Snort Whitelist Problem (2.9.2.3 pkg v. 2.5.1)
-
I have just reinstalled the 2.5.1 package as I was having the same problem with 2.5.0 .
I get this error every time I try to save a Whitelist, which prevents saving:-
Fatal error: Call to undefined function mb_convert_encoding() in /usr/local/www/snort/snort_interfaces_whitelist_edit.php on line 134
I am using the United Kingdom settings.
-
Seeing a similar error when trying to update/save a whitelist:
–-
The following input errors were detected:A valid alias need to be provided
Snort 2.9.2.3 pkg v. 2.5.1
I am also seeing a whitelisted IP on the blocked IP list.
-
I've also upgraded to the latest package and recreated my white lists but IPs from the white listed networks are still being blocked.
I'm not seeing any issues loading the listsI'm using an alias list of type networks in the snort white list
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6Snort 2.9.2.3 pkg v. 2.5.1
-
My box is running the 32 bit distro.
FreeBSD 8.1-RELEASE-p6 #1: Mon Dec 12 18:18:02 EST 2011 root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense.8 i386
Build Date Sep 20 2011 10:53:14I'm not an expert on this but for multibyte character encoding to work in PHP I think it needs to be configured with '–enable-mbstring'. When I ran phpinfo() to check the configuration options I couldn't find mbstring or any evidence of libmbfi being loaded. Is it loaded by another file from the config-file-scan-dir? Is this a configuration bug for the 32-bit build?
Configure Command './configure' '–with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--with-pcre-regex' '--program-prefix=' '--enable-fastcgi' '--with-regex=php' '--with-zend-vm=CALL' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd8.1'
-
I don't have a spare 64-bit machine that I can test this on. If you are running 64-bit pfSense, can you create a PHP file containing the following code that will confirm a configuration difference between architectures if there is one.
Create /usr/local/www/phpinfo.php containing the following code:
phpinfo()
?>Visit the page in your browser to view the PHP configuration.
-
I don't have a spare 64-bit machine that I can test this on. If you are running 64-bit pfSense, can you create a PHP file containing the following code that will confirm a configuration difference between architectures if there is one.
Create /usr/local/www/phpinfo.php containing the following code:
phpinfo()
?>Visit the page in your browser to view the PHP configuration.
Works fine everything displays
-
Great!
Please post here what it reports for System, Build Date and Configure Command. Thanks.
Edit out your hostname if you wish. I only want to check the configuration commands are the same.
-
Great!
Please post here what it reports for System, Build Date and Configure Command. Thanks.
Edit out your hostname if you wish. I only want to check the configuration commands are the same.PHP Version 5.2.17
System FreeBSD XXXXXXXXXXXXXXXXXXXX 8.1-RELEASE-p6 FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:15:35 EST 2011 root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8 amd64
Build Date Sep 20 2011 10:53:32
Configure Command './configure' '–with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--with-pcre-regex' '--program-prefix=' '--enable-fastcgi' '--with-regex=php' '--with-zend-vm=CALL' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd8.1'
Server API CGI/FastCGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/etc
Loaded Configuration File /usr/local/etc/php.ini
Scan this dir for additional .ini files /usr/local/etc/php
additional .ini files parsed (none)
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams https, ftps, php, file, data, http, ftp, compress.zlib, ssh2.shell, ssh2.exec, ssh2.tunnel, ssh2.scp, ssh2.sftp
