diff options
| author | robiscool <robrob2626@yahoo.com> | 2010-03-31 19:02:32 -0700 |
|---|---|---|
| committer | robiscool <robrob2626@yahoo.com> | 2010-03-31 19:03:32 -0700 |
| commit | 844fbe052e814a4662dedcf3a09fbfcdb814801a (patch) | |
| tree | 1aaa04b143ea727331592d2be9e51648a1f2e0b6 /config/snort/snort_rules_edit.php | |
| parent | 5ee5b0e0e604c8e5d998ac79392a3fa728fbebb1 (diff) | |
| download | pfsense-packages-844fbe052e814a4662dedcf3a09fbfcdb814801a.tar.gz pfsense-packages-844fbe052e814a4662dedcf3a09fbfcdb814801a.tar.bz2 pfsense-packages-844fbe052e814a4662dedcf3a09fbfcdb814801a.zip | |
snort-dev to snort, snort to snort-old, Release
Diffstat (limited to 'config/snort/snort_rules_edit.php')
| -rw-r--r-- | config/snort/snort_rules_edit.php | 366 |
1 files changed, 201 insertions, 165 deletions
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index cbabce73..b770867f 100644 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -1,40 +1,72 @@ +#!/usr/local/bin/php <?php -/* $Id$ */ /* - snort_rules_edit.php - Copyright (C) 2004, 2005 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + system_edit.php + Copyright (C) 2004, 2005 Scott Ullrich + All rights reserved. + + Adapted for FreeNAS by Volker Theile (votdev@gmx.de) + Copyright (C) 2006-2009 Volker Theile + + Adapted for Pfsense Snort package by Robert Zelaya + Copyright (C) 2008-2009 Robert Zelaya + + Using dp.SyntaxHighlighter for syntax highlighting + http://www.dreamprojections.com/SyntaxHighlighter + Copyright (C) 2004-2006 Alex Gorbatchev. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; +require_once("guiconfig.inc"); +require_once("config.inc"); + + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +$ids = $_GET['ids']; +if (isset($_POST['ids'])) + $ids = $_POST['ids']; + + +if (isset($id) && $a_nat[$id]) { + + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; } +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); + $file = $_GET['openruleset']; @@ -42,10 +74,10 @@ $file = $_GET['openruleset']; $filehandle = fopen($file, "r"); //get rule id -$lineid = $_GET['id']; +$lineid = $_GET['ids']; //read file into string, and get filesize -$contents = fread($filehandle, filesize($file)); +$contents2 = fread($filehandle, filesize($file)); //close handler fclose ($filehandle); @@ -54,154 +86,158 @@ fclose ($filehandle); $delimiter = "\n"; //split the contents of the string file into an array using the delimiter -$splitcontents = explode($delimiter, $contents); +$splitcontents = explode($delimiter, $contents2); //copy rule contents from array into string $tempstring = $splitcontents[$lineid]; -//explode rule contents into an array, (delimiter is space) -$rule_content = explode(' ', $tempstring); +function write_rule_file($content_changed, $received_file) +{ + //read snort file with writing enabled + $filehandle = fopen($received_file, "w"); + + //delimiter for each new rule is a new line + $delimiter = "\n"; -//search string -$findme = "# alert"; //find string for disabled alerts + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); -//find if alert is disabled -$disabled = strstr($tempstring, $findme); + //write data to file + fwrite($filehandle, $fullfile); -//get sid -$sid = get_middle($tempstring, 'sid:', ';', 0); + //close file handle + fclose($filehandle); +} -//if find alert is false, then rule is disabled -if ($disabled !== false) -{ - //move counter up 1, so we do not retrieve the # in the rule_content array - $counter2 = 2; + + +if($_POST['highlight'] <> "") { + if($_POST['highlight'] == "yes" or + $_POST['highlight'] == "enabled") { + $highlight = "yes"; + } else { + $highlight = "no"; + } +} else { + $highlight = "no"; } + +if($_POST['rows'] <> "") + $rows = $_POST['rows']; else + $rows = 1; + +if($_POST['cols'] <> "") + $cols = $_POST['cols']; +else + $cols = 66; + +if ($_POST) { - $counter2 = 1; + if ($_POST['save']) { + + /* get the changes */ + $rule_content2 = $_POST['code']; + + //copy string into file array for writing + $splitcontents[$lineid] = $rule_content2; + + //write the new .rules file + write_rule_file($splitcontents, $file); + + header("Location: /snort/snort_rules_edit.php?id=$id&openruleset=$file&ids=$ids"); + + } } +$pgtitle = array(gettext("Advanced"), gettext("File Editor")); -$protocol = $rule_content[$counter2];//protocol location -$counter2++; -$source = $rule_content[$counter2];//source location -$counter2++; -$source_port = $rule_content[$counter2];//source port location -$counter2++; -$direction = $rule_content[$counter2]; -$counter2++; -$destination = $rule_content[$counter2];//destination location -$counter2++; -$destination_port = $rule_content[$counter2];//destination port location -$message = get_middle($tempstring, 'msg:"', '";', 0); - -$content = get_middle($tempstring, 'content:"', '";', 0); -$classtype = get_middle($tempstring, 'classtype:', ';', 0); -$revision = get_middle($tempstring, 'rev:', ';',0); - -$pgtitle = "Snort: Edit Rule"; -require("guiconfig.inc"); -include("head.inc"); +// ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<?php include("fbegin.inc"); ?> -<?php -if(!$pgtitle_output) - echo "<p class=\"pgtitle\"><?=$pgtitle?></p>"; -?> -<table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <form action="snort_rules.php?openruleset=<?=$file;?>&id=<?=$lineid;?