Snort Whitelist Problem (2.9.2.3 pkg v. 2.5.1)

Gloom

I've also upgraded to the latest package and recreated my white lists but  IPs from the white listed networks are still being blocked.
I'm not seeing any issues loading the lists

I'm using an alias list of type networks in the snort white list

2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6

Snort 2.9.2.3 pkg v. 2.5.1

vbentley

My box is running the 32 bit distro.

FreeBSD 8.1-RELEASE-p6 #1: Mon Dec 12 18:18:02 EST 2011 root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense.8 i386
Build Date Sep 20 2011 10:53:14

I'm not an expert on this but for multibyte character encoding to work in PHP I think it needs to be configured with '–enable-mbstring'. When I ran phpinfo() to check the configuration options I couldn't find mbstring or any evidence of libmbfi being loaded. Is it loaded by another file from the config-file-scan-dir? Is this a configuration bug for the 32-bit build?

Configure Command './configure' '–with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--with-pcre-regex' '--program-prefix=' '--enable-fastcgi' '--with-regex=php' '--with-zend-vm=CALL' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd8.1'

vbentley

I don't have a spare 64-bit machine that I can test this on. If you are running 64-bit pfSense, can you create a PHP file containing the following code that will confirm a configuration difference between architectures if there is one.

Create /usr/local/www/phpinfo.php containing the following code:

phpinfo()
?>

Visit the page in your browser to view the PHP configuration.

mschiek01

@vbentley:

I don't have a spare 64-bit machine that I can test this on. If you are running 64-bit pfSense, can you create a PHP file containing the following code that will confirm a configuration difference between architectures if there is one.

Create /usr/local/www/phpinfo.php containing the following code:

phpinfo()
?>

Visit the page in your browser to view the PHP configuration.

Works fine everything displays

vbentley

Great!

Please post here what it reports for System, Build Date and Configure Command. Thanks.
Edit out your hostname if you wish. I only want to check the configuration commands are the same.

mschiek01

@vbentley:

Great!

Please post here what it reports for System, Build Date and Configure Command. Thanks.
Edit out your hostname if you wish. I only want to check the configuration commands are the same.

PHP Version 5.2.17

System FreeBSD XXXXXXXXXXXXXXXXXXXX 8.1-RELEASE-p6 FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:15:35 EST 2011 root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8 amd64
Build Date Sep 20 2011 10:53:32
Configure Command './configure' '–with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--with-pcre-regex' '--program-prefix=' '--enable-fastcgi' '--with-regex=php' '--with-zend-vm=CALL' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd8.1'
Server API CGI/FastCGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/etc
Loaded Configuration File /usr/local/etc/php.ini
Scan this dir for additional .ini files /usr/local/etc/php
additional .ini files parsed (none)
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams https, ftps, php, file, data, http, ftp, compress.zlib, ssh2.shell, ssh2.exec, ssh2.tunnel, ssh2.scp, ssh2.sftp
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert., consumed, zlib.

This server is protected with the Suhosin Patch 0.9.7
Copyright (c) 2006 Hardened-PHP Project

This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH

Configuration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log /tmp/PHP_errors.log /tmp/PHP_errors.log
error_prepend_string no value no value
error_reporting no value no value
expose_php Off Off
extension_dir /usr/local/lib/php/20060613/ /usr/local/lib/php/20060613/
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors Off Off
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush On On
include_path .:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg .:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 99999999 99999999
max_file_uploads 20 20
max_input_nesting_level 64 64
max_input_time 99999999 99999999
memory_limit 128M 128M
open_basedir no value no value
output_buffering 0 0
output_handler no value no value
post_max_size 100M 100M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals Off Off
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir /usr/local/php/bin /usr/local/php/bin
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
suhosin.log.phpscript.is_safe Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 100M 100M
upload_tmp_dir /tmp /tmp
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Off

apc
APC Support enabled
Version 3.1.6
APC Debugging Disabled
MMAP Support Enabled
MMAP File Mask no value
Locking type File Locks
Revision $Revision: 303642 $
Build Date Aug 11 2011 13:58:09

