Ejemplo n.º 1
0
/* Display the configuration for the DNS preprocessor. 
 * 
 * PARAMETERS:  None.
 *
 * RETURNS: Nothing.
 */
static void PrintDNSConfig()
{
    int index;
    
    _dpd.logMsg("DNS config: \n");
#if 0
    _dpd.logMsg("    Autodetection: %s\n", 
        dns_config.autodetect ? 
        "ENABLED":"DISABLED");
#endif
    _dpd.logMsg("    DNS Client rdata txt Overflow Alert: %s\n",
        dns_config.enabled_alerts & DNS_ALERT_RDATA_OVERFLOW ?
        "ACTIVE" : "INACTIVE" );
    _dpd.logMsg("    Obsolete DNS RR Types Alert: %s\n",
        dns_config.enabled_alerts & DNS_ALERT_OBSOLETE_TYPES ?
        "ACTIVE" : "INACTIVE" );
    _dpd.logMsg("    Experimental DNS RR Types Alert: %s\n",
        dns_config.enabled_alerts & DNS_ALERT_EXPERIMENTAL_TYPES ?
        "ACTIVE" : "INACTIVE" );
    
    /* Printing ports */
    _dpd.logMsg("    Ports:"); 
    for(index = 0; index < MAX_PORTS; index++) 
    {
        if( dns_config.ports[ PORT_INDEX(index) ] & CONV_PORT(index) )
        {
            _dpd.logMsg(" %d", index);
        }
    }
    _dpd.logMsg("\n");
}
/* Display the configuration for the SSL preprocessor. 
 * 
 * PARAMETERS:  None.
 *
 * RETURNS: Nothing.
 */
static void PrintSSLConfig( const SSLConfig* ssl_config )
{
	int index;

	if (ssl_config->server_cnt > 0)
	{
		_dpd.logMsg("SSL Config:\n");
		_dpd.logMsg(" Server(s):\n");

		for(index = 0; index < ssl_config->server_cnt; index++) 
		{
			_dpd.logMsg("IP address: %s\n", inet_ntoa(ssl_config->server[index]->server_ip));
			_dpd.logMsg("      Port: %i\n", ssl_config->server[index]->port);    
			_dpd.logMsg("   Keyfile: %s\n\n", ssl_config->server[index]->server_keyfile);
		}
	}
}
Ejemplo n.º 3
0
static void PrintConfig(void)
{
    int i;
    const SMTPToken *cmd;
    char buf[8192];

    memset(&buf[0], 0, sizeof(buf));

    _dpd.logMsg("\nSMTP Config:\n");
    
    snprintf(buf, sizeof(buf) - 1, "    Ports: ");

    for (i = 0; i < 65536; i++)
    {
        if (_smtp_config.ports[i / 8] & (1 << (i % 8)))
        {
            _dpd.printfappend(buf, sizeof(buf) - 1, "%d ", i);
        }
    }

    _dpd.logMsg("%s\n", buf);

    _dpd.logMsg("    Inspection Type: %s\n",
                _smtp_config.inspection_type ? "Stateful" : "Stateless");

    snprintf(buf, sizeof(buf) - 1, "    Normalize: ");

    switch (_smtp_config.normalize)
    {
        case NORMALIZE_ALL:
            _dpd.printfappend(buf, sizeof(buf) - 1, "all");
            break;
        case NORMALIZE_NONE:
            _dpd.printfappend(buf, sizeof(buf) - 1, "none");
            break;
        case NORMALIZE_CMDS:
            if (_smtp_config.print_cmds)
            {
                for (cmd = _smtp_cmds; cmd->name != NULL; cmd++)
                {
                    if (_smtp_cmd_config[cmd->search_id].normalize)
                    {
                        _dpd.printfappend(buf, sizeof(buf) - 1, "%s ", cmd->name);
                    }
                }
            }
            else
            {
                _dpd.printfappend(buf, sizeof(buf) - 1, "cmds");
            }
            
            break;
    }

    _dpd.logMsg("%s\n", buf);

    _dpd.logMsg("    Ignore Data: %s\n", 
               _smtp_config.ignore_data ? "Yes" : "No");
    _dpd.logMsg("    Ignore TLS Data: %s\n", 
               _smtp_config.ignore_tls_data ? "Yes" : "No");
    _dpd.logMsg("    Ignore SMTP Alerts: %s\n",
               _smtp_config.no_alerts ? "Yes" : "No");

    if (!_smtp_config.no_alerts)
    {
        snprintf(buf, sizeof(buf) - 1, "    Max Command Line Length: ");

        if (_smtp_config.max_command_line_len == 0)
            _dpd.printfappend(buf, sizeof(buf) - 1, "Unlimited");
        else
            _dpd.printfappend(buf, sizeof(buf) - 1, "%d", _smtp_config.max_command_line_len);