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert., consumed, zlib.This server is protected with the Suhosin Patch 0.9.7
Copyright (c) 2006 Hardened-PHP ProjectThis program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbHConfiguration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log /tmp/PHP_errors.log /tmp/PHP_errors.log
error_prepend_string no value no value
error_reporting no value no value
expose_php Off Off
extension_dir /usr/local/lib/php/20060613/ /usr/local/lib/php/20060613/
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors Off Off
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush On On
include_path .:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg .:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 99999999 99999999
max_file_uploads 20 20
max_input_nesting_level 64 64
max_input_time 99999999 99999999
memory_limit 128M 128M
open_basedir no value no value
output_buffering 0 0
output_handler no value no value
post_max_size 100M 100M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals Off Off
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir /usr/local/php/bin /usr/local/php/bin
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
suhosin.log.phpscript.is_safe Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 100M 100M
upload_tmp_dir /tmp /tmp
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Offapc
APC Support enabled
Version 3.1.6
APC Debugging Disabled
MMAP Support Enabled
MMAP File Mask no value
Locking type File Locks
Revision $Revision: 303642 $
Build Date Aug 11 2011 13:58:09Directive Local Value Master Value
apc.cache_by_default On On
apc.canonicalize On On
apc.coredump_unmap Off Off
apc.enable_cli Off Off
apc.enabled On On
apc.file_md5 Off Off
apc.file_update_protection 2 2
apc.filters no value no value
apc.gc_ttl 3600 3600
apc.include_once_override Off Off
apc.lazy_classes Off Off
apc.lazy_functions Off Off
apc.max_file_size 1M 1M
apc.mmap_file_mask no value no value
apc.num_files_hint 1000 1000
apc.preload_path no value no value
apc.report_autofilter Off Off
apc.rfc1867 Off Off
apc.rfc1867_freq 0 0
apc.rfc1867_name APC_UPLOAD_PROGRESS APC_UPLOAD_PROGRESS
apc.rfc1867_prefix upload_ upload_
apc.rfc1867_ttl 3600 3600
apc.shm_segments 1 1
apc.shm_size 35M 35M
apc.slam_defense On On
apc.stat On On
apc.stat_ctime Off Off
apc.ttl 0 0
apc.use_request_time On On
apc.user_entries_hint 4096 4096
apc.user_ttl 0 0
apc.write_lock On Oncgi-fcgi
Directive Local Value Master Value
cgi.check_shebang_line 1 1
cgi.fix_pathinfo 1 1
cgi.nph 0 0
cgi.rfc2616_headers 0 0
fastcgi.logging 1 1ctype
ctype functions enabledcurl
cURL support enabled
cURL Information libcurl/7.21.3 OpenSSL/0.9.8n zlib/1.2.3date
date/time support enabled
"Olson" Timezone Database Version 2010.9
Timezone Database internal
Default timezone America/ChicagoDirective Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no valuegettext
GetText Support enabledldap
LDAP Support enabled
RCS Version $Id: ldap.c 293036 2010-01-03 09:23:27Z sebastian $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20426libxml
libXML support active
libXML Version 2.7.8
libXML streams enabledmbstring
Multibyte Support enabled
Multibyte string engine libmbfl
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) version 4.4.4
Multibyte regex (oniguruma) backtrack check Onmbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no valuemhash
MHASH support Enabled
MHASH API Version 20060101openssl
OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8n 24 Mar 2010pcntl
pcntl support enabledpcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.02 2010-03-19Directive Local Value Master Value
pcre.backtrack_limit 100000 100000
pcre.recursion_limit 100000 100000PDO
PDO support enabled
PDO drivers no valueposix
Revision $Revision: 293036 $Reflection
Reflection enabled
Version $Id: php_reflection.c 300129 2010-06-03 00:43:37Z felipe $session
