aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <ermal.luci@gmail.com>2014-02-19 09:09:55 +0000
committerErmal <ermal.luci@gmail.com>2014-02-19 09:09:55 +0000
commit097471e282e1e6066ee29c1ea5e12374ba077287 (patch)
tree2f19fd46de849eff8487b59533eea2ee942eb5b4 /config/snort
parenta973e73b6fe151a342d5c998ed02c3fce482d006 (diff)
parent78106a49b36edd8ca27a1e475b276b5762afdcc9 (diff)
downloadpfsense-packages-097471e282e1e6066ee29c1ea5e12374ba077287.tar.gz
pfsense-packages-097471e282e1e6066ee29c1ea5e12374ba077287.tar.bz2
pfsense-packages-097471e282e1e6066ee29c1ea5e12374ba077287.zip
Fix conflicts on pkg_config files
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc140
-rw-r--r--config/snort/snort.priv.inc2
-rwxr-xr-xconfig/snort/snort.xml6
-rwxr-xr-xconfig/snort/snort_alerts.php112
-rw-r--r--config/snort/snort_blocked.php21
-rwxr-xr-xconfig/snort/snort_check_for_rule_updates.php359
-rw-r--r--config/snort/snort_migrate_config.php40
-rw-r--r--config/snort/snort_post_install.php45
-rwxr-xr-xconfig/snort/snort_rules.php338
-rwxr-xr-xconfig/snort/snort_rules_edit.php15
10 files changed, 657 insertions, 421 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 52aaed2a..847a0dba 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -5,7 +5,7 @@
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009-2010 Robert Zelaya
* Copyright (C) 2011-2012 Ermal Luci
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013,2014 Bill Meeks
* part of pfSense
* All rights reserved.
*
@@ -51,10 +51,10 @@ $snortver = array();
exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
$snort_version = $snortver[0];
if (empty($snort_version))
- $snort_version = "2.9.5.5";
+ $snort_version = "2.9.5.6";
/* package version */
-$pfSense_snort_version = "3.0.2";
+$pfSense_snort_version = "3.0.4";
$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}";
// Define SNORTDIR and SNORTLIBDIR constants according to pfSense version
@@ -825,11 +825,11 @@ function snort_rm_blocked_install_cron($should_install) {
switch($should_install) {
case true:
$cron_item = array();
- $cron_item['minute'] = "$snort_rm_blocked_min";
- $cron_item['hour'] = "$snort_rm_blocked_hr";
- $cron_item['mday'] = "$snort_rm_blocked_mday";
- $cron_item['month'] = "$snort_rm_blocked_month";
- $cron_item['wday'] = "$snort_rm_blocked_wday";
+ $cron_item['minute'] = $snort_rm_blocked_min;
+ $cron_item['hour'] = $snort_rm_blocked_hr;
+ $cron_item['mday'] = $snort_rm_blocked_mday;
+ $cron_item['month'] = $snort_rm_blocked_month;
+ $cron_item['wday'] = $snort_rm_blocked_wday;
$cron_item['who'] = "root";
$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c";
@@ -927,11 +927,11 @@ function snort_rules_up_install_cron($should_install) {
switch($should_install) {
case true:
$cron_item = array();
- $cron_item['minute'] = "$snort_rules_up_min";
- $cron_item['hour'] = "$snort_rules_up_hr";
- $cron_item['mday'] = "$snort_rules_up_mday";
- $cron_item['month'] = "$snort_rules_up_month";
- $cron_item['wday'] = "$snort_rules_up_wday";
+ $cron_item['minute'] = $snort_rules_up_min;
+ $cron_item['hour'] = $snort_rules_up_hr;
+ $cron_item['mday'] = $snort_rules_up_mday;
+ $cron_item['month'] = $snort_rules_up_month;
+ $cron_item['wday'] = $snort_rules_up_wday;
$cron_item['who'] = "root";
$cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php";
@@ -1739,34 +1739,32 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) {
}
}
-function snort_load_sid_mods($sids, $value) {
+function snort_load_sid_mods($sids) {
/*****************************************/
/* This function parses the string of */
- /* SID values in $sids and returns an */
- /* array with the SID as the key and */
- /* value. The SID values in $sids are */
+ /* GID:SID values in $sids and returns */
+ /* an array with the GID and SID as the */
+ /* keys. The values in $sids are */
/* assumed to be delimited by "||". */
/* */
- /* $sids ==> string of SID values from */
- /* saved config file. */
+ /* $sids ==> string of GID:SID values */
+ /* from the config file. */
/* */
- /* $value ==> type of mod (enable or */
- /* disable). Not currently */
- /* utilized, but maintained */
- /* so as not to break legacy */
- /* code elsewhere. */
+ /* Returns ==> a multidimensional array */
+ /* with GID and SID as the */
+ /* keys ($result[GID][SID]) */
/*****************************************/
$result = array();
- if (empty($sids) || empty($value))
+ if (empty($sids))
return $result;
$tmp = explode("||", $sids);
foreach ($tmp as $v) {
- if (preg_match('/\s\d+/', $v, $match)) {
- if (!is_array($result[trim($match[0])]))
- $result[trim($match[0])] = array();
- $result[trim($match[0])] = trim($match[0]);
+ if (preg_match('/(\d+)\s*:\s*(\d+)/', $v, $match)) {
+ if (!is_array($result[$match[1]]))
+ $result[$match[1]] = array();
+ $result[$match[1]][$match[2]] = "{$match[1]}:{$match[2]}";
}
}
unset($tmp);
@@ -1791,15 +1789,15 @@ function snort_modify_sids(&$rule_map, $snortcfg) {
/* Load up our enablesid and disablesid */
/* arrays with lists of modified SIDs */
- $enablesid = snort_load_sid_mods($snortcfg['rule_sid_on'], "enablesid");
