. * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g, $rebuild_rules; $snortlogdir = SNORTLOGDIR; if (!is_array($config['installedpackages']['snortglobal'])) { $config['installedpackages']['snortglobal'] = array(); } $vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload']; if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); } $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; } $pconfig = array(); if (isset($id) && $a_nat[$id]) { $pconfig = $a_nat[$id]; /* Get current values from config for page form fields */ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; $pconfig['host_attribute_table'] = $a_nat[$id]['host_attribute_table']; $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data']; $pconfig['max_attribute_hosts'] = $a_nat[$id]['max_attribute_hosts']; $pconfig['max_attribute_services_per_host'] = $a_nat[$id]['max_attribute_services_per_host']; $pconfig['max_paf'] = $a_nat[$id]['max_paf']; $pconfig['server_flow_depth'] = $a_nat[$id]['server_flow_depth']; $pconfig['http_server_profile'] = $a_nat[$id]['http_server_profile']; $pconfig['client_flow_depth'] = $a_nat[$id]['client_flow_depth']; $pconfig['stream5_reassembly'] = $a_nat[$id]['stream5_reassembly']; $pconfig['stream5_require_3whs'] = $a_nat[$id]['stream5_require_3whs']; $pconfig['stream5_track_tcp'] = $a_nat[$id]['stream5_track_tcp']; $pconfig['stream5_track_udp'] = $a_nat[$id]['stream5_track_udp']; $pconfig['stream5_track_icmp'] = $a_nat[$id]['stream5_track_icmp']; $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; $pconfig['stream5_overlap_limit'] = $a_nat[$id]['stream5_overlap_limit']; $pconfig['stream5_policy'] = $a_nat[$id]['stream5_policy']; $pconfig['stream5_mem_cap'] = $a_nat[$id]['stream5_mem_cap']; $pconfig['stream5_tcp_timeout'] = $a_nat[$id]['stream5_tcp_timeout']; $pconfig['stream5_udp_timeout'] = $a_nat[$id]['stream5_udp_timeout']; $pconfig['stream5_icmp_timeout'] = $a_nat[$id]['stream5_icmp_timeout']; $pconfig['stream5_no_reassemble_async'] = $a_nat[$id]['stream5_no_reassemble_async']; $pconfig['stream5_dont_store_lg_pkts'] = $a_nat[$id]['stream5_dont_store_lg_pkts']; $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; $pconfig['http_inspect_memcap'] = $a_nat[$id]['http_inspect_memcap']; $pconfig['http_inspect_enable_xff'] = $a_nat[$id]['http_inspect_enable_xff']; $pconfig['http_inspect_log_uri'] = $a_nat[$id]['http_inspect_log_uri']; $pconfig['http_inspect_log_hostname'] = $a_nat[$id]['http_inspect_log_hostname']; $pconfig['noalert_http_inspect'] = $a_nat[$id]['noalert_http_inspect']; $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; $pconfig['pscan_protocol'] = $a_nat[$id]['pscan_protocol']; $pconfig['pscan_type'] = $a_nat[$id]['pscan_type']; $pconfig['pscan_sense_level'] = $a_nat[$id]['pscan_sense_level']; $pconfig['pscan_memcap'] = $a_nat[$id]['pscan_memcap']; $pconfig['pscan_ignore_scanners'] = $a_nat[$id]['pscan_ignore_scanners']; $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data']; $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc']; $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc']; $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc']; $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc']; $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc']; $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc']; $pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc']; $pconfig['preproc_auto_rule_disable'] = $a_nat[$id]['preproc_auto_rule_disable']; $pconfig['protect_preproc_rules'] = $a_nat[$id]['protect_preproc_rules']; $pconfig['frag3_detection'] = $a_nat[$id]['frag3_detection']; $pconfig['frag3_overlap_limit'] = $a_nat[$id]['frag3_overlap_limit']; $pconfig['frag3_min_frag_len'] = $a_nat[$id]['frag3_min_frag_len']; $pconfig['frag3_policy'] = $a_nat[$id]['frag3_policy']; $pconfig['frag3_max_frags'] = $a_nat[$id]['frag3_max_frags']; $pconfig['frag3_memcap'] = $a_nat[$id]['frag3_memcap']; $pconfig['frag3_timeout'] = $a_nat[$id]['frag3_timeout']; /* If