<?php /* * snort_interfaces_edit.php * * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g, $config, $rebuild_rules; $snortdir = SNORTDIR; $snortlogdir = SNORTLOGDIR; if (!is_array($config['installedpackages']['snortglobal'])) $config['installedpackages']['snortglobal'] = array(); $snortglob = $config['installedpackages']['snortglobal']; if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_rule = &$config['installedpackages']['snortglobal']['rule']; if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; elseif (isset($_GET['id']) && is_numericint($_GET['id'])) $id = htmlspecialchars($_GET['id']); if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; } if (isset($_POST['action'])) $action = htmlspecialchars($_POST['action'], ENT_QUOTES | ENT_HTML401); elseif (isset($_GET['action'])) $action = htmlspecialchars($_GET['action'], ENT_QUOTES | ENT_HTML401); else $action = ""; $pconfig = array(); if (empty($snortglob['rule'][$id]['uuid'])) { /* Adding new interface, so flag rules to build. */ $pconfig['uuid'] = snort_generate_id(); $rebuild_rules = true; } else { $pconfig['uuid'] = $a_rule[$id]['uuid']; $pconfig['descr'] = $a_rule[$id]['descr']; $rebuild_rules = false; } $snort_uuid = $pconfig['uuid']; // Get the physical configured interfaces on the firewall $interfaces = get_configured_interface_with_descr(); // See if interface is already configured, and use its values if (isset($id) && $a_rule[$id]) { /* old options */ $pconfig = $a_rule[$id]; if (!empty($pconfig['configpassthru'])) $pconfig['configpassthru'] = base64_decode($pconfig['configpassthru']); if (empty($pconfig['uuid'])) $pconfig['uuid'] = $snort_uuid; } // Must be a new interface, so try to pick next available physical interface to use elseif (isset($id) && !isset($a_rule[$id])) { $ifaces = get_configured_interface_list(); $ifrules = array(); foreach($a_rule as $r) $ifrules[] = $r['interface']; foreach ($ifaces as $i) { if (!in_array($i, $ifrules)) { $pconfig['interface'] = $i; $pconfig['descr'] = convert_friendly_interface_to_friendly_descr($i); $pconfig['enable'] = 'on'; break; } } if (count($ifrules) == count($ifaces)) { $input_errors[] = "No more available interfaces to configure for Snort!"; $interfaces = array(); $pconfig = array(); } } // Set defaults for empty key parameters if (empty($pconfig['blockoffendersip'])) $pconfig['blockoffendersip'] = "both"; if (empty($pconfig['performance'])) $pconfig['performance'] = "ac-bnfa"; if (empty($pconfig['alertsystemlog_facility'])) $pconfig['alertsystemlog_facility'] = "log_auth"; if (empty($pconfig['alertsystemlog_priority'])) $pconfig['alertsystemlog_priority'] = "log_alert"; // See if creating a new interface by duplicating an existing one if (strcasecmp($action, 'dup') == 0) { // Try to pick the next available physical interface to use $ifaces = get_configured_interface_list(); $ifrules = array(); foreach($a_rule as $r) $ifrules[] = $r['interface']; foreach ($ifaces as $i) { if (!in_array($i, $ifrules)) { $pconfig['interface'] = $i; $pconfig['enable'] = 'on'; $pconfig['descr'] = convert_friendly_interface_to_friendly_descr($i); break; } } if (count($ifrules) == count($ifaces)) { $input_errors[] = gettext("No more available interfaces to configure for Snort!"); $interfaces = array(); $pconfig = array(); } // Set Home Net, External Net, Suppress List and Pass List to defaults unset($pconfig['suppresslistname']); unset($pconfig['whitelistname']); unset($pconfig['homelistname']); unset($pconfig['externallistname']); } if ($_POST["save"] && !$input_errors) { if (!isset($_POST['interface'])) $input_errors[] = "Interface is mandatory"; /* See if assigned interface is already in use */ if (isset($_POST['interface'])) { foreach ($a_rule as $k => $v) { if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Snort instance."); break; } } } // If Snort is disabled on this interface, stop any running instance, // save the change, and exit. if ($_POST['enable'] != 'on') { $a_rule[$id]['enable'] = $_POST['enable'] ? 'on' : 'off'; touch("{$g['varrun_path']}/snort_{$a_rule[$id]['uuid']}.disabled"); touch("{$g['varrun_path']}/barnyard2_{$a_rule[$id]['uuid']}.disabled"); snort_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); write_config("Snort pkg: modified interface configuration for {$a_rule[$id]['interface']}."); $rebuild_rules = false; conf_mount_rw(); sync_snort_package_config(); conf_mount_ro(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /snort/snort_interfaces.php"); exit; } /* if no errors write to conf */ if (!