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binaryDirective Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0shmop
shmop support enabledSimpleXML
Simplexml support enabled
Revision $Revision: 299016 $
Schema support enabledSPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueExceptionSQLite
SQLite support enabled
PECL Module version 2.0-dev $Id: sqlite.c 298697 2010-04-28 12:10:10Z iliaa $
SQLite Library 2.8.17
SQLite Encoding iso8859Directive Local Value Master Value
sqlite.assoc_case 0 0ssh2
libssh2 version 1.2.8
banner SSH-2.0-libssh2_1.2.8
remote forwarding enabled
hostbased auth enabled
polling support enabled
publickey subsystem enabledstandard
Regex Library Bundled library enabled
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -iDirective Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,form=,fieldset= a=href,area=href,frame=src,form=,fieldset=
user_agent no value no valuesuhosin
Suhosin logo This server is protected with the Suhosin Extension 0.9.27Copyright (c) 2006-2007 Hardened-PHP Project
Copyright (c) 2007-2008 SektionEins GmbHDirective Local Value Master Value
suhosin.apc_bug_workaround Off Off
suhosin.cookie.checkraddr 0 0
suhosin.cookie.cryptdocroot On On
suhosin.cookie.cryptkey [ protected ] [ protected ]
suhosin.cookie.cryptlist no value no value
suhosin.cookie.cryptraddr 0 0
suhosin.cookie.cryptua On On
suhosin.cookie.disallow_nul 1 1
suhosin.cookie.disallow_ws 1 1
suhosin.cookie.encrypt Off Off
suhosin.cookie.max_array_depth 50 50
suhosin.cookie.max_array_index_length 64 64
suhosin.cookie.max_name_length 64 64
suhosin.cookie.max_totalname_length 256 256
suhosin.cookie.max_value_length 10000 10000
suhosin.cookie.max_vars 100 100
suhosin.cookie.plainlist no value no value
suhosin.coredump Off Off
suhosin.disable.display_errors Off Off
suhosin.executor.allow_symlink Off Off
suhosin.executor.disable_emodifier Off Off
suhosin.executor.disable_eval Off Off
suhosin.executor.eval.blacklist no value no value
suhosin.executor.eval.whitelist no value no value
suhosin.executor.func.blacklist no value no value
suhosin.executor.func.whitelist no value no value
suhosin.executor.include.blacklist no value no value
suhosin.executor.include.max_traversal 0 0
suhosin.executor.include.whitelist no value no value
suhosin.executor.max_depth 0 0
suhosin.filter.action no value no value
suhosin.get.disallow_nul 1 1
suhosin.get.disallow_ws 0 0
suhosin.get.max_array_depth 5000 5000
suhosin.get.max_array_index_length 256 256
suhosin.get.max_name_length 64 64
suhosin.get.max_totalname_length 256 256
suhosin.get.max_value_length 500000 500000
suhosin.get.max_vars 5000 5000
suhosin.mail.protect 0 0
suhosin.memory_limit 512435456 512435456
suhosin.mt_srand.ignore On On
suhosin.multiheader Off Off
suhosin.perdir 0 0
suhosin.post.disallow_nul 1 1
suhosin.post.disallow_ws 0 0
suhosin.post.max_array_depth 5000 5000
suhosin.post.max_array_index_length 256 256
suhosin.post.max_name_length 64 64
suhosin.post.max_totalname_length 256 256
suhosin.post.max_value_length 500000 500000
suhosin.post.max_vars 5000 5000
suhosin.protectkey On On
suhosin.request.disallow_nul 1 1
suhosin.request.disallow_ws 0 0
suhosin.request.max_array_depth 5000 5000
suhosin.request.max_array_index_length 256 256
suhosin.request.max_totalname_length 256 256
suhosin.request.max_value_length 500000 500000
suhosin.request.max_varname_length 64 64
suhosin.request.max_vars 5000 5000
suhosin.server.encode On On
suhosin.server.strip On On
suhosin.session.checkraddr 0 0
suhosin.session.cryptdocroot On On
suhosin.session.cryptkey [ protected ] [ protected ]
suhosin.session.cryptraddr 0 0
suhosin.session.cryptua On On
suhosin.session.encrypt On On
suhosin.session.max_id_length 128 128
suhosin.simulation Off Off
suhosin.sql.bailout_on_error Off Off
suhosin.sql.comment 0 0
suhosin.sql.multiselect 0 0
