. * Copyright (C) 2011-2012 Ermal Luci * All rights reserved. * * Copyright (C) 2008-2009 Robert Zelaya * Modified for the Pfsense snort package. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; $snortdir = SNORTDIR; /* make things short */ $pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; $pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; $pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; $pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; $pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; $pconfig['snortalertlogtype'] = $config['installedpackages']['snortglobal']['snortalertlogtype']; $pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; /* if no errors move foward */ if (!$input_errors) { if ($_POST["Submit"]) { $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload']; $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; if ($_POST['snortloglimitsize']) { $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit']; $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize']; } else { $config['installedpackages']['snortglobal']['snortloglimit'] = 'on'; /* code will set limit to 21% of slice that is unused */ $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024); $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize; } $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; $config['installedpackages']['snortglobal']['snortalertlogtype'] = $_POST['snortalertlogtype']; $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; $retval = 0; write_config(); /* create whitelist and homenet file then sync files */ sync_snort_package_config(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /snort/snort_interfaces_global.php"); exit; } } if ($_POST["Reset"]) { function snort_deinstall_settings() { global $config, $g, $id, $if_real, $snortdir; exec("/usr/usr/bin/killall snort"); sleep(2); exec("/usr/usr/bin/killall -9 snort"); sleep(2); exec("/usr/usr/bin/killall barnyard2"); sleep(2); exec("/usr/usr/bin/killall -9 barnyard2"); sleep(2); /* Remove snort cron entries Ugly code needs smoothness*/ if (!function_exists('snort_deinstall_cron')) { function snort_deinstall_cron($cronmatch) { global $config, $g; if(!$config['cron']['item']) return; $x=0; $is_installed = false; foreach($config['cron']['item'] as $item) { if (strstr($item['command'], $cronmatch)) { $is_installed = true; break; } $x++; } if($is_installed == true) unset($config['cron']['item'][$x]); configure_cron(); } } snort_deinstall_cron("snort2c"); snort_deinstall_cron("snort_check_for_rule_updates.php"); /* Unset snort registers in conf.xml IMPORTANT snort will not start with out this */ /* Keep this as a last step */ unset($config['installedpackages']['snortglobal']); /* remove all snort iface dir */ exec("rm -r {$snortdir}/snort_*"); exec('rm /var/log/snort/*'); } snort_deinstall_settings(); write_config(); /* XXX */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /snort/snort_interfaces_global.php"); exit; } $pgtitle = 'Services: Snort: Global Settings'; include_once("head.inc"); ?> ' . $pgtitle . '

'; /* Display Alert message, under form tag or no refresh */ if ($input_errors) print_input_errors($input_errors); // TODO: add checks ?>
Please Choose The Type Of Rules You Wish To Download
Install Snort.org rules
> Do NOT Install
> Install Basic Rules or Premium rules
         Sign Up for a Basic Rule Account
         Sign Up for Sourcefire VRT Certified Premium Rules. This Is Highly Recommended
 
Oinkmaster code
Code
Obtain a snort.org Oinkmaster code and paste here.
Install Emergingthreats rules onClick="enable_change(false)">
Emerging Threats is an open source community that produces fastest moving and diverse Snort Rules.
Update rules automatically
Please select the update times for rules.
Hint: in most cases, every 12 hours is a good choice.
General Settings
Log Directory Size Limit


Note:
Available space is MB
> Enable directory size limit (Default)
> Disable directory size limit

Warning: Nanobsd should use no more than 10MB of space.
 
Size in MB Default is 20% of available space.
Remove blocked hosts every
Please select the amount of time you would like hosts to be blocked for.
Hint: in most cases, 1 hour is a good choice.
Alerts file description type
Please choose the type of Alert logging you will like see in your alert file.
Hint: Best pratice is to chose full logging. WARNING: On change, alert file will be cleared.
Keep snort settings after deinstall onClick="enable_change(false)">
Settings will not be removed during deinstall.
 WARNING:
This will reset all global and interface settings.
  Note:
 Changing any settings on this page will affect all interfaces. Please, double check if your oink code is correct and the type of snort.org account you hold.