<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Define Ports (port variables)"); ?> </td> </tr> <?php foreach ($snort_ports as $key => $server) { if (strlen($server) > 40) { $server = substr($server, 0, 40) . "..."; } $label = strtoupper($key); $value = ""; $title = ""; if (!empty($pconfig["def_{$key}"])) { $value = htmlspecialchars($pconfig["def_{$key}"]); $title = trim(filter_expand_alias($pconfig["def_{$key}"])); } ?> <tr> <td width='30%' valign='top' class='vncell'><?php echo gettext("Define"); ?> <?php echo $label; ?> </td> <td width="70%" class="vtable"> <input name="def_<?php echo $key; ?> " type="text" size="40" autocomplete="off" class="formfldalias" id="def_<?php
</script> <script type="text/javascript" src="/javascript/suggestions.js"> </script> <script type="text/javascript"> <?php $isfirst = 0; $aliases = ""; $addrisfirst = 0; $portisfirst = 0; $aliasesaddr = ""; $aliasesport = ""; if (isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) { foreach ($config['aliases']['alias'] as $alias_name) { // Skip any Aliases that resolve to an empty string if (trim(filter_expand_alias($alias_name['name'])) == "") { continue; } if ($alias_name['type'] == "host" || $alias_name['type'] == "network") { if ($addrisfirst == 1) { $aliasesaddr .= ","; } $aliasesaddr .= "'" . $alias_name['name'] . "'"; $addrisfirst = 1; } elseif ($alias_name['type'] == "port") { if ($portisfirst == 1) { $aliasesport .= ","; } $aliasesport .= "'" . $alias_name['name'] . "'"; $portisfirst = 1; }
echo gettext("Bind-To IP Address Alias"); ?> </td> <td class="vtable"> <?php if ($pengcfg['name'] != "default") { ?> <table width="95%" border="0" cellpadding="2" cellspacing="0"> <tbody> <tr> <td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" value="<?php echo htmlspecialchars($pengcfg['bind_to']); ?> " title="<?php echo trim(filter_expand_alias($pengcfg['bind_to'])); ?> " autocomplete="off"/> <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?> </td> <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases" title="<?php echo gettext("Select an existing IP alias"); ?> "/></td> </tr> <tr> <td class="vexpl" colspan="2"><?php echo gettext("This policy will apply for packets with destination addresses contained within this IP List.");
?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"> <?php echo gettext("Assigned Aliases:"); ?> </td> <td width="78%" class="vtable"> <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?php echo htmlspecialchars($pconfig['address']); ?> " title="<?php echo trim(filter_expand_alias($pconfig['address'])); ?> "/> <input type="button" class="formbtns" value="Aliases" onclick="selectAlias();" title="<?php echo gettext("Select an existing IP alias"); ?> "/> </td> </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> <input id="save" name="save" type="submit" class="formbtn" value="Save" /> <input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" /> </td>
log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for HTTP_INSPECT server '{$v['name']}' ... skipping this server engine."); continue; } } else { log_error("[snort] WARNING: unable to resolve IP Address Alias [{$v['bind_to']}] for HTTP_INSPECT server '{$v['name']}' ... skipping this server engine."); continue; } $http_inspect_servers .= $buffer; $http_inspect_servers .= "\tprofile {$v['server_profile']} \\\n"; if ($v['no_alerts'] == "on") { $http_inspect_servers .= "\tno_alerts \\\n"; } if ($v['ports'] == "default" || empty($v['ports'])) { $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; } elseif (is_alias($v['ports'])) { $tmp = trim(filter_expand_alias($v['ports'])); if (!empty($tmp)) { $tmp = preg_replace('/\\s+/', ' ', $tmp); $tmp = snort_expand_port_range($tmp, ' '); $http_inspect_servers .= "\tports { {$tmp} } \\\n"; } else { log_error("[snort] WARNING: unable to resolve Ports Alias [{$v['ports']}] for HTTP_INSPECT server '{$v['name']}' ... using safe default instead."); $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; } } else { log_error("[snort] WARNING: unable to resolve Ports Alias [{$v['ports']}] for HTTP_INSPECT server '{$v['name']}' ... using safe default instead."); $http_inspect_servers .= "\tports { {$http_ports} } \\\n"; } $http_inspect_servers .= "\tserver_flow_depth {$v['server_flow_depth']} \\\n"; $http_inspect_servers .= "\tclient_flow_depth {$v['client_flow_depth']} \\\n"; $http_inspect_servers .= "\thttp_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \\\n";