suhosin.sql.opencomment 0 0
suhosin.sql.union 0 0
suhosin.sql.user_postfix no value no value
suhosin.sql.user_prefix no value no value
suhosin.srand.ignore On On
suhosin.stealth On On
suhosin.upload.disallow_binary 0 0
suhosin.upload.disallow_elf 1 1
suhosin.upload.max_uploads 25 25
suhosin.upload.remove_binary 0 0
suhosin.upload.verification_script no value no valuexml
XML Support active
XML Namespace Support active
libxml2 Version 2.7.8xmlreader
XMLReader enabledxmlwriter
XMLWriter enabledzlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level 1 1
zlib.output_handler no value no valuezmq
ZMQ extension enabled
ZMQ extension version @PACKAGE_VERSION@
libzmq version 2.1.7Directive Local Value Master Value
Additional Modules
Module Name
pfSense
readlineEnvironment
Variable Value
HOME /
OLDPWD /
PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
PWD /usr/local/www
PHP_FCGI_CHILDREN 2
PHP_FCGI_MAX_REQUESTS 500PHP Variables
Variable Value
_REQUEST["PHPSESSID"] 51d05d436402dbda27dd022a7032efbb
_COOKIE["PHPSESSID"] 51d05d436402dbda27dd022a7032efbb
_SERVER["HOME"] /
_SERVER["OLDPWD"] /
_SERVER["PATH"] /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
_SERVER["PWD"] /usr/local/www
_SERVER["PHP_FCGI_CHILDREN"] 2
_SERVER["PHP_FCGI_MAX_REQUESTS"] 500
_SERVER["FCGI_ROLE"] RESPONDER
_SERVER["SERVER_SOFTWARE"] lighttpd/1.4.29
_SERVER["SERVER_NAME"] 10.0.0.3
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PORT"] 80
_SERVER["SERVER_ADDR"] 10.0.0.3
_SERVER["REMOTE_PORT"] 29520
_SERVER["REMOTE_ADDR"] 10.0.0.2
_SERVER["SCRIPT_NAME"] /phpinfo.php
_SERVER["PATH_INFO"] no value
_SERVER["SCRIPT_FILENAME"] /usr/local/www/phpinfo.php
_SERVER["DOCUMENT_ROOT"] /usr/local/www/
_SERVER["REQUEST_URI"] /phpinfo.php
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_METHOD"] GET
_SERVER["REDIRECT_STATUS"] 200
_SERVER["SERVER_PROTOCOL"] HTTP/1.0
_SERVER["HTTP_HOST"] 10.0.0.3
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1
_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_SERVER["HTTP_ACCEPT_ENCODING"] identity,gzip,deflate
_SERVER["HTTP_COOKIE"] PHPSESSID=51d05d436402dbda27dd022a7032efbb
_SERVER["HTTP_VIA"] 1.0 localhost:3128 (squid/2.7.STABLE9)
_SERVER["HTTP_X_FORWARDED_FOR"] 127.0.0.1
_SERVER["HTTP_CACHE_CONTROL"] max-age=259200
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["PHP_SELF"] /phpinfo.php
_SERVER["REQUEST_TIME"] 1343138776
_SERVER["argv"]Array
(
)_SERVER["argc"] 0
_ENV["HOME"] /
_ENV["OLDPWD"] /
_ENV["PATH"] /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
_ENV["PWD"] /usr/local/www
_ENV["PHP_FCGI_CHILDREN"] 2
_ENV["PHP_FCGI_MAX_REQUESTS"] 500
_ENV["FCGI_ROLE"] RESPONDER
_ENV["SERVER_SOFTWARE"] lighttpd/1.4.29
_ENV["SERVER_NAME"] 10.0.0.3
_ENV["GATEWAY_INTERFACE"] CGI/1.1
_ENV["SERVER_PORT"] 80
_ENV["SERVER_ADDR"] 10.0.0.3
_ENV["REMOTE_PORT"] 29520
_ENV["REMOTE_ADDR"] 10.0.0.2
_ENV["SCRIPT_NAME"] /phpinfo.php
_ENV["PATH_INFO"] no value
_ENV["SCRIPT_FILENAME"] /usr/local/www/phpinfo.php
_ENV["DOCUMENT_ROOT"] /usr/local/www/
_ENV["REQUEST_URI"] /phpinfo.php
_ENV["QUERY_STRING"] no value
_ENV["REQUEST_METHOD"] GET
_ENV["REDIRECT_STATUS"] 200
_ENV["SERVER_PROTOCOL"] HTTP/1.0
_ENV["HTTP_HOST"] 10.0.0.3
_ENV["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1
_ENV["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
_ENV["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_ENV["HTTP_ACCEPT_ENCODING"] identity,gzip,deflate
_ENV["HTTP_COOKIE"] PHPSESSID=51d05d436402dbda27dd022a7032efbb
_ENV["HTTP_VIA"] 1.0 localhost:3128 (squid/2.7.STABLE9)
_ENV["HTTP_X_FORWARDED_FOR"] 127.0.0.1
_ENV["HTTP_CACHE_CONTROL"] max-age=259200
_ENV["HTTP_CONNECTION"] keep-alive
-
Thanks for confirming that. Your amd64 PHP installation has mbstring loaded, my i386 build does not. Anyone else have the same outcome of mbstring present on amd64 build and not on i386?