Directive Local Value Master Value
apc.cache_by_default On On
apc.canonicalize On On
apc.coredump_unmap Off Off
apc.enable_cli Off Off
apc.enabled On On
apc.file_md5 Off Off
apc.file_update_protection 2 2
apc.filters no value no value
apc.gc_ttl 3600 3600
apc.include_once_override Off Off
apc.lazy_classes Off Off
apc.lazy_functions Off Off
apc.max_file_size 1M 1M
apc.mmap_file_mask no value no value
apc.num_files_hint 1000 1000
apc.preload_path no value no value
apc.report_autofilter Off Off
apc.rfc1867 Off Off
apc.rfc1867_freq 0 0
apc.rfc1867_name APC_UPLOAD_PROGRESS APC_UPLOAD_PROGRESS
apc.rfc1867_prefix upload_ upload_
apc.rfc1867_ttl 3600 3600
apc.shm_segments 1 1
apc.shm_size 35M 35M
apc.slam_defense On On
apc.stat On On
apc.stat_ctime Off Off
apc.ttl 0 0
apc.use_request_time On On
apc.user_entries_hint 4096 4096
apc.user_ttl 0 0
apc.write_lock On On

cgi-fcgi
Directive Local Value Master Value
cgi.check_shebang_line 1 1
cgi.fix_pathinfo 1 1
cgi.nph 0 0
cgi.rfc2616_headers 0 0
fastcgi.logging 1 1

ctype
ctype functions enabled

curl
cURL support enabled
cURL Information libcurl/7.21.3 OpenSSL/0.9.8n zlib/1.2.3

date
date/time support enabled
"Olson" Timezone Database Version 2010.9
Timezone Database internal
Default timezone America/Chicago

Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value

gettext
GetText Support enabled

ldap
LDAP Support enabled
RCS Version $Id: ldap.c 293036 2010-01-03 09:23:27Z sebastian $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20426

libxml
libXML support active
libXML Version 2.7.8
libXML streams enabled

mbstring
Multibyte Support enabled
Multibyte string engine libmbfl
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) version 4.4.4
Multibyte regex (oniguruma) backtrack check On

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no value

mhash
MHASH support Enabled
MHASH API Version 20060101

openssl
OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8n 24 Mar 2010

pcntl
pcntl support enabled

pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.02 2010-03-19

Directive Local Value Master Value
pcre.backtrack_limit 100000 100000
pcre.recursion_limit 100000 100000

PDO
PDO support enabled
PDO drivers no value

posix
Revision $Revision: 293036 $

Reflection
Reflection enabled
Version $Id: php_reflection.c 300129 2010-06-03 00:43:37Z felipe $

session
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0

shmop
shmop support enabled

SimpleXML
Simplexml support enabled
Revision $Revision: 299016 $
Schema support enabled

SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException

SQLite
SQLite support enabled
PECL Module version 2.0-dev $Id: sqlite.c 298697 2010-04-28 12:10:10Z iliaa $
SQLite Library 2.8.17
SQLite Encoding iso8859

Directive Local Value Master Value
sqlite.assoc_case 0 0

ssh2
libssh2 version 1.2.8
banner SSH-2.0-libssh2_1.2.8
remote forwarding enabled
hostbased auth enabled
polling support enabled
publickey subsystem enabled

standard
Regex Library Bundled library enabled
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i

Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,form=,fieldset= a=href,area=href,frame=src,form=,fieldset=
user_agent no value no value

suhosin
Suhosin logo This server is protected with the Suhosin Extension 0.9.27

Copyright (c) 2006-2007 Hardened-PHP Project
Copyright (c) 2007-2008 SektionEins GmbH