not using the Snort VRT rules, then disable */ /* the Sensitive Data (sdf) preprocessor. */ if ($vrt_enabled == "off") $pconfig['sensitive_data'] = "off"; /************************************************************/ /* To keep new users from shooting themselves in the foot */ /* enable the most common required preprocessors by default */ /* and set reasonable values for any options. */ /************************************************************/ if (empty($pconfig['max_attribute_hosts'])) $pconfig['max_attribute_hosts'] = '10000'; if (empty($pconfig['max_attribute_services_per_host'])) $pconfig['max_attribute_services_per_host'] = '10'; if (empty($pconfig['max_paf'])) $pconfig['max_paf'] = '16000'; if (empty($pconfig['ftp_preprocessor'])) $pconfig['ftp_preprocessor'] = 'on'; if (empty($pconfig['smtp_preprocessor'])) $pconfig['smtp_preprocessor'] = 'on'; if (empty($pconfig['dce_rpc_2'])) $pconfig['dce_rpc_2'] = 'on'; if (empty($pconfig['dns_preprocessor'])) $pconfig['dns_preprocessor'] = 'on'; if (empty($pconfig['ssl_preproc'])) $pconfig['ssl_preproc'] = 'on'; if (empty($pconfig['pop_preproc'])) $pconfig['pop_preproc'] = 'on'; if (empty($pconfig['imap_preproc'])) $pconfig['imap_preproc'] = 'on'; if (empty($pconfig['sip_preproc'])) $pconfig['sip_preproc'] = 'on'; if (empty($pconfig['other_preprocs'])) $pconfig['other_preprocs'] = 'on'; if (empty($pconfig['http_inspect_memcap'])) $pconfig['http_inspect_memcap'] = "150994944"; if (empty($pconfig['frag3_overlap_limit'])) $pconfig['frag3_overlap_limit'] = '0'; if (empty($pconfig['frag3_min_frag_len'])) $pconfig['frag3_min_frag_len'] = '0'; if (empty($pconfig['frag3_max_frags'])) $pconfig['frag3_max_frags'] = '8192'; if (empty($pconfig['frag3_policy'])) $pconfig['frag3_policy'] = 'bsd'; if (empty($pconfig['frag3_memcap'])) $pconfig['frag3_memcap'] = '4194304'; if (empty($pconfig['frag3_timeout'])) $pconfig['frag3_timeout'] = '60'; if (empty($pconfig['frag3_detection'])) $pconfig['frag3_detection'] = 'on'; if (empty($pconfig['stream5_reassembly'])) $pconfig['stream5_reassembly'] = 'on'; if (empty($pconfig['stream5_track_tcp'])) $pconfig['stream5_track_tcp'] = 'on'; if (empty($pconfig['stream5_track_udp'])) $pconfig['stream5_track_udp'] = 'on'; if (empty($pconfig['stream5_track_icmp'])) $pconfig['stream5_track_icmp'] = 'off'; if (empty($pconfig['stream5_require_3whs'])) $pconfig['stream5_require_3whs'] = 'off'; if (empty($pconfig['stream5_overlap_limit'])) $pconfig['stream5_overlap_limit'] = '0'; if (empty($pconfig['stream5_tcp_timeout'])) $pconfig['stream5_tcp_timeout'] = '30'; if (empty($pconfig['stream5_udp_timeout'])) $pconfig['stream5_udp_timeout'] = '30'; if (empty($pconfig['stream5_icmp_timeout'])) $pconfig['stream5_icmp_timeout'] = '30'; if (empty($pconfig['stream5_no_reassemble_async'])) $pconfig['stream5_no_reassemble_async'] = 'off'; if (empty($pconfig['stream5_dont_store_lg_pkts'])) $pconfig['stream5_dont_store_lg_pkts'] = 'off'; if (empty($pconfig['stream5_policy'])) $pconfig['stream5_policy'] = 'bsd'; if (empty($pconfig['pscan_protocol'])) $pconfig['pscan_protocol'] = 'all'; if (empty($pconfig['pscan_type'])) $pconfig['pscan_type'] = 'all'; if (empty($pconfig['pscan_memcap'])) $pconfig['pscan_memcap'] = '10000000'; if (empty($pconfig['pscan_sense_level'])) $pconfig['pscan_sense_level'] = 'medium'; } /* Define the "disabled_preproc_rules.log" file for this interface */ $iface = snort_get_friendly_interface($pconfig['interface']); $disabled_rules_log = "{$snortlogdir}/{$iface}_disabled_preproc_rules.log"; if ($_POST['ResetAll']) { /* Reset all the preprocessor settings to defaults */ $pconfig['perform_stat'] = "off"; $pconfig['host_attribute_table'] = "off"; $pconfig['max_attribute_hosts'] = '10000'; $pconfig['max_attribute_services_per_host'] = '10'; $pconfig['max_paf'] = '16000'; $pconfig['server_flow_depth'] = "300"; $pconfig['http_server_profile'] = "all"; $pconfig['client_flow_depth'] = "300"; $pconfig['stream5_reassembly'] = "on"; $pconfig['stream5_require_3whs'] = "off"; $pconfig['stream5_track_tcp'] = "on"; $pconfig['stream5_track_udp'] = "on"; $pconfig['stream5_track_icmp'] = "off"; $pconfig['max_queued_bytes'] = "1048576"; $pconfig['max_queued_segs'] = "2621"; $pconfig['stream5_overlap_limit'] = "0"; $pconfig['stream5_policy'] = "bsd"; $pconfig['stream5_mem_cap'] = "8388608"; $pconfig['stream5_tcp_timeout'] = "30"; $pconfig['stream5_udp_timeout'] = "30"; $pconfig['stream5_icmp_timeout'] = "30"; $pconfig['stream5_no_reassemble_async'] = "off"; $pconfig['stream5_dont_store_lg_pkts'] = "off"; $pconfig['http_inspect'] = "on"; $pconfig['http_inspect_enable_xff'] = "off"; $pconfig['http_inspect_log_uri'] = "off"; $pconfig['http_inspect_log_hostname'] = "off"; $pconfig['noalert_http_inspect'] = "on"; $pconfig['http_inspect_memcap'] = "150994944"; $pconfig['other_preprocs'] = "on"; $pconfig['ftp_preprocessor'] = "on"; $pconfig['smtp_preprocessor'] = "on"; $pconfig['sf_portscan'] = "off"; $pconfig['pscan_protocol'] = "all"; $pconfig['pscan_type'] = "all"; $pconfig['pscan_sense_level'] = "medium"; $pconfig['pscan_ignore_scanners'] = ""; $pconfig['pscan_memcap'] = '10000000'; $pconfig['dce_rpc_2'] = "on"; $pconfig['dns_preprocessor'] = "on"; $pconfig['sensitive_data'] = "off"; $pconfig['ssl_preproc'] = "on"; $pconfig['pop_preproc'] = "on"; $pconfig['imap_preproc'] = "on"; $pconfig['sip_preproc'] = "on"; $pconfig['dnp3_preproc'] = "off"; $pconfig['modbus_preproc'] = "off"; $pconfig['gtp_preproc'] = "off"; $pconfig['preproc_auto_rule_disable'] = "off"; $pconfig['protect_preproc_rules'] = "off"; $pconfig['frag3_detection'] = "on"; $pconfig['frag3_overlap_limit'] = "0"; $pconfig['frag3_min_frag_len'] = "0"; $pconfig['frag3_policy'] = "bsd"; $pconfig['frag3_max_frags'] = "8192"; $pconfig['frag3_memcap'] = "4194304"; $pconfig['frag3_timeout'] = "60"; /* Log a message at the top of the page to inform the user */ $savemsg = "All preprocessor settings have been reset to the defaults."; } elseif ($_POST['Submit']) { $natent = array(); $natent = $pconfig; if ($_POST['pscan_ignore_scanners'] && !is_alias($_POST['pscan_ignore_scanners'])) $input_errors[] = "Only aliases are allowed for the Portscan IGNORE_SCANNERS option."; /* if no errors write to conf */ if (!$input_errors) { /* post new options */ if ($_POST['max_attribute_hosts'] != "") { $natent['max_attribute_hosts'] = $_POST['max_attribute_hosts']; }else{ $natent['max_attribute_hosts'] = "10000"; } if ($_POST['max_attribute_services_per_host'] != "") { $natent['max_attribute_services_per_host'] = $_POST['max_attribute_services_per_host']; }else{ $natent['max_attribute_services_per_host'] = "10"; } if ($_POST['max_paf'] != "") { $natent['max_paf'] = $_POST['max_paf']; }else{ $natent['max_paf'] = "16000"; } if ($_POST['server_flow_depth'] != "") { $natent['server_flow_depth'] = $_POST['server_flow_depth']; }else{ $natent['server_flow_depth'] = "300"; } if ($_POST['http_server_profile'] != "") { $natent['http_server_profile'] = $_POST['http_server_profile']; }else{ $natent['http_server_profile'] = "all"; } if ($_POST['client_flow_depth'] != "") { $natent['client_flow_depth'] = $_POST['client_flow_depth']; }else{ $natent['client_flow_depth'] = "300"; } if ($_POST['http_inspect_memcap'] != "") { $natent['http_inspect_memcap'] = $_POST['http_inspect_memcap']; }else{ $natent['http_inspect_memcap'] = "150994944"; } if ($_POST['stream5_overlap_limit'] != "") { $natent['stream5_overlap_limit'] = $_POST['stream5_overlap_limit']; }else{ $natent['stream5_overlap_limit'] = "0"; } if ($_POST['stream5_policy'] != "") { $natent['stream5_policy'] = $_POST['stream5_policy']; }else{ $natent['stream5_policy'] = "bsd"; } if ($_POST['stream5_mem_cap'] != "") { $natent['stream5_mem_cap'] = $_POST['stream5_mem_cap']; }else{ $natent['stream5_mem_cap'] = "8388608"; } if ($_POST['stream5_tcp_timeout'] != "") { $natent['stream5_tcp_timeout'] = $_POST['stream5_tcp_timeout']; }else{ $natent['stream5_tcp_timeout'] = "30"; } if ($_POST['stream5_udp_timeout'] != "") { $natent['stream5_udp_timeout'] = $_POST['stream5_udp_timeout']; }else{ $natent['stream5_udp_timeout'] = "30"; } if ($_POST['stream5_icmp_timeout'] != "") { $natent['stream5_icmp_timeout'] = $_POST['stream5_icmp_timeout']; }else{ $natent['stream5_icmp_timeout'] = "30"; } if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = "1048576"; } if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = "2621"; } if ($_POST['pscan_protocol'] != "") { $natent['pscan_protocol'] = $_POST['pscan_protocol']; }else{ $natent['pscan_protocol'] = "all"; } if ($_POST['pscan_type'] != "") { $natent['pscan_type'] = $_POST['pscan_type']; }else{ $natent['pscan_type'] = "all"; } if ($_POST['pscan_memcap'] != "") { $natent['pscan_memcap'] = $_POST['pscan_memcap']; }else{ $natent['pscan_memcap'] = "10000000"; } if ($_POST['pscan_sense_level'] != "") { $natent['pscan_sense_level'] = $_POST['pscan_sense_level']; }else{ $natent['pscan_sense_level'] = "medium"; } if ($_POST['frag3_overlap_limit'] != "") { $natent['frag3_overlap_limit'] = $_POST['frag3_overlap_limit']; }else{ $natent['frag3_overlap_limit'] = "0"; } if ($_POST['frag3_min_frag_len'] != "") { $natent['frag3_min_frag_len'] = $_POST['frag3_min_frag_len']; }else{ $natent['frag3_min_frag_len'] = "0"; } if ($_POST['frag3_policy'] != "") { $natent['frag3_policy'] = $_POST['frag3_policy']; }else{ $natent['frag3_policy'] = "bsd"; } if ($_POST['frag3_max_frags'] != "") { $natent['frag3_max_frags'] = $_POST['frag3_max_frags']; }else{ $natent['frag3_max_frags'] = "8192"; } if ($_POST['frag3_memcap'] != "") { $natent['frag3_memcap'] = $_POST['frag3_memcap']; }else{ $natent['frag3_memcap'] = "4194304"; } if ($_POST['frag3_timeout'] != "") { $natent['frag3_timeout'] = $_POST['frag3_timeout']; }else{ $natent['frag3_timeout'] = "60"; } if ($_POST['pscan_ignore_scanners']) $natent['pscan_ignore_scanners'] = $_POST['pscan_ignore_scanners']; else unset($natent['pscan_ignore_scanners']); $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off'; $natent['host_attribute_table'] = $_POST['host_attribute_table'] ? 'on' : 'off'; $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off'; $natent['http_inspect_enable_xff'] = $_POST['http_inspect_enable_xff'] ? 'on' : 'off'; $natent['http_inspect_log_uri'] = $_POST['http_inspect_log_uri'] ? 'on' : 'off'; $natent['http_inspect_log_hostname'] = $_POST['http_inspect_log_hostname'] ? 'on' : 'off'; $natent['noalert_http_inspect'] = $_POST['noalert_http_inspect'] ? 'on' : 'off'; $natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off'; $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off'; $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off'; $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off'; $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off'; $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off'; $natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off'; $natent['ssl_preproc'] = $_POST['ssl_preproc'] ? 'on' : 'off'; $natent['pop_preproc'] = $_POST['pop_preproc'] ? 'on' : 'off'; $natent['imap_preproc'] = $_POST['imap_preproc'] ? 'on' : 'off'; $natent['dnp3_preproc'] = $_POST['dnp3_preproc'] ? 'on' : 'off'; $natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off'; $natent['sip_preproc'] = $_POST['sip_preproc'] ? 'on' : 'off'; $natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off'; $natent['gtp_preproc'] = $_POST['gtp_preproc'] ? 'on' : 'off'; $natent['preproc_auto_rule_disable'] = $_POST['preproc_auto_rule_disable'] ? 