-
I have been investigating further and the configuration option –with-config-file-scan-dir=/usr/local/etc/php suggests that there may be more configuration files to process in /usr/local/etc/php . Perhaps this is where mbstring is loaded? This subdirectory is not present on my machine.
-
I have been investigating further and the configuration option –with-config-file-scan-dir=/usr/local/etc/php suggests that there may be more configuration files to process in /usr/local/etc/php . Perhaps this is where mbstring is loaded? This subdirectory is not present on my machine.
No /usr/local/etc/php directory here either.
My whitelist error is different than what you are seeing (Services: Snort: Whitelist: Edit 63463; The following input errors were detected: A valid alias need to be provided), but for what it's worth, the phpinfo output I have (i386) is below:
–--------------------------------------------------------
PHP Version 5.2.17System FreeBSD pfsense.localdomain 8.1-RELEASE-p6 FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 17:53:00 EST 2011 root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
Build Date Sep 20 2011 10:53:14
Configure Command './configure' '--with-layout=GNU' '--with-config-file-scan-dir=/usr/local/etc/php' '--disable-all' '--enable-libxml' '--with-libxml-dir=/usr/local' '--enable-reflection' '--with-pcre-regex' '--program-prefix=' '--enable-fastcgi' '--with-regex=php' '--with-zend-vm=CALL' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd8.1'
Server API CGI/FastCGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/etc
Loaded Configuration File /usr/local/etc/php.ini
Scan this dir for additional .ini files /usr/local/etc/php
additional .ini files parsed (none)
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams https, ftps, php, file, data, http, ftp, compress.zlib, ssh2.shell, ssh2.exec, ssh2.tunnel, ssh2.scp, ssh2.sftp
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert., consumed, zlib.This server is protected with the Suhosin Patch 0.9.7
Copyright (c) 2006 Hardened-PHP ProjectThis program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbHConfiguration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log /tmp/PHP_errors.log /tmp/PHP_errors.log
error_prepend_string no value no value
error_reporting no value no value
expose_php Off Off
extension_dir /usr/local/lib/php/20060613/ /usr/local/lib/php/20060613/
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors Off Off
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush On On
include_path .:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg .:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 99999999 99999999
max_file_uploads 20 20
max_input_nesting_level 64 64
max_input_time 99999999 99999999
memory_limit 128M 128M
open_basedir no value no value
output_buffering 0 0
output_handler no value no value
post_max_size 100M 100M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals Off Off
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir /usr/local/php/bin /usr/local/php/bin
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
suhosin.log.phpscript.is_safe Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 100M 100M
upload_tmp_dir /tmp /tmp
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Offapc
APC Support enabled
Version 3.1.6
APC Debugging Disabled
MMAP Support Enabled
MMAP File Mask no value
Locking type File Locks
Revision $Revision: 303642 $
Build Date Aug 11 2011 14:06:10Directive Local Value Master Value
apc.cache_by_default On On
apc.canonicalize On On
apc.coredump_unmap Off Off
apc.enable_cli Off Off
apc.enabled On On
apc.file_md5 Off Off
apc.file_update_protection 2 2
apc.filters no value no value