Directive Local Value Master Value
suhosin.apc_bug_workaround Off Off
suhosin.cookie.checkraddr 0 0
suhosin.cookie.cryptdocroot On On
suhosin.cookie.cryptkey [ protected ] [ protected ]
suhosin.cookie.cryptlist no value no value
suhosin.cookie.cryptraddr 0 0
suhosin.cookie.cryptua On On
suhosin.cookie.disallow_nul 1 1
suhosin.cookie.disallow_ws 1 1
suhosin.cookie.encrypt Off Off
suhosin.cookie.max_array_depth 50 50
suhosin.cookie.max_array_index_length 64 64
suhosin.cookie.max_name_length 64 64
suhosin.cookie.max_totalname_length 256 256
suhosin.cookie.max_value_length 10000 10000
suhosin.cookie.max_vars 100 100
suhosin.cookie.plainlist no value no value
suhosin.coredump Off Off
suhosin.disable.display_errors Off Off
suhosin.executor.allow_symlink Off Off
suhosin.executor.disable_emodifier Off Off
suhosin.executor.disable_eval Off Off
suhosin.executor.eval.blacklist no value no value
suhosin.executor.eval.whitelist no value no value
suhosin.executor.func.blacklist no value no value
suhosin.executor.func.whitelist no value no value
suhosin.executor.include.blacklist no value no value
suhosin.executor.include.max_traversal 0 0
suhosin.executor.include.whitelist no value no value
suhosin.executor.max_depth 0 0
suhosin.filter.action no value no value
suhosin.get.disallow_nul 1 1
suhosin.get.disallow_ws 0 0
suhosin.get.max_array_depth 5000 5000
suhosin.get.max_array_index_length 256 256
suhosin.get.max_name_length 64 64
suhosin.get.max_totalname_length 256 256
suhosin.get.max_value_length 500000 500000
suhosin.get.max_vars 5000 5000
suhosin.mail.protect 0 0
suhosin.memory_limit 512435456 512435456
suhosin.mt_srand.ignore On On
suhosin.multiheader Off Off
suhosin.perdir 0 0
suhosin.post.disallow_nul 1 1
suhosin.post.disallow_ws 0 0
suhosin.post.max_array_depth 5000 5000
suhosin.post.max_array_index_length 256 256
suhosin.post.max_name_length 64 64
suhosin.post.max_totalname_length 256 256
suhosin.post.max_value_length 500000 500000
suhosin.post.max_vars 5000 5000
suhosin.protectkey On On
suhosin.request.disallow_nul 1 1
suhosin.request.disallow_ws 0 0
suhosin.request.max_array_depth 5000 5000
suhosin.request.max_array_index_length 256 256
suhosin.request.max_totalname_length 256 256
suhosin.request.max_value_length 500000 500000
suhosin.request.max_varname_length 64 64
suhosin.request.max_vars 5000 5000
suhosin.server.encode On On
suhosin.server.strip On On
suhosin.session.checkraddr 0 0
suhosin.session.cryptdocroot On On
suhosin.session.cryptkey [ protected ] [ protected ]
suhosin.session.cryptraddr 0 0
suhosin.session.cryptua On On
suhosin.session.encrypt On On
suhosin.session.max_id_length 128 128
suhosin.simulation Off Off
suhosin.sql.bailout_on_error Off Off
suhosin.sql.comment 0 0
suhosin.sql.multiselect 0 0
suhosin.sql.opencomment 0 0
suhosin.sql.union 0 0
suhosin.sql.user_postfix no value no value
suhosin.sql.user_prefix no value no value
suhosin.srand.ignore On On
suhosin.stealth On On
suhosin.upload.disallow_binary 0 0
suhosin.upload.disallow_elf 1 1
suhosin.upload.max_uploads 25 25
suhosin.upload.remove_binary 0 0
suhosin.upload.verification_script no value no value

xml
XML Support active
XML Namespace Support active
libxml2 Version 2.7.8

xmlreader
XMLReader enabled

xmlwriter
XMLWriter enabled

zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3

Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level 1 1
zlib.output_handler no value no value

zmq
ZMQ extension enabled
ZMQ extension version @PACKAGE_VERSION@
libzmq version 2.1.7

Directive Local Value Master Value

Additional Modules
Module Name
pfSense
readline

Environment
Variable Value
HOME /
OLDPWD /
PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
PWD /usr/local/www
PHP_FCGI_CHILDREN 2
PHP_FCGI_MAX_REQUESTS 500

