diff options
author | robiscool <robrob2626@yahoo.com> | 2011-05-26 07:20:27 -0700 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2011-05-26 09:17:10 -0700 |
commit | bd664276c67a11b92c027ba569157460481d37e6 (patch) | |
tree | a3d18c74483349297caaf25c5e43e62ff3ede449 /config/snort-dev/snort_rules.php | |
parent | 54c49bf2b5358b35602cae3cf6a9fead0ba886e5 (diff) | |
download | pfsense-packages-bd664276c67a11b92c027ba569157460481d37e6.tar.gz pfsense-packages-bd664276c67a11b92c027ba569157460481d37e6.tar.bz2 pfsense-packages-bd664276c67a11b92c027ba569157460481d37e6.zip |
snort-dev, add rules and rulesets tabs
Diffstat (limited to 'config/snort-dev/snort_rules.php')
-rw-r--r-- | config/snort-dev/snort_rules.php | 517 |
1 files changed, 517 insertions, 0 deletions
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php new file mode 100644 index 00000000..e030173d --- /dev/null +++ b/config/snort-dev/snort_rules.php @@ -0,0 +1,517 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Pfsense snort GUI + Copyright (C) 2008-2011 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars + +$uuid = $_GET['uuid']; +if (isset($_POST['uuid'])) +$uuid = $_POST['uuid']; + +if ($uuid == '') { + echo 'error: no uuid'; + exit(0); +} + +// unset Session tmp on page load +unset($_SESSION['snort']['tmp']); + +// list rules in the default dir +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); + +$snortRuleDir = '/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface']; + + // list rules in the default dir + $filterDirList = array(); + $filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '.rules'); + + // START read rule file + if ($_GET['openruleset']) + { + $rulefile = $_GET['openruleset']; + }else{ + $rulefile = $filterDirList[0]; + } + + $workingFile = $snortRuleDir . '/rules/' . $rulefile; + + //split the contents of the string file into an array using the delimiter + // used by rule gui edit and table build code + $splitcontents = split_rule_file($workingFile); + +function load_rule_file($incoming_file, $splitcontents) +{ + + //read snort file + $filehandle = fopen($incoming_file, "r"); + + //read file into string, and get filesize + $contents = fread($filehandle, filesize($incoming_file)); + + //close handler + fclose ($filehandle); + + + $pattern = '/(^alert |^# alert )/'; + foreach ( $splitcontents as $val ) + { + // remove whitespaces + $rmWhitespaces = preg_replace('/\s\s+/', ' ', $val); + + // filter none alerts + if (preg_match($pattern, $rmWhitespaces)) + { + $splitcontents2[] = $val; + } + + } + unset($splitcontents); + + return $splitcontents2; + +} + + //Load the rule file + $splitcontents2 = load_rule_file($workingFile, $splitcontents); + + $countSig = count($splitcontents2); + + if ($countSig > 0) + { + $newFilterRuleSigArray = newFilterRuleSig($splitcontents2); + } + + /* + * SET GLOBAL ARRAY $_SESSION['snort'] + */ + $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules'; + $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs'; + $_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] = $uuid; + $_SESSION['snort']['tmp']['snort_rules']['ifaceselected'] = $a_list['interface']; + $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile; + + +// find ./ -name test.txt | xargs grep "^disablesid 127 " + + $pgtitle = "Snort: Category: rule: $rulefile"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + + +<div id="loadingWaiting"> + <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p> +</div> + +<div id="loadingRuleEditGUI"> + + <div class="loadingRuleEditGUIDiv"> + <form id="iform2" action=""> + <input type="hidden" name="snortSidRuleEdit" value="1" /> + <input type="hidden" name="snortSidRuleIface" value="<?=$uuid . '_' . $a_list['interface']; ?>" /> <!-- what to do, save --> + <input type="hidden" name="snortSidRuleFile" value="<?=$rulefile; ?>" /> <!-- what to do, save --> + <input type="hidden" name="snortSidNum" value="" /> <!-- what to do, save --> + <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> + <tr> + <td> + <input name="save" type="submit" class="formbtn" id="save" value="Save" /> + <input type="button" class="formbtn closeRuleEditGUI" value="Close" > + </td> + </tr> + <tr> + <td> + <textarea id="sidstring" name="sidstring" wrap="off" style="width: 98%; margin: 7px;" rows="1" cols="" ></textarea> <!