Merge pull request #153 from bmeeks8/pfSense-pkg-snort-3.2.9.1_14

security/pfSense-pkg-snort/Makefile

@@ -2,7 +2,7 @@
 
 PORTNAME=	pfSense-pkg-snort
 PORTVERSION=	3.2.9.1
-PORTREVISION=	13
+PORTREVISION=	14
 CATEGORIES=	security
 MASTER_SITES=	# empty
 DISTFILES=	# empty

security/pfSense-pkg-snort/files/usr/local/pkg/snort/snort_check_for_rule_updates.php

@@ -192,8 +192,7 @@ function snort_download_file_url($url, $file_out) {
 		curl_setopt($ch, CURLOPT_HEADER, false);
 		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
 		curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "TLSv1.2, TLSv1");
-		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
-		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $config['installedpackages']['snortglobal']['curl_no_verify_ssl_peer'] == "on" ? false : true);
 		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
 		curl_setopt($ch, CURLOPT_TIMEOUT, 0);
 

security/pfSense-pkg-snort/files/usr/local/pkg/snort/snort_defs.inc

@@ -50,7 +50,7 @@ if (!defined("SNORT_BIN_VERSION")) {
 	if (!empty($snortver))
 		define("SNORT_BIN_VERSION", $snortver);
 	else
-		define("SNORT_BIN_VERSION", "2.9.8.0");
+		define("SNORT_BIN_VERSION", "2.9.8.3");
 }
 if (!defined("SNORT_SID_MODS_PATH"))
 	define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/");

security/pfSense-pkg-snort/files/usr/local/www/snort/snort_alerts.php

@@ -662,15 +662,15 @@ function snort_match_filter_field($flent, $fields) {
 		<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
 			<thead>
 			   <tr class="sortableHeaderRowIdentifier text-nowrap">
-				<th data-sortable-type="date"><?=gettext("Date  "); ?></th>
-				<th data-sortable-type="numeric"><?=gettext("Pri   "); ?></th>
-				<th><?=gettext("Proto "); ?></th>
-				<th><?=gettext("Class "); ?></th>
+				<th data-sortable-type="date"><?=gettext("Date"); ?></th>
+				<th data-sortable-type="numeric"><?=gettext("Pri"); ?></th>
+				<th><?=gettext("Proto"); ?></th>
+				<th><?=gettext("Class"); ?></th>
 				<th><?=gettext("Source IP"); ?></th>
-				<th data-sortable-type="numeric"><?=gettext("SPort "); ?></th>
+				<th data-sortable-type="numeric"><?=gettext("SPort"); ?></th>
 				<th><?=gettext("Destination IP"); ?></th>
-				<th data-sortable-type="numeric"><?=gettext("DPort "); ?></th>
-				<th data-sortable-type="numeric"><?=gettext("SID   "); ?></th>
+				<th data-sortable-type="numeric"><?=gettext("DPort"); ?></th>
+				<th data-sortable-type="numeric"><?=gettext("SID"); ?></th>
 				<th data-sortable-type="alpha"><?=gettext("Description"); ?></th>
 			   </tr>
 			</thead>
@@ -698,6 +698,9 @@ function snort_match_filter_field($flent, $fields) {
 			$alert_time = substr($fields[0], strpos($fields[0], '-')+1, -8);
 			/* Date */
 			$alert_date = substr($fields[0], 0, strpos($fields[0], '-'));
+			if (($event_date = strtotime($alert_date)) !== false) {
+				$alert_date = date('Y-m-d', $event_date);
+			}
 			/* Description */
 			$alert_descr = $fields[4];
 			$alert_descr_url = urlencode($fields[4]);
@@ -781,18 +784,20 @@ function snort_match_filter_field($flent, $fields) {
 			$alert_class = $fields[11];
 
