diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-12-09 19:26:58 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-12-09 19:26:58 +0000 |
commit | a24a4b892ab43748529285254566ad48b05aed3e (patch) | |
tree | 3530f82f6db6701fa29f168fe65e39f93932a128 | |
parent | e52835c5c1841202ef0ed17294227336a9176f1f (diff) | |
download | pfsense-packages-a24a4b892ab43748529285254566ad48b05aed3e.tar.gz pfsense-packages-a24a4b892ab43748529285254566ad48b05aed3e.tar.bz2 pfsense-packages-a24a4b892ab43748529285254566ad48b05aed3e.zip |
Add Snort rule activation/deactivation/edit support.
Written and submitted by: Scott Dale <c_scott_dale_AT_yahoo.com
-rw-r--r-- | packages/snort/snort.xml | 6 | ||||
-rw-r--r-- | packages/snort/snort_advanced.xml | 6 | ||||
-rw-r--r-- | packages/snort/snort_alerts.php | 7 | ||||
-rw-r--r-- | packages/snort/snort_blocked.php | 5 | ||||
-rw-r--r-- | packages/snort/snort_download_rules.php | 5 | ||||
-rw-r--r-- | packages/snort/snort_rules.php | 482 | ||||
-rw-r--r-- | packages/snort/snort_rules_edit.php | 202 | ||||
-rw-r--r-- | packages/snort/snort_rulesets.php | 11 | ||||
-rw-r--r-- | packages/snort/snort_whitelist.xml | 6 |
9 files changed, 715 insertions, 15 deletions
diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml index 01567332..6919d0cf 100644 --- a/packages/snort/snort.xml +++ b/packages/snort/snort.xml @@ -81,10 +81,14 @@ <url>/snort_download_rules.php</url> </tab> <tab> - <text>Snort Rulesets</text> + <text>Snort Categories</text> <url>/snort_rulesets.php</url> </tab> <tab> + <text>Snort Rules</text> + <url>/snort_rules.php</url> + </tab> + <tab> <text>Snort Blocked</text> <url>/snort_blocked.php</url> </tab> diff --git a/packages/snort/snort_advanced.xml b/packages/snort/snort_advanced.xml index c11d40f3..cf29f93d 100644 --- a/packages/snort/snort_advanced.xml +++ b/packages/snort/snort_advanced.xml @@ -13,10 +13,14 @@ <url>/snort_download_rules.php</url> </tab> <tab> - <text>Snort Rulesets</text> + <text>Snort Categories</text> <url>/snort_rulesets.php</url> </tab> <tab> + <text>Snort Rules</text> + <url>/snort_rules.php</url> + </tab> + <tab> <text>Snort Blocked</text> <url>/snort_blocked.php</url> </tab> diff --git a/packages/snort/snort_alerts.php b/packages/snort/snort_alerts.php index ca3c8bdd..6455966a 100644 --- a/packages/snort/snort_alerts.php +++ b/packages/snort/snort_alerts.php @@ -62,10 +62,11 @@ include("head.inc"); <?php $tab_array = array(); $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Snort Rules Update"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Snort Rules"), false, "/snort_rules.php"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Snort Whitelist"),false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), true, "/snort_alerts.php"); $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); display_top_tabs($tab_array); diff --git a/packages/snort/snort_blocked.php b/packages/snort/snort_blocked.php index bab607ba..a2ebe171 100644 --- a/packages/snort/snort_blocked.php +++ b/packages/snort/snort_blocked.php @@ -58,8 +58,9 @@ include("head.inc"); <?php $tab_array = array(); $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Snort Rules Update"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Snort Rules"), false, "/snort_rules.php"); $tab_array[] = array(gettext("Snort Blocked"), true, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php index 16dcb57b..bb7b35b7 100644 --- a/packages/snort/snort_download_rules.php +++ b/packages/snort/snort_download_rules.php @@ -70,8 +70,9 @@ include("head.inc"); <?php $tab_array = array(); $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Snort Rules Update"), true, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Update Snort Rules"), true, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Snort Rules"), false, "/snort_rules.php"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); diff --git a/packages/snort/snort_rules.php b/packages/snort/snort_rules.php new file mode 100644 index 00000000..ecce7936 --- /dev/null +++ b/packages/snort/snort_rules.php @@ -0,0 +1,482 @@ +<?php +/* $Id$ */ +/* + edit_snortrule.php + Copyright (C) 2004, 2005 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function get_middle($source, $beginning, $ending, $init_pos) { + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; +} + +function write_rule_file($content_changed, $received_file) +{ + //read snort file with writing enabled + $filehandle = fopen($received_file, "r+"); + + //delimiter for each new rule is a new line + $delimiter = "\n"; + + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); + + //write data to file + fwrite($filehandle, $fullfile); + + //close file handle + fclose($filehandle); + +} + +function load_rule_file($incoming_file) +{ + + //read snort file + $filehandle = fopen($incoming_file, "r"); + + //read file into string, and get filesize + $contents = fread($filehandle, filesize($incoming_file)); + + //close handler + fclose ($filehandle); + + //string for populating category select + $currentruleset = substr($file, 27); + + //delimiter for each new rule is a new line + $delimiter = "\n"; + + //split the contents of the string file into an array using the delimiter + $splitcontents = explode($delimiter, $contents); + + return $splitcontents; + +} + +$ruledir = "/usr/local/etc/snort/rules/"; +$dh = opendir($ruledir); +while (false !