diff options
author | Ermal <ermal.luci@gmail.com> | 2014-02-18 20:36:22 +0000 |
---|---|---|
committer | Ermal <ermal.luci@gmail.com> | 2014-02-18 20:36:22 +0000 |
commit | 6830930c219ba92582e04cc49d6ac2cfbce4a374 (patch) | |
tree | e3a9c8ae373c2632ca47f7249de5ef5da196ee12 /config/snort-dev/snortsam-package-code/snort_new.inc | |
parent | d355b7face9f7788f49521c0e6bc5da0f5ae7112 (diff) | |
download | pfsense-packages-6830930c219ba92582e04cc49d6ac2cfbce4a374.tar.gz pfsense-packages-6830930c219ba92582e04cc49d6ac2cfbce4a374.tar.bz2 pfsense-packages-6830930c219ba92582e04cc49d6ac2cfbce4a374.zip |
Remove code lying from old snort history
Diffstat (limited to 'config/snort-dev/snortsam-package-code/snort_new.inc')
-rw-r--r-- | config/snort-dev/snortsam-package-code/snort_new.inc | 1368 |
1 files changed, 0 insertions, 1368 deletions
diff --git a/config/snort-dev/snortsam-package-code/snort_new.inc b/config/snort-dev/snortsam-package-code/snort_new.inc deleted file mode 100644 index b9fc2322..00000000 --- a/config/snort-dev/snortsam-package-code/snort_new.inc +++ /dev/null @@ -1,1368 +0,0 @@ -<?php -/* $Id$ */ -/* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -*/ - -// unset crsf checks -if(isset($_POST['__csrf_magic'])) { - unset($_POST['__csrf_magic']); -} - -//require_once("pfsense-utils.inc"); -require_once("config.inc"); -require_once("functions.inc"); - -// create and cp to tmp db dir -if (!file_exists('/var/snort/')) { - exec('/bin/mkdir -p /var/snort/'); -} - -if (file_exists('/usr/local/pkg/snort/snortDBtemp')) { - exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp'); -} - -// used in snort_rules_ips.php and create sid block map -function snortSearchArray($array, $key, $value) -{ - $results = array(); - - if (is_array($array)) - { - foreach ($array as $subarray) - { - if ($subarray[$key] == $value) { - $results = $subarray; - } - - } - - } - - return $results; -} - -// used in snort_rules_ips.php and create sid block map -function getCurrentIpsRuleArray($output) -{ - - foreach (array_unique($output) as $line) - { - $newOutput = explode(' # ', $line); - $newLine[] = $newOutput; - } - - return $newLine; -} - -/* -* make dir for the new iface, if iface exists or rule dir has changed redo soft link -*/ -function snortRulesCreateSoftlink() -{ - $newSnortDir = 'sn_' . $_POST['uuid']; - $pathToSnortDir = '/usr/local/etc/snort'; - - // change the rule path - if (is_dir("{$pathToSnortDir}/{$newSnortDir}")) { - - $snortCurrentRuleDbName = snortSql_fetchAllSettings('snortDB', 'snortIfaces', 'uuid', $_POST['uuid']); - - if ($_POST['ruledbname'] !== $snortCurrentRuleDbName['ruledbname'] || !file_exists("{$pathToSnortDir}/{$newSnortDir}/rules")) { - - // NOTE: use full paths or link rm will not work, Freebsd love - exec("/bin/rm {$pathToSnortDir}/{$newSnortDir}/rules"); - exec("/bin/ln -s /usr/local/etc/snort/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/{$newSnortDir}/rules"); - - } - - } -} - - -// Wites selected sig to file -function snortSidStringRuleEditGUI() -{ - - $workingFile = '/usr/local/etc/snort/sn_' . $_POST['snortSidRuleIface'] . '/rules/' . $_POST['snortSidRuleFile']; - - $splitcontents = split_rule_file($workingFile); - - if (!empty($splitcontents)) { - $sidLinePosPre = exec('/usr/bin/sed -n /sid:' . $_POST['snortSidNum'] . '\;/= ' . $workingFile); - $sidLinePos = $sidLinePosPre - 1; - - $splitcontents[$sidLinePos] = $_POST['sidstring']; - - - write_rule_file($splitcontents, $workingFile); - - return true; - } - - return false; - -} - -function sendSidStringRuleEditGUI() -{ - - $sidCall = exec('sed -n "/alert.*sid:' . $_GET['sid'] . ';.*/p" /usr/local/etc/snort/sn_' . $_GET['snortIface'] . '/rules/' . $_GET['snortRuleFile']); - $sidCallJsonFilter = escapeJsonString($sidCall); - - echo '{"sidstring":' . '"' . $sidCallJsonFilter . '","sid":' . '"' . $_GET['sid'] . '"}'; - return true; -} - -// create new Ifac dirs and soft links -function createNewIfaceDir($pathToSnortDir, $newSnortDir) { - - exec("/bin/mkdir -p {$pathToSnortDir}/{$newSnortDir}"); - - // create rules dir soft link if setting is default - if ($_POST['ruledbname'] === 'default' || empty($_POST['ruledbname'])) { - if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { - exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/default/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules"); - } - } - - // create rules dir soft link if setting is not default - if ($_POST['ruledbname'] !