apc.gc_ttl 3600 3600
apc.include_once_override Off Off
apc.lazy_classes Off Off
apc.lazy_functions Off Off
apc.max_file_size 1M 1M
apc.mmap_file_mask no value no value
apc.num_files_hint 1000 1000
apc.preload_path no value no value
apc.report_autofilter Off Off
apc.rfc1867 Off Off
apc.rfc1867_freq 0 0
apc.rfc1867_name APC_UPLOAD_PROGRESS APC_UPLOAD_PROGRESS
apc.rfc1867_prefix upload_ upload_
apc.rfc1867_ttl 3600 3600
apc.shm_segments 1 1
apc.shm_size 35M 35M
apc.slam_defense On On
apc.stat On On
apc.stat_ctime Off Off
apc.ttl 0 0
apc.use_request_time On On
apc.user_entries_hint 4096 4096
apc.user_ttl 0 0
apc.write_lock On Oncgi-fcgi
Directive Local Value Master Value
cgi.check_shebang_line 1 1
cgi.fix_pathinfo 1 1
cgi.nph 0 0
cgi.rfc2616_headers 0 0
fastcgi.logging 1 1ctype
ctype functions enabled
curl
cURL support enabled
cURL Information libcurl/7.21.3 OpenSSL/0.9.8n zlib/1.2.3date
date/time support enabled
"Olson" Timezone Database Version 2010.9
Timezone Database internal
Default timezone America/New_YorkDirective Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no valuegettext
GetText Support enabled
ldap
LDAP Support enabled
RCS Version $Id: ldap.c 293036 2010-01-03 09:23:27Z sebastian $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20426libxml
libXML support active
libXML Version 2.7.8
libXML streams enabledmbstring
Multibyte Support enabled
Multibyte string engine libmbfl
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) version 4.4.4
Multibyte regex (oniguruma) backtrack check Onmbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no valuemhash
MHASH support Enabled
MHASH API Version 20060101openssl
OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8n 24 Mar 2010pcntl
pcntl support enabled
pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.02 2010-03-19Directive Local Value Master Value
pcre.backtrack_limit 100000 100000
pcre.recursion_limit 100000 100000PDO
PDO support enabled
PDO drivers no valueposix
Revision $Revision: 293036 $
Reflection
Reflection enabled
Version $Id: php_reflection.c 300129 2010-06-03 00:43:37Z felipe $session
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binaryDirective Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0shmop
shmop support enabled
SimpleXML
Simplexml support enabled
Revision $Revision: 299016 $
Schema support enabledSPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueExceptionSQLite
SQLite support enabled
PECL Module version 2.0-dev $Id: sqlite.c 298697 2010-04-28 12:10:10Z iliaa $
SQLite Library 2.8.17
SQLite Encoding iso8859Directive Local Value Master Value
sqlite.assoc_case 0 0ssh2
libssh2 version 1.2.8
banner SSH-2.0-libssh2_1.2.8
remote forwarding enabled
hostbased auth enabled
polling support enabled
publickey subsystem enabledstandard
Regex Library Bundled library enabled
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -iDirective Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,form=,fieldset= a=href,area=href,frame=src,form=,fieldset=
user_agent no value no valuesuhosin
This server is protected with the Suhosin Extension 0.9.27
Copyright (c) 2006-2007 Hardened-PHP Project
Copyright (c) 2007-2008 SektionEins GmbHDirective Local Value Master Value
suhosin.apc_bug_workaround Off Off
suhosin.cookie.checkraddr 0 0
suhosin.cookie.cryptdocroot On On
suhosin.cookie.cryptkey [ protected ] [ protected ]
suhosin.cookie.cryptlist no value no value
suhosin.cookie.cryptraddr 0 0
suhosin.cookie.cryptua On On
suhosin.cookie.disallow_nul 1 1
suhosin.cookie.disallow_ws 1 1
suhosin.cookie.encrypt Off Off
suhosin.cookie.max_array_depth 50 50
suhosin.cookie.max_array_index_length 64 64
suhosin.cookie.max_name_length 64 64
suhosin.cookie.max_totalname_length 256 256
