Add new SID MGMT functionality to Snort package.

1 files changed, 121 insertions, 19 deletions

diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 8d9aa6ba..013b7d84 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -109,6 +109,29 @@ $categories[] = "custom.rules";
 $categories[] = "decoder.rules";
 $categories[] = "preprocessor.rules";
 $categories[] = "sensitive-data.rules";
+
+// Get any automatic rule category enable/disable modifications
+// if auto-SID Mgmt is enabled, and adjust the available rulesets
+// in the CATEGORY drop-down box as necessary.
+$cat_mods = snort_sid_mgmt_auto_categories($a_rule[$id], FALSE);
+foreach ($cat_mods as $k => $v) {
+	switch ($v) {
+		case 'disabled':
+			if (($key = array_search($k, $categories)) !== FALSE)
+				unset($categories[$key]);
+			break;
+
+		case 'enabled':
+			if (!in_array($k, $categories))
+				$categories[] = $k;
+			break;
+
+		default:
+			break;
+	}
+}
+
+// Add any enabled IPS-Policy and Auto-Flowbits File
 if (!empty($a_rule[$id]['ips_policy']))
 	$categories[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
 if ($a_rule[$id]['autoflowbitrules'] == 'on')
@@ -146,6 +169,9 @@ if ($currentruleset != 'custom.rules') {
 		$input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again.");
 }
 
+/* Process the current category rules through any auto SID MGMT changes if enabled */
+snort_auto_sid_mgmt($rules_map, $a_rule[$id], FALSE);
+
 /* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */
 $enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']);
 $disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']);
@@ -356,6 +382,9 @@ elseif ($_POST['clear']) {
 	conf_mount_ro();
 	$rebuild_rules = false;
 	$pconfig['customrules'] = '';
+
+	// Sync to configured CARP slaves if any are enabled
+	snort_sync_on_changes();
 }
 elseif ($_POST['save']) {
 	$pconfig['customrules'] = $_POST['customrules'];
@@ -388,6 +417,9 @@ elseif ($_POST['save']) {
 	}
 
 	clear_subsystem_dirty('snort_rules');
+
+	// Sync to configured CARP slaves if any are enabled
+	snort_sync_on_changes();
 }
 else if ($_POST['apply']) {
 	/* Save new configuration */
@@ -408,6 +440,9 @@ else if ($_POST['apply']) {
 
 	// We have saved changes and done a soft restart, so clear "dirty" flag
 	clear_subsystem_dirty('snort_rules');
+
+	// Sync to configured CARP slaves if any are enabled
+	snort_sync_on_changes();
 }
 
 include_once("head.inc");
@@ -453,7 +488,8 @@ if ($savemsg) {
 		$tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
 		$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
 		$tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
-		$tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+		$tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php");
+		$tab_array[9] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
 		display_top_tabs($tab_array,true);
 		echo '</td></tr>';
 		echo '<tr><td class="tabnavtbl">';
@@ -614,17 +650,35 @@ if ($savemsg) {
 						</thead>
 						<tbody>
 					<?php
-						$counter = $enable_cnt = $disable_cnt = 0;
+						$counter = $enable_cnt = $disable_cnt = $user_enable_cnt = $user_disable_cnt = $managed_count = 0;
 						foreach ($rules_map as $k1 => $rulem) {
 							foreach ($rulem as $k2 => $v) {
 								$sid = $k2;
 								$gid = $k1;
-
-								if (isset($disablesid[$gid][$sid])) {
+								$ruleset = $currentruleset;
+								$style = "";
+
+								if ($v['managed'] == 1) {
+									if ($v['disabled'] == 1) {
+										$textss = "<span class=\"gray\">";
+										$textse = "</span>";
+										$style= "style=\"opacity: 0.4; filter: alpha(opacity=40);\"";
+										$title = gettext("Auto-disabled by settings on SID Mgmt tab");
+									}
+									else {
+										$textss = $textse = "";
+										$ruleset = "suricata.rules";
+										$title = gettext("Auto-managed by settings on SID Mgmt tab");
+									}
+									$iconb = "icon_advanced.gif";
+									$managed_count++;
+								}
+								elseif (isset($disablesid[$gid][$sid])) {
 									$textss = "<span class=\"gray\">";
 									$textse = "</span>";
 									$iconb = "icon_reject_d.gif";
 									$disable_cnt++;
+									$user_disable_cnt++;
 									$title = gettext("Disabled by user. Click to toggle to enabled state");
 								}
 								elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
@@ -638,6 +692,7 @@ if ($savemsg) {
 									$textss = $textse = "";
 									$iconb = "icon_reject.gif";
 									$enable_cnt++;
+									$user_enable_cnt++;
 									$title = gettext("Enabled by user. Click to toggle to disabled state");
 								}
 								else {
@@ -668,12 +723,18 @@ if ($savemsg) {
 								$message = snort_get_msg($v['rule']); // description field
 								$sid_tooltip = gettext("View the raw text for this rule");
 
