diff options
author | robiscool <robrob2626@yahoo.com> | 2011-06-16 13:10:29 -0700 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2011-06-16 13:10:29 -0700 |
commit | b09f9b80567607884f88c28f694cdefe744ded1e (patch) | |
tree | 479d734a5b9f7b2b37dee5170c0b636454946f76 /config/snort-dev | |
parent | 3a16379bd0e3afc1a0845c0ea57a669923a57a4d (diff) | |
download | pfsense-packages-b09f9b80567607884f88c28f694cdefe744ded1e.tar.gz pfsense-packages-b09f9b80567607884f88c28f694cdefe744ded1e.tar.bz2 pfsense-packages-b09f9b80567607884f88c28f694cdefe744ded1e.zip |
snort-dev, redo the way users interact with the rules, update database names
Diffstat (limited to 'config/snort-dev')
22 files changed, 820 insertions, 316 deletions
diff --git a/config/snort-dev/snortDB b/config/snort-dev/snortDB Binary files differindex bb2f5c7b..beacf5d4 100644 --- a/config/snort-dev/snortDB +++ b/config/snort-dev/snortDB diff --git a/config/snort-dev/snortDBrules b/config/snort-dev/snortDBrules Binary files differindex 306d6774..07b899e3 100644 --- a/config/snort-dev/snortDBrules +++ b/config/snort-dev/snortDBrules diff --git a/config/snort-dev/snortDBtemp b/config/snort-dev/snortDBtemp Binary files differindex cbb6e2ef..46375e2f 100644 --- a/config/snort-dev/snortDBtemp +++ b/config/snort-dev/snortDBtemp diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index dc385e6d..0b7d7d06 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -76,8 +76,7 @@ $arefresh_on = ($generalSettings['arefresh'] == 'on' ? 'checked' : ''); <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> + <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> </ul> </div> diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index aea0d93d..8dde1cd3 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -46,7 +46,7 @@ if ($uuid == '') { } -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); if (!is_array($a_list)) { @@ -169,9 +169,10 @@ jQuery(document).ready(function() { <form id="iform" > <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> - <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table--> + <input type="hidden" name="dbName" value="snortDB" /> <!-- what db--> + <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table--> <input type="hidden" name="ifaceTab" value="snort_barnyard" /> <!-- what interface tab --> + <input name="uuid" type="hidden" value="<?=$uuid; ?>"> <tr> @@ -224,7 +225,6 @@ jQuery(document).ready(function() { <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" > - <input name="uuid" type="hidden" value="<?=$uuid; ?>"> </td> </tr> <tr> diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php index 5e835c80..4f81bc6c 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/snort_blocked.php @@ -78,7 +78,6 @@ $brefresh_on = ($generalSettings['brefresh'] == 'on' ? 'checked' : ''); <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> </ul> </div> diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php index b6b83b56..abb9bcdd 100644 --- a/config/snort-dev/snort_define_servers.php +++ b/config/snort-dev/snort_define_servers.php @@ -46,7 +46,7 @@ if ($uuid == '') { } -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); $pgtitle = "Snort: Interface Define Servers:"; @@ -99,9 +99,10 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid) <form id="iform" > <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> - <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table--> + <input type="hidden" name="dbName" value="snortDB" /> <!-- what db--> + <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table--> <input type="hidden" name="ifaceTab" value="snort_define_servers" /> <!-- what interface tab --> + <input name="uuid" type="hidden" value="<?=$uuid; ?>"> <tr> <td width="22%" valign="top"> </td> @@ -382,7 +383,6 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid) <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <input id="cancel" type="button" class="formbtn" value="Cancel"> - <input name="uuid" type="hidden" value="<?=$uuid; ?>"> </td> </tr> <tr> diff --git a/config/snort-dev/snort_download_rules.inc b/config/snort-dev/snort_download_rules.inc index cf40ad89..b8d18397 100644 --- a/config/snort-dev/snort_download_rules.inc +++ b/config/snort-dev/snort_download_rules.inc @@ -6,8 +6,6 @@ * */ -//require_once("/usr/local/pkg/snort/snort_new.inc"); - // fetch db Settings NONE Json function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid) { diff --git a/config/snort-dev/snort_download_updates.php b/config/snort-dev/snort_download_updates.php index 4f99cda8..6e1a0b0d 100644 --- a/config/snort-dev/snort_download_updates.php +++ b/config/snort-dev/snort_download_updates.php @@ -125,7 +125,6 @@ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> </ul> </div> @@ -140,7 +139,6 @@ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); <li><a href="#"><span>Upload Custom Rules</span></a></li> <li><a href="#"><span>Gui Update</span></a></li> </ul> - </div> </td> diff --git a/config/snort-dev/snort_headbase.inc b/config/snort-dev/snort_headbase.inc index 6a2492ad..d21fedc7 100644 --- a/config/snort-dev/snort_headbase.inc +++ b/config/snort-dev/snort_headbase.inc @@ -5,10 +5,10 @@ <link rel="stylesheet" type="text/css" href="./css/style_snort2.css" media="all" /> <!-- <link rel="stylesheet" type="text/css" href="./css/jquery.bubblepopup.v2.3.1.css" media="all" /> --> -<script type="text/javascript" src="./javascript/jquery-1.6.min.js"></script> -<script type="text/javascript" src="./javascript/snort_globalsend.js"></script> -<script type="text/javascript" src="./javascript/jquery.form.js"></script> -<script type="text/javascript" src="./javascript/jquery.progressbar.min.js"></script> +<script type="text/javascript" src="/snort/javascript/jquery-1.6.1.min.js"></script> +<script type="text/javascript" src="/snort/javascript/snort_globalsend.js"></script> +<script type="text/javascript" src="/snort/javascript/jquery.form.js"></script> +<script type="text/javascript" src="/snort/javascript/jquery.progressbar.min.js"></script> <!-- <script type="text/javascript" src="./javascript/jquery.bubblepopup.v2.3.1.min.js"></script> --> <!