'on' : 'off'; $natent['protect_preproc_rules'] = $_POST['protect_preproc_rules'] ? 'on' : 'off'; $natent['frag3_detection'] = $_POST['frag3_detection'] ? 'on' : 'off'; $natent['stream5_reassembly'] = $_POST['stream5_reassembly'] ? 'on' : 'off'; $natent['stream5_track_tcp'] = $_POST['stream5_track_tcp'] ? 'on' : 'off'; $natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off'; $natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off'; $natent['stream5_require_3whs'] = $_POST['stream5_require_3whs'] ? 'on' : 'off'; $natent['stream5_no_reassemble_async'] = $_POST['stream5_no_reassemble_async'] ? 'on' : 'off'; $natent['stream5_dont_store_lg_pkts'] = $_POST['stream5_dont_store_lg_pkts'] ? 'on' : 'off'; /* If 'preproc_auto_rule_disable' is off, then clear log file */ if ($natent['preproc_auto_rule_disable'] == 'off') @unlink("{$disabled_rules_log}"); if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; else { if (is_numeric($after)) array_splice($a_nat, $after+1, 0, array($natent)); else $a_nat[] = $natent; } write_config(); /* Set flag to rebuild rules for this interface */ $rebuild_rules = true; /*************************************************/ /* Update the snort.conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ snort_generate_conf($natent); $rebuild_rules = false; /*******************************************************/ /* Signal Snort to reload Host Attribute Table if one */ /* is configured and saved. */ /*******************************************************/ if ($natent['host_attribute_table'] == "on" && !empty($natent['host_attribute_data'])) snort_reload_config($natent, "SIGURG"); /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: snort_preprocessors.php?id=$id"); exit; } } elseif ($_POST['btn_import']) { if (is_uploaded_file($_FILES['host_attribute_file']['tmp_name'])) { $data = file_get_contents($_FILES['host_attribute_file']['tmp_name']); if ($data === false) $input_errors[] = gettext("Error uploading file {$_FILES['host_attribute_file']}!"); else { if (isset($id) && $a_nat[$id]) { $a_nat[$id]['host_attribute_table'] = "on"; $a_nat[$id]['host_attribute_data'] = base64_encode($data); $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data']; $a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts']; $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; write_config(); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: snort_preprocessors.php?id=$id"); exit; } } else $input_errors[] = gettext("No filename specified for import!"); } elseif ($_POST['btn_edit_hat']) { if (isset($id) && $a_nat[$id]) { $a_nat[$id]['host_attribute_table'] = "on"; $a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts']; $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; write_config(); header("Location: snort_edit_hat_data.php?id=$id"); exit; } } /* If Host Attribute Table option is enabled, but */ /* no Host Attribute data exists, flag an error. */ if ($pconfig['host_attribute_table'] == 'on' && empty($pconfig['host_attribute_data'])) $input_errors[] = gettext("The Host Attribute Table option is enabled, but no Host Attribute data has been loaded. Data may be entered manually or imported from a suitable file."); $if_friendly = snort_get_friendly_interface($pconfig['interface']); $pgtitle = "Snort: Interface {$if_friendly}: Preprocessors and Flow"; include_once("head.inc"); ?> ' . $pgtitle . '

';} /* Display Alert message */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { print_info_box($savemsg); } ?>
'; echo '
'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); $tab_array = array(); $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Preprocessors"), true, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?>
>
'on') echo "disabled"; ?>>
 

" . gettext("Hint: ") . "" . gettext("Most users should leave this unchecked."); ?>
> ' . gettext("Not Checked"); ?>.
0): ?>
 
     
> .