-- SID to EDIT --> + </td> + </tr> + <tr> + <td> + <textarea wrap="off" style="width: 98%; margin: 7px;" rows="<?php if(count($splitcontents) > 24){echo 24;}else{echo count($splitcontents);} ?>" cols="" disabled > + + <?php + + echo "\n"; + + foreach ($splitcontents as $sidLineGui) + + echo $sidLineGui . "\n"; + + + + ?> + </textarea> <!-- Display rule file --> + </td> + </tr> + </table> + <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> + <tr> + <td> + <input name="save" type="submit" class="formbtn" id="save" value="Save" /> + <input type="button" class="formbtn closeRuleEditGUI" value="Close" > + </td> + </tr> + </table> + </form> + </div> + + +</div> + +<?php include("fbegin.inc"); ?> + +<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> +<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + + <div class="newtabmenu" style="margin: 1px 0px; width: 790px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> + <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> + <li class="newtabmenu_active"><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> + <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> + <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> + <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> + </ul> + </div> + + </td> + </tr> + <tr> + <td id="tdbggrey"> + <div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> + <!-- START MAIN AREA --> + + + <!-- start Interface Satus --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="maintable77" > + <td colspan="2" valign="top" class="listtopic2"> + Category: + <select name="selectbox" class="formfld" > + <?php + $i=0; + foreach ($filterDirList as $value) + { + $selectedruleset = ''; + if ($value === $rulefile) + { + $selectedruleset = 'selected'; + } + + echo "\n" . '<option value="?uuid=' . $uuid . '&openruleset=' . $ruledir . $value . '" ' . $selectedruleset . ' >' . $value . '</option>' . "\r"; + + $i++; + + } + ?> + </select> + There are <?=$countSig; ?> rules in this category. + </td> + <td width="6%" colspan="2" valign="middle" class="listtopic3" > + <a href="snort_interfaces_edit.php?uuid=<?=$new_ruleUUID;?>"> + <img style="padding-left:3px;" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add rule"> + </a> + </td> + </tr> + </table> +<br> + + <!-- Save all inputs --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <input id="select_all" type="button" class="formbtn" value="Select All" > + <input id="deselect_all" type="button" class="formbtn" value="Deselect All" > + </td> + </tr> + </table> + +<br> + + <!-- start User Interface --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="maintable77" > + <td colspan="2" valign="top" class="listtopic">Snort Signatures:</td> + </tr> + </table> + + <form id="iform" action=""> + <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> + + <td class="list" colspan="8"></td> + <td class="list" valign="middle" > + + <tr id="frheader" > + <td width="1%" class="listhdrr2">On</td> + <td width="1%" class="listhdrr2">Sid</td> + <td width="1%" class="listhdrr2">Proto</td> + <td width="1%" class="listhdrr2">Src</td> + <td width="1%" class="listhdrr2">Port</td> + <td width="1%" class="listhdrr2">Dst</td> + <td width="1%" class="listhdrr2">Port</td> + <td width="20%" class="listhdrr2">Message</td> + <td width="1%" class="listhdrr2"> </td> + </tr> + <form id="iform" action="" > + <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save --> + <input type="hidden" name="ifaceTab" value="snort_rules" /> <!-- what interface tab --> + + <!-- START javascript sid loop here --> + <tbody class="rulesetloopblock"> + + + + </tbody> + <!-- STOP javascript sid loop here --> + + </td> + <td class="list" colspan="8"></td> + + </table> + <br> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input id="cancel" type="button" class="formbtn" value="Cancel"> + </td> + </tr> + </table> + <br> + </form> + + <!-- stop snortsam --> + + <!-- STOP MAIN AREA --> + </div> + </td> + </tr> +</table> +</form> +</div> + +<!-- start info box --> + +<br> + +<div style="width:790px; background-color: #dddddd;" id="mainarea4"> +<div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> +<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> </td> + </tr> + <tr > + <td width="100%"> + <span class="red"><strong>Note:</strong></span> <br> + This is the <strong>Snort Rule Signature Viewer</strong>. + Please make sure not to add a <strong>whitespace</strong> before <strong>alert</strong> or <strong>#alert</strong>. + <br> + <br> + <span class="red"><strong>Warning:</strong></span> + <br> + <strong>New settings will not take effect until interface restart.