== ($filename = readdir($dh))) +{ + //only populate this array if its a rule file + $isrulefile = strstr($filename, ".rules"); + if ($isrulefile !== false) + { + $files[] = $filename; + } +} + +sort($files); + +if ($_GET['openruleset']) +{ + $file = $_GET['openruleset']; +} +else +{ + $file = $ruledir.$files[0]; + +} + +//Load the rule file +$splitcontents = load_rule_file($file); + + +if ($_POST) +{ + //retrieve POST data + $post_lineid = $_POST['lineid']; + $post_enabled = $_POST['enabled']; + $post_src = $_POST['src']; + $post_srcport = $_POST['srcport']; + $post_dest = $_POST['dest']; + $post_destport = $_POST['destport']; + + //copy rule contents from array into string + $tempstring = $splitcontents[$post_lineid]; + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + + //search string + $findme = "# alert"; //find string for disabled alerts + + //find if alert is disabled + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) + { + //has rule been enabled + if ($post_enabled == "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("# alert", "alert", $tempstring); + $counter2 = 1; + } + else + { + //rule is staying disabled + $counter2 = 2; + + } + //if enabled box was not changed, default + $counter2 = 2; + } + else + { + //has rule been disabled + if ($post_enabled != "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("alert", "# alert", $tempstring); + $counter2 = 2; + } + else + { + //rule is staying enabled + $counter2 = 1; + } + //if enabled box was not changed, default + $counter2 = 1; + } + + $counter2++; + $source = $rule_content[$counter2];//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = $rule_content[$counter2];//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + //insert new values into their respective places + $tempstring = str_replace($source, $post_src, $tempstring); + $tempstring = str_replace($source_port, $post_srcport, $tempstring); + $tempstring = str_replace($destination, $post_dest, $tempstring); + $tempstring = str_replace($destination_port, $post_destport, $tempstring); + + + //copy string into array for writing + $splitcontents[$post_lineid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $file); + + //once file has been written, reload file + $splitcontents = load_rule_file($file); + +} +else if ($_GET['act'] == "toggle") +{ + $toggleid = $_GET['id']; + + //copy rule contents from array into string + $tempstring = $splitcontents[$toggleid]; + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + + //search string + $findme = "# alert"; //find string for disabled alerts + + //find if alert is disabled + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) + { + //rule has been enabled + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("# alert", "alert", $tempstring); + + } + else + { + //has rule been disabled + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("alert", "# alert", $tempstring); + + } + + //copy string into array for writing + $splitcontents[$toggleid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $file); + + //once file has been written, reload file + $splitcontents = load_rule_file($file); + +} + + + +$pgtitle = "Snort: Rules"; +require("guiconfig.inc"); +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> + +<script type="text/javascript" language="javascript" src="row_toggle.js"> + <script src="/javascript/sorttable.js" type="text/javascript"> +</script> + +<script language="javascript" type="text/javascript"> +<!-- +function go() +{ + box = document.forms[0].selectbox; + destination = box.options[box.selectedIndex].value; + if (destination) location.href = destination; +} + +// --> +</script> + +<table width="99%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Snort Rules"), true, "/snort_rules.php"); + $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="3%" class="list"> </td> + <td width="5%" class="listhdr">SID</td> + <td width="6%" class="listhdrr">Proto</td> + <td width="15%" class="listhdrr">Source</td> + <td width="10%" class="listhdrr">Port</td> + <td width="15%" class="listhdrr">Destination</td> + <td width="10%" class="listhdrr">Port</td> + <td width="32%" class="listhdrr">Message</td> + + </tr> + <tr> + <?php + + echo "<br>Category: "; + + //string for populating category select + $currentruleset = substr($file, 27); + ?