 			/* Write out a table row */
-			echo "<tr class=\"text-nowrap\">
-				<td>{$alert_date}<br/>{$alert_time}</td>
-				<td>{$alert_priority}</td>
-				<td style=\"word-wrap:break-word; white-space:normal\">{$alert_proto}</td>
-				<td style=\"word-wrap:break-word; white-space:normal\">{$alert_class}</td>
-				<td style=\"word-wrap:break-word; white-space:normal\">{$alert_ip_src}</td>
-				<td>{$alert_src_p}</td>
-				<td style=\"word-wrap:break-word; white-space:normal\">{$alert_ip_dst}</td>
-				<td>{$alert_dst_p}</td>
-				<td>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
-				<td style=\"word-wrap:break-word; white-space:normal\">{$alert_descr}</td>
-				</tr>\n";
+?>
+			<tr class="text-nowrap">
+				<td><?=$alert_date; ?><br/><?=$alert_time; ?></td>
+				<td><?=$alert_priority; ?></td>
+				<td><?=$alert_proto; ?></td>
+				<td style="word-wrap:break-word; white-space:normal"><?=$alert_class; ?></td>
+				<td style="word-wrap:break-word; white-space:normal"><?=$alert_ip_src; ?></td>
+				<td><?=$alert_src_p; ?></td>
+				<td style="word-wrap:break-word; white-space:normal"><?=$alert_ip_dst;?></td>
+				<td><?=$alert_dst_p; ?></td>
+				<td><?=$alert_sid_str; ?><br/><?=$sidsupplink; ?>&nbsp;&nbsp;<?=$sid_dsbl_link; ?></td>
+				<td style="word-wrap:break-word; white-space:normal"><?=$alert_descr; ?></td>
+			</tr>
+<?php
 			$counter++;
 		}
 		fclose($fd);

security/pfSense-pkg-snort/files/usr/local/www/snort/snort_blocked.php

@@ -291,16 +291,26 @@
 						while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
 							if(count($fields) < 13)
 								continue;
+
+							$alert_time = substr($fields[0], strpos($fields[0], '-')+1, -8);
+							$alert_date = substr($fields[0], 0, strpos($fields[0], '-'));
+
+							if (($event_timestamp = strtotime($alert_date . ' ' . $alert_time)) === false) {
+								$event_time = substr($fields[0], 0, -8);
+							}
+							else {
+								$event_time = date('Y-m-d H:i:s', $event_timestamp);
+							}
 
 							if (isset($tmpblocked[$fields[6]])) {
 								if (!is_array($src_ip_list[$fields[6]]))
 									$src_ip_list[$fields[6]] = array();
-								$src_ip_list[$fields[6]][$fields[4]] = "{$fields[4]} - " . substr($fields[0], 0, -8);
+								$src_ip_list[$fields[6]][$fields[4]] = "{$fields[4]} -- " . $event_time;
 							}
 							if (isset($tmpblocked[$fields[8]])) {
 								if (!is_array($src_ip_list[$fields[8]]))
 									$src_ip_list[$fields[8]] = array();
-								$src_ip_list[$fields[8]][$fields[4]] = "{$fields[4]} - " . substr($fields[0], 0, -8);
+								$src_ip_list[$fields[8]][$fields[4]] = "{$fields[4]} -- " . $event_time;
 							}
 						}
 						fclose($fd);

security/pfSense-pkg-snort/files/usr/local/www/snort/snort_interfaces_global.php

@@ -62,13 +62,16 @@
 	$pconfig['verbose_logging'] = $config['installedpackages']['snortglobal']['verbose_logging'] == "on" ? 'on' : 'off';
 	$pconfig['openappid_detectors'] = $config['installedpackages']['snortglobal']['openappid_detectors'] == "on" ? 'on' : 'off';
 	$pconfig['hide_deprecated_rules'] = $config['installedpackages']['snortglobal']['hide_deprecated_rules'] == "on" ? 'on' : 'off';
+	$pconfig['curl_no_verify_ssl_peer'] = $config['installedpackages']['snortglobal']['curl_no_verify_ssl_peer'] == "on" ? 'on' : 'off';
 }
 
 /* Set sensible values for any empty default params */
 if (!isset($pconfig['rule_update_starttime']))
 	$pconfig['rule_update_starttime'] = '00:05';
 if (!isset($config['installedpackages']['snortglobal']['forcekeepsettings']))
 	$pconfig['forcekeepsettings'] = 'on';
+if (!isset($config['installedpackages']['snortglobal']['curl_no_verify_ssl_peer']))
+	$pconfig['curl_no_verify_ssl_peer'] = 'off';
 
 /* Grab OpenAppID version info if enabled and downloaded */
 if ($pconfig['openappid_detectors'] == "on") {
@@ -103,6 +106,7 @@
 		$config['installedpackages']['snortglobal']['verbose_logging'] = $_POST['verbose_logging'] ? 'on' : 'off';
 		$config['installedpackages']['snortglobal']['openappid_detectors'] = $_POST['openappid_detectors'] ? 'on' : 'off';
 		$config['installedpackages']['snortglobal']['hide_deprecated_rules'] = $_POST['hide_deprecated_rules'] ? 'on' : 'off';
+		$config['installedpackages']['snortglobal']['curl_no_verify_ssl_peer'] = $_POST['curl_no_verify_ssl_peer'] ? 'on' : 'off';
 