== 'default' || $_POST['ruledbname'] != '') { - if (!file_exists("{$pathToSnortDir}/sn_{$_POST['uuid']}/rules") && file_exists("{$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules")) { - exec("/bin/ln -s {$pathToSnortDir}/snortDBrules/DB/{$_POST['ruledbname']}/rules {$pathToSnortDir}/sn_{$_POST['uuid']}/rules"); - } - } - - // cp new rules - exec("/bin/cp {$pathToSnortDir}/etc/*.config {$pathToSnortDir}/sn_{$_POST['uuid']}"); - exec("/bin/cp {$pathToSnortDir}/etc/*.conf {$pathToSnortDir}/sn_{$_POST['uuid']}"); - exec("/bin/cp {$pathToSnortDir}/etc/*.map {$pathToSnortDir}/sn_{$_POST['uuid']}"); - exec("/bin/cp {$pathToSnortDir}/etc/generators {$pathToSnortDir}/sn_{$_POST['uuid']}"); - exec("/bin/cp {$pathToSnortDir}/etc/sid {$pathToSnortDir}/sn_{$_POST['uuid']}"); -} // end of func - -function escapeJsonString($escapeString) -{ - // NOTE: foward slash has added spaces on each side ie and chrome were giving issues with - $search = array('\\', '\n', '\r', '\u', '\t', '\f', '\b', '/', '"'); - $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', ' \/ ', '\"'); - $encoded_string = str_replace($search, $replace, $escapeString); - - return $encoded_string; - -} - -// limit the length of the given string to $MAX_LENGTH char -function trimLength($s) { - - - $MAX_LENGTH = 13; - $str_to_count = $s; - if (strlen($str_to_count) <= $MAX_LENGTH) { - return $s; - } - - $s2 = substr($str_to_count, 0, $MAX_LENGTH - 3); - $s2 .= "..."; - return $s2; -} - - -// builds base array with sid etc.... -function newFilterRuleSig($baseruleArray) -{ - - function get_middle($source, $beginning, $ending, $init_pos) - { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; - } - - - $i = 0; - $newSigArray[] = array(); - foreach ( $baseruleArray as $value ) - { - if (preg_match('/^# alert/', $value) || preg_match('/^alert/', $value)) { - - // add sid - $newSigArray[$i]['sid'] = get_middle($value, 'sid:', ';', 0); - - // remove whitespaces - $rmWhitespaces = preg_replace('/\s\s+/', ' ', $value); - // remove whitespace betwin # aerrt - $rmAlertWhitespace = preg_replace('/^# alert/', '#alert', $rmWhitespaces); - $splitcontents = explode(' ', $rmAlertWhitespace); - - // enable or disable - if ($splitcontents[0] === '#alert') { - $newSigArray[$i]['enable'] = 'off'; - }else{ - $newSigArray[$i]['enable'] = 'on'; - } - - // proto - $newSigArray[$i]['proto'] = $splitcontents[1]; - - // source - $newSigArray[$i]['src'] = trimLength($splitcontents[2]); - - // source port - $newSigArray[$i]['srcport'] = trimLength($splitcontents[3]); - - // Destination - $newSigArray[$i]['dst'] = trimLength($splitcontents[5]); - - // Destination port - $newSigArray[$i]['dstport'] = trimLength($splitcontents[6]); - - // sig message - $newSigArray[$i]['msg'] = get_middle($value, 'msg:"', '";', 0); - - } - - $i++; - - } - - return $newSigArray; -} - - -function split_rule_file($workingFile) -{ - $filehandle = fopen($workingFile, "r"); - $contents = fread($filehandle, filesize($workingFile)); - - fclose ($filehandle); - - $delimiter = "\n"; - - $splitcontents = explode($delimiter, $contents); - - return $splitcontents; -} - - -// write rule file to disk -function write_rule_file($content_changed, $received_file) -{ - - //read snort file with writing enabled - $filehandle = fopen($received_file, "w"); - - //delimiter for each new rule is a new line - $delimiter = "\n"; - - //implode the array back into a string for writing purposes - $fullfile = implode($delimiter, $content_changed); - - //write data to file - fwrite($filehandle, $fullfile); - - //close file handle - fclose($filehandle); - -} - - -// Save ruleSets settings -function snortSql_updateRuleSigList() -{ - - // selected snort rule file - $workingFile = "/usr/local/etc/snort/snortDBrules/DB/{$_SESSION['snort']['tmp']['snort_rules']['rdbuuid']}/rules/{$_SESSION['snort']['tmp']['snort_rules']['rulefile']}"; - - $splitcontents = split_rule_file($workingFile); - - // open rule file and change enable/disable sids - function read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray) - { - - foreach ($splitcontents as $sigLine) - { - $replaceChars = array('/sid:/', '/;/'); - preg_match('/sid:[0-9]*;/', $sigLine, $matches); - $sidLine = preg_replace($replaceChars, '', $matches[0]); - - - if (empty($sidLine)) { - $tempstring[] = $sigLine; - }else{ - - if (in_array($sidLine, $enableSigsArray)) { - $tempstring[] = str_replace("# alert", "alert", $sigLine); - } - - if (in_array($sidLine, $disableSigsArray)) { - $tempstring[] = str_replace("alert", "# alert", $sigLine); - } - - if (!in_array($sidLine, $enableSigsArray) && !in_array($sidLine, $disableSigsArray)) { - $tempstring[] = $sigLine; - } - } - } - - return $tempstring; - } - - // build user selected enbled and disabled arrays - $enableSigsArray = array(); - $disableSigsArray = array(); - - if (!isset($_POST['filenamcheckbox2'])) { - $_POST['filenamcheckbox2'] = array(); - } - - $newFilterRuleSigArray = newFilterRuleSig($splitcontents); - - foreach ($newFilterRuleSigArray as $sigArray) - { - // enable sig - if(in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'off') { - $enableSigsArray[] = $sigArray['sid']; - } - - // disable sig - if(!in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'on') { - $disableSigsArray[] = $sigArray['sid']; - } - } - - // read rule file change disable/enable then write to file if arrays are not empty - if (!empty($enableSigsArray) || !empty($disableSigsArray)) { - write_rule_file(read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray), $workingFile); - } - - // Insert into the DB for oinkmaster - - function sql_EnableDisabeSid($SigArray, $OnOff) - { - - $dbname = $_SESSION['snort']['tmp']['snort_rules']['dbName']; - $table = $_SESSION['snort']['tmp']['snort_rules']['dbTable']; - $rdbuuid = $_SESSION['snort']['tmp']['snort_rules']['rdbuuid']; - $rulefile = $_SESSION['snort']['tmp']['snort_rules']['rulefile']; - $addDate = date(U); - - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$dbname}"); - - foreach ($SigArray as $mDEanbled) - { - - $resultid = sqlite_query($db, - "SELECT id FROM {$table} WHERE signatureid = '{$mDEanbled}' AND signaturefilename = '{$rulefile}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); - - if (empty($chktable)) { - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$table} (date, rdbuuid, signatureid, signaturefilename, enable) VALUES ('{$addDate}', '{$rdbuuid}', '{$mDEanbled}', '{$rulefile}', '{$OnOff}'); - "); - - }else{ - if ($chktable[0]['enable'] != $OnOff) { - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET date = {$addDate}, enable = '{$OnOff}' WHERE signatureid = '{$mDEanbled}' AND signaturefilename = '{$rulefile}'; - "); - } - - - } - - - } - - sqlite_close($db); - - } // snd of function - - sql_EnableDisabeSid($enableSigsArray, 'on'); - sql_EnableDisabeSid($disableSigsArray, 'off'); - - - return true; - - -} // END Save ruleSets settings - - -// Save rulessigs settings for snort_rules_ips -function snortSql_updateRulesSigsIps() -{ - - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); - - function insertUpdateDB($db) - { - - // get default settings - $listGenRules = array(); - $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']); - - // if $listGenRules empty list defaults - if (empty($listGenRules)) { - $listGenRules[0] = array( - 'id' => 1, - 'rdbuuid' => $_POST['rdbuuid'], - 'enable' => 'on', - 'who' => 'src', - 'timeamount' => 15, - 'timetype' => 'minutes' - ); - } - - $addDate = date(U); - - // checkbox off catch - $listGenRulesEnable = $listGenRules[0]['enable']; - if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) { - - $listGenRulesEnable = 'off'; - } - - // TODO: inprove this foreach so we only interact with db once - foreach ($_POST['snortsam']['db'] as $singleSig) - { - - $resultid = sqlite_query($db, - "SELECT id FROM {$_POST['dbTable']} WHERE siguuid = '{$singleSig['siguuid']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); - - // checkbox off catch - $singleSigEnable = $singleSig['enable']; - if ( empty($singleSig['enable']) ) { - - $singleSigEnable = 'off'; - } - - // only do this if something change from defauts settings, note: timeamount Not equal - $somthingChanged = FALSE; - if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] != $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) { - $somthingChanged = TRUE; - } - - if ( empty($chktable) && $somthingChanged ) { - - $rulesetUuid = genAlphaNumMixFast(11, 14); - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, siguuid, sigfilename, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['siguuid']}', '{$singleSig['sigfilename']}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}'); - "); - - } - - if ( !empty($chktable) && $somthingChanged ) { - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}'; - "); - - } - - } // END foreach - - } insertUpdateDB($db); - - function cleanupDB($db) - { - // clean database of old names and turn rulesets off - $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$_POST['rdbuuid']}/rules/", '\.rules'); - - $resultAllRulesetname = sqlite_query($db, - "SELECT sigfilename FROM {$_POST['dbTable']} WHERE rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC); - - if (!empty($chktable2)) { - foreach ($chktable2 as $value) - { - - if(!in_array($value['sigfilename'], $listDir)) { - $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production - "DELETE FROM {$_POST['dbTable']} WHERE sigfilename = '{$value['sigfilename']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - } - - } - } - } cleanupDB($db); - - sqlite_close($db); - return true; - -} - - - -// Save ruleSets settings -function snortSql_updateRuleSetList() -{ - - function createUpdateRulesetTable() - { - - $addDate = date(U); - - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); - - if (empty($_POST['filenamcheckbox'])) { - $ruleSetfilenames = array(); - } - - // foreach selected rulesets do this - if (!empty($_POST['filenamcheckbox'])) { - foreach ($_POST['filenamcheckbox'] as $ruleSetfilename) - { - - $resultid = sqlite_query($db, - "SELECT id, enable FROM {$_POST['dbTable']} WHERE rulesetname = '{$ruleSetfilename}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); - - if (empty($chktable)) { - - $rulesetUuid = genAlphaNumMixFast(11, 14); - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, rulesetname, enable) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$ruleSetfilename}', 'on'); - "); - - }else{ - if ($chktable[0]['enable'] == 'off') { - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$_POST['dbTable']} SET enable = 'on' WHERE id = '{$chktable[0]['id']}'; - "); - } - } - } - } // end foreach if - - - // clean database of old names and turn rulesets off - $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$_POST['rdbuuid']}/rules/", '\.rules'); - - $resultAllRulesetname = sqlite_query($db, - "SELECT rulesetname FROM {$_POST['dbTable']} WHERE rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC); - - - if (!empty($chktable2)) { - foreach ($chktable2 as $value) - { - - if(!in_array($value['rulesetname'], $listDir)) { - $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production - "DELETE FROM {$_POST['dbTable']} WHERE rulesetname = '{$value['rulesetname']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - } - - if(!in_array($value['rulesetname'], $_POST['filenamcheckbox'])) { - $ruleSetisOff = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$_POST['dbTable']} SET enable = 'off' WHERE rulesetname = '{$value['rulesetname']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - } - } - } - sqlite_close($db); - } // END createUpdateRulesetTable func - createUpdateRulesetTable(); - - // save gen setting only if on ips tab - if ($_POST['dbTable'] === 'SnortruleSetsIps') { - - function createUpdateRulesetGenTable() - { - $table = 'SnortruleGenIps'; - $rulesetUuid = genAlphaNumMixFast(11, 14); - $addDate = date(U); - - // if enable is empty then set to off - if (empty($_POST['snortsam']['db']['gensettings']['enable'])) { - - $_POST['snortsam']['db']['gensettings']['enable'] = 'off'; - } - - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); - - $resultid = sqlite_query($db, - "SELECT id FROM {$table} WHERE rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); - - if (!empty($chktable)) { - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET enable = '{$_POST['snortsam']['db']['gensettings']['enable']}', who = '{$_POST['snortsam']['db']['gensettings']['who']}', timeamount = '{$_POST['snortsam']['db']['gensettings']['timeamount']}', timetype = '{$_POST['snortsam']['db']['gensettings']['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}'; - "); - - }else{ - - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$table} (date, uuid, rdbuuid, enable, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$_POST['snortsam']['db']['gensettings']['enable']}', '{$_POST['snortsam']['db']['gensettings']['who']}', '{$_POST['snortsam']['db']['gensettings']['timeamount']}', '{$_POST['snortsam']['db']['gensettings']['timetype']}'); - "); - } - - sqlite_close($db); - } // END createUpdateRulesetGenTable - createUpdateRulesetGenTable(); - - } - return true; - -} // END Save ruleSets settings - - -function snortSql_fetchAllInterfaceRules($table, $dbname) -{ - // do let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$dbname}"); - - $result = sqlite_query($db, - "SELECT * FROM {$table} WHERE id > 0; - "); - - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - - sqlite_close($db); - - return $chktable; - -} - - -// fetch db Settings NONE Json -function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid) -{ - - if (empty($dbname) || empty($table) || empty($type)) { - return false; - } - - $db = sqlite_open("/usr/local/pkg/snort/$dbname"); - - if ($type == 'All') { - - $result = sqlite_query($db, - "SELECT * FROM {$table} WHERE id > 0; - "); - - }else{ - - $result = sqlite_query($db, - "SELECT * FROM {$table} where {$type} = '{$id_uuid}'; - "); - - } - - if ($type == 'id' || $type == 'uuid') { - $chktable = sqlite_fetch_array($result, SQLITE_ASSOC); - } - - if ($type == 'All' || $type == 'ifaceuuid' || $type == 'ruledbname' || $type == 'rdbuuid' || $type == 'filename') { - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - } - - sqlite_close($db); - - return $chktable; - - -} // end func - -// fetch db list settings NONE Json -function snortSql_fetchAllSettingsList($table, $listFilename) -{ - - $db = sqlite_open('/usr/local/pkg/snort/snortDB'); - - $result = sqlite_query($db, - "SELECT * FROM {$table} WHERE filename = \"{$listFilename}\"; - "); - - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - - sqlite_close($db); - - return $chktable; - -} - -// Update settings to database -function snortSql_updateSettings($type, $id_uuid) -{ - $dbname = $_POST['dbName']; - $settings = $_POST; - - // update date on every save - $_POST['date'] = date(U); - - $db = "/usr/local/pkg/snort/$dbname"; - $mydb = sqlite_open("$db"); - $table = $settings['dbTable']; - - // unset POSTs that are markers not in db - unset($settings['dbName']); - unset($settings['dbTable']); - - // START add new row if not set - if ($type == 'uuid') { - - $query_ck = sqlite_query($mydb, // @ supress warnings usonly in production - "SELECT * FROM {$table} WHERE uuid = '{$id_uuid}'; - "); - - $query_ckFinal = sqlite_fetch_all($query_ck, SQLITE_ASSOC); - - if (empty($query_ckFinal)) { - - $query_ck = sqlite_query($mydb, // @ supress warnings usonly in production - "INSERT INTO {$table} (date, uuid) VALUES ('{$settings['date']}', '{$settings['uuid']}'); - "); - - if (sqlite_changes($mydb) < 1) { - sqlite_close($mydb); - return 'Error in query'; - } - - } - - } - - // START add values to row - $kv = array(); - foreach ($settings as $key => $value) - { - $kv[] = $key; - $val[] = $value; - } - - $countKv = count($kv); - - $i = -1; - while ($i < $countKv) - { - - $i++; - - if (!empty($kv[$i])) - { - - if ($type == 'id') - { - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "UPDATE {$table} SET {$kv[$i]} = '{$val[$i]}' WHERE id = '{$id_uuid}'; - "); - } - - if ($type == 'uuid') - { - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "UPDATE {$table} SET {$kv[$i]} = '{$val[$i]}' WHERE uuid = '{$id_uuid}'; - "); - } - - if (sqlite_changes($mydb) < 1) - { - sqlite_close($mydb); - return 'Error in query'; - } - - } - } // end while - - sqlite_close($mydb); - return true; - -} - - -// fetch for snort_interfaces_whitelist.php NONE Json -// use sqlite_fetch_array for single and sqlite_fetch_all for lists -function snortSql_fetchAllWhitelistTypes($table, $table2) -{ - - if (empty($table)) { - return false; - } - - $db = sqlite_open('/usr/local/pkg/snort/snortDB'); - - - $result = sqlite_query($db, - "SELECT * FROM {$table} where id > 0; - "); - - $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); - - if (empty($chktable)) { - return false; - } - - if ($table2 != '') - { - foreach ($chktable as $value) - { - - $filename2 = $value['filename']; - - $result2 = sqlite_query($db, - "SELECT ip FROM {$table2} WHERE filename = \"{$filename2}\" LIMIT 4; - "); - - $chktable2 = sqlite_fetch_all($result2, SQLITE_ASSOC); - - $final2 = array('id' => $value['id']); - $final2['date'] = $value['date']; - $final2['uuid'] = $value['uuid']; - $final2['filename'] = $value['filename']; - $final2['description'] = $value['description']; - $final2['snortlisttype'] = $value['snortlisttype']; - - - $final2['list'] = $chktable2; - - $final[] = $final2; - - } // end foreach - }else{ - $final = $chktable; - } - sqlite_close($db); - - return $final; - - -} // end func - - -// Save Whitelistips Settings -function snortSql_updateWhitelistIps($newPostListips) -{ - - if(empty($newPostListips)) - { - return true; - } - - $table = $_POST['dbTable']; - $filename = $_POST['filename']; - - $db = '/usr/local/pkg/snort/snortDB'; - $mydb = sqlite_open("$db"); - $tableips = $table . 'ips'; - $date = date(U); - - // remove list array that has nul ip - foreach ($newPostListips as $ipsListEmpty) - { - if (!empty($ipsListEmpty['ip'])) - { - $genList[] = $ipsListEmpty; - } - } - unset($newPostListips); - - // remove everything if nothing is in the post - if (empty($genList)) - { - - $query = sqlite_query($mydb, // @ supress warnings use only in production - "DELETE FROM {$tableips} WHERE filename = '{$filename}'; - "); - - sqlite_close($mydb); - return true; - - } - - // START Remove entries from DB - $resultUuid = sqlite_query($mydb, - "SELECT uuid FROM {$tableips} WHERE filename = '{$filename}'; - "); - - $resultUuidFinal = sqlite_fetch_all($resultUuid, SQLITE_ASSOC); - - if (!empty($genList) && !empty($resultUuidFinal)) - { - - foreach ($resultUuidFinal as $list3) - { - $uuidListDB[] = $list3['uuid']; - } - - foreach ($genList as $list2) - { - $uuidListPOST[] = $list2['uuid']; - } - - // create diff array - $uuidDiff = array_diff($uuidListDB, $uuidListPOST); - - // delet diff list objs - if ($uuidDiff != '') - { - foreach ($uuidDiff as $list4) - { - - // remove everything - $query = sqlite_query($mydb, // @ supress warnings use only in production - "DELETE FROM {$tableips} WHERE uuid = '{$list4}'; - "); - - } // end foreach - } - } - - // START add entries/updates to DB - foreach ($genList as $list) - { - - if ($list['uuid'] == 'EmptyUUID') - { - - $uuid = genAlphaNumMixFast(28, 28); - $list['uuid'] = $uuid; - - $query = sqlite_query($mydb, // @ supress warnings use only in production - "INSERT INTO {$tableips} (date, uuid, filename) VALUES ('{$date}', '{$uuid}', '{$filename}'); - "); - - if (sqlite_changes($mydb) < 1) - { - sqlite_close($mydb); - return 'Error in query'; - } - - foreach ($list as $key => $value) - { - - if ($key != '') - { - - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "UPDATE {$tableips} SET {$key} ='{$value}' WHERE uuid = '{$uuid}'; - "); - - if (sqlite_changes($mydb) < 1) - { - sqlite_close($mydb); - return 'Error in query'; - } - - } - - } // end foreach - - }else{ - - $uuid = $list['uuid']; - - foreach ($list as $key => $value) - { - - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "UPDATE {$tableips} SET {$key} ='{$value}', date = '{$date}' WHERE uuid = '{$uuid}'; - "); - - if (sqlite_changes($mydb) < 