        _dpd.logMsg("%s\n", buf);


        if (_smtp_config.print_cmds)
        {
            int max_line_len_count = 0;
            int max_line_len = 0;

            snprintf(buf, sizeof(buf) - 1, "    Max Specific Command Line Length: ");

            for (cmd = _smtp_cmds; cmd->name != NULL; cmd++)
            {
                max_line_len = _smtp_cmd_config[cmd->search_id].max_line_len;

                if (max_line_len != 0)
                {
                    if (max_line_len_count % 5 == 0)
                    {
                        _dpd.logMsg("%s\n", buf);
                        snprintf(buf, sizeof(buf) - 1, "       %s:%d ", cmd->name, max_line_len);
                    }
                    else
                    {
                        _dpd.printfappend(buf, sizeof(buf) - 1, "%s:%d ", cmd->name, max_line_len);
                    }

                    max_line_len_count++;
                }
            }

            if (max_line_len_count == 0)
                _dpd.logMsg("%sNone\n", buf);
            else
                _dpd.logMsg("%s\n", buf);
        }

        snprintf(buf, sizeof(buf) - 1, "    Max Header Line Length: ");

        if (_smtp_config.max_header_line_len == 0)
            _dpd.logMsg("%sUnlimited\n", buf);
        else
            _dpd.logMsg("%s%d\n", buf, _smtp_config.max_header_line_len);


        snprintf(buf, sizeof(buf) - 1, "    Max Response Line Length: ");

        if (_smtp_config.max_response_line_len == 0)
            _dpd.logMsg("%sUnlimited\n", buf);
        else
            _dpd.logMsg("%s%d\n", buf, _smtp_config.max_response_line_len);
    }
    
    _dpd.logMsg("    X-Link2State Alert: %s\n",
               _smtp_config.alert_xlink2state ? "Yes" : "No");
    if (_smtp_config.alert_xlink2state)
    {
        _dpd.logMsg("    Drop on X-Link2State Alert: %s\n",
                   _smtp_config.drop_xlink2state ? "Yes" : "No");
    }

    if (_smtp_config.print_cmds && !_smtp_config.no_alerts)
    {
        int alert_count = 0;
        
        snprintf(buf, sizeof(buf) - 1, "    Alert on commands: ");

        for (cmd = _smtp_cmds; cmd->name != NULL; cmd++)
        {
            if (_smtp_cmd_config[cmd->search_id].alert)
            {
                _dpd.printfappend(buf, sizeof(buf) - 1, "%s ", cmd->name);
                alert_count++;
            }
        }

        if (alert_count == 0)
        {
            _dpd.logMsg("%sNone\n", buf);
        }
        else
        {
            _dpd.logMsg("%s\n", buf);
        }
    }
}
Ejemplo n.º 4
0
/* Display the configuration for the SSH preprocessor. 
 * 
 * PARAMETERS:	None.
 *
 * RETURNS: Nothing.
 */
static void
DisplaySSHConfig(SSHConfig *config)
{
    int index;
    int newline;

    if (config == NULL)
        return;
    
	_dpd.logMsg("SSH config: \n");
	_dpd.logMsg("    Autodetection: %s\n", 
			config->AutodetectEnabled ? 
			"ENABLED":"DISABLED");
	_dpd.logMsg("    Challenge-Response Overflow Alert: %s\n",
			config->EnabledAlerts & SSH_ALERT_RESPOVERFLOW ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    SSH1 CRC32 Alert: %s\n",
			config->EnabledAlerts & SSH_ALERT_CRC32 ?
			"ENABLED" : "DISABLED" );

	_dpd.logMsg("    Server Version String Overflow Alert: %s\n",
			config->EnabledAlerts & SSH_ALERT_SECURECRT ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Protocol Mismatch Alert: %s\n",
			config->EnabledAlerts & SSH_ALERT_PROTOMISMATCH?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Bad Message Direction Alert: %s\n",
			config->EnabledAlerts & SSH_ALERT_WRONGDIR ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Bad Payload Size Alert: %s\n",
			config->EnabledAlerts & SSH_ALERT_PAYSIZE ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Unrecognized Version Alert: %s\n",
			config->EnabledAlerts & SSH_ALERT_UNRECOGNIZED ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Max Encrypted Packets: %d %s \n", 
			config->MaxEncryptedPackets, 
			config->MaxEncryptedPackets 
			    == SSH_DEFAULT_MAX_ENC_PKTS ?
			    "(Default)" : "" );
	_dpd.logMsg("    Max Server Version String Length: %d %s \n", 
			config->MaxServerVersionLen, 
			config->MaxServerVersionLen
			    == SSH_DEFAULT_MAX_SERVER_VERSION_LEN ?
			    "(Default)" : "" );

	if ( config->EnabledAlerts & 
		(SSH_ALERT_RESPOVERFLOW | SSH_ALERT_CRC32))
	{
		_dpd.logMsg("    MaxClientBytes: %d %s \n",   
			config->MaxClientBytes, 
			config->MaxClientBytes
			    == SSH_DEFAULT_MAX_CLIENT_BYTES ?
			    "(Default)" : "" );
	}