-- STOP of Snort Package css and javascript --> diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index f8f4c859..59ff381d 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -38,7 +38,7 @@ require_once("/usr/local/pkg/snort/snort_gui.inc"); $new_ruleUUID = genAlphaNumMixFast(7, 8); -$a_interfaces = snortSql_fetchAllInterfaceRules('Snortrules', 'snortDBrules'); +$a_interfaces = snortSql_fetchAllInterfaceRules('SnortIfaces', 'snortDB'); $pgtitle = "Services: Snort 2.9.0.5 pkg v. 2.0"; @@ -166,7 +166,7 @@ $a_interfaces = snortSql_fetchAllInterfaceRules('Snortrules', 'snortDBrules'); echo " - <div id=\"maintable_{$list['uuid']}\" data-options='{\"pagetable\":\"Snortrules\", \"pagedb\":\"snortDBrules\", \"DoPOST\":\"true\"}'> + <div id=\"maintable_{$list['uuid']}\" data-options='{\"pagetable\":\"SnortIfaces\", \"pagedb\":\"snortDB\", \"DoPOST\":\"true\"}'> "; echo ' <table width="100%" border="0" cellpadding="0" cellspacing="0"> diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 2eca2b80..169b0dba 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -47,24 +47,23 @@ if ($uuid == '') { -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - if (!is_array($a_list)) - { - $a_list = array(); - } +$a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); + +if (!is_array($a_list)) { + $a_list = array(); +} $a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips'); - if (!is_array($a_whitelist)) - { - $a_whitelist = array(); - } +if (!is_array($a_whitelist)) { + $a_whitelist = array(); +} $a_suppresslist = snortSql_fetchAllWhitelistTypes('SnortSuppress', ''); -if (!is_array($a_suppresslist)) -{ +if (!is_array($a_suppresslist)) { $a_suppresslist = array(); } @@ -97,16 +96,14 @@ jQuery(document).ready(function() { ); <?php - if ($a_list['interface'] != '') - { + if ($a_list['interface'] != '') { echo ' jQuery(\'[name=interface]\').attr(\'disabled\', \'true\'); '; } // disable tabs if nothing in database - if ($a_list['uuid'] == '') - { + if ($a_list['uuid'] == '') { echo ' jQuery(\'.hide_newtabmenu\').hide(); '; @@ -114,8 +111,7 @@ jQuery(document).ready(function() { ?> - if (endis) - { + if (endis) { for (var i = 0; i < disableInputs.length; i++) { jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true'); @@ -126,8 +122,7 @@ jQuery(document).ready(function() { endis = !(jQuery('input[name=enable]:checked').val()); - if (endis) - { + if (endis) { for (var i = 0; i < disableInputs.length; i++) { jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true'); @@ -192,9 +187,10 @@ jQuery(document).ready(function() { <form id="iform" name="iform" > <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> - <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table--> + <input type="hidden" name="dbName" value="snortDB" /> <!-- what db--> + <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table--> <input type="hidden" name="ifaceTab" value="snort_interfaces_edit" /> <!-- what interface tab --> + <input name="uuid" type="hidden" value="<?=$uuid; ?>" > <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> @@ -280,6 +276,41 @@ jQuery(document).ready(function() { </td> </tr> <tr> + <td colspan="2" valign="top" class="listtopic">Choose the rule DB snort should use.</td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell2">Rule DB</td> + <td width="78%" class="vtable"> + <select name="ruledbname" class="formfld" id="ruledbname"> + + <?php + // find ruleDB names and value by uuid + $selected = ''; + if ($a_list['ruledbname'] == 'default') { + $selected = 'selected'; + } + echo "\n" . '<option value="default" ' . $selected . ' >default</option>' . "\r"; + foreach ($a_rules as $value) + { + $selected = ''; + if ($value['uuid'] == $a_list['ruledbname'] && $value['enable'] !== 'off') { + $selected = 'selected'; + } + + echo "\n" . '<option value="' . $value['uuid'] . '" ' . $selected . ' >' . $value['ruledbname'] . '</option>' . "\r"; + } + ?> + + </select> + <br> + <span class="vexpl">Choose the home net you will like this rule to use. <span class="red">Note:</span> Default homenet adds only local networks. + <br> + <span class="red">Hint:</span> Most users add a list offriendly ips that the firewall cant see.</span> + </td> + </tr> + + <tr> <td colspan="2" valign="top" class="listtopic">Choose the networks snort should inspect and whitelist.</td> </tr> <tr> @@ -420,7 +451,6 @@ jQuery(document).ready(function() { <input name="Submit" type="submit" class="formbtn" value="Save"> <input name="Submit2" type="submit" class="formbtn" value="Start"> <input id="cancel" type="button" class="formbtn" value="Cancel"> - <input name="uuid" type="hidden" value="<?=$uuid; ?>" > </td> </tr> <tr> diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php index c391f10c..64f81643 100644 --- a/config/snort-dev/snort_interfaces_global.php +++ b/config/snort-dev/snort_interfaces_global.php @@ -167,7 +167,6 @@ jQuery(document).ready(function(){ <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> </ul> </div> diff --git a/config/snort-dev/snort_interfaces_rules.php b/config/snort-dev/snort_interfaces_rules.php new file mode 100644 index 00000000..8f1631a2 --- /dev/null +++ b/config/snort-dev/snort_interfaces_rules.php @@ -0,0 +1,180 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Modified for the Snaort Package By + Copyright (C) 2008-2011 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +$a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); + + if (!is_array($a_rules)) { + $a_rules = array(); + } + + if ($a_rules == 'Error') { + echo 'Error'; + exit(0); + } + + $pgtitle = "Services: Snort: Rules"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<div id="loadingWaiting"> + <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p> +</div> + +<?php include("fbegin.inc"); ?> +<!-- hack to fix the hardcoed fbegin link in header --> +<div id="header-left2"> +<a href="../index.php" id="status-link2"> +<img src="./images/transparent.gif" border="0"></img> +</a> +</div> + +<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> +<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> + </ul> + </div> + + </td> + </tr> + <tr> + <td id="tdbggrey"> + <table width="100%" border="0" cellpadding="10px" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <!-- START MAIN AREA --> + + <tr> <!-- db to lookup --> + <td width="30%" class="listhdrr">File Name</td> + <td width="70%" class="listhdr">Description</td> + <td width="10%" class="list"></td> + </tr> + <?php foreach ($a_rules as $list): ?> + <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' > + <td class="listlr" ondblclick="document.location='snort_interfaces_suppress_edit.php?uuid=<?=$list['uuid'];?>'"><?=$list['ruledbname'];?