-								echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss}
-								<a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
-								document.getElementById('gid').value='{$gid}';\" 
-								src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"  
-								title='{$title}' name=\"toggle[]\"/></a>{$textse}
-							       </td>
+								echo "<tr><td class=\"listt\" style=\"align:center;\" valign=\"middle\">{$textss}";
+								if ($v['managed'] == 1) {
+									echo "<img {$style} src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" 
+									title='{$title}'/>{$textse}";
+								}
+								else {
+									echo "<a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+									document.getElementById('gid').value='{$gid}';\" 
+									src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"  
+									title='{$title}' name=\"toggle[]\"/></a>{$textse}";
+								}
+							       echo "</td>
 							       <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
 									{$textss}{$gid}{$textse}
 							       </td>
@@ -734,16 +795,35 @@ if ($savemsg) {
 						</thead>
 						<tbody>
 							<?php
-								$counter = $enable_cnt = $disable_cnt = 0;
+								$counter = $enable_cnt = $disable_cnt = $user_enable_cnt = $user_disable_cnt = $managed_count = 0;
 								foreach ($rules_map as $k1 => $rulem) {
 									foreach ($rulem as $k2 => $v) {
+										$ruleset = $currentruleset;
+										$style = "";
 										$sid = snort_get_sid($v['rule']);
 										$gid = snort_get_gid($v['rule']);
-										if (isset($disablesid[$gid][$sid])) {
+
+										if ($v['managed'] == 1) {
+											if ($v['disabled'] == 1) {
+												$textss = "<span class=\"gray\">";
+												$textse = "</span>";
+												$style= "style=\"opacity: 0.4; filter: alpha(opacity=40);\"";
+												$title = gettext("Auto-disabled by settings on SID Mgmt tab");
+											}
+											else {
+												$textss = $textse = "";
+												$ruleset = "suricata.rules";
+												$title = gettext("Auto-managed by settings on SID Mgmt tab");
+											}
+											$iconb = "icon_advanced.gif";
+											$managed_count++;
+										}
+										elseif (isset($disablesid[$gid][$sid])) {
 											$textss = "<span class=\"gray\">";
 											$textse = "</span>";
 											$iconb = "icon_reject_d.gif";
 											$disable_cnt++;
+											$user_disable_cnt++;
 											$title = gettext("Disabled by user. Click to toggle to enabled state");
 										}
 										elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
@@ -757,6 +837,7 @@ if ($savemsg) {
 											$textss = $textse = "";
 											$iconb = "icon_reject.gif";
 											$enable_cnt++;
+											$user_enable_cnt++;
 											$title = gettext("Enabled by user. Click to toggle to disabled state");
 										}
 										else {
@@ -777,12 +858,18 @@ if ($savemsg) {
 										else
 											$policy = "none";
 
-										echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss}
-										<input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
-										document.getElementById('gid').value='{$gid}';\" 
-										src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"  
-										title='{$title}' name=\"toggle[]\"/>{$textse}
-							       			</td>
+										echo "<tr><td class=\"listt\" style=\"align:center;\" valign=\"middle\">{$textss}";
+										if ($v['managed'] == 1) {
+											echo "<img {$style} src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" 
+											title='{$title}'/>{$textse}";
+										}
+										else {
+											echo "<a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+											document.getElementById('gid').value='{$gid}';\" 
+											src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"  
+											title='{$title}' name=\"toggle[]\"/></a>{$textse}";
+										}
+									       echo "</td>
 									       <td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
 											{$textss}{$gid}{$textse}
 									       </td>
@@ -824,7 +911,10 @@ if ($savemsg) {
 							<strong><?php echo gettext("---  Category Rules Summary  ---") . "</strong><br/>" . 
 							gettext("Total Rules: {$counter}") . "&nbsp;&nbsp;&nbsp;&nbsp;" . 
 							gettext("Enabled: {$enable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" . 
-							gettext("Disabled: {$disable_cnt}"); ?></td>
+							gettext("Disabled: {$disable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" . 
+							gettext("User Enabled: {$user_enable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" . 
+							gettext("User Disabled: {$user_disable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" . 
+							gettext("Auto-Managed: {$managed_count}"); ?></td>
 						</tr>
 						<tr>
 							<td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
@@ -846,6 +936,18 @@ if ($savemsg) {
 								width="11" height="11"></td>
 							<td nowrap><?php echo gettext("Rule changed to Disabled by user"); ?></td>
 						</tr>
+					<?php if (!empty($cat_mods)): ?>
+						<tr>
+							<td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_advanced.gif"
+								width="11" height="11"></td>
+							<td nowrap><?php echo gettext("Rule auto-enabled by files configured on SID Mgmt tab"); ?></td>
+						</tr>
+						<tr>
+							<td width="16"><img style="opacity: 0.4; filter: alpha(opacity=40);" src="../themes/<?= $g['theme']; ?>/images/icons/icon_advanced.gif"
+								width="11" height="11"></td>
+							<td nowrap><?php echo gettext("Rule auto-disabled by files configured on SID Mgmt tab"); ?></td>
+						</tr>
+					<?php endif; ?>
 					</table>
 				</td>
 			</tr>