    /* Traverse list, printing ports, 5 per line */
    newline = 1;
	_dpd.logMsg("    Ports:\n"); 
    for(index = 0; index < MAX_PORTS; index++) 
    {
        if( config->ports[ PORT_INDEX(index) ] & CONV_PORT(index) )
        {
    	    _dpd.logMsg("\t%d", index);
            if ( !((newline++)% 5) )
            {
    	        _dpd.logMsg("\n");
            }
        }
    }
	_dpd.logMsg("\n");
}
Ejemplo n.º 5
0
/* Display the configuration for the SSH preprocessor. 
 * 
 * PARAMETERS:	None.
 *
 * RETURNS: Nothing.
 */
static void
DisplaySSHConfig()
{
    int index;
    int newline;
    
	SSHPortNode* cur_nodep = NULL;

	_dpd.logMsg("SSH config: \n");
	_dpd.logMsg("    Autodetection: %s\n", 
			ssh_config.AutodetectEnabled ? 
			"ENABLED":"DISABLED");
	_dpd.logMsg("    GOBBLES Alert: %s\n",
			ssh_config.EnabledAlerts & SSH_ALERT_GOBBLES ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    SSH1 CRC32 Alert: %s\n",
			ssh_config.EnabledAlerts & SSH_ALERT_CRC32 ?
			"ENABLED" : "DISABLED" );

	_dpd.logMsg("    Server Version String Overflow Alert: %s\n",
			ssh_config.EnabledAlerts & SSH_ALERT_SECURECRT ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Protocol Mismatch Alert: %s\n",
			ssh_config.EnabledAlerts & SSH_ALERT_PROTOMISMATCH?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Bad Message Direction Alert: %s\n",
			ssh_config.EnabledAlerts & SSH_ALERT_WRONGDIR ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Bad Payload Size Alert: %s\n",
			ssh_config.EnabledAlerts & SSH_ALERT_PAYSIZE ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Unrecognized Version Alert: %s\n",
			ssh_config.EnabledAlerts & SSH_ALERT_UNRECOGNIZED ?
			"ENABLED" : "DISABLED" );
	_dpd.logMsg("    Max Encrypted Packets: %d %s \n", 
			ssh_config.MaxEncryptedPackets, 
			ssh_config.MaxEncryptedPackets 
			    == SSH_DEFAULT_MAX_ENC_PKTS ?
			    "(Default)" : "" );

	if ( ssh_config.EnabledAlerts & 
		(SSH_ALERT_GOBBLES | SSH_ALERT_CRC32))
	{
		_dpd.logMsg("    MaxClientBytes: %d %s \n",   
			ssh_config.MaxClientBytes, 
			ssh_config.MaxClientBytes
			    == SSH_DEFAULT_MAX_CLIENT_BYTES ?
			    "(Default)" : "" );
	}

    /* Traverse list, printing ports, 5 per line */
    newline = 1;
	_dpd.logMsg("    Ports:\n"); 
    for(index = 0; index < MAX_PORTS; index++) 
    {
        if( ssh_config.ports[ PORT_INDEX(index) ] & CONV_PORT(index) )
        {
    	    _dpd.logMsg("\t%d", index);
            if ( !((newline++)% 5) )
            {
    	        _dpd.logMsg("\n");
            }
        }
    }
	_dpd.logMsg("\n");
}
Ejemplo n.º 6
0
/* Parses and processes the configuration arguments 
 * supplied in the SSH preprocessor rule.
 *
 * PARAMETERS: 
 *
 * argp:        Pointer to string containing the config arguments.
 * 
 * RETURNS:     Nothing.
 */
static void 
ParseSSHArgs( u_char* argp )
{
	char* cur_tokenp = NULL;
	char* argcpyp = NULL;
    int port;
    
    /* Set up default port to listen on */
    ssh_config.ports[ PORT_INDEX( 22 ) ] |= CONV_PORT(22);

