snort-dev, add rules and rulesets tabs

1 files changed, 517 insertions, 0 deletions

diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php
new file mode 100644
index 00000000..e030173d
--- /dev/null
+++ b/config/snort-dev/snort_rules.php
@@ -0,0 +1,517 @@
+<?php
+/* $Id$ */
+/*
+ snort_interfaces.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ 
+ Pfsense snort GUI 
+ Copyright (C) 2008-2011 Robert Zelaya.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort_new.inc");
+require_once("/usr/local/pkg/snort/snort_gui.inc");
+
+// set page vars
+
+$uuid = $_GET['uuid'];
+if (isset($_POST['uuid']))
+$uuid = $_POST['uuid'];
+
+if ($uuid == '') {
+	echo 'error: no uuid';
+	exit(0);
+}
+
+// unset Session tmp on page load
+unset($_SESSION['snort']['tmp']);
+
+// list rules in the default dir
+$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid);
+
+$snortRuleDir = '/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'];
+
+	// list rules in the default dir
+	$filterDirList = array();
+	$filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '.rules');
+
+	// START read rule file
+	if ($_GET['openruleset'])
+	{
+		$rulefile = $_GET['openruleset'];
+	}else{
+		$rulefile = $filterDirList[0];
+	}
+
+	$workingFile = $snortRuleDir . '/rules/' . $rulefile;
+	
+	//split the contents of the string file into an array using the delimiter
+	// used by rule gui edit and table build code
+	$splitcontents = split_rule_file($workingFile);	
+	
+function load_rule_file($incoming_file, $splitcontents)
+{
+
+	//read snort file
+	$filehandle = fopen($incoming_file, "r");
+
+	//read file into string, and get filesize
+	$contents = fread($filehandle, filesize($incoming_file));
+
+	//close handler
+	fclose ($filehandle);
+
+	
+		$pattern = '/(^alert |^# alert )/';
+	 	foreach ( $splitcontents  as $val )
+	 	{
+	 		// remove whitespaces
+			$rmWhitespaces = preg_replace('/\s\s+/', ' ', $val);	
+			
+			// filter none alerts
+	 		if (preg_match($pattern, $rmWhitespaces))
+	 		{
+	 			$splitcontents2[] = $val;			
+	 		}
+	 		
+	 	}
+		unset($splitcontents);
+
+	return $splitcontents2;
+
+}
+
+	//Load the rule file
+	$splitcontents2 = load_rule_file($workingFile, $splitcontents);	
+	
+	$countSig = count($splitcontents2);
+	
+	if ($countSig > 0)
+	{
+		$newFilterRuleSigArray = newFilterRuleSig($splitcontents2);
+	}
+		
+	/*
+	 * SET GLOBAL ARRAY $_SESSION['snort']
+	 */
+	$_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules';
+	$_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs';
+	$_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] = $uuid;
+	$_SESSION['snort']['tmp']['snort_rules']['ifaceselected'] = $a_list['interface'];
+	$_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile;
+	
+
+// find ./ -name test.txt | xargs grep "^disablesid 127 "
+
+	$pgtitle = "Snort: Category: rule: $rulefile";
+	include("/usr/local/pkg/snort/snort_head.inc");
+
+?>
+
+		
+	
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+
+<div id="loadingWaiting">
+  <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p>
+</div>
+
+<div id="loadingRuleEditGUI">
+	
+	<div class="loadingRuleEditGUIDiv">
+				<form id="iform2" action="">
+				<input type="hidden" name="snortSidRuleEdit" value="1" />
+				<input type="hidden" name="snortSidRuleIface" value="<?=$uuid . '_' . $a_list['interface']; ?>" /> <!-- what to do, save -->
+				<input type="hidden" name="snortSidRuleFile" value="<?=$rulefile; ?>" /> <!-- what to do, save -->								
+				<input type="hidden" name="snortSidNum" value="" /> <!-- what to do, save -->
+				<table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
+					<tr>
+						<td>							
+							<input name="save" type="submit" class="formbtn" id="save" value="Save" /> 
+							<input type="button" class="formbtn closeRuleEditGUI" value="Close" >
+						</td>
+					</tr>				
+					<tr>
+						<td>						
+							<textarea id="sidstring" name="sidstring" wrap="off" style="width: 98%; margin: 7px;" rows="1" cols="" ></textarea> <!-- SID to EDIT -->
+						</td>
+					</tr>
+					<tr>
+						<td>
+							<textarea wrap="off" style="width: 98%; margin: 7px;" rows="<?php if(count($splitcontents) > 24){echo 24;}else{echo count($splitcontents);} ?>" cols="" disabled >
+							
+							<?php
+							
+							echo "\n";
+							
+							foreach ($splitcontents as $sidLineGui)
+							
+							echo $sidLineGui . "\n";
+							
+							
+							
+							?>
+							</textarea> <!-- Display rule file -->
+						</td>
+					</tr>
+					</table>
+					<table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee">
+					<tr>
+						<td>							
+							<input name="save" type="submit" class="formbtn" id="save" value="Save" /> 
