aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-07-16 09:42:41 +0000
committerErmal <eri@pfsense.org>2012-07-16 09:42:41 +0000
commitfc886e5bd05dd82701f0d7961e92de87c3ba1bd4 (patch)
treed2b874d74aaf62cae1a811b6172c6d23bbc1708c
parent3f50c8996f3a14ced3d365b6854555a842a93ebb (diff)
downloadpfsense-packages-fc886e5bd05dd82701f0d7961e92de87c3ba1bd4.tar.gz
pfsense-packages-fc886e5bd05dd82701f0d7961e92de87c3ba1bd4.tar.bz2
pfsense-packages-fc886e5bd05dd82701f0d7961e92de87c3ba1bd4.zip
Add possibility to specify custom rules
-rw-r--r--config/snort/snort.inc6
-rw-r--r--config/snort/snort_rules.php71
2 files changed, 60 insertions, 17 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 27598f3d..2788db4b 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1329,6 +1329,12 @@ EOD;
}
}
+ if (!empty($snortcfg['customrules'])) {
+ @file_put_contents("{$snortcfgdir}/rules/custom.rules", base64_decode($snortcfg['customrules']));
+ $selected_rules_sections .= "include \$RULE_PATH/custom.rules\n";
+ } else
+ @unlink("{$snortcfgdir}/rules/custom.rules");
+
$cksumcheck = "all";
if ($snortcfg['cksumcheck'] == 'on')
$cksumcheck = "none";
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 79067c26..41e8e761 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -53,6 +53,8 @@ if (isset($id) && $a_rule[$id]) {
$pconfig['enable'] = $a_rule[$id]['enable'];
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
+ if (!empty($a_rule[$id]['customrules']))
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
}
function load_rule_file($incoming_file)
@@ -73,17 +75,21 @@ $categories = explode("||", $pconfig['rulesets']);
if ($_GET['openruleset'])
$currentruleset = $_GET['openruleset'];
+else if ($_POST['openruleset'])
+ $currentruleset = $_POST['openruleset'];
else
$currentruleset = $categories[0];
$ruledir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules";
$rulefile = "{$ruledir}/{$currentruleset}";
+if ($currentruleset != 'custom.rules') {
if (!file_exists($rulefile)) {
$input_errors[] = "{$currentruleset} seems to be missing!!! Please go to the Category tab and save again the rule to regenerate it.";
$splitcontents = array();
} else
//Load the rule file
$splitcontents = load_rule_file($rulefile);
+}
if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($splitcontents)) {
@@ -138,6 +144,31 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($splitcontents)) {
exit;
}
+if ($_POST['customrules']) {
+ $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
+ write_config();
+ sync_snort_package_config();
+ $output = "";
+ $retcode = "";
+ exec("snort -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -T 2>&1", $output, $retcode);
+ if (intval($retcode) != 0) {
+ $error = "";
+ $start = count($output);
+ $end = $start - 4;
+ for($i = $start; $i > $end; $i--)
+ $error .= $output[$i];
+ $input_errors[] = "Custom rules have errors:\n {$error}";
+ } else {
+ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
+ exit;
+ }
+} else if ($_POST)
+ unset($a_rule[$id]['customrules']);
+ write_config();
+ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
+ exit;
+}
+
require_once("guiconfig.inc");
include_once("head.inc");
@@ -182,7 +213,7 @@ function popup(url)
}
</script>
-<form action="snort_rules.php" method="post" name="iform" id="iform">
+<form action="/snort/snort_rules.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -200,20 +231,12 @@ function popup(url)
<tr>
<td>
<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
-<?php
-if (empty($pconfig['rulesets'])):
-?>
- <tr>
- <td>
- # You have not selected any rules in the Categories tab.
- </td>
- </tr>
-<?php else: ?>
<tr>
<td width="3%" class="list">&nbsp;</td>
<td class="listhdr" colspan="7">
<br/>Category:
<select id="selectbox" name="selectbox" class="formselect" onChange="go()">
+ <option value='?id=<?=$id;?>&openruleset=custom.rules'>custom.rules</option>
<?php
$files = explode("||", $pconfig['rulesets']);
foreach ($files as $value) {
@@ -232,6 +255,24 @@ if (empty($pconfig['rulesets'])):
</td>
<td width="5%" class="list">&nbsp;</td>
</tr>
+<?php if ($currentruleset == 'custom.rules' || empty($pconfig['rulesets'])): ?>
+ <tr>
+ <td width="3%" class="list">&nbsp;</td>
+ <td valign="top" class="vtable">
+ <input type='hidden' name='openruleset' value='custom.rules'>
+ <input type='hidden' name='id' value='<?=$id;?>'>
+
+ <textarea wrap="on" cols="90" rows="50" name="customrules"><?=$pconfig['customrules'];?></textarea>
+ </td>
+ </tr>
+ <tr>
+ <td width="3%" class="list">&nbsp;</td>
+ <td class="vtable">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+ </td>
+ </tr>
+<?php else: ?>
<tr>
<td width="3%" class="list">&nbsp;</td>
<td colspan="7" class="listhdr" >&nbsp;</td><
@@ -343,6 +384,7 @@ if (empty($pconfig['rulesets'])):
</table>
</td>
</tr>
+<?php endif;?>
<tr>
<td colspan="9">
<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
@@ -359,10 +401,6 @@ if (empty($pconfig['rulesets'])):
<td nowrap>Rule Disabled</td>
</tr>
<tr>
- <!-- TODO: add save and cancel for checkbox options -->
- <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
- </tr>
- <tr>
<td colspan="10">
<p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>-->
</td>
@@ -370,9 +408,8 @@ if (empty($pconfig['rulesets'])):
</table>
</td>
</tr>
-<?php endif; ?>
- </table>
- </td>
+</table>
+</td>
</tr>
</table>
</form>