// Remove trailing newline $host_os_policy = trim($host_os_policy); } // Add the HTTP Server-specific policies if configured, otherwise // just set default to IDS for all networks. if (!is_array($suricatacfg['libhtp_policy']['item'])) { $suricatacfg['libhtp_policy']['item'] = array(); } if (empty($suricatacfg['libhtp_policy']['item'])) { $http_hosts_default_policy = "default-config:\n personality: IDS\n request-body-limit: 4096\n response-body-limit: 4096\n"; $http_hosts_default_policy .= " double-decode-path: no\n double-decode-query: no\n uri-include-all: no\n"; } else { foreach ($suricatacfg['libhtp_policy']['item'] as $k => $v) { if ($v['bind_to'] != "all") { $engine = "server-config:\n - {$v['name']}:\n"; $tmp = trim(filter_expand_alias($v['bind_to'])); if (!empty($tmp)) { $engine .= " address: ["; $tmp = preg_replace('/\\s+/', ',', $tmp); $list = explode(',', $tmp); foreach ($list as $addr) { if (is_ipaddrv6($addr) || is_subnetv6($addr)) { $engine .= "\"{$addr}\", "; } elseif (is_ipaddrv4($addr) || is_subnetv4($addr)) { $engine .= "{$addr}, "; } else { log_error("[suricata] WARNING: invalid IP address value '{$addr}' in Alias {$v['bind_to']} will be ignored."); continue; } } $engine = trim($engine, ' ,');
</thead> <tbody> <?php $i = 0; foreach ($a_aliases as $alias) { ?> <?php if (!in_array($alias['type'], $a_types)) { continue; } if (($alias['type'] == "network" || $alias['type'] == "host") && $multi_ip != "yes" && !snort_is_single_addr_alias($alias['name'])) { $textss = "<span class=\"gray\">"; $textse = "</span>"; $disable = true; $tooltip = gettext("Aliases resolving to multiple address entries cannot be used with the destination target."); } elseif (($alias['type'] == "network" || $alias['type'] == "host") && trim(filter_expand_alias($alias['name'])) == "") { $textss = "<span class=\"gray\">"; $textse = "</span>"; $disable = true; $tooltip = gettext("Aliases representing a FQDN host cannot be used in Snort preprocessor configurations."); } else { $textss = ""; $textse = ""; $disable = ""; $selectablealias = true; $tooltip = gettext("Selected entry will be imported. Click to toggle selection."); } ?> <?php if ($disable) { ?>
$i = 0; foreach ($a_aliases as $alias) { ?> <?php if ($alias['type'] != "host" && $alias['type'] != "network") { continue; } if (isset($used[$alias['name']])) { continue; } if (!$multi_ip && !snort_is_single_addr_alias($alias['name'])) { $textss = "<span class=\"gray\">"; $textse = "</span>"; $disable = true; $tooltip = gettext("Aliases resolving to multiple addresses cannot be used with the '{$eng}'."); } elseif (trim(filter_expand_alias($alias['name'])) == "") { $textss = "<span class=\"gray\">"; $textse = "</span>"; $disable = true; $tooltip = gettext("Aliases representing a FQDN host cannot be used in Snort preprocessor configurations."); } else { $textss = ""; $textse = ""; $disable = ""; $selectablealias = true; $tooltip = gettext("Selected entries will be imported. Click to toggle selection of this entry."); } ?> <?php if ($disable) { ?>
<td class="listlr" ondblclick="document.location='snort_passlist_edit.php?id=<?php echo $i; ?> ';"> <?php echo htmlspecialchars($list['name']); ?> </td> <td class="listr" ondblclick="document.location='snort_passlist_edit.php?id=<?php echo $i; ?> ';" title="<?php echo filter_expand_alias($list['address']); ?> "> <?php echo gettext($list['address']); ?> </td> <td class="listbg" ondblclick="document.location='snort_passlist_edit.php?id=<?php echo $i; ?> ';"> <font color="#FFFFFF"> <?php echo htmlspecialchars($list['descr']); ?>