$input_errors) { /* Most changes don't require a rules rebuild, so default to "off" */ $rebuild_rules = false; $natent = $a_rule[$id]; $natent['interface'] = $_POST['interface']; $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; $natent['uuid'] = $pconfig['uuid']; /* See if the HOME_NET, EXTERNAL_NET, or SUPPRESS LIST values were changed */ $snort_reload = false; if ($_POST['homelistname'] && ($_POST['homelistname'] <> $natent['homelistname'])) $snort_reload = true; if ($_POST['externallistname'] && ($_POST['externallistname'] <> $natent['externallistname'])) $snort_reload = true; if ($_POST['suppresslistname'] && ($_POST['suppresslistname'] <> $natent['suppresslistname'])) $snort_reload = true; if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = convert_friendly_interface_to_friendly_descr($natent['interface']); if ($_POST['performance']) $natent['performance'] = $_POST['performance']; else unset($natent['performance']); /* if post = on use on off or rewrite the conf */ if ($_POST['blockoffenders7'] == "on") $natent['blockoffenders7'] = 'on'; else $natent['blockoffenders7'] = 'off'; if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); if ($_POST['alert_log_limit']) $natent['alert_log_limit'] = $_POST['alert_log_limit']; else unset($natent['alert_log_limit']); if ($_POST['alert_log_retention']) $natent['alert_log_retention'] = $_POST['alert_log_retention']; else unset($natent['alert_log_retention']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } if ($_POST['alertsystemlog_facility']) $natent['alertsystemlog_facility'] = $_POST['alertsystemlog_facility']; if ($_POST['alertsystemlog_priority']) $natent['alertsystemlog_priority'] = $_POST['alertsystemlog_priority']; if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['configpassthru'])); else unset($natent['configpassthru']); if ($_POST['cksumcheck']) $natent['cksumcheck'] = 'on'; else $natent['cksumcheck'] = 'off'; if ($_POST['fpm_split_any_any'] == "on") { $natent['fpm_split_any_any'] = 'on'; }else{ $natent['fpm_split_any_any'] = 'off'; } if ($_POST['fpm_search_optimize'] == "on") { $natent['fpm_search_optimize'] = 'on'; }else{ $natent['fpm_search_optimize'] = 'off'; } if ($_POST['fpm_no_stream_inserts'] == "on") { $natent['fpm_no_stream_inserts'] = 'on'; }else{ $natent['fpm_no_stream_inserts'] = 'off'; } $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id] && $action == '') { // See if moving an existing Snort instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) { snort_stop($a_rule[$id], $oif_real); $snort_start = true; } else $snort_start = false; @rename("{$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']}", "{$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}"); conf_mount_rw(); @rename("{$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real}", "{$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}"); conf_mount_ro(); } $a_rule[$id] = $natent; } elseif (strcasecmp($action, 'dup') == 0) { // Duplicating a new interface, so set flag to build new rules $rebuild_rules = true; // Duplicating an interface, so need to generate a new UUID for the cloned interface $natent['uuid'] = snort_generate_id(); // Add the new duplicated interface configuration to the [rule] array in config $a_rule[] = $natent; } else { // Adding new interface, so set required interface configuration defaults $frag3_eng = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 60, "min_ttl" => 1, "detect_anomalies" => "on", "overlap_limit" => 0, "min_frag_len" => 0 ); $stream5_eng = array( "name" => "default", "bind_to" => "all", "policy" => "bsd", "timeout" => 30, "max_queued_bytes" => 1048576, "detect_anomalies" => "off", "overlap_limit" => 0, "max_queued_segs" => 2621, "require_3whs" => "off", "startup_3whs_timeout" => 0, "no_reassemble_async" => "off", "max_window" => 0, "use_static_footprint_sizes" => "off", "check_session_hijacking" => "off", "dont_store_lg_pkts" => "off", "ports_client" => "default", "ports_both" => "default", "ports_server" => "none" ); $http_eng = array( "name" => "default", "bind_to" => "all", "server_profile" => "all", "enable_xff" => "off", "log_uri" => "off", "log_hostname" => "off", "server_flow_depth" => 65535, "enable_cookie" => "on", "client_flow_depth" => 1460, "extended_response_inspection" => "on", "no_alerts" => "off", "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" ); $ftp_client_eng = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256, "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", "bounce" => "yes", "bounce_to_net" => "", "bounce_to_port" => "" ); $ftp_server_eng = array( "name" => "default", "bind_to" => "all", "ports" => "default", "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", "ignore_data_chan" => "no", "def_max_param_len" => 100 ); $natent['max_attribute_hosts'] = '10000'; $natent['max_attribute_services_per_host'] = '10'; $natent['max_paf'] = '16000'; $natent['ftp_preprocessor'] = 'on'; $natent['ftp_telnet_inspection_type'] = "stateful"; $natent['ftp_telnet_alert_encrypted'] = "off"; $natent['ftp_telnet_check_encrypted'] = "on"; $natent['ftp_telnet_normalize'] = "on"; $natent['ftp_telnet_detect_anomalies'] = "on"; $natent['ftp_telnet_ayt_attack_threshold'] = "20"; if (!is_array($natent['ftp_client_engine']['item'])) $natent['ftp_client_engine']['item'] = array(); $natent['ftp_client_engine']['item'][] = $ftp_client_eng; if (!is_array($natent['ftp_server_engine']['item'])) $natent['ftp_server_engine']['item'] = array(); $natent['ftp_server_engine']['item'][] = $ftp_server_eng; $natent['smtp_preprocessor'] = 'on'; $natent['smtp_memcap'] = "838860"; $natent['smtp_max_mime_mem'] = "838860"; $natent['smtp_b64_decode_depth'] = "0"; $natent['smtp_qp_decode_depth'] = "0"; $natent['smtp_bitenc_decode_depth'] = "0"; $natent['smtp_uu_decode_depth'] = "0"; $natent['smtp_email_hdrs_log_depth'] = "1464"; $natent['smtp_ignore_data'] = 'off'; $natent['smtp_ignore_tls_data'] = 'on'; $natent['smtp_log_mail_from'] = 'on'; $natent['smtp_log_rcpt_to'] = 'on'; $natent['smtp_log_filename'] = 'on'; $natent['smtp_log_email_hdrs'] = 'on'; $natent['dce_rpc_2'] = 'on'; $natent['dns_preprocessor'] = 'on'; $natent['ssl_preproc'] = 'on'; $natent['pop_preproc'] = 'on'; $natent['pop_memcap'] = "838860"; $natent['pop_b64_decode_depth'] = "0"; $natent['pop_qp_decode_depth'] = "0"; $natent['pop_bitenc_decode_depth'] = "0"; $natent['pop_uu_decode_depth'] = "0"; $natent['imap_preproc'] = 'on'; $natent['imap_memcap'] = "838860"; $natent['imap_b64_decode_depth'] = "0"; $natent['imap_qp_decode_depth'] = "0"; $natent['imap_bitenc_decode_depth'] = "0"; $natent['imap_uu_decode_depth'] = "0"; $natent['sip_preproc'] = 'on'; $natent['other_preprocs'] = 'on'; $natent['pscan_protocol'] = 'all'; $natent['pscan_type'] = 'all'; $natent['pscan_memcap'] = '10000000'; $natent['pscan_sense_level'] = 'medium'; $natent['http_inspect'] = "on"; $natent['http_inspect_proxy_alert'] = "off"; $natent['http_inspect_memcap'] = "150994944"; $natent['http_inspect_max_gzip_mem'] = "838860"; if (!is_array($natent['http_inspect_engine']['item'])) $natent['http_inspect_engine']['item'] = array(); $natent['http_inspect_engine']['item'][] = $http_eng; $natent['frag3_max_frags'] = '8192'; $natent['frag3_memcap'] = '4194304'; $natent['frag3_detection'] = 'on'; if (!is_array($natent['frag3_engine']['item'])) $natent['frag3_engine']['item'] = array(); $natent['frag3_engine']['item'][] = $frag3_eng; $natent['stream5_reassembly'] = 'on'; $natent['stream5_flush_on_alert'] = 'off'; $natent['stream5_prune_log_max'] = '1048576'; $natent['stream5_track_tcp'] = 'on'; $natent['stream5_max_tcp'] = '262144'; $natent['stream5_track_udp'] = 'on'; $natent['stream5_max_udp'] = '131072'; $natent['stream5_udp_timeout'] = '30'; $natent['stream5_track_icmp'] = 'off'; $natent['stream5_max_icmp'] = '65536'; $natent['stream5_icmp_timeout'] = '30'; $natent['stream5_mem_cap']= '8388608'; if (!is_array($natent['stream5_tcp_engine']['item'])) $natent['stream5_tcp_engine']['item'] = array(); $natent['stream5_tcp_engine']['item'][] = $stream5_eng; $natent['alertsystemlog_facility'] = "log_auth"; $natent['alertsystemlog_priority'] = "log_alert"; $natent['appid_preproc'] = "off"; $natent['sf_appid_mem_cap'] = "256"; $natent['sf_appid_statslog'] = "on"; $natent['sf_appid_stats_period'] = "300"; $a_rule[] = $natent; } /* If Snort is disabled on this interface, stop any running instance */ if ($natent['enable'] != 'on') snort_stop($natent, $if_real); /* Save configuration changes */ write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); /* Update snort.conf and snort.sh files for this interface */ conf_mount_rw(); sync_snort_package_config(); conf_mount_ro(); /* See if we need to restart Snort after an interface re-assignment */ if ($snort_start == true) { snort_start($natent, $if_real); } /*******************************************************/ /* Signal Snort to reload configuration if we changed */ /* HOME_NET, EXTERNAL_NET or Suppress list values. */ /* The function only signals a running Snort instance */ /* to safely reload these parameters. */ /*******************************************************/ if ($snort_reload == true) snort_reload_config($natent, "SIGHUP"); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /snort/snort_interfaces.php"); exit; } else $pconfig = $_POST; } $if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings"); include_once("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); /* Display Alert message */ if ($input_errors) { print_input_errors($input_errors); } if ($savemsg) { print_info_box($savemsg); } ?