- $disablesid = snort_load_sid_mods($snortcfg['rule_sid_off'], "disablesid");
+ $enablesid = snort_load_sid_mods($snortcfg['rule_sid_on']);
+ $disablesid = snort_load_sid_mods($snortcfg['rule_sid_off']);
/* Turn on any rules that need to be */
/* forced "on" with enablesid mods. */
if (!empty($enablesid)) {
foreach ($rule_map as $k1 => $rulem) {
foreach ($rulem as $k2 => $v) {
- if (in_array($k2, $enablesid) && $v['disabled'] == 1) {
+ if (isset($enablesid[$k1][$k2]) && $v['disabled'] == 1) {
$rule_map[$k1][$k2]['rule'] = ltrim($v['rule'], " \t#");
$rule_map[$k1][$k2]['disabled'] = 0;
}
@@ -1812,7 +1810,7 @@ function snort_modify_sids(&$rule_map, $snortcfg) {
if (!empty($disablesid)) {
foreach ($rule_map as $k1 => $rulem) {
foreach ($rulem as $k2 => $v) {
- if (in_array($k2, $disablesid) && $v['disabled'] == 0) {
+ if (isset($disablesid[$k1][$k2]) && $v['disabled'] == 0) {
$rule_map[$k1][$k2]['rule'] = "# " . $v['rule'];
$rule_map[$k1][$k2]['disabled'] = 1;
}
@@ -2209,12 +2207,13 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* to be written. */
/***********************************************************/
- global $rebuild_rules;
+ global $g, $rebuild_rules;
$snortdir = SNORTDIR;
$flowbit_rules_file = FLOWBITS_FILENAME;
$snort_enforcing_rules_file = ENFORCING_RULES_FILENAME;
$no_rules_defined = true;
+ $enabled_rules = array();
/* If there is no reason to rebuild the rules, exit to save time. */
if (!$rebuild_rules)
@@ -2223,14 +2222,37 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Log a message for rules rebuild in progress */
log_error(gettext("[Snort] Updating rules configuration for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
+ /* Enable all, some or none of the SDF rules depending on setting. */
+ if ($snortcfg['sensitive_data'] == 'on' && $snortcfg['protect_preproc_rules'] != 'on') {
+ if (file_exists(SNORTDIR."/preproc_rules/sensitive-data.rules")) {
+ $sdf_alert_pattern="(".preg_replace("/,/","|",$snortcfg['sdf_alert_data_type']).")";
+ $sd_tmp_file=file(SNORTDIR."/preproc_rules/sensitive-data.rules");
+ $sd_tmp_new_file="";
+ foreach ($sd_tmp_file as $sd_tmp_line)
+ $sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : "";
+ file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
+ }
+ }
+ elseif ($snortcfg['sensitive_data'] != 'on' && $snortcfg['protect_preproc_rules'] != 'on') {
+ /* Setting is "off", so disable all SDF rules. */
+ $sedcmd = '/^alert.*classtype:sdf/s/^/#/';
+ @file_put_contents("{$g['tmp_path']}/sedcmd", $sedcmd);
+ mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/sensitive-data.rules");
+ @unlink("{$g['tmp_path']}/sedcmd");
+ }
+
+ /* Load the decoder, preprocessor and sensitive-data */
+ /* rules from the interface's preproc_rule directory */
+ /* into the $enabled_rules array. */
+ $enabled_rules = snort_load_rules_map("{$snortcfgdir}/preproc_rules/");
+
/* Only rebuild rules if some are selected or an IPS Policy is enabled */
if (!empty($snortcfg['rulesets']) || $snortcfg['ips_policy_enable'] == 'on') {
- $enabled_rules = array();
$enabled_files = array();
$all_rules = array();
$no_rules_defined = false;
- /* Load up all the rules into a Rules Map array. */
+ /* Load up all the text rules into a Rules Map array. */
$all_rules = snort_load_rules_map("{$snortdir}/rules/");
/* Create an array with the filenames of the enabled */
@@ -2320,7 +2342,8 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Just put an empty file to always have the file present */
snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}");
} else {
- snort_write_enforcing_rules_file(array(), "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}");
+ /* No regular rules or policy were selected, so just use the decoder and preproc rules */
+ snort_write_enforcing_rules_file($enabled_rules, "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}");
snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}");
}
@@ -2333,7 +2356,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) {
/* Log a warning if the interface has no rules defined or enabled */
if ($no_rules_defined)
- log_error(gettext("[Snort] Warning - no text rules selected for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
+ log_error(gettext("[Snort] Warning - no text rules or IPS-Policy selected for: " . snort_get_friendly_interface($snortcfg['interface']) . " ..."));
/* Build a new sid-msg.map file from the enabled */
/* rules and copy it to the interface directory. */
@@ -3219,43 +3242,9 @@ EOD;
$snort_misc_include_rules .= "include {$snortcfgdir}/reference.config\n";
if (file_exists("{$snortcfgdir}/classification.config"))
$snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n";
- if (is_dir("{$snortcfgdir}/preproc_rules")) {
- if ($snortcfg['sensitive_data'] == 'on' && $protect_preproc_rules == "off") {
- $sedcmd = '/^#alert.*classtype:sdf/s/^#//';
- if (file_exists("{$snortcfgdir}/preproc_rules/sensitive-data.rules")){
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/sensitive-data.rules\n";
- #enable only selected sensitive data
- if (file_exists(SNORTDIR."/preproc_rules/sensitive-data.rules")){
