empty($pconfig['uuid'])) $pconfig['uuid'] = $snort_uuid; } // Must be a new interface, so try to pick next available physical interface to use elseif (isset($id) && !isset($a_rule[$id])) { $ifaces = get_configured_interface_list(); $ifrules = array(); foreach($a_rule as $r) $ifrules[] = $r['interface']; foreach ($ifaces as $i) { if (!in_array($i, $ifrules)) { $pconfig['interface'] = $i; break; } } if (count($ifrules) == count($ifaces)) { $input_errors[] = "No more available interfaces to configure for Snort!"; $interfaces = array(); $pconfig = array(); } } if (isset($_GET['dup'])) unset($id); // Set defaults for empty key parameters if (empty($pconfig['blockoffendersip'])) $pconfig['blockoffendersip'] = "both"; if (empty($pconfig['performance'])) $pconfig['performance'] = "ac-bnfa"; if ($_POST["Submit"]) { if (!$_POST['interface']) $input_errors[] = "Interface is mandatory"; /* if no errors write to conf */ if (!$input_errors) { $natent = $a_rule[$id]; $natent['interface'] = $_POST['interface']; $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; $natent['uuid'] = $pconfig['uuid']; /* See if the HOME_NET, EXTERNAL_NET, or SUPPRESS LIST values were changed */ $snort_reload = false; if ($_POST['homelistname'] && ($_POST['homelistname'] <> $natent['homelistname'])) $snort_reload = true; if ($_POST['externallistname'] && ($_POST['externallistname'] <> $natent['externallistname'])) $snort_reload = true; if ($_POST['suppresslistname'] && ($_POST['suppresslistname'] <> $natent['suppresslistname'])) $snort_reload = true; if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = strtoupper($natent['interface']); if ($_POST['performance']) $natent['performance'] = $_POST['performance']; else unset($natent['performance']); /* if post = on use on off or rewrite the conf */ if ($_POST['blockoffenders7'] == "on") $natent['blockoffenders7'] = 'on'; else $natent['blockoffenders7'] = 'off'; if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); if ($_POST['cksumcheck']) $natent['cksumcheck'] = 'on'; else $natent['cksumcheck'] = 'off'; if ($_POST['fpm_split_any_any'] == "on") { $natent['fpm_split_any_any'] = 'on'; }else{ $natent['fpm_split_any_any'] = 'off'; } if ($_POST['fpm_search_optimize'] == "on") { $natent['fpm_search_optimize'] = 'on'; }else{ $natent['fpm_search_optimize'] = 'off'; } if ($_POST['fpm_no_stream_inserts'] == "on") { $natent['fpm_no_stream_inserts'] = 'on'; }else{ $natent['fpm_no_stream_inserts'] = 'off'; } $if_real = snort_get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = snort_get_real_interface($a_rule[$id]['interface']); snort_stop($a_rule[$id], $oif_real); exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']); conf_mount_rw(); exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}"); conf_mount_ro(); } $a_rule[$id] = $natent; } else { // Adding new interface, so set required interface configuration defaults $frag3_eng = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", "overlap_limit" => 0, "min_frag_len" => 0 ); $stream5_eng = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30, "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0, "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0, "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off", "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default", "ports_both" => "default", "ports_server" => "none" ); $http_eng = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off", "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on", "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off", "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" ); $ftp_client_eng = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256, "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); $ftp_server_eng = array( "name" => "default", "bind_to" => "all", "ports" => "default", "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", "ignore_data_chan" => "no", "def_max_param_len" => 100 ); $natent['max_attribute_hosts'] = '10000'; $natent['max_attribute_services_per_host'] = '10'; $natent['max_paf'] = '16000'; $natent['ftp_preprocessor'] = 