PHP Variables
Variable Value
_REQUEST["PHPSESSID"] 51d05d436402dbda27dd022a7032efbb
_COOKIE["PHPSESSID"] 51d05d436402dbda27dd022a7032efbb
_SERVER["HOME"] /
_SERVER["OLDPWD"] /
_SERVER["PATH"] /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
_SERVER["PWD"] /usr/local/www
_SERVER["PHP_FCGI_CHILDREN"] 2
_SERVER["PHP_FCGI_MAX_REQUESTS"] 500
_SERVER["FCGI_ROLE"] RESPONDER
_SERVER["SERVER_SOFTWARE"] lighttpd/1.4.29
_SERVER["SERVER_NAME"] 10.0.0.3
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PORT"] 80
_SERVER["SERVER_ADDR"] 10.0.0.3
_SERVER["REMOTE_PORT"] 29520
_SERVER["REMOTE_ADDR"] 10.0.0.2
_SERVER["SCRIPT_NAME"] /phpinfo.php
_SERVER["PATH_INFO"] no value
_SERVER["SCRIPT_FILENAME"] /usr/local/www/phpinfo.php
_SERVER["DOCUMENT_ROOT"] /usr/local/www/
_SERVER["REQUEST_URI"] /phpinfo.php
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_METHOD"] GET
_SERVER["REDIRECT_STATUS"] 200
_SERVER["SERVER_PROTOCOL"] HTTP/1.0
_SERVER["HTTP_HOST"] 10.0.0.3
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1
_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_SERVER["HTTP_ACCEPT_ENCODING"] identity,gzip,deflate
_SERVER["HTTP_COOKIE"] PHPSESSID=51d05d436402dbda27dd022a7032efbb
_SERVER["HTTP_VIA"] 1.0 localhost:3128 (squid/2.7.STABLE9)
_SERVER["HTTP_X_FORWARDED_FOR"] 127.0.0.1
_SERVER["HTTP_CACHE_CONTROL"] max-age=259200
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["PHP_SELF"] /phpinfo.php
_SERVER["REQUEST_TIME"] 1343138776
_SERVER["argv"]

Array
(
)

_SERVER["argc"] 0
_ENV["HOME"] /
_ENV["OLDPWD"] /
_ENV["PATH"] /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
_ENV["PWD"] /usr/local/www
_ENV["PHP_FCGI_CHILDREN"] 2
_ENV["PHP_FCGI_MAX_REQUESTS"] 500
_ENV["FCGI_ROLE"] RESPONDER
_ENV["SERVER_SOFTWARE"] lighttpd/1.4.29
_ENV["SERVER_NAME"] 10.0.0.3
_ENV["GATEWAY_INTERFACE"] CGI/1.1
_ENV["SERVER_PORT"] 80
_ENV["SERVER_ADDR"] 10.0.0.3
_ENV["REMOTE_PORT"] 29520
_ENV["REMOTE_ADDR"] 10.0.0.2
_ENV["SCRIPT_NAME"] /phpinfo.php
_ENV["PATH_INFO"] no value
_ENV["SCRIPT_FILENAME"] /usr/local/www/phpinfo.php
_ENV["DOCUMENT_ROOT"] /usr/local/www/
_ENV["REQUEST_URI"] /phpinfo.php
_ENV["QUERY_STRING"] no value
_ENV["REQUEST_METHOD"] GET
_ENV["REDIRECT_STATUS"] 200
_ENV["SERVER_PROTOCOL"] HTTP/1.0
_ENV["HTTP_HOST"] 10.0.0.3
_ENV["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1
_ENV["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
_ENV["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_ENV["HTTP_ACCEPT_ENCODING"] identity,gzip,deflate
_ENV["HTTP_COOKIE"] PHPSESSID=51d05d436402dbda27dd022a7032efbb
_ENV["HTTP_VIA"] 1.0 localhost:3128 (squid/2.7.STABLE9)
_ENV["HTTP_X_FORWARDED_FOR"] 127.0.0.1
_ENV["HTTP_CACHE_CONTROL"] max-age=259200
_ENV["HTTP_CONNECTION"] keep-alive

vbentley

Thanks for confirming that. Your amd64 PHP installation has mbstring loaded, my i386 build does not. Anyone else have the same outcome of mbstring present on amd64 build and not on i386?