</strong> + <br><br> + </td> + </tr> +</table> +</div> +</div> + + +<script type="text/javascript"> + + +//prepare the form when the DOM is ready +jQuery(document).ready(function() { + + // NOTE: needs to be watched + // change url on selected dropdown rule + jQuery('select[name=selectbox]').change(function() { + window.location.replace(jQuery(this).val()); + }); + +<?php + + /* + * NOTE: + * I could have used a php loop to build the table but I wanted to see if off loading to client is faster. + * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see. + * WARNING: + * If Json string is to long browsers start asking to terminate javascript. + * FIX: + * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended. + */ + if (!empty($newFilterRuleSigArray)) + { + $countSigList = count($newFilterRuleSigArray); + + echo "\n"; + + echo 'var snortObjlist = ['; + $i = 0; + foreach ($newFilterRuleSigArray as $val3) + { + + $i++; + + if ( $i !== $countSigList ) + {// + echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},'; + }else{ + echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}'; + } + } + + echo '];' . "\n"; + } + +?> + + // disable Row Append if row count is less than 0 + var countRowAppend = <?=$countSig; ?>; + + // if rowcount is not empty do this + if (countRowAppend > 0){ + + // if rowcount is more than 300 + if (countRowAppend > 200){ + // call to please wait + showLoading('#loadingWaiting'); + } + + + // Break up append row adds by chunks of 300 + // NOTE: ie9 is still giving me issues on deleted.rules 6000 sigs. I should break up the json code above into smaller parts. + incrementallyProcess(function (i){ + // loop code goes in here + //console.log('loop: ', i); + + if (isEven(i) === true){ + var rowIsEvenOdd = 'odd_ruleset2'; + }else{ + var rowIsEvenOdd = 'even_ruleset2'; + } + + if (snortObjlist[i].enable === 'on'){ + var rulesetChecked = 'checked'; + }else{ + var rulesetChecked = ''; + } + + jQuery('.rulesetloopblock').append( + + "\n" + '<tr valign="top" id="fr0">' + "\n" + + '<td class="' + rowIsEvenOdd + '">' + "\n" + + '<input class="domecheck" type="checkbox" name="filenamcheckbox2[]" value="' + snortObjlist[i].sid + '" ' + rulesetChecked + ' >' + "\n" + + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].sid + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].proto + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].src + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].srcport + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dst + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dstport + '</td>' + "\n" + + '<td class="listbg" id="frd0" ><font color="white">' + snortObjlist[i].msg + '</font></td>' + "\n" + + '<td class="' + rowIsEvenOdd+ '">' + "\n" + + '<img id="' + snortObjlist[i].sid + '" class="icon_click showeditrulegui" src="/themes/<?=$g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule">' + "\n" + + '</td>' + "\n" + + '</tr>' + "\n" + + ); + + }, + snortObjlist, // Object to work with the case Json object + 500, // chunk size + 200, // how many secs to wait + function (){ + // things that happen after the processing is done go here + // console.log('done!'); + + // if rowcount is more than 300 + if (countRowAppend > 200){ + // call to please wait + hideLoading('#loadingWaiting'); + } + + }); + } // end of if stopRowAppend + + // On click show rule edit GUI + jQuery('.showeditrulegui').live('click', function(){ + + // Get sid + jQuery.getJSON('/snort/snort_json_get.php', + { + "snortGetSidString": "1", + "snortIface": "<?=$uuid . '_' . $a_list['interface']; ?>", + "snortRuleFile": "<?=$rulefile; ?>", + "sid": jQuery(this).attr('id') + }, + function(data){ + jQuery("textarea#sidstring").val(data.sidstring); // add string to textarea + jQuery("input[name=snortSidNum]").val(data.sid); // add sid to input + showLoading('#loadingRuleEditGUI'); + }); + }); + + jQuery('.closeRuleEditGUI').live('click', function(){ + hideLoading('#loadingRuleEditGUI'); + }); + + +}); // end of document ready + +</script> + + +<!-- stop info box --> + +<!-- footer do not touch below --> +<?php +include("fend.inc"); +echo $snort_custom_rnd_box; +?> + + +</body> +</html> |