 		// If any rule sets are being turned off, then remove them
 		// from the active rules section of each interface.  Start
@@ -312,6 +316,14 @@
 	$pconfig['hide_deprecated_rules'] == 'on' ? true:false,
 	'on'
 ));
+$section->addInput(new Form_Checkbox(
+	'curl_no_verify_ssl_peer',
+	'Disable SSL Peer Verification',
+	'Click to disable verification of SSL peers during rules updates.  This is commonly needed only for self-signed certificates.  ' . 
+	'Default is not checked.',
+	$pconfig['curl_no_verify_ssl_peer'] == 'on' ? true:false,
+	'on'
+));
 
 $form->add($section);
 

security/pfSense-pkg-snort/files/usr/local/www/snort/snort_interfaces_suppress_edit.php

@@ -10,7 +10,7 @@
  *
  * modified for the pfsense snort package
  * Copyright (C) 2009-2010 Robert Zelaya.
- * Copyright (C) 2015 Bill Meeks
+ * Copyright (C) 2016 Bill Meeks
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -191,7 +191,7 @@ function is_validwhitelistname($name) {
 	'suppresspassthru',
 	'Suppression Rules',
 	$pconfig['suppresspassthru']
-))->setHelp($content_help)->setAttribute('rows', 16);
+))->setHelp($content_help)->setAttribute('rows', 16)->setAttribute('wrap', 'off');
 $form->add($section);
 
 $section = new Form_Section('');

security/pfSense-pkg-snort/files/usr/local/www/snort/snort_preprocessors.php

@@ -1270,7 +1270,7 @@
 		'pscan_protocol',
 		'Protocol',
 		$pconfig['pscan_protocol'],
-		array( 'all' => 'all', 'tcp' => 'tcp', 'icmp' => 'icmp', 'ip' => 'ip' )
+		array( 'all' => 'all', 'tcp' => 'tcp', 'udp' => 'udp', 'icmp' => 'icmp', 'ip' => 'ip' )
 	))->setHelp('Choose the Portscan protocol type to alert for (all, tcp, udp, icmp or ip).  The default is <em>all</em>.');
 	$group = new Form_Group('Scan Type');
 	$group->add(new Form_Select(
@@ -1325,7 +1325,7 @@
 	$group = new Form_Group('Ignore Scanners');
 	$group->add($bind_to);
 	$group->add($btnaliases);
-	$group->setHelp('Ignores the specified entity as a source of scan alerts.  Entity must be either a defined alias, or a commma seperated list of addresses with optional ports as ip[/cidr][port1 port2-port3].');
+	$group->setHelp('Ignores the specified entity as a source of scan alerts.  Entity must be either a defined alias, or a comma separated list of addresses with optional ports as ip[/cidr][port1 port2-port3].');
 	$section->add($group);
 	$bind_to = new Form_Input(
 		'pscan_ignore_scanned',
@@ -1347,7 +1347,7 @@
 	$group = new Form_Group('Ignore Scanned');
 	$group->add($bind_to);
 	$group->add($btnaliases);
-	$group->setHelp('Ignores the specified entity as a destination of scan alerts.  Entity must be either a defined alias, or a commma seperated list of addresses with optional ports as ip[/cidr][port1 port2-port3].');
+	$group->setHelp('Ignores the specified entity as a destination of scan alerts.  Entity must be either a defined alias, or a comma separated list of addresses with optional ports as ip[/cidr][port1 port2-port3].');
 	$section->add($group);
 	print($section);
 	//----- END Portscan settings -----
@@ -1526,7 +1526,7 @@
 	$section->addInput(new Form_Select(
 		'sdf_alert_data_type',
 		'Inspect For',
-		$pconfig['sdf_alert_data_type'],
+		explode(',', $pconfig['sdf_alert_data_type']),
 		array( 'Credit Card' => 'Credit Card', 'Email Addresses' => 'Email Addresses', 'U.S. Phone Numbers' => 'U.S. Phone Numbers', 'U.S. Social Security Numbers' => 'U.S. Social Security Numbers' ),
 		true
 	))->setHelp('Choose which types of sensitive data to detect.  Use CTRL + Click for multiple selections.');