vbentley

I have been investigating further and the configuration option –with-config-file-scan-dir=/usr/local/etc/php suggests that there may be more configuration files to process in /usr/local/etc/php . Perhaps this is where mbstring is loaded? This subdirectory is not present on my machine.

java007md

@vbentley:

I have been investigating further and the configuration option –with-config-file-scan-dir=/usr/local/etc/php suggests that there may be more configuration files to process in /usr/local/etc/php . Perhaps this is where mbstring is loaded? This subdirectory is not present on my machine.

No /usr/local/etc/php directory here either.

My whitelist error is different than what you are seeing (Services: Snort: Whitelist: Edit 63463; The following input errors were detected: A valid alias need to be provided), but for what it's worth, the phpinfo output I have (i386) is below:

–--------------------------------------------------------
PHP Version 5.2.17

System FreeBSD pfsense.localdomain 8.1-RELEASE-p6 FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 17:53:00 EST 2011 root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
Build Date Sep 20 2011 10:53:14
Configure Command './configure' '--with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--with-pcre-regex' '--program-prefix=' '--enable-fastcgi' '--with-regex=php' '--with-zend-vm=CALL' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd8.1'
Server API CGI/FastCGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/etc
Loaded Configuration File /usr/local/etc/php.ini
Scan this dir for additional .ini files /usr/local/etc/php
additional .ini files parsed (none)
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams https, ftps, php, file, data, http, ftp, compress.zlib, ssh2.shell, ssh2.exec, ssh2.tunnel, ssh2.scp, ssh2.sftp
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert., consumed, zlib.

This server is protected with the Suhosin Patch 0.9.7
Copyright (c) 2006 Hardened-PHP Project

This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH

Configuration

PHP Core

Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log /tmp/PHP_errors.log /tmp/PHP_errors.log
error_prepend_string no value no value
error_reporting no value no value
expose_php Off Off
extension_dir /usr/local/lib/php/20060613/ /usr/local/lib/php/20060613/
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors Off Off
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush On On
include_path .:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg .:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 99999999 99999999
max_file_uploads 20 20
max_input_nesting_level 64 64
max_input_time 99999999 99999999
memory_limit 128M 128M
open_basedir no value no value
output_buffering 0 0
output_handler no value no value
post_max_size 100M 100M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals Off Off
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir /usr/local/php/bin /usr/local/php/bin
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
suhosin.log.phpscript.is_safe Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 100M 100M
upload_tmp_dir /tmp /tmp
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Off

apc

APC Support enabled
Version 3.1.6
APC Debugging Disabled
MMAP Support Enabled
MMAP File Mask no value
Locking type File Locks
Revision $Revision: 303642 $
Build Date Aug 11 2011 14:06:10

Directive Local Value Master Value
apc.cache_by_default On On
apc.canonicalize On On
apc.coredump_unmap Off Off
apc.enable_cli Off Off
apc.enabled On On
apc.file_md5 Off Off
apc.file_update_protection 2 2
apc.filters no value no value
apc.gc_ttl 3600 3600
apc.include_once_override Off Off
apc.lazy_classes Off Off
apc.lazy_functions Off Off
apc.max_file_size 1M 1M
apc.mmap_file_mask no value no value
apc.num_files_hint 1000 1000
apc.preload_path no value no value
apc.report_autofilter Off Off
apc.rfc1867 Off Off
apc.rfc1867_freq 0 0
apc.rfc1867_name APC_UPLOAD_PROGRESS APC_UPLOAD_PROGRESS
apc.rfc1867_prefix upload_ upload_
apc.rfc1867_ttl 3600 3600
apc.shm_segments 1 1
apc.shm_size 35M 35M
apc.slam_defense On On
apc.stat On On
apc.stat_ctime Off Off
apc.ttl 0 0
apc.use_request_time On On
apc.user_entries_hint 4096 4096
apc.user_ttl 0 0
apc.write_lock On On

cgi-fcgi

Directive Local Value Master Value
cgi.check_shebang_line 1 1
cgi.fix_pathinfo 1 1
cgi.nph 0 0
cgi.rfc2616_headers 0 0
fastcgi.logging 1 1

ctype

ctype functions enabled

curl

cURL support enabled
cURL Information libcurl/7.21.3 OpenSSL/0.9.8n zlib/1.2.3

date

date/time support enabled
"Olson" Timezone Database Version 2010.9
Timezone Database internal
Default timezone America/New_York

Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value

gettext

GetText Support enabled

ldap

LDAP Support enabled
RCS Version $Id: ldap.c 293036 2010-01-03 09:23:27Z sebastian $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20426

libxml

libXML support active
libXML Version 2.7.8
libXML streams enabled

mbstring

Multibyte Support enabled
Multibyte string engine libmbfl
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) version 4.4.4
Multibyte regex (oniguruma) backtrack check On

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no value

mhash

MHASH support Enabled
MHASH API Version 20060101

openssl

OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8n 24 Mar 2010

pcntl

pcntl support enabled

pcre

PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.02 2010-03-19

Directive Local Value Master Value
pcre.backtrack_limit 100000 100000
pcre.recursion_limit 100000 100000

PDO

PDO support enabled
PDO drivers no value

posix

Revision $Revision: 293036 $

Reflection

Reflection enabled
Version $Id: php_reflection.c 300129 2010-06-03 00:43:37Z felipe $

session

Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0

shmop

shmop support enabled

SimpleXML

Simplexml support enabled
Revision $Revision: 299016 $
Schema support enabled

SPL

SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException

SQLite

SQLite support enabled
PECL Module version 2.0-dev $Id: sqlite.c 298697 2010-04-28 12:10:10Z iliaa $
SQLite Library 2.8.17
SQLite Encoding iso8859

Directive Local Value Master Value
sqlite.assoc_case 0 0

ssh2

libssh2 version 1.2.8
banner SSH-2.0-libssh2_1.2.8
remote forwarding enabled
hostbased auth enabled
polling support enabled
publickey subsystem enabled

standard

Regex Library Bundled library enabled
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i

Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,form=,fieldset= a=href,area=href,frame=src,form=,fieldset=
user_agent no value no value

suhosin

This server is protected with the Suhosin Extension 0.9.27

Copyright (c) 2006-2007 Hardened-PHP Project
Copyright (c) 2007-2008 SektionEins GmbH