	/* Sanity check(s) */
	if ( !argp )
	{
        DisplaySSHConfig();
		return;
	}

	argcpyp = strdup( (char*) argp );

	if ( !argcpyp )
	{
		_dpd.fatalMsg("Could not allocate memory to parse SSH options.\n");
		return;
	}

	cur_tokenp = strtok( argcpyp, " ");

	while ( cur_tokenp )
	{
		if ( !strcmp( cur_tokenp, SSH_SERVERPORTS_KEYWORD ))
		{
            /* If the user specified ports, remove '22' for now since 
             * it now needs to be set explicitely. */
            ssh_config.ports[ PORT_INDEX( 22 ) ] = 0;
            
			/* Eat the open brace. */
			cur_tokenp = strtok( NULL, " ");
			if (( !cur_tokenp ) || ( cur_tokenp[0] != '{' ))
			{
				_dpd.fatalMsg("Bad value specified for %s.\n",
					SSH_SERVERPORTS_KEYWORD);
                free(argcpyp);
                return;
			}

			cur_tokenp = strtok( NULL, " ");
			while (( cur_tokenp ) && ( cur_tokenp[0] != '}' ))
			{
				if ( !isdigit( cur_tokenp[0] ))
				{
					_dpd.fatalMsg("Bad port %s.\n", cur_tokenp );
                    free(argcpyp);
                    return;
				}
				else
				{
                    port = atoi( cur_tokenp );
                    if( port < 0 || port > MAX_PORTS ) 
                    {
					    _dpd.fatalMsg("Port value illegitimate: %s\n", cur_tokenp);
                        free(argcpyp);
                        return;
                    }
                    
                    ssh_config.ports[ PORT_INDEX( port ) ] |= CONV_PORT(port);
				}

				cur_tokenp = strtok( NULL, " ");
			}
				
		}
		else if ( !strcmp( cur_tokenp, SSH_AUTODETECT_KEYWORD ))
		{
			ssh_config.AutodetectEnabled++;
		}
		else if ( !strcmp( cur_tokenp, SSH_MAX_ENC_PKTS_KEYWORD ))
		{
			cur_tokenp = strtok( NULL, " ");
			if (( !cur_tokenp ) || !isdigit(cur_tokenp[0]) )
			{
				_dpd.logMsg("Bad value specified for %s."
					"Reverting to default value %d. ",
					SSH_MAX_ENC_PKTS_KEYWORD, 
					SSH_DEFAULT_MAX_ENC_PKTS );
			}
			else
			{
				ssh_config.MaxEncryptedPackets = (u_int16_t)
						atoi( cur_tokenp );
			}
		}
		else if (!strcmp( cur_tokenp, SSH_MAX_CLIENT_BYTES_KEYWORD ))
		{
			cur_tokenp = strtok( NULL, " ");
			if (( !cur_tokenp ) || !isdigit(cur_tokenp[0]) )
			{
				_dpd.logMsg("Bad value specified for %s."
					"Reverting to default value %d. ",
					SSH_MAX_CLIENT_BYTES_KEYWORD, 
					SSH_DEFAULT_MAX_CLIENT_BYTES );
			}
			else
			{
				ssh_config.MaxClientBytes = (u_int16_t)
						atoi( cur_tokenp );
			}
		}
		else if ( !strcmp( cur_tokenp, SSH_DISABLE_GOBBLES_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_GOBBLES;
		}
		else if ( !strcmp( cur_tokenp, SSH_DISABLE_CRC32_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_CRC32;
		}
		else if ( 
		   !strcmp( cur_tokenp, SSH_DISABLE_SECURECRT_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_SECURECRT;
		}
		else if ( 
		   !strcmp( cur_tokenp, SSH_DISABLE_PROTOMISMATCH_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_PROTOMISMATCH;
		}
		else if ( 
		   !strcmp( cur_tokenp, SSH_DISABLE_WRONGDIR_KEYWORD ))
		{
			ssh_config.EnabledAlerts &= ~SSH_ALERT_WRONGDIR;
		}
		else if ( !strcmp( cur_tokenp, SSH_DISABLE_RULES_KEYWORD ))
		{
			ssh_config.DisableRules++;	
		} 
        else if( !strcmp( cur_tokenp, SSH_DISABLE_PAYLOAD_SIZE )) 
        {
            ssh_config.EnabledAlerts &= ~SSH_ALERT_PAYSIZE;
        }
        else if( !strcmp( cur_tokenp, SSH_DISABLE_UNRECOGNIZED_VER ))
        {
            ssh_config.EnabledAlerts &= ~SSH_ALERT_UNRECOGNIZED;
        }
        else
        {
		    _dpd.fatalMsg("Invalid argument: %s\n", cur_tokenp);
    		return;
        }

		cur_tokenp = strtok( NULL, " " );
	}

	DisplaySSHConfig();
    free(argcpyp);
}