> + <form name="forms"> + <select name="selectbox" class="formfld" onChange="go()"> + <?php + $i=0; + foreach ($files as $value) + { + $selectedruleset = ""; + if ($files[$i] === $currentruleset) + $selectedruleset = "selected"; + ?> + <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>" + <?php + $i++; + + } + ?> + </select> + </form> + </tr> + <?php + + $counter = 0; + $printcounter = 0; + + foreach ( $splitcontents as $value ) + { + + $counter++; + $disabled = "False"; + $comments = "False"; + + $tempstring = $splitcontents[$counter]; + $findme = "# alert"; //find string for disabled alerts + + //find alert + $disabled_pos = strstr($tempstring, $findme); + + + //do soemthing, this rule is enabled + $counter2 = 1; + + //retrieve sid value + $sid = get_middle($tempstring, 'sid:', ';', 0); + + //check to see if the sid is numberical + $is_sid_num = is_numeric($sid); + + //if SID is numerical, proceed + if ($is_sid_num) + { + + //if find alert is false, then rule is disabled + if ($disabled_pos !== false){ + $counter2 = $counter2+1; + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + } + else + { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + } + + $rule_content = explode(' ', $tempstring); + + $protocol = $rule_content[$counter2];//protocol location + $counter2++; + $source = $rule_content[$counter2];//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = $rule_content[$counter2];//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + $message = get_middle($tempstring, 'msg:"', '";', 0); + + echo "<tr>"; + echo "<td class=\"listt\">"; + echo $textss; + ?> + <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a> + <?php + echo $textse; + echo "</td>"; + + + echo "<td class=\"listlr\">"; + echo $textss; + echo $sid; + echo $textse; + echo "</td>"; + + echo "<td class=\"listlr\">"; + echo $textss; + echo $protocol; + $printcounter++; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $source; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $source_port; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $destination; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $destination_port; + echo $textse; + echo "</td>"; + ?> + <td class="listbg"><font color="white"> + <?php + echo $textss; + echo $message; + echo $textse; + echo "</td>"; + ?> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + <?php + } + } + echo " "; + echo "There are "; + echo $printcounter; + echo " rules in this category. <br><br>"; + ?> + </table> + </td> + </tr> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> + <td>Rule Enabled</td> + </tr> + <tr> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> + <td nowrap>Rule Disabled</td> + + + </tr> + <tr> + <td colspan="10"> + <p> + <!--<strong><span class="red">Warning:<br> + </span></strong>Editing these r</p>--> + </td> + </tr> + </table> + </table> + + </td> + </tr> +</table> + + +<?php include("fend.inc"); ?> +</div></body> +</html> diff --git a/packages/snort/snort_rules_edit.php b/packages/snort/snort_rules_edit.php new file mode 100644 index 00000000..69c5dfa1 --- /dev/null +++ b/packages/snort/snort_rules_edit.php @@ -0,0 +1,202 @@ +<?php +/* $Id$ */ +/* + snort_rules_edit.php + Copyright (C) 2004, 2005 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function get_middle($source, $beginning, $ending, $init_pos) { + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; +} + + +$file = $_GET['openruleset']; + +//read snort file +$filehandle = fopen($file, "r"); + +//get rule id +$lineid = $_GET['id']; + +//read file into string, and get filesize +$contents = fread($filehandle, filesize($file)); + +//close handler +fclose ($filehandle); + +//delimiter for each new rule is a new line +$delimiter = "\n"; + +//split the contents of the string file into an array using the delimiter +$splitcontents = explode($delimiter, $contents); + +//copy rule contents from array into string +$tempstring = $splitcontents[$lineid]; + +//explode rule contents into an array, (delimiter is space) +$rule_content = explode(' ', $tempstring); + +//search string +$findme = "# alert"; //find string for disabled alerts + +//find if alert is disabled +$disabled = strstr($tempstring, $findme); + +//get sid +$sid = get_middle($tempstring, 'sid:', ';', 0); + + +//if find alert is false, then rule is disabled +if ($disabled !== false) +{ + //move counter up 1, so we do not retrieve the # in the rule_content array + $counter2 = 2; +} +else +{ + $counter2 = 1; +} + + +$protocol = $rule_content[$counter2];//protocol location +$counter2++; +$source = $rule_content[$counter2];//source location +$counter2++; +$source_port = $rule_content[$counter2];//source port location +$counter2++; +$direction = $rule_content[$counter2]; +$counter2++; +$destination = $rule_content[$counter2];//destination location +$counter2++; +$destination_port = $rule_content[$counter2];//destination port location +$message = get_middle($tempstring, 'msg:"', '";', 0); + +$content = get_middle($tempstring, 'content:"', '";', 0); +$classtype = get_middle($tempstring, 'classtype:', ';', 0); +$revision = get_middle($tempstring, 'rev:', ';',0); + +$pgtitle = "Snort: Edit Rule"; +require("guiconfig.inc"); +include("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<table width="99%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Snort Update Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Snort Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules"); + $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); +?