- $sdf_alert_pattern="(".preg_replace("/,/","|",$snortcfg['sdf_alert_data_type']).")";
- $sd_tmp_file=file(SNORTDIR."/preproc_rules/sensitive-data.rules");
- $sd_tmp_new_file="";
- foreach ($sd_tmp_file as $sd_tmp_line)
- $sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : "";
- file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
- }
- }
- } else
- $sedcmd = '/^alert.*classtype:sdf/s/^/#/';
- if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") &&
- file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules") && $protect_preproc_rules == "off") {
- @file_put_contents("{$g['tmp_path']}/sedcmd", $sedcmd);
- mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/preprocessor.rules");
- mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/decoder.rules");
- @unlink("{$g['tmp_path']}/sedcmd");
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
- } else if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") &&
- file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules") && $protect_preproc_rules == "on") {
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
- }
- else {
- $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
- log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
- }
- } else {
+ if (!file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") || !file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules")) {
$snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
- log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
+ log_error("[Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file.");
}
/* generate rule sections to load */
@@ -3673,9 +3662,8 @@ EOD;
ipvar HOME_NET [{$home_net}]
ipvar EXTERNAL_NET [{$external_net}]
-# Define Rule Paths #
+# Define Rule Path #
var RULE_PATH {$snortcfgdir}/rules
-var PREPROC_RULE_PATH {$snortcfgdir}/preproc_rules
# Define Servers #
{$ipvardef}
diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc
index 5e159747..795924ea 100644
--- a/config/snort/snort.priv.inc
+++ b/config/snort/snort.priv.inc
@@ -38,7 +38,7 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_rulesets.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_select_alias.php*";
$priv_list['page-services-snort']['match'][] = "snort/snort_stream5_engine.php*";
$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort_sync.xml*";
-$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=sort/snort.xml*";
+$priv_list['page-services-snort']['match'][] = "pkg_edit.php?xml=snort/snort.xml*";
$priv_list['page-services-snort']['match'][] = "snort/snort_check_cron_misc.inc*";
$priv_list['page-services-snort']['match'][] = "snort/snort.inc*";
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 9d4f1d61..a2d14bf0 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -46,8 +46,8 @@
<requirements>None</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>Snort</name>
- <version>2.9.5.5</version>
- <title>Services:2.9.5.5 pkg v3.0.2</title>
+ <version>2.9.5.6</version>
+ <title>Services:2.9.5.6 pkg v3.0.4</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
<name>Snort</name>
@@ -244,7 +244,7 @@
</custom_add_php_command>
<custom_php_resync_config_command>
<![CDATA[
- if ($GLOBALS['pfSense_snort_version'] == "3.0.2")
+ if ($GLOBALS['pfSense_snort_version'] == "3.0.4")
sync_snort_package_config();
]]>
</custom_php_resync_config_command>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index f232f897..804c6e8a 100755
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -7,6 +7,7 @@
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2012 Ermal Luci
+ * Copyright (C) 2013,2014 Bill Meeks
* All rights reserved.
*
* Modified for the Pfsense snort package v. 1.8+
@@ -141,6 +142,14 @@ $a_instance = &$config['installedpackages']['snortglobal']['rule'];
$snort_uuid = $a_instance[$instanceid]['uuid'];
$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
+// Load up the arrays of force-enabled and force-disabled SIDs
+$enablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_on']);
+$disablesid = snort_load_sid_mods($a_instance[$instanceid]['rule_sid_off']);
+
+// Grab pfSense version so we can refer to it later on this page
+$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
+
+$pconfig = array();
if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
$pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
@@ -215,6 +224,64 @@ if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip")
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
}
+if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
+ // Get the GID tag embedded in the clicked rule icon.
+ $gid = $_GET['gen_id'];
+
+ // Get the SID tag embedded in the clicked rule icon.
+ $sid= $_GET['sidid'];
+
+ // See if the target SID is in our list of modified SIDs,
+ // and toggle it if present.
+ if (isset($enablesid[$gid][$sid]))
+ unset($enablesid[$gid][$sid]);
+ if (isset($disablesid[$gid][$sid]))
+ unset($disablesid[$gid][$sid]);
+ elseif (!isset($disablesid[$gid][$sid]))
+ $disablesid[$gid][$sid] = "disablesid";
+
+ // Write the updated enablesid and disablesid values to the config file.