+							<input type="button" class="formbtn closeRuleEditGUI" value="Close" >
+						</td>
+					</tr>
+				</table>
+				</form>
+	</div>
+
+
+</div>
+
+<?php include("fbegin.inc"); ?>
+
+<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
+<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr>
+		<td>
+
+		<div class="newtabmenu" style="margin: 1px 0px; width: 790px;"><!-- Tabbed bar code-->
+		<ul class="newtabmenu">
+			<li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li>
+			<li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li>
+			<li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li>
+			<li class="newtabmenu_active"><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li>
+			<li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li>
+			<li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li>
+			<li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li>			
+		</ul>
+		</div>
+
+		</td>
+	</tr>
+	<tr>
+	<td id="tdbggrey">	
+	<div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;">
+	<!-- START MAIN AREA -->
+	
+	
+			<!-- start Interface Satus -->
+			<table width="100%" border="0" cellpadding="0" cellspacing="0">			
+				<tr id="maintable77" >
+					<td colspan="2" valign="top" class="listtopic2">
+					Category:
+			<select name="selectbox" class="formfld" >
+				<?php
+				$i=0;
+				foreach ($filterDirList as $value)
+				{
+					$selectedruleset = '';
+					if ($value === $rulefile)
+					{
+						$selectedruleset = 'selected';
+					}
+					
+				echo "\n" . '<option value="?uuid=' . $uuid . '&openruleset=' . $ruledir . $value . '" ' . $selectedruleset . ' >' . $value . '</option>' . "\r";
+
+				$i++;
+
+				}
+				?>
+			</select>				
+					There are <?=$countSig; ?> rules in this category. 
+					</td>
+					<td width="6%" colspan="2" valign="middle" class="listtopic3" >
+					<a href="snort_interfaces_edit.php?uuid=<?=$new_ruleUUID;?>">
+					<img style="padding-left:3px;" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add rule">
+					</a>
+					</td>
+				</tr>
+			</table>
+<br>
+
+			<!-- Save all inputs -->
+			<table width="100%" border="0" cellpadding="0" cellspacing="0">
+			<tr>
+				<td>
+					<input id="select_all" type="button" class="formbtn" value="Select All"  >
+					<input id="deselect_all" type="button" class="formbtn" value="Deselect All" >
+				</td>
+			</tr>
+			</table>
+
+<br>
+
+			<!-- start User Interface -->
+			<table width="100%" border="0" cellpadding="0" cellspacing="0">			
+				<tr id="maintable77" >
+					<td colspan="2" valign="top" class="listtopic">Snort Signatures:</td>
+				</tr>
+			</table>
+			
+			<form id="iform" action="">
+			<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+			
+				<td class="list" colspan="8"></td>
+				<td class="list" valign="middle" >
+										
+						<tr id="frheader" >
+							<td width="1%" class="listhdrr2">On</td>
+							<td width="1%" class="listhdrr2">Sid</td>
+							<td width="1%" class="listhdrr2">Proto</td>
+							<td width="1%" class="listhdrr2">Src</td>
+							<td width="1%" class="listhdrr2">Port</td>			
+							<td width="1%" class="listhdrr2">Dst</td>
+							<td width="1%" class="listhdrr2">Port</td>
+							<td width="20%" class="listhdrr2">Message</td>
+							<td width="1%" class="listhdrr2">&nbsp;</td>												
+						</tr>
+						<form id="iform" action="" >		
+						<input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
+						<input type="hidden" name="ifaceTab" value="snort_rules" /> <!-- what interface tab -->
+						
+				<!-- START javascript sid loop here -->
+						<tbody class="rulesetloopblock">
+						
+						
+						
+						</tbody>
+				<!-- STOP javascript sid loop here -->
+						
+				</td>
+				<td class="list" colspan="8"></td>				
+							
+			</table>
+			<br>
+			<table width="100%" border="0" cellpadding="0" cellspacing="0">			
+			<tr>
+				<td>
+					<input name="Submit" type="submit" class="formbtn" value="Save">
+					<input id="cancel" type="button" class="formbtn" value="Cancel">
+				</td>
+			</tr>
+			</table>
+			<br>
+			</form>			
+					
+			<!-- stop snortsam -->
+
+	<!-- STOP MAIN AREA -->			
+	</div>			
+	</td>
+	</tr>
+</table>
+</form>
+</div>
+
+<!-- start info box -->
+
+<br>
+
+<div style="width:790px; background-color: #dddddd;" id="mainarea4">
+<div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;">
+<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr>
+		<td>&nbsp;&nbsp;&nbsp;</td>
+	</tr>
+	<tr >
+	<td width="100%">
+		<span class="red"><strong>Note:</strong></span> <br>
+		This is the <strong>Snort Rule Signature Viewer</strong>.
+		Please make sure not to add a <strong>whitespace</strong> before <strong>alert</strong> or <strong>#alert</strong>. 