1) - { - sqlite_close($mydb); - return 'Error in query'; - } - - } // end foreach - - } // end main if - - } // end Main foreach - - sqlite_close($mydb); - return true; - -} // end of func - -// RMlist Delete -function snortSql_updatelistDelete($databse, $table, $type, $uuid_filename) -{ - - $db = "/usr/local/pkg/snort/{$databse}"; - - $mydb = sqlite_open("$db"); - - if (!empty($type)) { - - $query = sqlite_query($mydb, // @ supress warnings usonly in production - "DELETE FROM {$table} WHERE {$type} = '{$uuid_filename}'; - "); - - if (sqlite_changes($mydb) < 1) { - sqlite_close($mydb); - return 'Error in query'; - } - - } - - sqlite_close($mydb); - return true; - -} // END main func - -// create dropdown list -function snortDropDownList($list, $setting) { - foreach ($list as $iday => $iday2) { - - echo "\n" . "<option value=\"{$iday}\""; if($iday == $setting) echo " selected "; echo '>' . htmlspecialchars($iday2) . '</option>' . "\r"; - - } -} - -// downlod all snort logs -function snort_downloadAllLogs() { - - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_logs_{$save_date}.tar.gz"; - - exec('/bin/rm /tmp/snort_logs_*.gz'); // remove old file - exec('/bin/rm /tmp/snort_blocked_*.gz'); // remove old file - exec('/bin/rm /tmp/snort_block.pf'); // remove old file - exec('/bin/rm -r /tmp/snort_blocked'); // remove old file - exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort"); - - if (file_exists("/tmp/snort_logs_{$save_date}.tar.gz")) { - echo " - { - \"snortdownload\": \"success\", - \"downloadfilename\": \"{$save_date}\" - } - "; - return true; - }else{ - return false; - } -} - -// send log files to browser GET function -function sendFileSnortLogDownload() { - //ob_start(); //importanr or other post will fail - $file_name_date = $_GET['snortlogfilename']; - - $file_name1 = "/tmp/snort_logs_{$file_name_date}.tar.gz"; - $file_name2 = "/tmp/snort_blocked_{$file_name_date}.tar.gz"; - - if (file_exists($file_name1)) { - $file_name = "snort_logs_{$file_name_date}.tar.gz"; - } - - if (file_exists($file_name2)) { - $file_name = "snort_blocked_{$file_name_date}.tar.gz"; - } - - if (empty($file_name)) { - echo 'Error no saved file.'; - return false; - } - - if(file_exists("/tmp/{$file_name}")) - { - $file = "/tmp/{$file_name}"; - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n"); - header("Pragma: private"); // needed for IE - header("Cache-Control: private, must-revalidate"); // needed for IE - header('Content-type: application/force-download'); - header('Content-Transfer-Encoding: Binary'); - header("Content-length: ".filesize($file)); - header("Content-disposition: attachment; filename = {$file_name}"); - readfile("$file"); - exec("/bin/rm /tmp/{$file_name}"); - //od_end_clean(); //importanr or other post will fail - }else{ - echo 'Error no saved file.'; - return false; - } -} - -// Warning code not finnish untill rule code is DONE ! -// Delete Snort logs -function snortDeleteLogs() { - if(file_exists('/var/log/snort/alert')) - { - exec('/bin/echo "" > /var/log/snort/alert'); - //post_delete_logs(); - exec('/usr/sbin/chown snort:snort /var/log/snort/*'); - exec('/bin/chmod 660 /var/log/snort/*'); - sleep(2); - exec('/usr/bin/killall -HUP snort'); - } - - echo ' - { - "snortdelete": "success" - } - '; - return true; - -} - -// Warning code not finnish untill rule code is DONE ! -// code neeed to be worked on when finnished rules code -function post_delete_logs() -{ - global $config, $g; - - - $snort_log_dir = '/var/log/snort'; - - /* do not start config build if rules is empty */ - if (!empty($config['installedpackages']['snortglobal']['rule'])) - { - - - $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id = -1; - foreach ($rule_array as $value) - { - - if (empty($id)) { - $id = 0; - } - - $id += 1; - - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; - $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - - if ($snort_uuid != '') - { - if ($config['installedpackages']['snortglobal']['rule'][$id]['snortunifiedlog'] == 'on') - { - $snort_log_file_u2 = "{$snort_uuid}.u2."; - $snort_list_u2 = snort_file_list($snort_log_dir, $snort_log_file_u2); - if (is_array($snort_list_u2)) { - usort($snort_list_u2, "snort_file_sort"); - $snort_u2_rm_list = snort_build_order($snort_list_u2); - snort_remove_files($snort_u2_rm_list, $snort_u2_rm_list[0]); - } - }else{ - exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.u2*"); - } - - if ($config['installedpackages']['snortglobal']['rule'][$id]['tcpdumplog'] == 'on') - { - $snort_log_file_tcpd = "{$snort_uuid}.tcpdump."; - $snort_list_tcpd = snort_file_list($snort_log_dir, $snort_log_file_tcpd); - if (is_array($snort_list_tcpd)) { - usort($snort_list_tcpd, "snort_file_sort"); - $snort_tcpd_rm_list = snort_build_order($snort_list_tcpd); - snort_remove_files($snort_tcpd_rm_list, $snort_tcpd_rm_list[0]); - } - }else{ - exec("/bin/rm $snort_log_dir/snort_{$snort_uuid}.tcpdump*"); - } - - /* create barnyard2 configuration file */ - //if ($config['installedpackages']['snortglobal']['rule'][$id]['barnyard_enable'] == 'on') - //create_barnyard2_conf($id, $if_real, $snort_uuid); - - if ($config['installedpackages']['snortglobal']['rule'][$id]['perform_stat'] == on) - { - exec("/bin/echo '' > /var/log/snort/snort_{$snort_uuid}.stats"); - } - } - } - } -} - -// END General Functions - -// downlod all blocked ips to log -function snort_downloadBlockedIPs() { - - exec('/bin/rm /tmp/snort_logs_*.gz'); // remove old file - exec('/bin/rm /tmp/snort_blocked_*.gz'); // remove old file - exec('/bin/rm /tmp/snort_block.pf'); // remove old file - exec('/bin/rm -r /tmp/snort_blocked'); // remove old file - $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); - $file_name = "snort_blocked_{$save_date}.tar.gz"; - exec('/bin/mkdir /tmp/snort_blocked'); - exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.pf'); - - $blocked_ips_array_save = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.pf')))); - - if ($blocked_ips_array_save[0] != '') - { - /* build the list */ - $counter = 0; - foreach($blocked_ips_array_save as $fileline3) - { - $counter++; - exec("/bin/echo $fileline3 >> /tmp/snort_blocked/snort_block.pf"); - } - } - - exec("/usr/bin/tar cfz /tmp/snort_blocked_{$save_date}.tar.gz /tmp/snort_blocked"); - - if (file_exists("/tmp/snort_blocked_{$save_date}.tar.gz")) { - echo " - { - \"snortdownload\": \"success\", - \"downloadfilename\": \"{$save_date}\" - } - "; - return true; - }else{ - return false; - } - -} - -// flush all ips from snort2c table -function snortRemoveBlockedIPs() { - - exec("/sbin/pfctl -t snort2c -T flush"); - - echo ' - { - "snortdelete": "success" - } - '; - return true; - -} - -/* returns true if $name is a valid name for a whitelist file name or ip */ -function is_validFileName($name) { - - if (empty($name)) { - return false; - } - - if (!is_string($name)) { - return false; - } - - if (preg_match("/\s+/", $name)) { - return false; - } - - if (!preg_match("/[^a-zA-Z0-9\-_]/", $name)) { - return true; - } - - return false; -} - -/* gen Alpha Num Mix for uuids or anything random, NEVER USE rand() */ -/* mt_rand/mt_srand is insecure way to gen random nums and strings, when posible use /dev/random or /dev/urandom */ -function genAlphaNumMixFast($min = 14, $max = 28) -{ - - // gen random lenth - mt_srand(crc32(microtime())); - $num = mt_rand($min, $max); - // reseed - mt_srand(); - - // Gen random string - $num = $num > 36 ? 30 : $num; - - $pool = array_merge(range('A', 'Z'), range(0, 9), range('a', 'z')); - - $rand_keys = array_rand($pool, $num); - - $randAlpaNum = ''; - - if (is_array($rand_keys)) { - foreach ($rand_keys as $key) - { - $randAlpaNum .= $pool[$key]; - } - }else{ - $randAlpaNum .= $pool[$rand_keys]; - } - - return str_shuffle($randAlpaNum); - -} - -// scan a dir, build array with filetr -function snortScanDirFilter($path, $filtername) -{ - // list rules in the default dir - $listDir = array(); - $listDir = scandir("{$path}"); - - if (empty($filtername)) { - - return $listDir; - - }else{ - - $pattern = "/{$filtername}/"; - foreach ( $listDir as $val ) - { - if (preg_match($pattern, $val)) { - $filterDirList[] = $val; - } - } - unset($listDir); - } - return $filterDirList; -} - -?> - |