+ $tmp = "";
+ foreach (array_keys($enablesid) as $k1) {
+ foreach (array_keys($enablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
+ }
+ $tmp = rtrim($tmp, "||");
+
+ if (!empty($tmp))
+ $a_instance[$instanceid]['rule_sid_on'] = $tmp;
+ else
+ unset($a_instance[$instanceid]['rule_sid_on']);
+
+ $tmp = "";
+ foreach (array_keys($disablesid) as $k1) {
+ foreach (array_keys($disablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
+ }
+ $tmp = rtrim($tmp, "||");
+
+ if (!empty($tmp))
+ $a_instance[$instanceid]['rule_sid_off'] = $tmp;
+ else
+ unset($a_instance[$instanceid]['rule_sid_off']);
+
+ /* Update the config.xml file. */
+ write_config();
+
+ /*************************************************/
+ /* Update the snort.conf file and rebuild the */
+ /* rules for this interface. */
+ /*************************************************/
+ $rebuild_rules = true;
+ snort_generate_conf($a_instance[$instanceid]);
+ $rebuild_rules = false;
+
+ /* Soft-restart Snort to live-load the new rules */
+ snort_reload_config($a_instance[$instanceid]);
+
+ $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 30 secs for the process to complete before toggling additional rules.");
+}
+
if ($_GET['action'] == "clear" || $_POST['delete']) {
snort_post_delete_logs($snort_uuid);
$fd = @fopen("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert", "w+");
@@ -264,16 +331,14 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-
+<script src="/javascript/filter_log.js" type="text/javascript"></script>
<?php
include_once("fbegin.inc");
/* refresh every 60 secs */
if ($pconfig['arefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php?instance={$instanceid}\" />\n";
-?>
-
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display Alert message */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
@@ -403,10 +468,17 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
$alert_ip_src = $fields[6];
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_src = str_replace(":", ":&#8203;", $alert_ip_src);
- /* Add Reverse DNS lookup icon */
- $alert_ip_src .= "<br/><a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>";
+ /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */
+ $alert_ip_src .= "<br/>";
+ if ($pfs_version > 2.0) {
+ $alert_ip_src .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[6]}&dialog_output=true', outputrule);\">";
+ $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
+ $alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
+ }
+ $alert_ip_src .= "<a href='/diag_dns.php?host={$fields[6]}&instance={$instanceid}'>";
$alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
$alert_ip_src .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
+
/* Add icons for auto-adding to Suppress List if appropriate */
if (!snort_is_alert_globally_suppressed($supplist, $fields[1], $fields[2]) &&
!isset($supplist[$fields[1]][$fields[2]]['by_src'][$fields[6]])) {
@@ -421,7 +493,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[6]])) {
$alert_ip_src .= "&nbsp;";
- $alert_ip_src .= "<a href='?instance={$id}&todelete=" . trim(urlencode($fields[6])) . "'>
+ $alert_ip_src .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[6])) . "'>
<img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
}
/* IP SRC Port */
@@ -430,8 +502,14 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
$alert_ip_dst = $fields[8];
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_dst = str_replace(":", ":&#8203;", $alert_ip_dst);
- /* Add Reverse DNS lookup icon */
- $alert_ip_dst .= "<br/><a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>";
+ /* Add Reverse DNS lookup icons (two different links if pfSense version supports them) */
+ $alert_ip_dst .= "<br/>";
+ if ($pfs_version > 2.0) {
+ $alert_ip_dst .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$fields[8]}&dialog_output=true', outputrule);\">";
+ $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
+ $alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
+ }
+ $alert_ip_dst .= "<a href='/diag_dns.php?host={$fields[8]}&instance={$instanceid}'>";
$alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
$alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
/* Add icons for auto-adding to Suppress List if appropriate */
@@ -448,7 +526,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
/* Add icon for auto-removing from Blocked Table if required */
if (isset($tmpblocked[$fields[8]])) {
$alert_ip_dst .= "&nbsp;";
- $alert_ip_dst .= "<a href='?instance={$id}&todelete=" . trim(urlencode($fields[8])) . "'>
+ $alert_ip_dst .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[8])) . "'>
<img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
}
/* IP DST Port */
@@ -464,6 +542,18 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
$sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
$sidsupplink .= "title='" . gettext("This alert is already in the Suppress List") . "'/>";
}
+ /* Add icon for toggling rule state */
+ if (isset($disablesid[$fields[1]][$fields[2]])) {
+ $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>";
+ $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block_d.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action.") . "'></a>";
+ }
+ else {
+ $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[2]}&gen_id={$fields[1]}'>";
+ $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Click to force-disable rule and remove from current rules set.") . "'></a>";
+ }
+ /* DESCRIPTION */
$alert_class = $fields[11];
echo "<tr>
@@ -475,7 +565,7 @@ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
<td class='listr' align='center'>{$alert_src_p}</td>
<td class='listr' align='center'>{$alert_ip_dst}</td>
<td class='listr' align='center'>{$alert_dst_p}</td>
- <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}</td>
+ <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td>
</tr>\n";
diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index 8d106a90..4fc470d3 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -7,6 +7,7 @@
*
* Modified for the Pfsense snort package v. 1.8+
* Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2014 Bill Meeks
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -33,6 +34,9 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+// Grab pfSense version so we can refer to it later on this page
+$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3);
+
if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
$config['installedpackages']['snortglobal']['alertsblocks'] = array();
@@ -127,6 +131,7 @@ include_once("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000">
+<script src="/javascript/filter_log.js" type="text/javascript"></script>
<?php
@@ -260,19 +265,25 @@ if ($pconfig['brefresh'] == 'on')
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$tmp_ip = str_replace(":", ":&#8203;", $blocked_ip);
-
+ /* Add reverse DNS lookup icons (two different links if pfSense version supports them) */
+ $rdns_link = "";
+ if ($pfs_version > 2.0) {
+ $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$blocked_ip}&dialog_output=true', outputrule);\">";
+ $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
+ $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
+ }
+ $rdns_link .= "<a href='/diag_dns.php?host={$blocked_ip}'>";
+ $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
+ $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
/* use one echo to do the magic*/
echo "<tr>
<td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td>
- <td valign=\"middle\" class=\"listr\">{$tmp_ip}&nbsp;<a href='/diag_dns.php?host={$blocked_ip}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0'
- title='" . gettext("Resolve host via reverse DNS lookup") . "'></a></td>
+ <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td>
<td valign=\"middle\" class=\"listr\">{$blocked_desc}</td>
<td align=\"center\" valign=\"middle\" class=\"listr\"><a href='snort_blocked.php?todelete=" . trim(urlencode($blocked_ip)) . "'>
<img title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" name='todelete' id='todelete' alt=\"Delete host from Blocked Table\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
</tr>\n";
}
-
}
?>
</tbody>
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 807b7844..e13c3bef 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -34,7 +34,7 @@ require_once("functions.inc");
require_once("service-utils.inc");
require_once "/usr/local/pkg/snort/snort.inc";
-global $g, $pkg_interface, $snort_gui_include, $rebuild_rules;
+global $g, $config, $pkg_interface, $snort_gui_include, $rebuild_rules;
if (!defined("VRT_DNLD_URL"))
define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/");
@@ -78,15 +78,14 @@ else
/* define checks */
$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
$etproid = $config['installedpackages']['snortglobal']['etpro_code'];
-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
-$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
-$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
-$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
-$et_enabled = $config['installedpackages']['snortglobal']['emergingthreats'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off';
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'] == 'on' ? 'on' : 'off';
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'] == 'on' ? 'on' : 'off';
+$snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'] == 'on' ? 'on' : 'off';
+$vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'] == 'on' ? 'on' : 'off';
-/* Working directory for downloaded rules tarballs */
-$tmpfname = "{$snortdir}/tmp/snort_rules_up";
+/* Working directory for downloaded rules tarballs and extraction */
+$tmpfname = "/tmp/snort_rules_up";
/* Grab the Snort binary version programmatically and use it to construct */
/* the proper Snort VRT rules tarball and md5 filenames. Fallback to a */
@@ -96,7 +95,7 @@ exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26
// Save the version with decimal delimiters for use in extracting the rules
$snort_version = $snortver[0];
if (empty($snort_version))
- $snort_version = "2.9.5.5";
+ $snort_version = "2.9.5.6";
// Create a collapsed version string for use in the tarball filename
$snortver[0] = str_replace(".", "", $snortver[0]);
@@ -114,7 +113,6 @@ if ($etpro == "on") {
$emergingthreats_url = ETPRO_BASE_DNLD_URL;
$emergingthreats_url .= "{$etproid}/snort-" . ET_VERSION . "/";
$emergingthreats = "on";
- $et_enabled= "on";
$et_name = "Emerging Threats Pro";
$et_md5_remove = ET_DNLD_FILENAME . ".md5";
@unlink("{$snortdir}/{$et_md5_remove}");
@@ -371,7 +369,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") {
/* Start of main code */
/**********************/
-/* remove old $tmpfname files */
+/* remove any old $tmpfname files */
if (is_dir("{$tmpfname}"))
exec("/bin/rm -r {$tmpfname}");
@@ -429,26 +427,123 @@ if ($emergingthreats == 'on') {
$emergingthreats = 'off';
}
-/* Untar Snort GPLv2 Community rules file to tmp */
+/* Untar Snort rules file to tmp and install the rules */
+if ($snortdownload == 'on') {
+ if (file_exists("{$tmpfname}/{$snort_filename}")) {
+ /* Currently, only FreeBSD-8-1 and FreeBSD-9-0 precompiled SO rules exist from Snort.org */
+ /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x */
+ $freebsd_version_so = 'FreeBSD-8-1';
+ if (substr(php_uname("r"), 0, 1) == '9')
+ $freebsd_version_so = 'FreeBSD-9-0';
+
+ /* Remove the old Snort rules files */
+ $vrt_prefix = VRT_FILE_PREFIX;
+ array_map('unlink', glob("{$snortdir}/rules/{$vrt_prefix}*.rules"));
+
+ if ($pkg_interface <> "console") {
+ update_status(gettext("Extracting Snort VRT rules..."));
+ update_output_window(gettext("Installing Sourcefire VRT rules..."));
+ }
+ error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $snort_rules_upd_log);
+ /* extract snort.org rules and add VRT_FILE_PREFIX prefix to all snort.org files */
+ safe_mkdir("{$tmpfname}/snortrules");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname}/snortrules rules/");
+ $files = glob("{$tmpfname}/snortrules/rules/*.rules");
+ foreach ($files as $file) {
+ $newfile = basename($file);
+ @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}");
+ }