></td> + <td class="listbg" ondblclick="document.location='snort_interfaces_suppress_edit.php?uuid=<?=$list['uuid'];?>'"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?> </font> + </td> + <td></td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"> + <a href="snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit suppress list"></a> + </td> + <td> + <img id="icon_x_<?=$list['uuid'];?>" class="icon_click icon_x" src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete list" > + </a> + </td> + </tr> + </table> + </td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a href="snort_interfaces_rules_edit.php?rdbuuid=<?=genAlphaNumMixFast(11, 12);?> "><img src="/themes/nervecenter/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add a new list"></a></td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> + + <!-- STOP MAIN AREA --> + </table> + </td> + </tr> + + </table> + </td> + </tr> +</table> + +<!-- 2nd box note --> +<br> +<div id=mainarea4> +<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <td width="100%"> + <span class="vexpl"> + <span class="red"><strong>Note:</strong></span> + <p><span class="vexpl"> + Here you can create event filtering and suppression for your snort package rules.<br> + Please note that you must restart a running rule so that changes can take effect.<br> + </span></p> + </td> +</table> +</div> + +</div> + + +<!-- footer do not touch below --> +<?php +include("fend.inc"); +echo $snort_custom_rnd_box; +?> + + +</body> +</html> diff --git a/config/snort-dev/snort_interfaces_rules_edit.php b/config/snort-dev/snort_interfaces_rules_edit.php new file mode 100644 index 00000000..7db725af --- /dev/null +++ b/config/snort-dev/snort_interfaces_rules_edit.php @@ -0,0 +1,204 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars +if (isset($_GET['uuid'])) { + $uuid = $_GET['uuid']; +} + +if (isset($_GET['rdbuuid'])) { + $rdbuuid = $_GET['rdbuuid']; +}else{ + $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); + $rdbuuid = $ruledbname_pre1['ruledbname']; +} + +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid); + + +// $a_list returns empty use defaults +if ($a_list == '') +{ + + $a_list = array( + 'id' => '', + 'date' => date(U), + 'uuid' => $rdbuuid, + 'ruledbnamename' => '', + 'description' => '' + + ); + +} + + + + + $pgtitle = 'Services: Snort: Rules: Edit: ' . $rdbuuid; + include('/usr/local/pkg/snort/snort_head.inc'); + +?> + + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<div id="loadingWaiting"> + <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p> +</div> + +<?php include("fbegin.inc"); ?> +<!-- hack to fix the hardcoed fbegin link in header --> +<div id="header-left2"> +<a href="../index.php" id="status-link2"> +<img src="./images/transparent.gif" border="0"></img> +</a> +</div> + +<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> +<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> + </ul> + </div> + </td> + </tr> + <tr> + <td> + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li class="hide_newtabmenu newtabmenu_active"><a href="/snort/snort_interfaces_rules.php?rdbuuid=<?=$rdbuuid;?>"><span>Rules DB Edit</span></a></li> + <li class="hide_newtabmenu"><a href="/snort/snort_rulesets.php?rdbuuid=<?=$rdbuuid;?>"><span>Categories</span></a></li> + <li class="hide_newtabmenu"><a href="/snort/snort_rules.php?rdbuuid=<?=$rdbuuid;?>"><span>Rules</span></a></li> + </ul> + </div> + </td> + </tr> + + <tr> + <td id="tdbggrey"> + <table width="100%" border="0" cellpadding="10px" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <!-- START MAIN AREA --> + + <!-- table point --> + <form id="iform"> + <input name="snortSaveSettings" type="hidden" value="1" /> + <input name="ifaceTab" type="hidden" value="snort_interfaces_rules_edit" /> + <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db --> + <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table --> + <input name="date" type="hidden" value="<?=$a_list['date'];?>" /> + <input name="uuid" type="hidden" value="<?=$a_list['uuid'];?>" /> + + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic">Add the name and description of the rule DB</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq2">RuleDB</td> + <td width="22%" valign="top" class="vtable"> + + <input name="enable" type="checkbox" value="on" <?=$ifaceEnabled = $a_list['enable'] == 'on' || $a_list['enable'] == '' ? 'checked' : '';?> "> + <span class="vexpl">Enable or Disable</span> + </td> + </tr> + <tr> + <td valign="top" class="vncellreq2">Name</td> + <td class="vtable"> + <input class="formfld2" name="ruledbname" type="text" id="ruledbname" size="40" value="<?=$a_list['ruledbname'] ?>" /> <br /> + <span class="vexpl"> The list name may only consist of the characters a-z, A-Z and 0-9. <span class="red">Note: </span> No Spaces. </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Description</td> + <td width="78%" class="vtable"> + <input class="formfld2" name="description" type="text" id="description" size="40" value="<?=$a_list['description'] ?>" /> <br /> + <span class="vexpl"> You may enter a description here for your reference (not parsed). </span> + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"> + Examples: + </td> + </tr> + <tr> + <td colspan="2" valign="top" class="vncell2"> + <span class="red"><b>NOTE: </b></span>Rule DB will not be active until snort sensor restart. <br> + </td> + </tr> + </table> + <tr> + <td style="padding-left: 10px;"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input id="cancel" type="button" class="formbtn" value="Cancel"> + </td> + </tr> +</form> + + <!-- STOP MAIN AREA --> + </table> + </td> + </tr> + </table> + </td> + </tr> +</table> +</div> + + +<!-- footer do not touch below --> +<?php +include("fend.inc"); +echo $snort_custom_rnd_box; +?> + + +</body> +</html> diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php index 0e426159..689fb719 100644 --- a/config/snort-dev/snort_interfaces_whitelist_edit.php +++ b/config/snort-dev/snort_interfaces_whitelist_edit.php @@ -127,8 +127,7 @@ $vpnips_on = ($vpnips_chk == 'on' ? 