'on'; $natent['ftp_telnet_inspection_type'] = "stateful"; $natent['ftp_telnet_alert_encrypted'] = "off"; $natent['ftp_telnet_check_encrypted'] = "on"; $natent['ftp_telnet_normalize'] = "on"; $natent['ftp_telnet_detect_anomalies'] = "on"; $natent['ftp_telnet_ayt_attack_threshold'] = "20"; if (!is_array($natent['ftp_client_engine']['item'])) $natent['ftp_client_engine']['item'] = array(); $natent['ftp_client_engine']['item'][] = $ftp_client_eng; if (!is_array($natent['ftp_server_engine']['item'])) $natent['ftp_server_engine']['item'] = array(); $natent['ftp_server_engine']['item'][] = $ftp_server_eng; $natent['smtp_preprocessor'] = 'on'; $natent['dce_rpc_2'] = 'on'; $natent['dns_preprocessor'] = 'on'; $natent['ssl_preproc'] = 'on'; $natent['pop_preproc'] = 'on'; $natent['imap_preproc'] = 'on'; $natent['sip_preproc'] = 'on'; $natent['other_preprocs'] = 'on'; $natent['pscan_protocol'] = 'all'; $natent['pscan_type'] = 'all'; $natent['pscan_memcap'] = '10000000'; $natent['pscan_sense_level'] = 'medium'; $natent['http_inspect'] = "on"; $natent['http_inspect_proxy_alert'] = "off"; $natent['http_inspect_memcap'] = "150994944"; $natent['http_inspect_max_gzip_mem'] = "838860"; if (!is_array($natent['http_inspect_engine']['item'])) $natent['http_inspect_engine']['item'] = array(); $natent['http_inspect_engine']['item'][] = $http_eng; $natent['frag3_max_frags'] = '8192'; $natent['frag3_memcap'] = '4194304'; $natent['frag3_detection'] = 'on'; if (!is_array($natent['frag3_engine']['item'])) $natent['frag3_engine']['item'] = array(); $natent['frag3_engine']['item'][] = $frag3_eng; $natent['stream5_reassembly'] = 'on'; $natent['stream5_flush_on_alert'] = 'off'; $natent['stream5_prune_log_max'] = '1048576'; $natent['stream5_track_tcp'] = 'on'; $natent['stream5_max_tcp'] = '262144'; $natent['stream5_track_udp'] = 'on'; $natent['stream5_max_udp'] = '131072'; $natent['stream5_udp_timeout'] = '30'; $natent['stream5_track_icmp'] = 'off'; $natent['stream5_max_icmp'] = '65536'; $natent['stream5_icmp_timeout'] = '30'; $natent['stream5_mem_cap']= '8388608'; if (!is_array($natent['stream5_tcp_engine']['item'])) $natent['stream5_tcp_engine']['item'] = array(); $natent['stream5_tcp_engine']['item'][] = $stream5_eng; $a_rule[] = $natent; } /* If Snort is disabled on this interface, stop any running instance */ if ($natent['enable'] != 'on') snort_stop($natent, $if_real); /* Save configuration changes */ write_config(); /* Most changes don't require a rules rebuild, so default to "off" */ $rebuild_rules = false; /* Update snort.conf and snort.sh files for this interface */ sync_snort_package_config(); /*******************************************************/ /* Signal Snort to reload configuration if we changed */ /* HOME_NET, EXTERNAL_NET or Suppress list values. */ /* The function only signals a running Snort instance */ /* to safely reload these parameters. */ /*******************************************************/ if ($snort_reload == true) snort_reload_config($natent, "SIGHUP"); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /snort/snort_interfaces.php"); exit; } else $pconfig = $_POST; } $if_friendly = snort_get_friendly_interface($pconfig['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings"); include_once("head.inc"); ?> ' . $pgtitle . '

';}?>
" method="post" name="iform" id="iform"> '; echo '
'; $tab_array = array(); $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); $tab_array[] = array($menu_iface . gettext("Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?>
    " . gettext("Enable or Disable") . "\n"; ?>
  
 


>
onClick="enable_blockoffenders()">
>
  
 " . gettext("Choosing BOTH is suggested, and it is the default value."); ?>
   " . gettext("Default") . "" . gettext(" is ") . "" . gettext("AC-BNFA") . ""; ?>.
> " . gettext("Default") . "" . gettext(" is ") . "" . gettext("Not Checked") . ""; ?>.
> " . gettext("Default") . "" . gettext(" is ") . "" . gettext("Checked") . ""; ?>.
> " . gettext("Default") . "" . gettext(" is ") . "" . gettext("Not Checked") . ""; ?>.
>
" . gettext("Most of this is already done at the firewall/filter level, so it is usually safe to check this box."); ?>
     "/>


 
 
    

 
 
     "/>


 
 
     "/>

 
" . gettext("Default option disables suppression and filtering."); ?>
"/>
  " . gettext("Please save your settings before you attempt to start Snort."); ?>