+ /* Extract any IP lists */
+ $files = glob("{$tmpfname}/snortrules/rules/*.txt");
+ foreach ($files as $file) {
+ $newfile = basename($file);
+ @copy($file, "{$snortdir}/rules/{$newfile}");
+ }
+ exec("rm -r {$tmpfname}/snortrules");
+ /* Extract the Snort preprocessor rules */
+ if ($pkg_interface <> "console")
+ update_output_window(gettext("Extracting preprocessor rules files..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} preproc_rules/");
+ $files = glob("{$tmpfname}/preproc_rules/*.rules");
+ foreach ($files as $file) {
+ $newfile = basename($file);
+ @copy($file, "{$snortdir}/preproc_rules/{$newfile}");
+ }
+ exec("rm -r {$tmpfname}/preproc_rules");
+ /* extract so rules */
+ if ($pkg_interface <> "console") {
+ update_status(gettext("Extracting Snort VRT Shared Objects rules..."));
+ update_output_window(gettext("Installing precompiled Shared Objects rules for {$freebsd_version_so}..."));
+ }
+ exec("/bin/mkdir -p {$snortlibdir}/dynamicrules/");
+ error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, $snort_rules_upd_log);
+ $snort_arch = php_uname("m");
+ $nosorules = false;
+ if ($snort_arch == 'i386'){
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/");
+ exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/*.so {$snortlibdir}/dynamicrules/");
+ } elseif ($snort_arch == 'amd64') {
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/");
+ exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/dynamicrules/");
+ } else
+ $nosorules = true;
+ exec("rm -r {$tmpfname}/so_rules");
+ if ($nosorules == false) {
+ /* extract Shared Object stub rules, rename and copy to the rules folder. */
+ if ($pkg_interface <> "console")
+ update_status(gettext("Copying Snort VRT Shared Objects rules..."));
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} --exclude precompiled/ --exclude src/ so_rules/");
+ $files = glob("{$tmpfname}/so_rules/*.rules");
+ foreach ($files as $file) {
+ $newfile = basename($file, ".rules");
+ @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}.so.rules");
+ }
+ exec("rm -r {$tmpfname}/so_rules");
+ }
+ /* extract base etc files */
+ if ($pkg_interface <> "console") {
+ update_status(gettext("Extracting Snort VRT config and map files..."));
+ update_output_window(gettext("Copying config and map files..."));
+ }
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} etc/");
+ foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
+ if (file_exists("{$tmpfname}/etc/{$file}"))
+ @copy("{$tmpfname}/etc/{$file}", "{$tmpfname}/VRT_{$file}");
+ }
+ exec("rm -r {$tmpfname}/etc");
+ if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
+ if ($pkg_interface <> "console")
+ update_status(gettext("Copying md5 signature to snort directory..."));
+ @copy("{$tmpfname}/{$snort_filename_md5}", "{$snortdir}/{$snort_filename_md5}");
+ }
+ if ($pkg_interface <> "console") {
+ update_status(gettext("Extraction of Snort VRT rules completed..."));
+ update_output_window(gettext("Installation of Sourcefire VRT rules completed..."));
+ }
+ error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $snort_rules_upd_log);
+ }
+}
+
+/* Untar Snort GPLv2 Community rules file to tmp and install the rules */
if ($snortcommunityrules == 'on') {
- safe_mkdir("{$snortdir}/tmp/community");
+ safe_mkdir("{$tmpfname}/community");
if (file_exists("{$tmpfname}/{$snort_community_rules_filename}")) {
if ($pkg_interface <> "console") {
update_status(gettext("Extracting Snort GPLv2 Community Rules..."));
update_output_window(gettext("Installing Snort GPLv2 Community Rules..."));
}
error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, $snort_rules_upd_log);
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$snortdir}/tmp/community/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$tmpfname}/community/");
- $files = glob("{$snortdir}/tmp/community/community-rules/*.rules");
+ $files = glob("{$tmpfname}/community/community-rules/*.rules");
foreach ($files as $file) {
$newfile = basename($file);
@copy($file, "{$snortdir}/rules/" . GPL_FILE_PREFIX . "{$newfile}");
}
/* base etc files for Snort GPLv2 Community rules */
foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
- if (file_exists("{$snortdir}/tmp/community/community-rules/{$file}"))
- @copy("{$snortdir}/tmp/community/community-rules/{$file}", "{$snortdir}/tmp/" . GPL_FILE_PREFIX . "{$file}");
+ if (file_exists("{$tmpfname}/community/community-rules/{$file}"))
+ @copy("{$tmpfname}/community/community-rules/{$file}", "{$tmpfname}/" . GPL_FILE_PREFIX . "{$file}");
}
/* Copy snort community md5 sig to snort dir */
if (file_exists("{$tmpfname}/{$snort_community_rules_filename_md5}")) {
@@ -461,20 +556,20 @@ if ($snortcommunityrules == 'on') {
update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed..."));
}
error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log);
- exec("rm -r {$snortdir}/tmp/community");
+ exec("rm -r {$tmpfname}/community");
}
}
-/* Untar Emerging Threats rules file to tmp */
+/* Untar Emerging Threats rules file to tmp and install the rules */
if ($emergingthreats == 'on') {
- safe_mkdir("{$snortdir}/tmp/emerging");
+ safe_mkdir("{$tmpfname}/emerging");
if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
if ($pkg_interface <> "console") {
update_status(gettext("Extracting {$et_name} rules..."));
update_output_window(gettext("Installing {$et_name} rules..."));
}
error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $snort_rules_upd_log);
- exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname}/emerging rules/");
/* Remove the old Emerging Threats rules files */
$eto_prefix = ET_OPEN_FILE_PREFIX;
@@ -484,7 +579,7 @@ if ($emergingthreats == 'on') {
array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*ips.txt"));
array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*ips.txt"));
- $files = glob("{$snortdir}/tmp/emerging/rules/*.rules");
+ $files = glob("{$tmpfname}/emerging/rules/*.rules");
foreach ($files as $file) {
$newfile = basename($file);
if ($etpro == "on")
@@ -493,7 +588,7 @@ if ($emergingthreats == 'on') {
@copy($file, "{$snortdir}/rules/{$newfile}");