'checked' : ''); <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> <li class="newtabmenu_active"><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </li> + <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> </ul> </div> diff --git a/config/snort-dev/snort_json_get.php b/config/snort-dev/snort_json_get.php index 1fdcc1e7..ecab3a13 100644 --- a/config/snort-dev/snort_json_get.php +++ b/config/snort-dev/snort_json_get.php @@ -2,13 +2,11 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_download_rules.inc"); session_start(); // alwaya at the very top of a php page or "Cannot send session cache limiter - headers already sent" // upload created log tar to user -if ($_GET['snortGetUpdate'] == 1) -{ +if ($_GET['snortGetUpdate'] == 1) { $tmpfname = "/usr/local/etc/snort/snort_download"; $snort_filename = "snortrules-snapshot-2905.tar.gz"; @@ -16,11 +14,9 @@ if ($_GET['snortGetUpdate'] == 1) $snortSessionPath = $_SESSION['tmp']['snort']['snort_download_updates']; - if (!file_exists("{$tmpfname}/{$snort_filename}")) - { + if (!file_exists("{$tmpfname}/{$snort_filename}")) { - if ($snortSessionPath['download']['working'] != '1') - { + if ($snortSessionPath['download']['working'] != '1') { unset($_SESSION['tmp']); $snortSessionPath['download']['working'] = '1'; sendUpdateSnortLogDownload(); @@ -29,7 +25,9 @@ if ($_GET['snortGetUpdate'] == 1) } $time = time(); - while((time() - $time) < 30) { + while((time() - $time) < 30) + { + // query memcache, database, etc. for new data $data = $datasource->getLatest(); @@ -49,8 +47,7 @@ if ($_GET['snortGetUpdate'] == 1) // upload created log tar to user -if ($_GET['snortlogdownload'] == 1) -{ +if ($_GET['snortlogdownload'] == 1) { sendFileSnortLogDownload(); @@ -58,8 +55,7 @@ if ($_GET['snortlogdownload'] == 1) // send Json sid string -if ($_GET['snortGetSidString'] == 1) -{ +if ($_GET['snortGetSidString'] == 1) { // unset unset($_GET['snortGetSidString']); diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php index 8e09964e..37950f91 100644 --- a/config/snort-dev/snort_json_post.php +++ b/config/snort-dev/snort_json_post.php @@ -5,16 +5,14 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); // unset crsf checks -if(isset($_POST['__csrf_magic'])) -{ +if(isset($_POST['__csrf_magic'])) { unset($_POST['__csrf_magic']); } function snortJsonReturnCode($returnStatus) { - if ($returnStatus == true) - { + if ($returnStatus == true) { echo '{"snortgeneralsettings":"success","snortUnhideTabs":"true"}'; }else{ echo '{"snortgeneralsettings":"fail"}'; @@ -22,8 +20,7 @@ function snortJsonReturnCode($returnStatus) } // row from db by uuid -if ($_POST['snortSidRuleEdit'] == 1) -{ +if ($_POST['snortSidRuleEdit'] == 1) { unset($_POST['snortSidRuleEdit']); @@ -33,11 +30,9 @@ if ($_POST['snortSidRuleEdit'] == 1) // row from db by uuid -if ($_POST['snortSaveRuleSets'] == 1) -{ +if ($_POST['snortSaveRuleSets'] == 1) { - if ($_POST['ifaceTab'] == 'snort_rulesets') - { + if ($_POST['ifaceTab'] == 'snort_rulesets') { // unset POSTs that are markers not in db unset($_POST['snortSaveRuleSets']); unset($_POST['ifaceTab']); @@ -47,8 +42,7 @@ if ($_POST['snortSaveRuleSets'] == 1) } - if ($_POST['ifaceTab'] == 'snort_rules') - { + if ($_POST['ifaceTab'] == 'snort_rules') { // unset POSTs that are markers not in db unset($_POST['snortSaveRuleSets']); unset($_POST['ifaceTab']); @@ -60,70 +54,90 @@ if ($_POST['snortSaveRuleSets'] == 1) } // END of rulesSets // row from db by uuid -if ($_POST['RMlistDelRow'] == 1) -{ +if ($_POST['RMlistDelRow'] == 1) { - if ($_POST['RMlistTable'] == 'Snortrules' || $_POST['RMlistTable'] == 'SnortSuppress') - { + $rm_row_list = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']); - // list rules in the default dir - $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $_POST['RMlistUuid']); - $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid'] . '_' . $a_list['interface']; + // list rules in the default dir + if ($_POST['RMlistTable'] == 'SnortIfaces') { + + $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid'] . '_' . $rm_row_list['interface']; exec('/bin/rm -r ' . $snortRuleDir); - - snortSql_updatelistDelete('SnortruleSets', 'ifaceuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete('SnortruleSigs', 'ifaceuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete('Snortrules', 'uuid', $_POST['RMlistUuid']); - - snortJsonReturnCode(true); - } - if ($_POST['RMlistTable'] == 'SnortSuppress') - { - snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); + // rm ruledb and files + if ($_POST['RMlistTable'] == 'Snortrules') { + + $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}"; + + exec('/bin/rm -r ' . $snortRuleDir); } - - - - if ($_POST['RMlistTable'] == 'SnortWhitelist') - { - $fetchExtraWhitelistEntries = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']); - snortJsonReturnCode(snortSql_updatelistDelete('SnortWhitelistips', 'filename', $fetchExtraWhitelistEntries['filename'])); - snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); - - } + if ($_POST['RMlistTable'] == 'SnortWhitelist') { + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortWhitelistips', 'filename', $rm_row_list['filename']); + } + + snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); } // general settings save -if ($_POST['snortSaveSettings'] == 1) -{ +if ($_POST['snortSaveSettings'] == 1) { + + + // Save ruleDB settings + if ($_POST['dbTable'] == 'Snortrules') { + + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) { + + // creat iface dir and ifcae rules dir + exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + + + // NOTE: code only works on php5 + $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); + $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); + $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); + + if (!empty($listSnortRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + if (!empty($listEmergingRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + if (!empty($listPfsenseRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + + + } //end of mkdir + + snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); + + } // Save general settings - if ($_POST['dbTable'] == 'SnortSettings') - { + if ($_POST['dbTable'] == 'SnortSettings') { - if ($_POST['ifaceTab'] == 'snort_interfaces_global') - { + if ($_POST['ifaceTab'] == 'snort_interfaces_global') { // checkboxes when set to off never get included in POST thus this code $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); } - if ($_POST['ifaceTab'] == 'snort_alerts') - { + if ($_POST['ifaceTab'] == 'snort_alerts') { if (!isset($_POST['arefresh'])) $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); } - if ($_POST['ifaceTab'] == 'snort_blocked') - { + if ($_POST['ifaceTab'] == 'snort_blocked') { if (!isset($_POST['brefresh'])) $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); @@ -140,12 +154,10 @@ if ($_POST['snortSaveSettings'] == 1) } // end of dbTable SnortSettings // Save rule settings on the interface edit tab - if ($_POST['dbTable'] == 'Snortrules') - { + if ($_POST['dbTable'] == 'SnortIfaces') { // snort interface edit - if ($_POST['ifaceTab'] == 'snort_interfaces_edit') - { + if ($_POST['ifaceTab'] == 'snort_interfaces_edit') { if (!isset($_POST['enable'])) $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); @@ -175,8 +187,9 @@ if ($_POST['snortSaveSettings'] == 1) if (!is_dir("/usr/local/etc/snort/{$newSnortDir}")) { // creat iface dir and ifcae rules dir - exec("/bin/mkdir -p /usr/local/etc/snort/{$newSnortDir}/rules"); + exec("/bin/mkdir -p /usr/local/etc/snort/{$newSnortDir}"); + /* // NOTE: code only works on php5 $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snort_rules/rules', '\.rules'); $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/emerging_rules/rules', '\.rules'); @@ -191,6 +204,7 @@ if ($_POST['snortSaveSettings'] == 1) if (!empty($listPfsenseRulesDir)) { exec("/bin/cp -R /usr/local/etc/snort/pfsense_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules"); } + */ } //end of mkdir @@ -198,8 +212,7 @@ if ($_POST['snortSaveSettings'] == 1) } // end of snort_interfaces_edit // snort preprocessor edit - if ($_POST['ifaceTab'] == 'snort_preprocessors') - { + if ($_POST['ifaceTab'] == 'snort_preprocessors') { if (!isset($_POST['dce_rpc_2'])) $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']); @@ -228,8 +241,7 @@ if ($_POST['snortSaveSettings'] == 1) } // snort barnyard edit - if ($_POST['ifaceTab'] == 'snort_barnyard') - { + if ($_POST['ifaceTab'] == 'snort_barnyard') { // make shure iface is lower case $_POST['interface'] = strtolower($_POST['interface']); @@ -250,16 +262,13 @@ if ($_POST['snortSaveSettings'] == 1) } // STOP General Settings Save // Suppress settings save -if ($_POST['snortSaveSuppresslist'] == 1) -{ +if ($_POST['snortSaveSuppresslist'] == 1) { // post for supress_edit - if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') - { + if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') { // make sure filename is valid - if (!is_validFileName($_POST['filename'])) - { + if (!is_validFileName($_POST['filename'])) { echo 'Error: FileName'; return false; } @@ -279,13 +288,11 @@ if ($_POST['snortSaveSuppresslist'] == 1) } // Whitelist settings save -if ($_POST['snortSaveWhitelist'] == 1) -{ +if ($_POST['snortSaveWhitelist'] == 1) { if ($_POST['ifaceTab'] == 'snort_interfaces_whitelist_edit') { - if (!is_validFileName($_POST['filename'])) - { + if (!is_validFileName($_POST['filename'])) { echo 'Error: FileName'; return false; } @@ -307,8 +314,7 @@ if ($_POST['snortSaveWhitelist'] == 1) unset($_POST['list']); - if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) - { + if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) { snortJsonReturnCode(true); }else{ snortJsonReturnCode(false); @@ -318,8 +324,7 @@ if ($_POST['snortSaveWhitelist'] == 1) } // download code for alerts page -if ($_POST['snortlogsdownload'] == 1) -{ +if ($_POST['snortlogsdownload'] == 1) { conf_mount_rw(); snort_downloadAllLogs(); conf_mount_ro(); @@ -327,8 +332,7 @@ if ($_POST['snortlogsdownload'] == 1) } // download code for alerts page -if ($_POST['snortblockedlogsdownload'] == 1) -{ +if ($_POST['snortblockedlogsdownload'] == 1) { conf_mount_rw(); snort_downloadBlockedIPs(); conf_mount_ro(); @@ -337,8 +341,7 @@ if ($_POST['snortblockedlogsdownload'] == 1) // code neeed to be worked on when finnished rules code -if ($_POST['snortlogsdelete'] == 1) -{ +if ($_POST['snortlogsdelete'] == 1) { conf_mount_rw(); snortDeleteLogs(); @@ -346,8 +349,7 @@ if ($_POST['snortlogsdelete'] == 1) } // flushes snort2c table -if ($_POST['snortflushpftable'] == 1) -{ +if ($_POST['snortflushpftable'] == 1) { conf_mount_rw(); snortRemoveBlockedIPs(); @@ -355,8 +357,7 @@ if ($_POST['snortflushpftable'] == 1) } // reset db reset_snortgeneralsettings -if ($_POST['reset_snortgeneralsettings'] == 1) -{ +if ($_POST['reset_snortgeneralsettings'] == 1) { conf_mount_rw(); reset_snortgeneralsettings(); diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc index efd546d8..1f2c807b 100644 --- a/config/snort-dev/snort_new.inc +++ b/config/snort-dev/snort_new.inc @@ -1,8 +1,7 @@ <?php // unset crsf checks -if(isset($_POST['__csrf_magic'])) -{ +if(isset($_POST['__csrf_magic'])) { unset($_POST['__csrf_magic']); } @@ -14,8 +13,7 @@ function snortSidStringRuleEditGUI() $splitcontents = split_rule_file($workingFile); - if (!empty($splitcontents)) - { + if (!empty($splitcontents)) { $sidLinePosPre = exec('/usr/bin/sed -n /sid:' . $_POST['snortSidNum'] . '\;/= ' . $workingFile); $sidLinePos = $sidLinePosPre - 1; @@ -86,43 +84,46 @@ function newFilterRuleSig($baseruleArray) $newSigArray[] = array(); foreach ( $baseruleArray as $value ) { + if (preg_match('/^# alert/', $value) || preg_match('/^alert/', $value)) { - // add sid - $newSigArray[$i]['sid'] = get_middle($value, 'sid:', ';', 0); + // add sid + $newSigArray[$i]['sid'] = get_middle($value, 'sid:', ';', 0); + + // remove whitespaces + $rmWhitespaces = preg_replace('/\s\s+/', ' ', $value); + // remove whitespace betwin # aerrt + $rmAlertWhitespace = preg_replace('/^# alert/', '#alert', $rmWhitespaces); + $splitcontents = explode(' ', $rmAlertWhitespace); + + // enable or disable + if ($splitcontents[0] === '#alert') { + $newSigArray[$i]['enable'] = 'off'; + }else{ + $newSigArray[$i]['enable'] = 'on'; + } + + // proto + $newSigArray[$i]['proto'] = $splitcontents[1]; + + // source + $newSigArray[$i]['src'] = trimLength($splitcontents[2]); + + // source port + $newSigArray[$i]['srcport'] = trimLength($splitcontents[3]); + + // Destination + $newSigArray[$i]['dst'] = trimLength($splitcontents[5]); + + // Destination port + $newSigArray[$i]['dstport'] = trimLength($splitcontents[6]); + + // sig message + $newSigArray[$i]['msg'] = get_middle($value, 'msg:"', '";', 0); - // remove whitespaces - $rmWhitespaces = preg_replace('/\s\s+/', ' ', $value); - // remove whitespace betwin # aerrt - $rmAlertWhitespace = preg_replace('/^# alert/', '#alert', $rmWhitespaces); - $splitcontents = explode(' ', $rmAlertWhitespace); - - // enable or disable - if ($splitcontents[0] === '#alert') - { - $newSigArray[$i]['enable'] = 'off'; - }else{ - $newSigArray[$i]['enable'] = 'on'; } - - // proto - $newSigArray[$i]['proto'] = $splitcontents[1]; - - // source - $newSigArray[$i]['src'] = trimLength($splitcontents[2]); - - // source port - $newSigArray[$i]['srcport'] = trimLength($splitcontents[3]); - - // Destination - $newSigArray[$i]['dst'] = trimLength($splitcontents[5]); - - // Destination port - $newSigArray[$i]['dstport'] = trimLength($splitcontents[6]); - - // sig message - $newSigArray[$i]['msg'] = get_middle($value, 'msg:"', '";', 0); - $i++; + $i++; + } return $newSigArray; @@ -168,11 +169,9 @@ function write_rule_file($content_changed, $received_file) // Save ruleSets settings function snortSql_updateRuleSigList() { - - $snortDir = '/usr/local/etc/snort/sn_' . $_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] . '_' . $_SESSION['snort']['tmp']['snort_rules']['ifaceselected']; // selected snort rule file - $workingFile = $snortDir . '/rules/' . $_SESSION['snort']['tmp']['snort_rules']['rulefile']; + $workingFile = "/usr/local/etc/snort/snortDBrules/DB/{$_SESSION['snort']['tmp']['snort_rules']['rdbuuid']}/rules/{$_SESSION['snort']['tmp']['snort_rules']['rulefile']}"; $splitcontents = split_rule_file($workingFile); @@ -187,23 +186,19 @@ function snortSql_updateRuleSigList() $sidLine = preg_replace($replaceChars, '', $matches[0]); - if ($sidLine == '') - { + if ($sidLine == '') { $tempstring[] = $sigLine; }else{ - if (in_array($sidLine, $enableSigsArray)) - { + if (in_array($sidLine, $enableSigsArray)) { $tempstring[] = str_replace("# alert", "alert", $sigLine); } - if (in_array($sidLine, $disableSigsArray)) - { + if (in_array($sidLine, $disableSigsArray)) { $tempstring[] = str_replace("alert", "# alert", $sigLine); } - if (!in_array($sidLine, $enableSigsArray) && !in_array($sidLine, $disableSigsArray)) - { + if (!in_array($sidLine, $enableSigsArray) && !in_array($sidLine, $disableSigsArray)) { $tempstring[] = $sigLine; } } @@ -216,8 +211,7 @@ function snortSql_updateRuleSigList() $enableSigsArray = array(); $disableSigsArray = array(); - if (!isset($_POST['filenamcheckbox2'])) - { + if (!isset($_POST['filenamcheckbox2'])) { $_POST['filenamcheckbox2'] = array(); } @@ -226,24 +220,70 @@ function snortSql_updateRuleSigList() foreach ($newFilterRuleSigArray as $sigArray) { // enable sig - if(in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'off') - { + if(in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'off') { $enableSigsArray[] = $sigArray['sid']; } // disable sig - if(!in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'on') - { + if(!in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'on') { $disableSigsArray[] = $sigArray['sid']; } } // read rule file change disable/enable then write to file if arrays are not empty - if (!empty($enableSigsArray) || !empty($disableSigsArray)) - { + if (!empty($enableSigsArray) || !empty($disableSigsArray)) { write_rule_file(read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray), $workingFile); } + // Insert into the DB for oinkmaster + + function sql_EnableDisabeSid($SigArray, $OnOff) + { + + $dbname = $_SESSION['snort']['tmp']['snort_rules']['dbName']; + $table = $_SESSION['snort']['tmp']['snort_rules']['dbTable']; + $rdbuuid = $_SESSION['snort']['tmp']['snort_rules']['rdbuuid']; + $addDate = date(U); + + // dont let user pick the DB path + $db = sqlite_open("/usr/local/pkg/snort/{$dbname}"); + + foreach ($SigArray as $mDEanbled) + { + + $resultid = sqlite_query($db, + "SELECT id FROM {$table} WHERE signatureid = '{$mDEanbled}'; + "); + + $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); + + if (empty($chktable)) { + + $query_ck = sqlite_query($db, // @ supress warnings usonly in production + "INSERT INTO {$table} (date, rdbuuid, signatureid, enable) VALUES ('{$addDate}', '{$rdbuuid}', '{$mDEanbled}', '{$OnOff}'); + "); + + }else{ + if ($chktable[0]['enable'] != $OnOff) { + $query_ck = sqlite_query($db, // @ supress warnings usonly in production + "UPDATE {$table} SET date = {$addDate}, enable = '{$OnOff}' WHERE signatureid = '{$mDEanbled}'; + "); + } + + + } + + + } + + sqlite_close($db); + + } // snd of function + + sql_EnableDisabeSid($enableSigsArray, 'on'); + sql_EnableDisabeSid($disableSigsArray, 'off'); + + return true; @@ -256,44 +296,38 @@ function snortSql_updateRuleSetList() $dbname = $_POST['dbName']; $table = $_POST['dbTable']; $ruleSetfilenames = $_POST['filenamcheckbox']; - $ifaceuuid = $_POST['ifaceuuid']; - $iface = $_POST['iface']; - + $rdbuuid = $_POST['rdbuuid']; $addDate = date(U); - // do let user pick the DB path + // dont let user pick the DB path $db = sqlite_open("/usr/local/pkg/snort/{$dbname}"); - if (empty($ruleSetfilenames)) - { + if (empty($ruleSetfilenames)) { $ruleSetfilenames = array(); } // foreach selected rulesets do this - if (!empty($ruleSetfilenames)) - { + if (!empty($ruleSetfilenames)) { foreach ($ruleSetfilenames as $ruleSetfilename) { $resultid = sqlite_query($db, - "SELECT id, enable FROM {$table} WHERE rulesetname = '{$ruleSetfilename}' and ifaceuuid = '{$ifaceuuid}'; + "SELECT id, enable FROM {$table} WHERE rulesetname = '{$ruleSetfilename}' and rdbuuid = '{$rdbuuid}'; "); $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); - if (empty($chktable)) - { + if (empty($chktable)) { $rulesetUuid = genAlphaNumMixFast(11, 14); $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$table} (date, uuid, ifaceuuid, rulesetname, enable) VALUES ('{$addDate}', '{$rulesetUuid}', '{$ifaceuuid}', '{$ruleSetfilename}', 'on'); + "INSERT INTO {$table} (date, uuid, rdbuuid, rulesetname, enable) VALUES ('{$addDate}', '{$rulesetUuid}', '{$rdbuuid}', '{$ruleSetfilename}', 'on'); "); }else{ - if ($chktable[0]['enable'] == 'off') - { + if ($chktable[0]['enable'] == 'off') { $query_ck = sqlite_query($db, // @ supress warnings usonly in production "UPDATE {$table} SET enable = 'on' WHERE id = '{$chktable[0]['id']}'; "); @@ -304,10 +338,10 @@ function snortSql_updateRuleSetList() // clean database of old names and turn rulesets off - $listDir = snortScanDirFilter("/usr/local/etc/snort/sn_{$ifaceuuid}_{$iface}/rules/", '.rules'); + $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$rdbuuid}/rules/", '\.rules'); $resultAllRulesetname = sqlite_query($db, - "SELECT rulesetname FROM {$table} WHERE ifaceuuid = '{$ifaceuuid}'; + "SELECT rulesetname FROM {$table} WHERE rdbuuid = '{$rdbuuid}'; "); $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC); @@ -321,14 +355,14 @@ function