> <form action="snort_interfaces_edit.php" method="post" name="iform" id="iform"> <input name="id" type="hidden" value="<?=$id;?>"/> <input name="action" type="hidden" value="<?=$action;?>"/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php $tab_array = array(); $tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php"); $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php"); $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php"); $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php"); $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); $tab_array[] = array($menu_iface . gettext("Settings"), true, "/snort/snort_interfaces_edit.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}"); display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Enable"); ?></td> <td width="78%" valign="top" class="vtable"> <?php if ($pconfig['enable'] == "on") $checked = "checked"; echo " <input name=\"enable\" type=\"checkbox\" value=\"on\" $checked onClick=\"enable_change(false)\"/> " . gettext("Enable or Disable") . "\n"; ?> <br/> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Interface"); ?></td> <td width="78%" class="vtable"> <select name="interface" class="formselect" tabindex="0"> <?php foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo " selected"; ?>><?=htmlspecialchars($ifacename);?> </option> <?php endforeach; ?> </select> <span class="vexpl"><?php echo gettext("Choose which interface this Snort instance applies to."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("In most cases, you'll want to use WAN here."); ?></span><br/></td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td> <td width="78%" class="vtable"><input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"/><br/> <span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td> </tr> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Logs"); ?></td> <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" onclick="toggle_system_log();" <?php if ($pconfig['alertsystemlog'] == "on") echo " checked"; ?>/> <?php echo gettext("Snort will send Alerts to the firewall's system logs."); ?></td> </tr> <tbody id="alertsystemlog_rows"> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("System Log Facility"); ?></td> <td width="78%" class="vtable"> <select name="alertsystemlog_facility" id="alertsystemlog_facility" class="formselect"> <?php $log_facility = array( "log_auth", "log_authpriv", "log_daemon", "log_user", "log_local0", "log_local1", "log_local2", "log_local3", "log_local4", "log_local5", "log_local6", "log_local7" ); foreach ($log_facility as $facility) { $selected = ""; if ($facility == $pconfig['alertsystemlog_facility']) $selected = " selected"; echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; } ?></select> <?php echo gettext("Select system log Facility to use for reporting. Default is ") . "<strong>" . gettext("log_auth") . "</strong>."; ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("System Log Priority"); ?></td> <td width="78%" class="vtable"> <select name="alertsystemlog_priority" id="alertsystemlog_priority" class="formselect"> <?php $log_priority = array( "log_emerg", "log_crit", "log_alert", "log_err", "log_warning", "log_notice", "log_info", "log_debug" ); foreach ($log_priority as $priority) { $selected = ""; if ($priority == $pconfig['alertsystemlog_priority']) $selected = " selected"; echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n"; } ?></select> <?php echo gettext("Select system log Priority (Level) to use for reporting. Default is ") . "<strong>" . gettext("log_alert") . "</strong>."; ?> </td> </tr> </tbody> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Block Offenders"); ?></td> <td width="78%" class="vtable"> <input name="blockoffenders7" id="blockoffenders7" type="checkbox" value="on" <?php if ($pconfig['blockoffenders7'] == "on") echo "checked"; ?