+		<br>
+		<br>
+		<span class="red"><strong>Warning:</strong></span> 
+		<br>
+		<strong>New settings will not take effect until interface restart.</strong>
+		<br><br>		
+	</td>
+	</tr>
+</table>
+</div>
+</div>
+
+
+<script type="text/javascript">
+
+
+//prepare the form when the DOM is ready 
+jQuery(document).ready(function() {
+
+	// NOTE: needs to be watched
+	// change url on selected dropdown rule	
+	jQuery('select[name=selectbox]').change(function() {
+		window.location.replace(jQuery(this).val());
+	});		
+	
+<?php
+
+			/* 
+			 * NOTE:
+			 * I could have used a php loop to build the table but I wanted to see if off loading to client is faster.
+			 * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see.
+			 * WARNING:
+			 * If Json string is to long browsers start asking to terminate javascript.
+			 * FIX: 
+			 * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended.
+			 */
+			if (!empty($newFilterRuleSigArray))
+			{
+				$countSigList = count($newFilterRuleSigArray);
+				
+				echo "\n";
+				
+				echo 'var snortObjlist = [';	
+						$i = 0;
+						foreach ($newFilterRuleSigArray as $val3)
+						{
+					
+							$i++;	
+							
+							if ( $i !== $countSigList )
+							{//		 
+								echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},'; 
+							}else{
+								echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}'; 
+							}
+						}
+						
+				echo '];' . "\n";
+			}	
+			
+?>
+
+	// disable Row Append if row count is less than 0
+	var countRowAppend = <?=$countSig; ?>;
+
+	// if rowcount is not empty do this
+	if (countRowAppend > 0){
+
+		// if rowcount is more than 300
+		if (countRowAppend > 200){		
+			// call to please wait	
+			showLoading('#loadingWaiting');
+		}
+	
+	
+		// Break up append row adds by chunks of 300
+		// NOTE: ie9 is still giving me issues on deleted.rules 6000 sigs. I should break up the json code above into smaller parts.
+		incrementallyProcess(function (i){
+		  // loop code goes in here
+		  //console.log('loop: ', i);
+	
+			if (isEven(i) === true){
+				var rowIsEvenOdd = 'odd_ruleset2';
+			}else{ 
+				var rowIsEvenOdd = 'even_ruleset2';
+			}
+			
+			if (snortObjlist[i].enable === 'on'){
+				var rulesetChecked = 'checked'; 
+			}else{
+				var rulesetChecked = '';
+			}
+		
+			jQuery('.rulesetloopblock').append(
+	
+					"\n" + '<tr valign="top" id="fr0">' + "\n" +
+					'<td class="' + rowIsEvenOdd + '">' + "\n" +
+						'<input class="domecheck" type="checkbox" name="filenamcheckbox2[]" value="' + snortObjlist[i].sid + '" ' + rulesetChecked + ' >' + "\n" +
+					'</td>' + "\n" +
+						'<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].sid + '</td>' + "\n" +
+						'<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].proto + '</td>' + "\n" +
+						'<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].src + '</td>' + "\n" +
+						'<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].srcport + '</td>' + "\n" +
+						'<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dst + '</td>' + "\n" +
+						'<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dstport + '</td>' + "\n" +
+						'<td class="listbg" id="frd0" ><font color="white">' + snortObjlist[i].msg + '</font></td>' + "\n" +
+						'<td class="' + rowIsEvenOdd+ '">' + "\n" +
+							'<img id="' + snortObjlist[i].sid + '" class="icon_click showeditrulegui" src="/themes/<?=$g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule">' + "\n" +
+						'</td>' + "\n" +						
+					'</tr>' + "\n"
+					
+			);
+		  
+		}, 
+		snortObjlist,  // Object to work with the case Json object
+		500, // chunk size
+		200, // how many secs to wait
+		function (){
+		// things that happen after the processing is done go here
+		// console.log('done!');
+		
+		// if rowcount is more than 300
+		if (countRowAppend > 200){		
+			// call to please wait	
+			hideLoading('#loadingWaiting');
+		}	
+		
+		});
+	} // end of if stopRowAppend
+
+	// On click show rule edit GUI
+	jQuery('.showeditrulegui').live('click', function(){
+	
+		// Get sid
+		jQuery.getJSON('/snort/snort_json_get.php',
+			{
+			"snortGetSidString": "1",
+			"snortIface": "<?=$uuid . '_' . $a_list['interface']; ?>",
+			"snortRuleFile": "<?=$rulefile; ?>",
+			"sid": jQuery(this).attr('id')
+			},
+			function(data){
+				jQuery("textarea#sidstring").val(data.sidstring); // add string to textarea
+				jQuery("input[name=snortSidNum]").val(data.sid); // add sid to input
+				showLoading('#loadingRuleEditGUI');						
+			});	
+		});
+	
+	jQuery('.closeRuleEditGUI').live('click', function(){	
+		hideLoading('#loadingRuleEditGUI');
+	});	
+	
+
+}); // end of document ready
+
+</script>
+
+
+<!-- stop info box -->
+
+<!-- footer do not touch below -->
+<?php 
+include("fend.inc"); 
+echo $snort_custom_rnd_box;
+?>
+
+
+</body>
+</html>