snortSql_updateRuleSetList() if(!in_array($value['rulesetname'], $listDir)) { $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production - "DELETE FROM {$table} WHERE rulesetname = '{$value['rulesetname']}' and ifaceuuid = '{$ifaceuuid}'; + "DELETE FROM {$table} WHERE rulesetname = '{$value['rulesetname']}' and rdbuuid = '{$rdbuuid}'; "); } if(!in_array($value['rulesetname'], $ruleSetfilenames)) { $ruleSetisOff = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET enable = 'off' WHERE rulesetname = '{$value['rulesetname']}' and ifaceuuid = '{$ifaceuuid}'; + "UPDATE {$table} SET enable = 'off' WHERE rulesetname = '{$value['rulesetname']}' and rdbuuid = '{$rdbuuid}'; "); } } @@ -363,48 +397,31 @@ function snortSql_fetchAllInterfaceRules($table, $dbname) function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid) { - if ($dbname == '' || $table == '' || $type == '') - { + if ($dbname == '' || $table == '' || $type == '') { return false; } $db = sqlite_open("/usr/local/pkg/snort/$dbname"); - if ($type == 'All') - { + if ($type == 'All') { + $result = sqlite_query($db, "SELECT * FROM {$table} WHERE id > 0; "); - } - - if ($type == 'id') - { - $result = sqlite_query($db, - "SELECT * FROM {$table} where id = '{$id_uuid}'; - "); - } - - if ($type == 'uuid') - { - $result = sqlite_query($db, - "SELECT * FROM {$table} where uuid = '{$id_uuid}'; - "); - } - - if ($type == 'ifaceuuid') - { + + }else{ + $result = sqlite_query($db, - "SELECT * FROM {$table} where ifaceuuid = '{$id_uuid}'; + "SELECT * FROM {$table} where {$type} = '{$id_uuid}'; "); - } + + } - if ($type == 'id' || $type == 'uuid') - { + if ($type == 'id' || $type == 'uuid') { $chktable = sqlite_fetch_array($result, SQLITE_ASSOC); } - if ($type == 'All' || $type == 'ifaceuuid') - { + if ($type == 'All' || $type == 'ifaceuuid' || $type == 'ruledbname' || $type == 'rdbuuid') { $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); } @@ -733,12 +750,11 @@ function snortSql_updateWhitelistIps($newPostListips) } // end of func // RMlist Delete -function snortSql_updatelistDelete($table, $type, $uuid_filename) +function snortSql_updatelistDelete($databse, $table, $type, $uuid_filename) { - - $usrDB = $_POST['RMlistDB']; - $db = "/usr/local/pkg/snort/$usrDB"; + $db = "/usr/local/pkg/snort/{$databse}"; + $mydb = sqlite_open("$db"); if ($type == 'uuid') diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php index bca52a65..e0c334ba 100644 --- a/config/snort-dev/snort_preprocessors.php +++ b/config/snort-dev/snort_preprocessors.php @@ -46,7 +46,7 @@ if ($uuid == '') { } -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); $pgtitle = "Snort: Interface Preprocessors and Flow"; include("/usr/local/pkg/snort/snort_head.inc"); @@ -98,9 +98,10 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid) <form id="iform" > <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> - <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table--> + <input type="hidden" name="dbName" value="snortDB" /> <!-- what db--> + <input type="hidden" name="dbTable" value="SnortIfaces" /> <!-- what db table--> <input type="hidden" name="ifaceTab" value="snort_preprocessors" /> <!-- what interface tab --> + <input name="uuid" type="hidden" value="<?=$a_list['uuid']; ?>"> @@ -272,7 +273,6 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid) <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <input id="cancel" type="button" class="formbtn" value="Cancel" > - <input name="uuid" type="hidden" value="<?=$a_list['uuid']; ?>"> </td> </tr> diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index 5eb70549..1edc31e2 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -36,24 +36,30 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); -// set page vars +if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { + echo 'Error: more than one uuid'; + exit(0); +} -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; +// set page vars +if (isset($_GET['uuid'])) { + $uuid = $_GET['uuid']; +} -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); +if (isset($_GET['rdbuuid'])) { + $rdbuuid = $_GET['rdbuuid']; +}else{ + $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); + $rdbuuid = $ruledbname_pre1['ruledbname']; } // unset Session tmp on page load unset($_SESSION['snort']['tmp']); // list rules in the default dir -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid); -$snortRuleDir = '/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface']; +$snortRuleDir = '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid; // list rules in the default dir $filterDirList = array(); @@ -117,11 +123,12 @@ function load_rule_file($incoming_file, $splitcontents) /* * SET GLOBAL ARRAY $_SESSION['snort'] + * Use SESSION instead POST for security because were writing to files. */ + $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules'; $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs'; - $_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] = $uuid; - $_SESSION['snort']['tmp']['snort_rules']['ifaceselected'] = $a_list['interface']; + $_SESSION['snort']['tmp']['snort_rules']['rdbuuid'] = $rdbuuid; $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile; @@ -141,12 +148,13 @@ function load_rule_file($incoming_file, $splitcontents) <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p> </div> +<!-- hidden div --> <div id="loadingRuleEditGUI"> <div class="loadingRuleEditGUIDiv"> <form id="iform2" action=""> <input type="hidden" name="snortSidRuleEdit" value="1" /> - <input type="hidden" name="snortSidRuleIface" value="<?=$uuid . '_' . $a_list['interface']; ?>" /> <!-- what to do, save --> + <input type="hidden" name="snortSidRuleDBuuid" value="<?=$rdbuuid;?>" /> <!-- what to do, save --> <input type="hidden" name="snortSidRuleFile" value="<?=$rulefile; ?>" /> <!-- what to do, save --> <input type="hidden" name="snortSidNum" value="" /> <!