. * Copyright (C) 2011-2012 Ermal Luci * All rights reserved. * * Copyright (C) 2008-2009 Robert Zelaya * Modified for the Pfsense snort package. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; $snortdir = SNORTDIR; /* make things short */ $pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload']; $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; $pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code']; $pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats']; $pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro']; $pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; $pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; $pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; $pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime']; $pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings']; $pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules']; if (empty($pconfig['snortloglimit'])) $pconfig['snortloglimit'] = 'on'; if (empty($pconfig['rule_update_starttime'])) $pconfig['rule_update_starttime'] = '00:30'; if ($_POST['rule_update_starttime']) { if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['rule_update_starttime'])) $input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'."; } if ($_POST['snortdownload'] == "on" && empty($_POST['oinkmastercode'])) $input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!"; if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code'])) $input_errors[] = "You must supply a subscription code in the box provided in order to enable Emerging Threats Pro rules!"; /* if no errors move foward with save */ if (!$input_errors) { if ($_POST["Submit"]) { $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off'; // If any rule sets are being turned off, then remove them // from the active rules section of each interface. Start // by building an arry of prefixes for the disabled rules. $disabled_rules = array(); $disable_ips_policy = false; if ($config['installedpackages']['snortglobal']['snortdownload'] == 'off') { $disabled_rules[] = VRT_FILE_PREFIX; $disable_ips_policy = true; } if ($config['installedpackages']['snortglobal']['snortcommunityrules'] == 'off') $disabled_rules[] = GPL_FILE_PREFIX; if ($config['installedpackages']['snortglobal']['emergingthreats'] == 'off') $disabled_rules[] = ET_OPEN_FILE_PREFIX; if ($config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'off') $disabled_rules[] = ET_PRO_FILE_PREFIX; // Now walk all the configured interface rulesets and remove // any matching the disabled ruleset prefixes. if (is_array($config['installedpackages']['snortglobal']['rule'])) { foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) { // Disable Snort IPS policy if VRT rules are disabled if ($disable_ips_policy) { $iface['ips_policy_enable'] = 'off'; unset($iface['ips_policy']); } $enabled_rules = explode("||", $iface['rulesets']); foreach ($enabled_rules as $k => $v) { foreach ($disabled_rules as $d) if (strpos(trim($v), $d) !== false) unset($enabled_rules[$k]); } $iface['rulesets'] = implode("||", $enabled_rules); } } $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; $config['installedpackages']['snortglobal']['etpro_code'] = $_POST['etpro_code']; $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; if ($_POST['snortloglimitsize']) { $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit']; $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize']; } else { $config['installedpackages']['snortglobal']['snortloglimit'] = 'on'; /* code will set limit to 21% of slice that is unused */ $snortloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024); $config['installedpackages']['snortglobal']['snortloglimitsize'] = $snortloglimitDSKsize; } $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; /* Check and adjust format of Rule Update Starttime string to add colon and leading zero if necessary */ $pos = strpos($_POST['rule_update_starttime'], ":"); if ($pos === false) { $tmp = str_pad($_POST['rule_update_starttime'], 4, "0", STR_PAD_LEFT); $_POST['rule_update_starttime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2); } $config['installedpackages']['snortglobal']['rule_update_starttime'] = str_pad($_POST['rule_update_starttime'], 4, "0", STR_PAD_LEFT); $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; $retval = 0; /* create whitelist and homenet file then sync files */ sync_snort_package_config(); write_config(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /snort/snort_interfaces_global.php"); exit; } } $pgtitle = gettext("Snort: Global Settings"); include_once("head.inc"); ?>
' . $pgtitle . ''; /* Display Alert message, under form tag or no refresh */ if ($input_errors) print_input_errors($input_errors); ?>