> onClick="enable_blockoffenders();" /> <?php echo gettext("Checking this option will automatically block hosts that generate a " . "Snort alert."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Kill States"); ?></td> <td width="78%" class="vtable"> <input name="blockoffenderskill" id="blockoffenderskill" type="checkbox" value="on" <?php if ($pconfig['blockoffenderskill'] == "on") echo "checked"; ?>/> <?php echo gettext("Checking this option will kill firewall states for the blocked IP"); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Which IP to Block"); ?></td> <td width="78%" class="vtable"> <select name="blockoffendersip" class="formselect" id="blockoffendersip"> <?php foreach (array("src", "dst", "both") as $btype) { if ($btype == $pconfig['blockoffendersip']) echo "<option value='{$btype}' selected>"; else echo "<option value='{$btype}'>"; echo htmlspecialchars($btype) . '</option>'; } ?> </select> <?php echo gettext("Select which IP extracted from the packet you wish to block"); ?><br/> <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?><br/> </td> </tr> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Detection Performance Settings"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Search Method"); ?></td> <td width="78%" class="vtable"> <select name="performance" class="formselect" id="performance"> <?php $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'ac-split' => 'AC-SPLIT', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-nq' => 'AC-NQ', 'ac-bnfa-nq' => 'AC-BNFA-NQ', 'lowmem-nq' => 'LOWMEM-NQ', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); foreach ($interfaces2 as $iface2 => $ifacename2): ?> <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> <?=htmlspecialchars($ifacename2);?></option> <?php endforeach; ?> </select> <?php echo gettext("Choose a fast pattern matcher algorithm. ") . "<strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("AC-BNFA") . "</strong>"; ?>.<br/><br/> <span class="vexpl"><?php echo gettext("LOWMEM and AC-BNFA are recommended for low end " . "systems, AC-SPLIT: low memory, high performance, short-hand for search-method ac split-any-any, AC: high memory, " . "best performance, -NQ: the -nq option specifies that matches should not be queued and evaluated as they are found," . " AC-STD: moderate memory, high performance, ACS: small memory, moderate performance, " . "AC-BANDED: small memory,moderate performance, AC-SPARSEBANDS: small memory, high performance."); ?> </span><br/></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Split ANY-ANY"); ?></td> <td width="78%" class="vtable"> <input name="fpm_split_any_any" id="fpm_split_any_any" type="checkbox" value="on" <?php if ($pconfig['fpm_split_any_any'] == "on") echo "checked"; ?>/> <?php echo gettext("Enable splitting of ANY-ANY port group.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/> <br/><?php echo gettext("This setting is a memory/performance trade-off. It reduces memory footprint by not " . "putting the ANY-ANY port group into every port group, but instead splits these rules off into a single port group. " . "But doing so may require two port group evaluations per packet - one for the specific port group and one for the ANY-ANY " . "port group, thus potentially reducing performance."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Search Optimize"); ?></td> <td width="78%" class="vtable"> <input name="fpm_search_optimize" id="fpm_search_optimize" type="checkbox" value="on" <?php if ($pconfig['fpm_search_optimize'] == "on" || empty($pconfig['fpm_search_optimize'])) echo "checked"; ?>/> <?php echo gettext("Enable search optimization.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>.<br/> <br/><?php echo gettext("This setting optimizes fast pattern memory when used with search-methods AC or AC-SPLIT " . "by dynamically determining the size of a state based on the total number of states. When used with AC-BNFA, " . "some fail-state resolution will be attempted, potentially increasing performance."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Stream Inserts"); ?></td> <td width="78%" class="vtable"> <input name="fpm_no_stream_inserts" id="fpm_no_stream_inserts" type="checkbox" value="on" <? if ($pconfig['fpm_no_stream_inserts'] == "on") echo "checked"; ?>/> <?php echo gettext("Do not evaluate stream inserted packets against the detection engine.") . " <strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>.