Directive Local Value Master Value
suhosin.apc_bug_workaround Off Off
suhosin.cookie.checkraddr 0 0
suhosin.cookie.cryptdocroot On On
suhosin.cookie.cryptkey [ protected ] [ protected ]
suhosin.cookie.cryptlist no value no value
suhosin.cookie.cryptraddr 0 0
suhosin.cookie.cryptua On On
suhosin.cookie.disallow_nul 1 1
suhosin.cookie.disallow_ws 1 1
suhosin.cookie.encrypt Off Off
suhosin.cookie.max_array_depth 50 50
suhosin.cookie.max_array_index_length 64 64
suhosin.cookie.max_name_length 64 64
suhosin.cookie.max_totalname_length 256 256
suhosin.cookie.max_value_length 10000 10000
suhosin.cookie.max_vars 100 100
suhosin.cookie.plainlist no value no value
suhosin.coredump Off Off
suhosin.disable.display_errors Off Off
suhosin.executor.allow_symlink Off Off
suhosin.executor.disable_emodifier Off Off
suhosin.executor.disable_eval Off Off
suhosin.executor.eval.blacklist no value no value
suhosin.executor.eval.whitelist no value no value
suhosin.executor.func.blacklist no value no value
suhosin.executor.func.whitelist no value no value
suhosin.executor.include.blacklist no value no value
suhosin.executor.include.max_traversal 0 0
suhosin.executor.include.whitelist no value no value
suhosin.executor.max_depth 0 0
suhosin.filter.action no value no value
suhosin.get.disallow_nul 1 1
suhosin.get.disallow_ws 0 0
suhosin.get.max_array_depth 5000 5000
suhosin.get.max_array_index_length 256 256
suhosin.get.max_name_length 64 64
suhosin.get.max_totalname_length 256 256
suhosin.get.max_value_length 500000 500000
suhosin.get.max_vars 5000 5000
suhosin.mail.protect 0 0
suhosin.memory_limit 512435456 512435456
suhosin.mt_srand.ignore On On
suhosin.multiheader Off Off
suhosin.perdir 0 0
suhosin.post.disallow_nul 1 1
suhosin.post.disallow_ws 0 0
suhosin.post.max_array_depth 5000 5000
suhosin.post.max_array_index_length 256 256
suhosin.post.max_name_length 64 64
suhosin.post.max_totalname_length 256 256
suhosin.post.max_value_length 500000 500000
suhosin.post.max_vars 5000 5000
suhosin.protectkey On On
suhosin.request.disallow_nul 1 1
suhosin.request.disallow_ws 0 0
suhosin.request.max_array_depth 5000 5000
suhosin.request.max_array_index_length 256 256
suhosin.request.max_totalname_length 256 256
suhosin.request.max_value_length 500000 500000
suhosin.request.max_varname_length 64 64
suhosin.request.max_vars 5000 5000
suhosin.server.encode On On
suhosin.server.strip On On
suhosin.session.checkraddr 0 0
suhosin.session.cryptdocroot On On
suhosin.session.cryptkey [ protected ] [ protected ]
suhosin.session.cryptraddr 0 0
suhosin.session.cryptua On On
suhosin.session.encrypt On On
suhosin.session.max_id_length 128 128
suhosin.simulation Off Off
suhosin.sql.bailout_on_error Off Off
suhosin.sql.comment 0 0
suhosin.sql.multiselect 0 0
suhosin.sql.opencomment 0 0
suhosin.sql.union 0 0
suhosin.sql.user_postfix no value no value
suhosin.sql.user_prefix no value no value
suhosin.srand.ignore On On
suhosin.stealth On On
suhosin.upload.disallow_binary 0 0
suhosin.upload.disallow_elf 1 1
suhosin.upload.max_uploads 25 25
suhosin.upload.remove_binary 0 0
suhosin.upload.verification_script no value no value

xml

XML Support active
XML Namespace Support active
libxml2 Version 2.7.8

xmlreader

XMLReader enabled

xmlwriter

XMLWriter enabled

zlib

ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3

Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level 1 1
zlib.output_handler no value no value

zmq

ZMQ extension enabled
ZMQ extension version @PACKAGE_VERSION@
libzmq version 2.1.7

Directive Local Value Master Value

Additional Modules

Module Name
pfSense
readline

Environment

Variable Value
HOME /
OLDPWD /
PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
PWD /usr/local/www
PHP_FCGI_CHILDREN 2
PHP_FCGI_MAX_REQUESTS 500