}
/* IP lists for Emerging Threats rules */
- $files = glob("{$snortdir}/tmp/emerging/rules/*ips.txt");
+ $files = glob("{$tmpfname}/emerging/rules/*ips.txt");
foreach ($files as $file) {
$newfile = basename($file);
if ($etpro == "on")
@@ -503,8 +598,8 @@ if ($emergingthreats == 'on') {
}
/* base etc files for Emerging Threats rules */
foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
- if (file_exists("{$snortdir}/tmp/emerging/rules/{$file}"))
- @copy("{$snortdir}/tmp/emerging/rules/{$file}", "{$snortdir}/tmp/ET_{$file}");
+ if (file_exists("{$tmpfname}/emerging/rules/{$file}"))
+ @copy("{$tmpfname}/emerging/rules/{$file}", "{$tmpfname}/ET_{$file}");
}
/* Copy emergingthreats md5 sig to snort dir */
@@ -518,116 +613,7 @@ if ($emergingthreats == 'on') {
update_output_window(gettext("Installation of {$et_name} rules completed..."));
}
error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log);
- exec("rm -r {$snortdir}/tmp/emerging");
- }
-}
-
-/* Untar Snort rules file to tmp */
-if ($snortdownload == 'on') {
- if (file_exists("{$tmpfname}/{$snort_filename}")) {
- /* Currently, only FreeBSD-8-1 and FreeBSD-9-0 precompiled SO rules exist from Snort.org */
- /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x */
- $freebsd_version_so = 'FreeBSD-8-1';
- if (substr(php_uname("r"), 0, 1) == '9')
- $freebsd_version_so = 'FreeBSD-9-0';
-
- /* Remove the old Snort rules files */
- $vrt_prefix = VRT_FILE_PREFIX;
- array_map('unlink', glob("{$snortdir}/rules/{$vrt_prefix}*.rules"));
-
- if ($pkg_interface <> "console") {
- update_status(gettext("Extracting Snort VRT rules..."));
- update_output_window(gettext("Installing Sourcefire VRT rules..."));
- }
- error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, $snort_rules_upd_log);
- /* extract snort.org rules and add prefix to all snort.org files */
- safe_mkdir("{$snortdir}/tmp/snortrules");
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp/snortrules rules/");
- $files = glob("{$snortdir}/tmp/snortrules/rules/*.rules");
- foreach ($files as $file) {
- $newfile = basename($file);
- @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}");
- }
- /* IP lists */
- $files = glob("{$snortdir}/tmp/snortrules/rules/*.txt");
- foreach ($files as $file) {
- $newfile = basename($file);
- @copy($file, "{$snortdir}/rules/{$newfile}");
- }
- exec("rm -r {$snortdir}/tmp/snortrules");
- /* extract so rules */
- if ($pkg_interface <> "console") {
- update_status(gettext("Extracting Snort VRT Shared Objects rules..."));
- update_output_window(gettext("Installing precompiled Shared Objects rules for {$freebsd_version_so}..."));
- }
- exec("/bin/mkdir -p {$snortlibdir}/dynamicrules/");
- error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, $snort_rules_upd_log);
- $snort_arch = php_uname("m");
- $nosorules = false;
- if ($snort_arch == 'i386'){
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/");
- exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/{$freebsd_version_so}/i386/{$snort_version}/*.so {$snortlibdir}/dynamicrules/");
- } elseif ($snort_arch == 'amd64') {
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/");
- exec("/bin/cp {$snortdir}/tmp/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/dynamicrules/");
- } else
- $nosorules = true;
- exec("rm -r {$snortdir}/tmp/so_rules");
- if ($nosorules == false) {
- /* extract so stub rules, rename and copy to the rules folder. */
- if ($pkg_interface <> "console")
- update_status(gettext("Copying Snort VRT Shared Objects rules..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp --exclude precompiled/ --exclude src/ so_rules/");
- $files = glob("{$snortdir}/tmp/so_rules/*.rules");
- foreach ($files as $file) {
- $newfile = basename($file, ".rules");
- @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}.so.rules");
- }
- exec("rm -r {$snortdir}/tmp/so_rules");
- }
- /* extract base etc files */
- if ($pkg_interface <> "console") {
- update_status(gettext("Extracting Snort VRT config and map files..."));
- update_output_window(gettext("Copying config and map files..."));
- }
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp etc/");
- foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
- if (file_exists("{$snortdir}/tmp/etc/{$file}"))
- @copy("{$snortdir}/tmp/etc/{$file}", "{$snortdir}/tmp/VRT_{$file}");
- }
- exec("rm -r {$snortdir}/tmp/etc");
- /* Untar snort signatures */
- $signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
- if ($premium_url_chk == 'on') {
- if ($pkg_interface <> "console")
- update_status(gettext("Extracting Snort VRT Signatures..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
- if ($pkg_interface <> "console")
- update_status(gettext("Done extracting Signatures."));
-
- if (is_dir("{$snortdir}/doc/signatures")) {
- if ($pkg_interface <> "console")
- update_status(gettext("Copying Snort VRT signatures..."));
- exec("/bin/cp -r {$snortdir}/doc/signatures {$snortdir}/signatures");
- if ($pkg_interface <> "console")
- update_status(gettext("Done copying signatures."));
- }
- }
- /* Extract the Snort preprocessor rules */
- if ($pkg_interface <> "console")
- update_output_window(gettext("Extracting preprocessor rules files..."));
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir}/tmp preproc_rules/");
-
- if (file_exists("{$tmpfname}/{$snort_filename_md5}")) {
- if ($pkg_interface <> "console")
- update_status(gettext("Copying md5 signature to snort directory..."));
- @copy("{$tmpfname}/{$snort_filename_md5}", "{$snortdir}/{$snort_filename_md5}");
- }
- if ($pkg_interface <> "console") {
- update_status(gettext("Extraction of Snort VRT rules completed..."));
- update_output_window(gettext("Installation of Sourcefire VRT rules completed..."));
- }
- error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, $snort_rules_upd_log);
+ exec("rm -r {$tmpfname}/emerging");
}
}
@@ -636,28 +622,22 @@ function snort_apply_customizations($snortcfg, $if_real) {
global $vrt_enabled;
$snortdir = SNORTDIR;
- /* Update the Preprocessor rules for the master configuration and for the interface if Snort VRT rules are in use. */
