. * Copyright (C) 2011-2012 Ermal Luci * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Copyright (C) 2008-2009 Robert Zelaya * Modified for the Pfsense snort package. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; $snortdir = SNORTDIR; $snort_openappdir = SNORT_APPID_ODP_PATH; // Grab any previous input values if doing a SAVE operation if ($_POST['save']) $pconfig = $_POST; else { $pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'] == "on" ? 'on' : 'off'; $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode']; $pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code']; $pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'] == "on" ? 'on' : 'off'; $pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == "on" ? 'on' : 'off'; $pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked']; $pconfig['autorulesupdate7'] = $config['installedpackages']['snortglobal']['autorulesupdate7']; $pconfig['rule_update_starttime'] = $config['installedpackages']['snortglobal']['rule_update_starttime']; $pconfig['forcekeepsettings'] = $config['installedpackages']['snortglobal']['forcekeepsettings'] == "on" ? 'on' : 'off'; $pconfig['snortcommunityrules'] = $config['installedpackages']['snortglobal']['snortcommunityrules'] == "on" ? 'on' : 'off'; $pconfig['clearblocks'] = $config['installedpackages']['snortglobal']['clearblocks'] == "on" ? 'on' : 'off'; $pconfig['verbose_logging'] = $config['installedpackages']['snortglobal']['verbose_logging'] == "on" ? 'on' : 'off'; $pconfig['openappid_detectors'] = $config['installedpackages']['snortglobal']['openappid_detectors'] == "on" ? 'on' : 'off'; } /* Set sensible values for any empty default params */ if (!isset($pconfig['rule_update_starttime'])) $pconfig['rule_update_starttime'] = '00:05'; if (!isset($config['installedpackages']['snortglobal']['forcekeepsettings'])) $pconfig['forcekeepsettings'] = 'on'; /* Grab OpenAppID version info if enabled and downloaded */ if ($pconfig['openappid_detectors'] == "on") { if (file_exists("{$snort_openappdir}odp/version.conf")) { $openappid_ver = gettext("Installed Detection Package "); $openappid_ver .= gettext(ucfirst(strtolower(file_get_contents("{$snort_openappdir}odp/version.conf")))); } else $openappid_ver = gettext("N/A (Not Downloaded)"); } if ($_POST['rule_update_starttime']) { if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['rule_update_starttime'])) $input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'."; } if ($_POST['snortdownload'] == "on" && empty($_POST['oinkmastercode'])) $input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!"; if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code'])) $input_errors[] = "You must supply a subscription code in the box provided in order to enable Emerging Threats Pro rules!"; if ($_POST['openappid_detectors'] == "on" && empty($_POST['openappid_dnload_url'])) $input_errors[] = "You must supply a download URL in the box provided in order to enable OpenAppID detectors!"; /* if no errors move foward with save */ if (!$input_errors) { if ($_POST["save"]) { $config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['clearblocks'] = $_POST['clearblocks'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['verbose_logging'] = $_POST['verbose_logging'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['openappid_detectors'] = $_POST['openappid_detectors'] ? 'on' : 'off'; // If any rule sets are being turned off, then remove them // from the active rules section of each interface. Start // by building an arry of prefixes for the disabled rules. $disabled_rules = array(); $disable_ips_policy = false; if ($config['installedpackages']['snortglobal']['snortdownload'] == 'off') { $disabled_rules[] = VRT_FILE_PREFIX; $disable_ips_policy = true; } if ($config['installedpackages']['snortglobal']['snortcommunityrules'] == 'off') $disabled_rules[] = GPL_FILE_PREFIX; if ($config['installedpackages']['snortglobal']['emergingthreats'] == 'off') $disabled_rules[] = ET_OPEN_FILE_PREFIX; if ($config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'off') $disabled_rules[] = ET_PRO_FILE_PREFIX; // Now walk all the configured interface rulesets and remove // any matching the disabled ruleset prefixes. if (is_array($config['installedpackages']['snortglobal']['rule'])) { foreach ($config['installedpackages']['snortglobal']['rule'] as &$iface) { // Disable Snort IPS policy if VRT rules are disabled if ($disable_ips_policy) { $iface['ips_policy_enable'] = 'off'; unset($iface['ips_policy']); } $enabled_rules = explode("||", $iface['rulesets']); foreach ($enabled_rules as $k => $v) { foreach ($disabled_rules as $d) if (strpos(trim($v), $d) !== false) unset($enabled_rules[$k]); } $iface['rulesets'] = implode("||", $enabled_rules); } } $config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode']; $config['installedpackages']['snortglobal']['etpro_code'] = $_POST['etpro_code']; $config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked']; $config['installedpackages']['snortglobal']['autorulesupdate7'] = $_POST['autorulesupdate7']; /* Check and adjust format of Rule Update Starttime string to add colon and leading zero if necessary */ if ($_POST['rule_update_starttime']) { $pos = strpos($_POST['rule_update_starttime'], ":"); if ($pos === false) { $tmp = str_pad($_POST['rule_update_starttime'], 4, "0", STR_PAD_LEFT); $_POST['rule_update_starttime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2); } $config['installedpackages']['snortglobal']['rule_update_starttime'] = str_pad($_POST['rule_update_starttime'], 4, "0", STR_PAD_LEFT); } $config['installedpackages']['snortglobal']['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; $retval = 0; write_config("Snort pkg: modified global settings."); /* create whitelist and homenet file, then sync files */ conf_mount_rw(); sync_snort_package_config(); conf_mount_ro(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /snort/snort_interfaces_global.php"); exit; } } $pgtitle = gettext("Snort: Global Settings"); include_once("head.inc"); ?> ' . $pgtitle . '

'; /* Display Alert message, under form tag or no refresh */ if ($input_errors) print_input_errors($input_errors); ?>
" . gettext("Snort VRT") . "" . gettext(" rules");?>
/>
 
 

" . gettext("Snort Community") . "" . gettext(" rules");?>
/>

" . gettext("Note: ") . "" . gettext("If you are a Snort VRT Paid Subscriber, the community ruleset is already built into your download of the ") . gettext("Snort VRT rules, and there is no benefit in adding this rule set.");?>
" . gettext("Emerging Threats") . "" . gettext(" rules");?>
/>
/>
 
  " . gettext("Note:") . "" . " " . gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are automatically disabled when the ETPro rules are selected."); ?>
 

" . gettext("OpenAppID") . "" . gettext(" detectors");?>
/>

" . gettext("Note: ") . "" . gettext("You must enable download of the OpenAppID detectors package in order to utilize the Application ID ") . gettext("preprocessor and any user-provided application detection rules. Once enabled, go to the ") . "" . gettext("UPDATES") . "" . gettext(" tab and click to download updates.");?>

  " . gettext("NEVER") . "" . gettext(" disables auto-updates."); ?>

" . gettext("Hint: ") . "
" . gettext("in most cases, every 12 hours is a good choice."); ?>
/>   " . gettext("Default") . " " . gettext("is ") . "" . gettext("00:05") . ""; ?>.

 

" . gettext("Hint:") . "" . gettext(" in most cases, 1 hour is a good choice.");?>
/> 
/>   
/>   " . gettext("Not Checked") . "" . gettext("."); ?>