ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000043ClearOSapp-intrusion-prevention - Intrusion Preventionpublic2010-03-15 03:402019-11-29 09:08
Reportertimb80 
Assigned Totracker 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version5.1 
Target Version5.1Fixed in Version 
Summary0000043: Active Block List - Snort SID's links
DescriptionThis has been present in ClarkConnect 5.0 / ClearOS 5.1 for a long time since Snort removed their SID info pages as part of their version upgrade. Links to blocked SID in the intrusion detection screen now point to user guide URL which is still to be completed.

Dinkster very kindly posted a fix for this for CC5.0 to use snortid.com
http://ccforums.clearfoundation.com/showflat.php?Cat=0&Number=121014&an=&page=0&vc=1 [^]

Amend /var/webconfig/gui/SnortSamReport.class.php
From line 142:-
            if ($_SESSION['system_online_help']) {
                $sid = "<a target='blank' href='". $_SESSION['system_online_help'] . "/redirect/snort/sid=$block[sid]'>$block[sid]</a>";

To:-
            if ($_SESSION['system_online_help']) {
                    $sid = "<a target='blank' href='" . "http://www.snortid.com" [^] .
                        "/snortid.asp?QueryId=1:$block[sid]'>$block[sid]</a>";

Please can we have this implemented as an interim measure until the ClearOS userguide is updated?
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2010-03-15 03:40timb80New Issue
2010-03-15 03:54timb80Note Added: 0000058
2010-03-17 15:09user2Note Added: 0000059
2010-03-17 15:10user2Statusnew => acknowledged
2010-03-17 15:10user2Statusacknowledged => assigned
2010-03-17 15:10user2Assigned To => user2
2010-03-17 15:12user2Prioritynormal => high
2010-03-17 15:12user2ETAnone => 2-3 days
2010-03-17 15:12user2Target Version => 5.1
2010-06-08 08:59timb80Note Added: 0000167
2011-02-08 15:31user2CategoryReports - Intrusion Prevention => app-intrusion-prevention - Snortsam
2013-05-08 08:11user2Priorityhigh => normal
2018-12-14 12:11user2Assigned Touser2 => tracker
2019-11-29 09:08NickHNote Added: 0012411
2019-11-29 09:08NickHStatusassigned => closed
2019-11-29 09:08NickHResolutionopen => fixed

Notes
(0000058)
timb80   
2010-03-15 03:54   
Ok updated to use new snort.org search function (assumes group ref = 1)

                                 if ($_SESSION['system_online_help']) {
                                             $sid = "<a target='blank' href='" . "http://www.snort.org" [^] .
                                                     "/search/sid/$block[sid]?r=1'>$block[sid]</a>";

However webconfig needs to be amended to report SID in full form to permit links for SID's outside of generic group 1
(0000059)
user2   
2010-03-17 15:09   
It's back online -- that's good. We can make the change on our servers using the standard apache redirect.
(0000167)
timb80   
2010-06-08 08:59   
Please note that the bug tracker inserts the [^] field when it finds a URL - they shouldn't be there!
(0012411)
NickH   
2019-11-29 09:07   
5.2 issue. UI is very different in 7.x