From 4b61b0a752bd8c37d5b2d4cae94b51c03fd1c8fe Mon Sep 17 00:00:00 2001 From: "George A. Theall" Date: Sun, 30 Jul 2023 13:22:58 -0400 Subject: [PATCH 1/4] - Move require_once() calls to near start of script. --- dshield.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/dshield.php b/dshield.php index 0023976..d538432 100644 --- a/dshield.php +++ b/dshield.php @@ -22,6 +22,12 @@ $version='0.000006'; +# include some standard libraries +require_once("globals.inc"); +require_once("functions.inc"); +require_once("filter.inc"); // In pfSense 2.5, filter_log.inc was renamed to filter.inc + + $config=parse_ini_file("dshield.ini",true); $config=$config['dshield']; @@ -103,11 +109,6 @@ } -# include some standard libraries -require_once("globals.inc"); -require_once("functions.inc"); -require_once("filter.inc"); // In pfSense 2.5, filter_log.inc was renamed to filter.inc - # figure out local timezone $sTZ=date('P'); # assemble subject line From 65e72497c6115f11de4e22c8cbe0daf8ddd2d311 Mon Sep 17 00:00:00 2001 From: "George A. Theall" Date: Sun, 30 Jul 2023 13:24:50 -0400 Subject: [PATCH 2/4] - Renamed array used to hold configuration settings from dshield.ini to avoid conflicts with /etc/inc/config.inc. --- dshield.php | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/dshield.php b/dshield.php index d538432..a5c3955 100644 --- a/dshield.php +++ b/dshield.php @@ -28,43 +28,43 @@ require_once("filter.inc"); // In pfSense 2.5, filter_log.inc was renamed to filter.inc -$config=parse_ini_file("dshield.ini",true); -$config=$config['dshield']; +$dshield_config=parse_ini_file("dshield.ini",true); +$dshield_config=$dshield_config['dshield']; # for debugging, change the 'To' address or add a second address $toaddr='reports@dshield.org'; -$debug=(int)($config['debug']); -$interfaces=explode(',',$config['interfaces']); -$authorized_source_ip=explode(',',$config['authorized_source_ip']); +$debug=(int)($dshield_config['debug']); +$interfaces=explode(',',$dshield_config['interfaces']); +$authorized_source_ip=explode(',',$dshield_config['authorized_source_ip']); -if ( $config['apikey'] == '' ) { +if ( $dshield_config['apikey'] == '' ) { print "An API Key is required. Check dshield.ini\n"; exit(); }else{ - $apikey=$config['apikey']; + $apikey=$dshield_config['apikey']; } -if ( $config['fromaddr'] == '' ) { +if ( $dshield_config['fromaddr'] == '' ) { print "A 'From Address' is required. Check dshield.ini\n"; exit(); } -if ($config['fromaddr'] == '' ) { +if ($dshield_config['fromaddr'] == '' ) { $from = $config['notifications']['smtp']['fromaddress']; } else { - $from = $config['fromaddr']; + $from = $dshield_config['fromaddr']; } # some older versions used userid instead of uid. allowing for both. -if ( $config['uid'] == '' && $config['userid'] == '' ) { +if ( $dshield_config['uid'] == '' && $dshield_config['userid'] == '' ) { print "A DShield UID is required. Check dshield.ini\n"; exit(); } else { - if ( $config['uid'] == '' ) { - $uid=$config['userid']; + if ( $dshield_config['uid'] == '' ) { + $uid=$dshield_config['userid']; } else { - $uid = $config['uid']; + $uid = $dshield_config['uid']; } } @@ -89,23 +89,23 @@ $src_exc_lo = array(); $src_exc_hi = array(); -if ($config['source_exclude']) { - load_excludes($config['source_exclude'], $src_exc_lo, $src_exc_hi, True); +if ($dshield_config['source_exclude']) { + load_excludes($dshield_config['source_exclude'], $src_exc_lo, $src_exc_hi, True); } $tgt_exc_lo = array(); $tgt_exc_hi = array(); -if ($config['target_exclude']) { - load_excludes($config['target_exclude'], $tgt_exc_lo, $tgt_exc_hi, True); +if ($dshield_config['target_exclude']) { + load_excludes($dshield_config['target_exclude'], $tgt_exc_lo, $tgt_exc_hi, True); } $src_port_exc_lo = array(); $src_port_exc_hi = array(); -if ($config['source_port_exclude']) { - load_excludes($config['source_port_exclude'], $src_port_exc_lo, $src_port_exc_hi, False); +if ($dshield_config['source_port_exclude']) { + load_excludes($dshield_config['source_port_exclude'], $src_port_exc_lo, $src_port_exc_hi, False); } $tgt_port_exc_lo = array(); $tgt_port_exc_hi = array(); -if ($config['target_port_exclude']) { - load_excludes($config['target_port_exclude'], $tgt_port_exc_lo, $tgt_port_exc_hi, False); +if ($dshield_config['target_port_exclude']) { + load_excludes($dshield_config['target_port_exclude'], $tgt_port_exc_lo, $tgt_port_exc_hi, False); } @@ -191,7 +191,7 @@ } continue; } - $linesout.=date("Y-m-d H:i:s P",$time)."\t{$config['uid']}\t1\t{$flent['srcip']}\t{$flent['srcport']}\t{$flent['dstip']}\t{$flent['dstport']}\t{$flent['proto']}\t{$flent['tcpflags']}\n"; + $linesout.=date("Y-m-d H:i:s P",$time)."\t{$dshield_config['uid']}\t1\t{$flent['srcip']}\t{$flent['srcport']}\t{$flent['dstip']}\t{$flent['dstport']}\t{$flent['proto']}\t{$flent['tcpflags']}\n"; $flent=''; $linecnt++; } else { @@ -228,8 +228,8 @@ # sending log via email # -if ( $config['ccaddr'] !== '' ) { - $toaddr = $toaddr ."," .$config['ccaddr']; +if ( $dshield_config['ccaddr'] !== '' ) { + $toaddr = $toaddr ."," .$dshield_config['ccaddr']; } $headers = array( From d10acb4fdd0b48e3a5c4269c6fde4376c594159d Mon Sep 17 00:00:00 2001 From: "George A. Theall" Date: Sun, 30 Jul 2023 13:49:54 -0400 Subject: [PATCH 3/4] - Moved From address check to support pulling it from the pfSense configuration itself. --- dshield.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dshield.php b/dshield.php index a5c3955..9d07344 100644 --- a/dshield.php +++ b/dshield.php @@ -46,16 +46,16 @@ $apikey=$dshield_config['apikey']; } -if ( $dshield_config['fromaddr'] == '' ) { - print "A 'From Address' is required. Check dshield.ini\n"; - exit(); -} - if ($dshield_config['fromaddr'] == '' ) { $from = $config['notifications']['smtp']['fromaddress']; } else { $from = $dshield_config['fromaddr']; } +if ( $from == '' ) { + print "A 'From Address' is required. Check dshield.ini\n"; + exit(); +} + # some older versions used userid instead of uid. allowing for both. if ( $dshield_config['uid'] == '' && $dshield_config['userid'] == '' ) { print "A DShield UID is required. Check dshield.ini\n"; From a3bc5a316faef6152d810c2912a248e143df0c57 Mon Sep 17 00:00:00 2001 From: "George A. Theall" Date: Sun, 30 Jul 2023 14:07:10 -0400 Subject: [PATCH 4/4] - Invert test for SMTP server definition in pfSense. --- dshield.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dshield.php b/dshield.php index 9d07344..d8a2b4b 100644 --- a/dshield.php +++ b/dshield.php @@ -82,7 +82,7 @@ print "SMTP is disabled under Systems->Advanced->Notifcations\n"; exit(); } -if (isset($config['notifications']['smtp']['ipaddress'])) { +if (!isset($config['notifications']['smtp']['ipaddress'])) { print "No SMTP server is defined under Systems->Advanced->Notifications\n"; exit(); }