"on") echo "disabled"; ?>>   "on") echo "disabled"; ?>>




" class="formbtn" "on") echo "disabled"; ?>>  
" . gettext("Warning: ") . "" . gettext("No Host Attribute Data loaded - import from a file or enter it manually."); } ?>
"on") echo "disabled"; ?>>   " . gettext("32") . "" . gettext(" and Max is ") . "" . gettext("524288") . ""; ?>.
" . gettext("10000") . ""; ?>.
"on") echo "disabled"; ?>>   " . gettext("1") . "" . gettext(" and Max is ") . "" . gettext("65535") . ""; ?>.
" . gettext("10") . ". " . gettext("A value of 0 disables Protocol Aware Flushing."); ?>.
   " . gettext("0") . "" . gettext(" (off) and Max is ") . "" . gettext("63780") . ""; ?>.
" . gettext("16000") . ". " . gettext("A value of 0 disables Protocol Aware Flushing."); ?>.
> .
> .
> .
> .
   " . gettext("2304") . "" . gettext(" and Max is ") . "" . gettext("603979776") . "" . gettext(" (576 MB)"); ?>.
" . gettext("150,994,944") . "" . gettext(" (144 MB)."); ?> .
  -1 " . "to 65535 (-1 disables HTTP " . "inspect, 0 enables all HTTP inspect)"); ?>

300"); ?>
  " . gettext("All") . ""; ?>
-1 " . "to 1460 (-1 disables HTTP " . "inspect, 0 enables all HTTP inspect)"); ?>

300"); ?>
onClick="enable_change(false);"> .
onClick="enable_change(false)"> " . gettext("Checked") . ""; ?>.
.
" . gettext("4MB") . ""; ?>.
8192."; ?>
0" . gettext(" (unlimited), values greater than zero set the overlapped fragments per packet limit."); ?>
0" . gettext(" (unlimited)."); ?>
0" . gettext(" (check is disabled). Fragments smaller than or equal to this limit are considered malicious."); ?>
0" . gettext(" (check is disabled)."); ?>
" . gettext("60 ") . "" . gettext("seconds."); ?>
  " . gettext("BSD") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
> " . gettext("Checked") . "."; ?>
> " . gettext("Checked") . "."; ?>
> " . gettext("Not Checked") . "."; ?>
> " . gettext("Not Checked") . ""; ?>.
> " . gettext("Not Checked") . ""; ?>.
> " . gettext("Not Checked") . ""; ?>.
" . gettext("Warning: ") . "" . gettext("Enabling this option could result in missed packets. Recommended setting is not checked."); ?>
1024, Maximum is 1073741824 " . "( default value is 1048576, 0 " . "means Maximum )"); ?>.
1048576"); ?>.
2, Maximum is 1073741824 " . "( default value is 2621, 0 means " . "Maximum )"); ?>.
2621"); ?>.
32768, Maximum is 1073741824 " . "( default value is 8388608) "); ?>.
8388608 (8 MB)"); ?>.
0" . gettext(" (unlimited), and the maximum is ") . "255."; ?>
0" . gettext(" (unlimited)."); ?>
1" . gettext(" and the maximum is ") . "86400" . gettext(" (approximately 1 day)"); ?>.
30" . gettext(" seconds."); ?>
1" . gettext(" and the maximum is ") . "86400" . gettext(" (approximately 1 day)"); ?>.
30" . gettext(" seconds."); ?>
1" . gettext(" and the maximum is ") . "86400" . gettext(" (approximately 1 day)"); ?>.
30" . gettext(" seconds."); ?>
  " . gettext("BSD") . ""; ?>.
> " . gettext("Not Checked") . ""; ?>.
  " . gettext("all") . "."; ?>
  " . gettext("all") . "."; ?>
one scan; one host scans multiple ports on another host."); ?>
many scan; one host scans a single port on multiple hosts."); ?>
one scan; attacker has spoofed source address inter-mixed with real scanning address."); ?>
one scan; multiple hosts query one host for open services."); ?>
  " . gettext("Medium") . "."; ?>
" . gettext("10000000") . "" . gettext(" (10 MB)"); ?>.
10,000,000" . gettext(" bytes. (10 MB)"); ?>
  " . gettext("\$HOME_NET") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
>
> " . gettext("Checked") . ""; ?>.
> " . gettext("Checked") . ""; ?>.
>
> " . "" . gettext("Note: ") . "" . gettext("If your network does not contain Modbus-enabled devices, you can leave this preprocessor disabled."); ?>
> " . "" . gettext("Note: ") . "" . gettext("If your network does not contain DNP3-enabled devices, you can leave this preprocessor disabled."); ?>
  ">      >