PHP Variables

Variable Value
_REQUEST["PHPSESSID"] e13cca999b4984b78514dc425c71271b
_COOKIE["PHPSESSID"] e13cca999b4984b78514dc425c71271b
_SERVER["HOME"] /
_SERVER["OLDPWD"] /
_SERVER["PATH"] /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
_SERVER["PWD"] /usr/local/www
_SERVER["PHP_FCGI_CHILDREN"] 2
_SERVER["PHP_FCGI_MAX_REQUESTS"] 500
_SERVER["FCGI_ROLE"] RESPONDER
_SERVER["SERVER_SOFTWARE"] lighttpd/1.4.29
_SERVER["SERVER_NAME"] 192.168.0.1
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PORT"] 443
_SERVER["SERVER_ADDR"] 192.168.0.1
_SERVER["REMOTE_PORT"] 4457
_SERVER["REMOTE_ADDR"] 192.168.2.186
_SERVER["SCRIPT_NAME"] /phpinfo.php
_SERVER["PATH_INFO"] no value
_SERVER["SCRIPT_FILENAME"] /usr/local/www/phpinfo.php
_SERVER["DOCUMENT_ROOT"] /usr/local/www/
_SERVER["REQUEST_URI"] /phpinfo.php
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_METHOD"] GET
_SERVER["REDIRECT_STATUS"] 200
_SERVER["SERVER_PROTOCOL"] HTTP/1.1
_SERVER["HTTPS"] on
_SERVER["HTTP_HOST"] 192.168.0.1
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.49 Safari/537.1
_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
_SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate,sdch
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-US,en;q=0.8
_SERVER["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,;q=0.3
_SERVER["HTTP_COOKIE"] PHPSESSID=e13cca999b4984b78514dc425c71271b
_SERVER["PHP_SELF"] /phpinfo.php
_SERVER["REQUEST_TIME"] 1343144697
_SERVER["argv"]
Array
(
)
_SERVER["argc"] 0
_ENV["HOME"] /
_ENV["OLDPWD"] /
_ENV["PATH"] /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
_ENV["PWD"] /usr/local/www
_ENV["PHP_FCGI_CHILDREN"] 2
_ENV["PHP_FCGI_MAX_REQUESTS"] 500
_ENV["FCGI_ROLE"] RESPONDER
_ENV["SERVER_SOFTWARE"] lighttpd/1.4.29
_ENV["SERVER_NAME"] 192.168.0.1
_ENV["GATEWAY_INTERFACE"] CGI/1.1
_ENV["SERVER_PORT"] 443
_ENV["SERVER_ADDR"] 192.168.0.1
_ENV["REMOTE_PORT"] 4457
_ENV["REMOTE_ADDR"] 192.168.2.186
_ENV["SCRIPT_NAME"] /phpinfo.php
_ENV["PATH_INFO"] no value
_ENV["SCRIPT_FILENAME"] /usr/local/www/phpinfo.php
_ENV["DOCUMENT_ROOT"] /usr/local/www/
_ENV["REQUEST_URI"] /phpinfo.php
_ENV["QUERY_STRING"] no value
_ENV["REQUEST_METHOD"] GET
_ENV["REDIRECT_STATUS"] 200
_ENV["SERVER_PROTOCOL"] HTTP/1.1
_ENV["HTTPS"] on
_ENV["HTTP_HOST"] 192.168.0.1
_ENV["HTTP_CONNECTION"] keep-alive
_ENV["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.49 Safari/537.1
_ENV["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
_ENV["HTTP_ACCEPT_ENCODING"] gzip,deflate,sdch
_ENV["HTTP_ACCEPT_LANGUAGE"] en-US,en;q=0.8
_ENV["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,;q=0.3
_ENV["HTTP_COOKIE"] PHPSESSID=e13cca999b4984b78514dc425c71271b

PHP License

This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact license@php.net.

–--------------------------------------------------------

At this point, I have blocking disabled until I get the whitelist issue resolved.

I am loading both the snort vrt and emergingthreats rules BTW.

vbentley

Thanks. It appears that the failure to load mbstring is something my box does and is not necessarily a build issue as your i386 has no problem loading mbstring functions.

I'm going to build another machine from a fresh CD just to be sure mine is not an upgrade fault. The one I am running was upgraded from the console on release 1.2.3 .

Metu69salemi

code brackets would help a lot for readability

vbentley

I rebuilt my pfSense host today using a completely fresh install on another hard drive. After correcting a few typos for 'gettet' that should be 'gettext' in snort_interfaces_global.php and snort_preprocessors.php, this problem with whitelists has been resolved. I suspect that it may have been caused by upgrading from the console a 1.2.3 system with Snort already installed instead of installing 2.0.1 from CD.

JMBARRETO

The WhiteList don't works for me too. Neither with networks or single IP adress.
I'm using PFSense 2.0.1 with Snort 2.9.2.3 pkg v.2.5.1.

After some days searching for solution I found a workaround that worked for me.
Add in Suppress List the networks in CIDR notation like that (example with 3 networks in supress list working as WhiteList):

suppress gen_id 0, sig_id 0, track by_src, ip [xxx.xxx.xxx.xxx/29,yyy.yyy.yyy.yyy/28,zzz.zzz.zzz.zzz/28]