diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-01-27 21:55:53 -0500 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-01-27 21:55:53 -0500 |
commit | 7694df7ce3ab4c570e2d9ba1e270d1aa3192d665 (patch) | |
tree | 566044ba36e2c2146daf0b6832a77ebeeb71556a /config/snort | |
parent | 03ac95899a4c7f4e883fbddd29296c442787ac47 (diff) | |
download | pfsense-packages-7694df7ce3ab4c570e2d9ba1e270d1aa3192d665.tar.gz pfsense-packages-7694df7ce3ab4c570e2d9ba1e270d1aa3192d665.tar.bz2 pfsense-packages-7694df7ce3ab4c570e2d9ba1e270d1aa3192d665.zip |
Add disable SID icon for alerts on Alerts tab
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort_alerts.php | 78 |
1 files changed, 77 insertions, 1 deletions
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 8b00bf00..eb6190f5 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -7,6 +7,7 @@ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2013,2014 Bill Meeks * All rights reserved. * * Modified for the Pfsense snort package v. 1.8+ @@ -141,6 +142,11 @@ $a_instance = &$config['installedpackages']['snortglobal']['rule']; $snort_uuid = $a_instance[$instanceid]['uuid']; $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); +// Load up the arrays of force-enabled and force-disabled SIDs +$enablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_on']); +$disablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_off']); + +$pconfig = array(); if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) { $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber']; @@ -215,6 +221,64 @@ if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip") $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!"); } +if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) { + // Get the GID tag embedded in the clicked rule icon. + $gid = $_GET['gen_id']; + + // Get the SID tag embedded in the clicked rule icon. + $sid= $_GET['sidid']; + + // See if the target SID is in our list of modified SIDs, + // and toggle it if present. + if (isset($enablesid[$gid][$sid])) + unset($enablesid[$gid][$sid]); + if (isset($disablesid[$gid][$sid])) + unset($disablesid[$gid][$sid]); + elseif (!isset($disablesid[$gid][$sid])) + $disablesid[$gid][$sid] = "disablesid"; + + // Write the updated enablesid and disablesid values to the config file. + $tmp = ""; + foreach (array_keys($enablesid) as $k1) { + foreach (array_keys($enablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_instance[$instanceid]['rule_sid_on'] = $tmp; + else + unset($a_instance[$instanceid]['rule_sid_on']); + + $tmp = ""; + foreach (array_keys($disablesid) as $k1) { + foreach (array_keys($disablesid[$k1]) as $k2) + $tmp .= "{$k1}:{$k2}||"; + } + $tmp = rtrim($tmp, "||"); + + if (!empty($tmp)) + $a_instance[$instanceid]['rule_sid_off'] = $tmp; + else + unset($a_instance[$instanceid]['rule_sid_off']); + + /* Update the config.xml file. */ + write_config(); + + /*************************************************/ + /* Update the snort.conf file and rebuild the */ + /* rules for this interface. */ + /*************************************************/ + $rebuild_rules = true; + snort_generate_conf($a_instance[$instanceid]); + $rebuild_rules = false; + + /* Soft-restart Snort to live-load the new rules */ + snort_reload_config($a_instance[$instanceid]); + + $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 30 secs for the process to complete before toggling additional rules."); +} + if ($_GET['action'] == "clear" || $_POST['delete']) { snort_post_delete_logs($snort_uuid); $fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+"); @@ -468,6 +532,18 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { $sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' "; $sidsupplink .= "title='" . gettext("This alert is already in the Suppress List") . "'/>"; } + /* Add icon for toggling rule state */ + if (isset($disablesid[$fields[1]][$fields[2]])) { + $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>"; + $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block_d.gif' width='11' height='11' border='0' "; + $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action.") . "'></a>"; + } + else { + $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>"; + $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' "; + $sid_dsbl_link .= "title='" . gettext("Click to force-disable rule and remove from current rules set.") . "'></a>"; + } + /* DESCRIPTION */ $alert_class = $fields[11]; echo "<tr> @@ -479,7 +555,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { <td class='listr' align='center'>{$alert_src_p}</td> <td class='listr' align='center'>{$alert_ip_dst}</td> <td class='listr' align='center'>{$alert_dst_p}</td> - <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}</td> + <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink} {$sid_dsbl_link}</td> <td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td> </tr>\n"; |