. * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); global $g; if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); } $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; } $pconfig = array(); if (isset($id) && $a_nat[$id]) { $pconfig = $a_nat[$id]; /* new options */ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; $pconfig['flow_depth'] = $a_nat[$id]['flow_depth']; $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; $pconfig['http_inspect'] = $a_nat[$id]['http_inspect']; $pconfig['other_preprocs'] = $a_nat[$id]['other_preprocs']; $pconfig['ftp_preprocessor'] = $a_nat[$id]['ftp_preprocessor']; $pconfig['smtp_preprocessor'] = $a_nat[$id]['smtp_preprocessor']; $pconfig['sf_portscan'] = $a_nat[$id]['sf_portscan']; $pconfig['dce_rpc_2'] = $a_nat[$id]['dce_rpc_2']; $pconfig['dns_preprocessor'] = $a_nat[$id]['dns_preprocessor']; $pconfig['sensitive_data'] = $a_nat[$id]['sensitive_data']; $pconfig['ssl_preproc'] = $a_nat[$id]['ssl_preproc']; $pconfig['pop_preproc'] = $a_nat[$id]['pop_preproc']; $pconfig['imap_preproc'] = $a_nat[$id]['imap_preproc']; } if ($_POST) { $natent = array(); $natent = $pconfig; /* if no errors write to conf */ if (!$input_errors) { /* post new options */ if ($_POST['flow_depth'] != "") { $natent['flow_depth'] = $_POST['flow_depth']; }else{ $natent['flow_depth'] = ""; } if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; } if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; } $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off'; $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off'; $natent['other_preprocs'] = $_POST['other_preprocs'] ? 'on' : 'off'; $natent['ftp_preprocessor'] = $_POST['ftp_preprocessor'] ? 'on' : 'off'; $natent['smtp_preprocessor'] = $_POST['smtp_preprocessor'] ? 'on' : 'off'; $natent['sf_portscan'] = $_POST['sf_portscan'] ? 'on' : 'off'; $natent['dce_rpc_2'] = $_POST['dce_rpc_2'] ? 'on' : 'off'; $natent['dns_preprocessor'] = $_POST['dns_preprocessor'] ? 'on' : 'off'; $natent['sensitive_data'] = $_POST['sensitive_data'] ? 'on' : 'off'; $natent['ssl_preproc'] = $_POST['ssl_preproc'] ? 'on' : 'off'; $natent['pop_preproc'] = $_POST['pop_preproc'] ? 'on' : 'off'; $natent['imap_preproc'] = $_POST['imap_preproc'] ? 'on' : 'off'; if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; else { if (is_numeric($after)) array_splice($a_nat, $after+1, 0, array($natent)); else $a_nat[] = $natent; } write_config(); $if_real = snort_get_real_interface($pconfig['interface']); sync_snort_package_config(); /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: snort_preprocessors.php?id=$id"); exit; } } $if_friendly = snort_get_friendly_interface($pconfig['interface']); $pgtitle = "Snort: Interface {$if_real} Preprocessors and Flow"; include_once("head.inc"); ?> ' . $pgtitle . '

';} /* Display Alert message */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { print_info_box($savemsg); } ?>
  Note:
Rules may be dependent on preprocessors!
Defaults will be used when there is no user input.
Performance Statistics
Enable onClick="enable_change(false)"> Performance Statistics for this interface.
HTTP Inspect Settings
Enable onClick="enable_change(false)"> Use HTTP Inspect to Normalize/Decode and detect HTTP traffic and protocol anomalies.
HTTP server flow depth
-1 to 1460 (-1 disables HTTP inspect, 0 enables all HTTP inspect)
Amount of HTTP server response payload to inspect. Snort's performance may increase by adjusting this value.
Setting this value too low may cause false negatives. Values above 0 are specified in bytes. Default value is 0
Stream5 Settings
Max Queued Bytes
Minimum is 1024, Maximum is 1073741824 ( default value is 1048576, 0 means Maximum )
The number of bytes to be queued for reassembly for TCP sessions in memory. Default value is 1048576
Max Queued Segs
Minimum is 2, Maximum is 1073741824 ( default value is 2621, 0 means Maximum )
The number of segments to be queued for reassembly for TCP sessions in memory. Default value is 2621
General Preprocessor Settings
Enable
RPC Decode and Back Orifice detector
onClick="enable_change(false)">
Normalize/Decode RPC traffic and detects Back Orifice traffic on the network.
Enable
FTP and Telnet Normalizer
onClick="enable_change(false)">
Normalize/Decode FTP and Telnet traffic and protocol anomalies.
Enable
SMTP Normalizer
onClick="enable_change(false)">
Normalize/Decode POP protocol for enforcement and buffer overflows.
Enable
SMTP Normalizer
onClick="enable_change(false)">
Normalize/Decode IMAP protocol for enforcement and buffer overflows.
Enable
SMTP Normalizer
onClick="enable_change(false)">
Normalize/Decode SMTP protocol for enforcement and buffer overflows.
Enable
Portscan Detection
onClick="enable_change(false)">
Detects various types of portscans and portsweeps.
Enable
DCE/RPC2 Detection
onClick="enable_change(false)">
The DCE/RPC preprocessor detects and decodes SMB and DCE/RPC traffic.
Enable
DNS Detection
onClick="enable_change(false)">
The DNS preprocessor decodes DNS Response traffic and detects some vulnerabilities.
Enable
SSL Data
onClick="enable_change(false)">
SSL data searches for irregularities during SSL protocol exchange
Enable
Sensitive Data
onClick="enable_change(false)">
Sensisitive data searches for CC or SS# in data
 
  Note:
Please save your settings before you click Start.