> + </td> + </tr> + <tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <form action="snort_rules.php?openruleset=<?=$file;?>&id=<?=$lineid;?>" target="" method="post" name="editform" id="editform"> + <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdr" width="10%">Enabled: </td> + <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if ($disabled === false) echo "checked";?>></td> + </tr> + <tr> + <td class="listhdr" width="10%">SID: </td> + <td class="listlr" width="30%"><?php echo $sid; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Protocol: </td> + <td class="listlr" width="30%"><?php echo $protocol; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Source: </td> + <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo $source;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Source Port: </td> + <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo $source_port;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Direction:</td> + <td class="listlr" width="30%"><?php echo $direction;?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Destination:</td> + <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo $destination;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Destination Port: </td> + <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo $destination_port;?>"></td> + </tr> + <tr> + <td class="listhdr" width="10%">Message: </td> + <td class="listlr" width="30%"><?php echo $message; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Content: </td> + <td class="listlr" width="30%"><?php echo $content; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Classtype: </td> + <td class="listlr" width="30%"><?php echo $classtype; ?></td> + </tr> + <tr> + <td class="listhdr" width="10%">Revision: </td> + <td class="listlr" width="30%"><?php echo $revision; ?></td> + </tr> + <tr><td> </td></tr> + <tr> + <td><input name="lineid" type="hidden" value="<?=$lineid;?>"></td> + <td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">   <input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td> + </tr> + </table> + </form> + </td> + </tr> + </table> + </td> +</tr> +</table> + +<?php include("fend.inc"); ?> +</div></body> +</html>
\ No newline at end of file diff --git a/packages/snort/snort_rulesets.php b/packages/snort/snort_rulesets.php index 3d14dce6..885f2a61 100644 --- a/packages/snort/snort_rulesets.php +++ b/packages/snort/snort_rulesets.php @@ -56,7 +56,7 @@ $enabled_rulesets = $config['installedpackages']['snort']['rulesets']; if($enabled_rulesets) $enabled_rulesets_array = split("\|\|", $enabled_rulesets); -$pgtitle = "Snort: Snort Rulesets"; +$pgtitle = "Snort: Categories"; include("head.inc"); ?> @@ -76,8 +76,9 @@ include("head.inc"); <?php $tab_array = array(); $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Snort Rules Update"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Snort Rulesets"), true, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Snort Categories"), true, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Snort Rules"), false, "/snort_rules.php"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); @@ -121,7 +122,7 @@ include("head.inc"); echo " <input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />"; echo "</td>"; echo "<td>"; - echo "<a target='_new' href='edit.php?submit=Load&savetopath=" . urlencode("/usr/local/etc/snort/rules/") . urlencode($file) . "'>{$file}</a>"; + echo "<a href='snort_rules.php?openruleset=/usr/local/etc/snort/rules/" . urlencode($file) . "'>{$file}</a>"; echo "</td>"; //echo "<td>"; //echo "description"; @@ -144,7 +145,7 @@ include("head.inc"); </form> -<p><b>NOTE:</b> You can click on a ruleset name to load the file in the pfSense text editor in a new window/tab. +<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset. <?php include("fend.inc"); ?> diff --git a/packages/snort/snort_whitelist.xml b/packages/snort/snort_whitelist.xml index 1a85c9c8..6845f0cf 100644 --- a/packages/snort/snort_whitelist.xml +++ b/packages/snort/snort_whitelist.xml @@ -15,10 +15,14 @@ <url>/snort_download_rules.php</url> </tab> <tab> - <text>Snort Rulesets</text> + <text>Snort Categories</text> <url>/snort_rulesets.php</url> </tab> <tab> + <text>Snort Rules</text> + <url>/snort_rules.php</url> + </tab> + <tab> <text>Snort Blocked</text> <url>/snort_blocked.php</url> </tab> |