<br/> <br/><?php echo gettext("This is a potential performance improvement based on the idea the stream rebuilt packet " . "will contain the payload in the inserted one, so the stream inserted packet does not need to be evaluated."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Checksum Check Disable"); ?></td> <td width="78%" class="vtable"> <input name="cksumcheck" id="cksumcheck" type="checkbox" value="on" <?php if ($pconfig['cksumcheck'] == "on") echo "checked"; ?>/> <?php echo gettext("Disable checksum checking within Snort to improve performance."); ?> <br><span class="red"><?php echo gettext("Hint: ") . "</span>" . gettext("Most of this is already done at the firewall/filter level, so it is usually safe to check this box."); ?> </td> </tr> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose the networks Snort should inspect and whitelist"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td> <td width="78%" class="vtable"> <select name="homelistname" class="formselect" id="homelistname"> <?php echo "<option value='default' >default</option>"; /* find whitelist names and filter by type */ if (is_array($snortglob['whitelist']['item'])) { foreach ($snortglob['whitelist']['item'] as $value) { $ilistname = $value['name']; if ($ilistname == $pconfig['homelistname']) echo "<option value='$ilistname' selected>"; else echo "<option value='$ilistname'>"; echo htmlspecialchars($ilistname) . '</option>'; } } ?> </select> <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','homelistname','homenet')" id="btnHomeNet" title="<?php echo gettext("Click to view currently selected Home Net contents"); ?>"/> <br/> <span class="vexpl"><?php echo gettext("Choose the Home Net you want this interface to use."); ?></span> <br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("Default Home " . "Net adds only local networks, WAN IPs, Gateways, VPNs and VIPs."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Create an Alias to hold a list of " . "friendly IPs that the firewall cannot see or to customize the default Home Net."); ?><br/> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("External Net"); ?></td> <td width="78%" class="vtable"> <select name="externallistname" class="formselect" id="externallistname"> <?php echo "<option value='default' >default</option>"; /* find whitelist names and filter by type */ if (is_array($snortglob['whitelist']['item'])) { foreach ($snortglob['whitelist']['item'] as $value) { $ilistname = $value['name']; if ($ilistname == $pconfig['externallistname']) echo "<option value='$ilistname' selected>"; else echo "<option value='$ilistname'>"; echo htmlspecialchars($ilistname) . '</option>'; } } ?> </select> <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','externallistname','externalnet')" id="btnExternalNet" title="<?php echo gettext("Click to view currently selected External Net contents"); ?>"/> <br/> <?php echo gettext("Choose the External Net you want this interface " . "to use."); ?> <br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("Default " . "External Net is networks that are not Home Net. Most users should leave this setting at default."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Create a Pass List and add an Alias to it, and then assign the Pass List here for custom External Net settings."); ?><br/> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td> <td width="78%" class="vtable"> <select name="whitelistname" class="formselect" id="whitelistname"> <?php /* find whitelist (Pass List) names and filter by type, make sure to track by uuid */ echo "<option value='default' >default</option>\n"; if (is_array($snortglob['whitelist']['item'])) { foreach ($snortglob['whitelist']['item'] as $value) { if ($value['name'] == $pconfig['whitelistname']) echo "<option value='{$value['name']}' selected>"; else echo "<option value='{$value['name']}'>"; echo htmlspecialchars($value['name']) . '</option>'; } } ?> </select> <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','passlist')" id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/> <br/> <span class="vexpl"><?php echo gettext("Choose the Pass List you want this interface to " . "use."); ?> </span><br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("This option will only be used when block offenders is on."