suhosin.cookie.max_value_length 10000 10000
suhosin.cookie.max_vars 100 100
suhosin.cookie.plainlist no value no value
suhosin.coredump Off Off
suhosin.disable.display_errors Off Off
suhosin.executor.allow_symlink Off Off
suhosin.executor.disable_emodifier Off Off
suhosin.executor.disable_eval Off Off
suhosin.executor.eval.blacklist no value no value
suhosin.executor.eval.whitelist no value no value
suhosin.executor.func.blacklist no value no value
suhosin.executor.func.whitelist no value no value
suhosin.executor.include.blacklist no value no value
suhosin.executor.include.max_traversal 0 0
suhosin.executor.include.whitelist no value no value
suhosin.executor.max_depth 0 0
suhosin.filter.action no value no value
suhosin.get.disallow_nul 1 1
suhosin.get.disallow_ws 0 0
suhosin.get.max_array_depth 5000 5000
suhosin.get.max_array_index_length 256 256
suhosin.get.max_name_length 64 64
suhosin.get.max_totalname_length 256 256
suhosin.get.max_value_length 500000 500000
suhosin.get.max_vars 5000 5000
suhosin.mail.protect 0 0
suhosin.memory_limit 512435456 512435456
suhosin.mt_srand.ignore On On
suhosin.multiheader Off Off
suhosin.perdir 0 0
suhosin.post.disallow_nul 1 1
suhosin.post.disallow_ws 0 0
suhosin.post.max_array_depth 5000 5000
suhosin.post.max_array_index_length 256 256
suhosin.post.max_name_length 64 64
suhosin.post.max_totalname_length 256 256
suhosin.post.max_value_length 500000 500000
suhosin.post.max_vars 5000 5000
suhosin.protectkey On On
suhosin.request.disallow_nul 1 1
suhosin.request.disallow_ws 0 0
suhosin.request.max_array_depth 5000 5000
suhosin.request.max_array_index_length 256 256
suhosin.request.max_totalname_length 256 256
suhosin.request.max_value_length 500000 500000
suhosin.request.max_varname_length 64 64
suhosin.request.max_vars 5000 5000
suhosin.server.encode On On
suhosin.server.strip On On
suhosin.session.checkraddr 0 0
suhosin.session.cryptdocroot On On
suhosin.session.cryptkey [ protected ] [ protected ]
suhosin.session.cryptraddr 0 0
suhosin.session.cryptua On On
suhosin.session.encrypt On On
suhosin.session.max_id_length 128 128
suhosin.simulation Off Off
suhosin.sql.bailout_on_error Off Off
suhosin.sql.comment 0 0
suhosin.sql.multiselect 0 0
suhosin.sql.opencomment 0 0
suhosin.sql.union 0 0
suhosin.sql.user_postfix no value no value
suhosin.sql.user_prefix no value no value
suhosin.srand.ignore On On
suhosin.stealth On On
suhosin.upload.disallow_binary 0 0
suhosin.upload.disallow_elf 1 1
suhosin.upload.max_uploads 25 25
suhosin.upload.remove_binary 0 0
suhosin.upload.verification_script no value no valuexml
XML Support active
XML Namespace Support active
libxml2 Version 2.7.8xmlreader
XMLReader enabled
xmlwriter
XMLWriter enabled
zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level 1 1
zlib.output_handler no value no valuezmq
ZMQ extension enabled
ZMQ extension version @PACKAGE_VERSION@
libzmq version 2.1.7Directive Local Value Master Value
Additional Modules
Module Name
pfSense
readlineEnvironment
Variable Value
HOME /
OLDPWD /
PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
PWD /usr/local/www
PHP_FCGI_CHILDREN 2
PHP_FCGI_MAX_REQUESTS 500PHP Variables
Variable Value
_REQUEST["PHPSESSID"] e13cca999b4984b78514dc425c71271b
_COOKIE["PHPSESSID"] e13cca999b4984b78514dc425c71271b
_SERVER["HOME"] /
_SERVER["OLDPWD"] /
_SERVER["PATH"] /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
_SERVER["PWD"] /usr/local/www
_SERVER["PHP_FCGI_CHILDREN"] 2
_SERVER["PHP_FCGI_MAX_REQUESTS"] 500
_SERVER["FCGI_ROLE"] RESPONDER
_SERVER["SERVER_SOFTWARE"] lighttpd/1.4.29
_SERVER["SERVER_NAME"] 192.168.0.1
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PORT"] 443
_SERVER["SERVER_ADDR"] 192.168.0.1