-- what to do, save --> <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> @@ -200,23 +208,58 @@ function load_rule_file($incoming_file, $splitcontents) <div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 790px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> - <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> - </ul> - </div> - - </td> - </tr> + <?php + if (!empty($uuid)) { + echo ' + <tr> + <td> + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li> + <li><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li> + <li class="newtabmenu_active"><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li> + <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li> + <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li> + <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li> + </ul> + </div> + </td> + </tr> + '; + }else{ + echo ' + <tr> + <td> + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> + </ul> + </div> + </td> + </tr> + <tr> + <td> + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li class="hide_newtabmenu"><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li> + <li class="hide_newtabmenu"><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li> + <li class="hide_newtabmenu newtabmenu_active"><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li> + </ul> + </div> + </td> + </tr> + '; + } + ?> <tr> <td id="tdbggrey"> <div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> @@ -230,16 +273,23 @@ function load_rule_file($incoming_file, $splitcontents) Category: <select name="selectbox" class="formfld" > <?php + if(isset($_GET['uuid'])) { + $urlUuid = "&uuid=$uuid"; + } + + if(isset($_GET['rdbuuid'])) { + $urlUuid = "&rdbuuid=$rdbuuid"; + } + $i=0; foreach ($filterDirList as $value) { $selectedruleset = ''; - if ($value === $rulefile) - { + if ($value === $rulefile) { $selectedruleset = 'selected'; } - echo "\n" . '<option value="?uuid=' . $uuid . '&openruleset=' . $ruledir . $value . '" ' . $selectedruleset . ' >' . $value . '</option>' . "\r"; + echo "\n" . '<option value="?&openruleset=' . $ruledir . $value . $urlUuid . '" ' . $selectedruleset . ' >' . $value . '</option>' . "\r"; $i++; diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php index 09d81f4c..051a8398 100644 --- a/config/snort-dev/snort_rulesets.php +++ b/config/snort-dev/snort_rulesets.php @@ -34,33 +34,37 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); -// set page vars +if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { + echo 'Error: more than one uuid'; + exit(0); +} -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; +// set page vars +if (isset($_GET['uuid'])) { + $uuid = $_GET['uuid']; +} -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); +if (isset($_GET['rdbuuid'])) { + $rdbuuid = $_GET['rdbuuid']; +}else{ + $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); + $rdbuuid = $ruledbname_pre1['ruledbname']; } -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +//$a_list = snortSql_fetchAllSettings('snortDBrules', 'SnortIfaces', 'uuid', $uuid); // list rules in the default dir $filterDirList = array(); - $filterDirList = snortScanDirFilter('/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'] . '/rules', '\.rules'); + $filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules'); // list rules in db that are on in a array $listOnRules = array(); - $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'ifaceuuid', $uuid); + $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'rdbuuid', $rdbuuid); - if (!empty($listOnRules)) - { + if (!empty($listOnRules)) { foreach ( $listOnRules as $val2 ) { - if ($val2['enable'] == 'on') - { + if ($val2['enable'] == 'on') { $rulesetOn[] = $val2['rulesetname']; } } @@ -151,7 +155,7 @@ jQuery(document).ready(function() { ' <input class="domecheck" name="filenamcheckbox[]" value="' + snortObjlist.ruleSets[i].rule + '" type="checkbox" ' + rulesetChecked + ' >' + "\n" + '</td>' + "\n" + '<td class="' + rowIsEvenOdd + '">' + "\n" + - ' <a href="/snort/snort_rules.php?uuid=<?=$uuid?>' + '&openruleset=' + snortObjlist.ruleSets[i].rule + '">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" + + ' <a href="/snort/snort_rules.php?openruleset=' + snortObjlist.ruleSets[i].rule + '<?php if(isset($uuid)){echo "&uuid=$uuid";}else{echo "&rdbuuid=$rdbuuid";}?>' + '">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" + '</td>' + "\n" + '</tr>' + "\n\n" ); @@ -163,9 +167,6 @@ jQuery(document).ready(function() { </script> - - - <div id="loadingWaiting"> <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p> </div> @@ -176,23 +177,58 @@ jQuery(document).ready(function() { <div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0" alt="transgif" ></img></a></div> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> + <?php + if (!empty($uuid)) { + echo ' + <tr> + <td> + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li> + <li class="newtabmenu_active"><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li> + <li><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li> + <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li> + <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li> + <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li> + </ul> + </div> + </td> + </tr> + '; + }else{ + echo ' + <tr> + <td> + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> - </ul> - </div> - - </td> - </tr> + <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> + <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> + <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> + <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> + <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> + <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> + <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> + <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> + </ul> + </div> + </td> + </tr> + <tr> + <td> + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li class="hide_newtabmenu"><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li> + <li class="hide_newtabmenu newtabmenu_active"><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li> + <li class="hide_newtabmenu"><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li> + </ul> + </div> + </td> + </tr> + '; + } + ?> <tr> <td id="tdbggrey"> <table width="100%" border="0" cellpadding="10px" cellspacing="0"> @@ -220,8 +256,7 @@ jQuery(document).ready(function() { <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> <input type="hidden" name="dbTable" value="SnortruleSets" /> <!-- what db table--> <input type="hidden" name="ifaceTab" value="snort_rulesets" /> <!-- what interface tab --> - <input type="hidden" name="ifaceuuid" value="<?=$uuid;?>" /> <!-- what interface to save for --> - <input type="hidden" name="iface" value="<?=$a_list['interface'];?>" /> <!-- what interface to save for --> + <input type="hidden" name="rdbuuid" value="<?=$rdbuuid;?>" /> <!-- what interface to save for --> <table width="100%" border="0" cellpadding="0" cellspacing="0"> |