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("The default " . "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> </td> </tr> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Choose a suppression or filtering file if desired"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Alert Suppression and Filtering"); ?></td> <td width="78%" class="vtable"> <select name="suppresslistname" class="formselect" id="suppresslistname"> <?php echo "<option value='default' >default</option>\n"; if (is_array($snortglob['suppress']['item'])) { $slist_select = $snortglob['suppress']['item']; foreach ($slist_select as $value) { $ilistname = $value['name']; if ($ilistname == $pconfig['suppresslistname']) echo "<option value='$ilistname' selected>"; else echo "<option value='$ilistname'>"; echo htmlspecialchars($ilistname) . '</option>'; } } ?> </select> <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','suppresslistname', 'suppress')" id="btnSuppressList" title="<?php echo gettext("Click to view currently selected Suppression List contents"); ?>"/> <br/> <span class="vexpl"><?php echo gettext("Choose the suppression or filtering file you " . "want this interface to use."); ?> </span><br/> <br/><span class="red"><?php echo gettext("Note: ") . "</span>" . gettext("Default option disables suppression and filtering."); ?> </td> </tr> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Arguments here will " . "be automatically inserted into the Snort configuration."); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration pass-through"); ?></td> <td width="78%" class="vtable"> <textarea style="width:98%; height:100%;" wrap="off" name="configpassthru" cols="60" rows="8" id="configpassthru"><?=htmlspecialchars($pconfig['configpassthru']);?></textarea> </td> </tr> <tr> <td width="22%" valign="top"></td> <td width="78%"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo gettext("Click to save settings and exit"); ?>"/> </td> </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" . gettext("Please save your settings before you attempt to start Snort."); ?> </td> </tr> </table> </div> </td></tr> </table> </form> <script language="JavaScript"> <!-- function enable_blockoffenders() { var endis = !(document.iform.blockoffenders7.checked); document.iform.blockoffenderskill.disabled=endis; document.iform.blockoffendersip.disabled=endis; document.iform.whitelistname.disabled=endis; document.iform.btnWhitelist.disabled=endis; } function toggle_system_log() { var endis = !(document.iform.alertsystemlog.checked); if (endis) document.getElementById("alertsystemlog_rows").style.display="none"; else document.getElementById("alertsystemlog_rows").style.display=""; } function enable_change(enable_change) { endis = !(document.iform.enable.checked || enable_change); // make sure a default answer is called if this is invoked. endis2 = (document.iform.enable); document.iform.performance.disabled = endis; document.iform.blockoffenders7.disabled = endis; document.iform.blockoffendersip.disabled=endis; document.iform.blockoffenderskill.disabled=endis; document.iform.alertsystemlog.disabled = endis; document.iform.externallistname.disabled = endis; document.iform.cksumcheck.disabled = endis; document.iform.homelistname.disabled = endis; document.iform.whitelistname.disabled=endis; document.iform.suppresslistname.disabled = endis; document.iform.configpassthru.disabled = endis; document.iform.btnHomeNet.disabled=endis; document.iform.btnWhitelist.disabled=endis; document.iform.btnSuppressList.disabled=endis; document.iform.fpm_split_any_any.disabled=endis; document.iform.fpm_search_optimize.disabled=endis; document.iform.fpm_no_stream_inserts.disabled=endis; } function wopen(url, name, w, h) { // Fudge factors for window decoration space. // In my tests these work well on all platforms & browsers. w += 32; h += 96; var win = window.open(url, name, 'width=' + w + ', height=' + h + ', ' + 'location=no, menubar=no, ' + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); win.resizeTo(w, h); win.focus(); } function getSelectedValue(elemID) { var ctrl = document.getElementById(elemID); return ctrl.options[ctrl.selectedIndex].value; } function viewList(id, elemID, elemType) { if (typeof elemType == "undefined") { elemType = "passlist"; } var url = "snort_list_view.php?id=" + id + "&wlist="; url = url + getSelectedValue(elemID) + "&type=" + elemType; url = url + "&time=" + new Date().getTime(); wopen(url, 'PassListViewer', 640, 480); } enable_change(false); enable_blockoffenders(); toggle_system_log(); //--> </script> <?php include("fend.inc"); ?> </body> </html>