_SERVER["REMOTE_PORT"] 4457
_SERVER["REMOTE_ADDR"] 192.168.2.186
_SERVER["SCRIPT_NAME"] /phpinfo.php
_SERVER["PATH_INFO"] no value
_SERVER["SCRIPT_FILENAME"] /usr/local/www/phpinfo.php
_SERVER["DOCUMENT_ROOT"] /usr/local/www/
_SERVER["REQUEST_URI"] /phpinfo.php
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_METHOD"] GET
_SERVER["REDIRECT_STATUS"] 200
_SERVER["SERVER_PROTOCOL"] HTTP/1.1
_SERVER["HTTPS"] on
_SERVER["HTTP_HOST"] 192.168.0.1
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.49 Safari/537.1
_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
_SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate,sdch
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-US,en;q=0.8
_SERVER["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,;q=0.3
_SERVER["HTTP_COOKIE"] PHPSESSID=e13cca999b4984b78514dc425c71271b
_SERVER["PHP_SELF"] /phpinfo.php
_SERVER["REQUEST_TIME"] 1343144697
_SERVER["argv"]
Array
(
)
_SERVER["argc"] 0
_ENV["HOME"] /
_ENV["OLDPWD"] /
_ENV["PATH"] /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
_ENV["PWD"] /usr/local/www
_ENV["PHP_FCGI_CHILDREN"] 2
_ENV["PHP_FCGI_MAX_REQUESTS"] 500
_ENV["FCGI_ROLE"] RESPONDER
_ENV["SERVER_SOFTWARE"] lighttpd/1.4.29
_ENV["SERVER_NAME"] 192.168.0.1
_ENV["GATEWAY_INTERFACE"] CGI/1.1
_ENV["SERVER_PORT"] 443
_ENV["SERVER_ADDR"] 192.168.0.1
_ENV["REMOTE_PORT"] 4457
_ENV["REMOTE_ADDR"] 192.168.2.186
_ENV["SCRIPT_NAME"] /phpinfo.php
_ENV["PATH_INFO"] no value
_ENV["SCRIPT_FILENAME"] /usr/local/www/phpinfo.php
_ENV["DOCUMENT_ROOT"] /usr/local/www/
_ENV["REQUEST_URI"] /phpinfo.php
_ENV["QUERY_STRING"] no value
_ENV["REQUEST_METHOD"] GET
_ENV["REDIRECT_STATUS"] 200
_ENV["SERVER_PROTOCOL"] HTTP/1.1
_ENV["HTTPS"] on
_ENV["HTTP_HOST"] 192.168.0.1
_ENV["HTTP_CONNECTION"] keep-alive
_ENV["HTTP_USER_AGENT"] Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.49 Safari/537.1
_ENV["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
_ENV["HTTP_ACCEPT_ENCODING"] gzip,deflate,sdch
_ENV["HTTP_ACCEPT_LANGUAGE"] en-US,en;q=0.8
_ENV["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,;q=0.3
_ENV["HTTP_COOKIE"] PHPSESSID=e13cca999b4984b78514dc425c71271bPHP License
This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact license@php.net.
–--------------------------------------------------------
At this point, I have blocking disabled until I get the whitelist issue resolved.
I am loading both the snort vrt and emergingthreats rules BTW.
-
Thanks. It appears that the failure to load mbstring is something my box does and is not necessarily a build issue as your i386 has no problem loading mbstring functions.
I'm going to build another machine from a fresh CD just to be sure mine is not an upgrade fault. The one I am running was upgraded from the console on release 1.2.3 .
-
code brackets would help a lot for readability
-
I rebuilt my pfSense host today using a completely fresh install on another hard drive. After correcting a few typos for 'gettet' that should be 'gettext' in snort_interfaces_global.php and snort_preprocessors.php, this problem with whitelists has been resolved. I suspect that it may have been caused by upgrading from the console a 1.2.3 system with Snort already installed instead of installing 2.0.1 from CD.
-
The WhiteList don't works for me too. Neither with networks or single IP adress.
I'm using PFSense 2.0.1 with Snort 2.9.2.3 pkg v.2.5.1.After some days searching for solution I found a workaround that worked for me.
Add in Suppress List the networks in CIDR notation like that (example with 3 networks in supress list working as WhiteList):suppress gen_id 0, sig_id 0, track by_src, ip [xxx.xxx.xxx.xxx/29,yyy.yyy.yyy.yyy/28,zzz.zzz.zzz.zzz/28]