>" target="" method="post" name="editform" id="editform"> - <table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listhdr" width="10%">Enabled: </td> - <td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if ($disabled === false) echo "checked";?>></td> - </tr> - <tr> - <td class="listhdr" width="10%">SID: </td> - <td class="listlr" width="30%"><?php echo $sid; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Protocol: </td> - <td class="listlr" width="30%"><?php echo $protocol; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Source: </td> - <td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo $source;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Source Port: </td> - <td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo $source_port;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Direction:</td> - <td class="listlr" width="30%"><?php echo $direction;?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Destination:</td> - <td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo $destination;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Destination Port: </td> - <td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo $destination_port;?>"></td> - </tr> - <tr> - <td class="listhdr" width="10%">Message: </td> - <td class="listlr" width="30%"><?php echo $message; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Content: </td> - <td class="listlr" width="30%"><?php echo $content; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Classtype: </td> - <td class="listlr" width="30%"><?php echo $classtype; ?></td> - </tr> - <tr> - <td class="listhdr" width="10%">Revision: </td> - <td class="listlr" width="30%"><?php echo $revision; ?></td> - </tr> - <tr><td> </td></tr> - <tr> - <td><input name="lineid" type="hidden" value="<?=$lineid;?>"></td> - <td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">   <input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td> - </tr> - </table> - </form> - </td> - </tr> - </table> - </td> -</tr> +<?php include("head.inc");?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabcont"> + <form action="snort_rules_edit.php?id=<?=$id; ?>&openruleset=<?=$file; ?>&ids=<?=$ids; ?>" method="post"> + <?php if ($savemsg) print_info_box($savemsg);?> + <table width="100%" cellpadding='9' cellspacing='9' bgcolor='#eeeeee'> + <tr> + <td> + <input name="save" type="submit" class="formbtn" id="save" value="save" /> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + <hr noshade="noshade" /> + <?=gettext("Disable original rule"); ?>: + <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> /> + <label for="highlighting_enabled"><?=gettext("Enabled"); ?></label> + <input id="highlighting_disabled" name="highlight2" type="radio" value="no"<?php if($highlight == "no") echo " checked=\"checked\""; ?> /> + <label for="highlighting_disabled"><?=gettext("Disabled"); ?></label> + </td> + </tr> + </table> + <table width='100%'> + <tr> + <td valign="top" class="label"> + <div style="background: #eeeeee;" id="textareaitem"> + <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="<?php echo $rows; ?>" cols="<?php echo $cols; ?>" name="code"><?php echo $tempstring;?></textarea> + </div> + </td> + </tr> + </table> + <table width='100%'> + <tr> + <td valign="top" class="label"> + <div style="background: #eeeeee;" id="textareaitem"> + <!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea disabled wrap="off" style="width: 98%; margin: 7px;" class="<?php echo $language; ?>:showcolumns" rows="33" cols="<?php echo $cols; ?>" name="code2"><?php echo $contents2;?></textarea> + </div> + </td> + </tr> + </table> + <?php // include("formend.inc");?> + </form> + </td> + </tr> </table> +<script class="javascript" src="/snort/syntaxhighlighter/shCore.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushCSharp.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushPhp.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushJScript.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushJava.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushVb.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushSql.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushXml.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushDelphi.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushPython.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushRuby.js"></script> +<script class="javascript" src="/snort/syntaxhighlighter/shBrushCss.js"></script> +<script class="javascript"> +<!-- + // Set focus. + document.forms[0].savetopath.focus(); + + // Append css for syntax highlighter. + var head = document.getElementsByTagName("head")[0]; + var linkObj = document.createElement("link"); + linkObj.setAttribute("type","text/css"); + linkObj.setAttribute("rel","stylesheet"); + linkObj.setAttribute("href","/snort/syntaxhighlighter/SyntaxHighlighter.css"); + head.appendChild(linkObj); + + // Activate dp.SyntaxHighlighter? + <?php + if($_POST['highlight'] == "yes") { + echo "dp.SyntaxHighlighter.HighlightAll('code', true, true);\n"; + // Disable 'Save' button. + echo "document.forms[0].Save.disabled = 1;\n"; + } +?> +//--> +</script> +<?php //include("fend.inc");?> -<?php include("fend.inc"); ?> -</div></body> -</html>
\ No newline at end of file +</body> +</html> |