- if ($vrt_enabled == 'on') {
- exec("/bin/mkdir -p {$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/preproc_rules");
- $preproc_files = glob("{$snortdir}/tmp/preproc_rules/*.rules");
+ /* Update the Preprocessor rules from the master configuration for the interface if Snort */
+ /* VRT rules are in use and the interface's preprocessor rules are not protected. */
+ if ($vrt_enabled == 'on' && $snortcfg['protect_preproc_rules'] != 'on') {
+ $preproc_files = glob("{$snortdir}/preproc_rules/*.rules");
foreach ($preproc_files as $file) {
$newfile = basename($file);
- @copy($file, "{$snortdir}/preproc_rules/{$newfile}");
- /* Check if customized preprocessor rule protection is enabled for interface before overwriting them. */
- if ($snortcfg['protect_preproc_rules'] <> 'on')
- @copy($file, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/preproc_rules/{$newfile}");
+ @copy($file, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/preproc_rules/{$newfile}");
}
}
- else {
- exec("/bin/mkdir -p {$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/preproc_rules");
- }
snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}");
/* Copy the master config and map files to the interface directory */
@copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config");
- @copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/gen-msg.map");
@copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/reference.config");
+ @copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/gen-msg.map");
@copy("{$snortdir}/unicode.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/unicode.map");
}
@@ -667,45 +647,37 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
update_status(gettext('Copying new config and map files...'));
error_log(gettext("\tCopying new config and map files...\n"), 3, $snort_rules_upd_log);
- /* Determine which config and map file set to use for the master copy. */
- /* If the Snort VRT rules are not enabled, then use Emerging Threats. */
- if (($vrt_enabled == 'off') && ($et_enabled == 'on')) {
- $cfgs = glob("{$snortdir}/tmp/*reference.config");
- $cfgs[] = "{$snortdir}/reference.config";
- snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config");
- $cfgs = glob("{$snortdir}/tmp/*classification.config");
- $cfgs[] = "{$snortdir}/classification.config";
- snort_merge_classification_configs($cfgs, "{$snortdir}/classification.config");
- /* Use the unicode.map and gen-msg.map files from ET rules. */
- if (file_exists("{$snortdir}/tmp/ET_unicode.map"))
- @copy("{$snortdir}/tmp/ET_unicode.map", "{$snortdir}/unicode.map");
- if (file_exists("{$snortdir}/tmp/ET_gen-msg.map"))
- @copy("{$snortdir}/tmp/ET_gen-msg.map", "{$snortdir}/gen-msg.map");
- }
- elseif (($vrt_enabled == 'on') && ($et_enabled == 'off')) {
- foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
- if (file_exists("{$snortdir}/tmp/VRT_{$file}"))
- @copy("{$snortdir}/tmp/VRT_{$file}", "{$snortdir}/{$file}");
- }
- }
- elseif (($vrt_enabled == 'on') && ($et_enabled == 'on')) {
- /* Both VRT and ET rules are enabled, so build combined */
- /* reference.config and classification.config files. */
- $cfgs = glob("{$snortdir}/tmp/*reference.config");
- $cfgs[] = "{$snortdir}/reference.config";
- snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config");
- $cfgs = glob("{$snortdir}/tmp/*classification.config");
- $cfgs[] = "{$snortdir}/classification.config";
- snort_merge_classification_configs($cfgs, "{$snortdir}/classification.config");
- /* Use the unicode.map and gen-msg.map files from VRT rules. */
- if (file_exists("{$snortdir}/tmp/VRT_unicode.map"))
- @copy("{$snortdir}/tmp/VRT_unicode.map", "{$snortdir}/unicode.map");
- if (file_exists("{$snortdir}/tmp/VRT_gen-msg.map"))
- @copy("{$snortdir}/tmp/VRT_gen-msg.map", "{$snortdir}/gen-msg.map");
- }
+ /******************************************************************/
+ /* Build the classification.config and reference.config files */
+ /* using the ones from all the downloaded rules plus the default */
+ /* files installed with Snort. */
+ /******************************************************************/
+ $cfgs = glob("{$tmpfname}/*reference.config");
+ $cfgs[] = "{$snortdir}/reference.config";
+ snort_merge_reference_configs($cfgs, "{$snortdir}/reference.config");
+ $cfgs = glob("{$tmpfname}/*classification.config");
+ $cfgs[] = "{$snortdir}/classification.config";
+ snort_merge_classification_configs($cfgs, "{$snortdir}/classification.config");
+
+ /*******************************************************************/
+ /* Determine which map files set to use for the master copy. If */
+ /* the Snort VRT rules are not enabled, then use Emerging Threats */
+ /* or Snort Community Rules, in that order, if either is enabled. */
+ /*******************************************************************/
+ if ($snortdownload == 'on' || $vrt_enabled == 'on')
+ $prefix = "VRT_";
+ elseif ($emergingthreats == 'on')
+ $prefix = "ET_";
+ elseif ($snortcommunityrules == 'on')
+ $prefix = GPL_FILE_PREFIX;
+ if (file_exists("{$tmpfname}/{$prefix}unicode.map"))
+ @copy("{$tmpfname}/{$prefix}unicode.map", "{$snortdir}/unicode.map");
+ if (file_exists("{$tmpfname}/{$prefix}gen-msg.map"))
+ @copy("{$tmpfname}/{$prefix}gen-msg.map", "{$snortdir}/gen-msg.map");
/* Start the rules rebuild proccess for each configured interface */
- if (is_array($config['installedpackages']['snortglobal']['rule'])) {
+ if (is_array($config['installedpackages']['snortglobal']['rule']) &&
+ !empty($config['installedpackages']['snortglobal']['rule'])) {
/* Set the flag to force rule rebuilds since we downloaded new rules, */
/* except when in post-install mode. Post-install does its own rebuild. */
@@ -722,6 +694,19 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
update_status(gettext($tmp));
update_output_window(gettext("Please wait while Snort interface files are being updated..."));
}
+
+ // Make sure the interface subdirectory and required sub-directories exists.
+ // We need to re-create them during a pkg reinstall for the intial rules set
+ // download and configuration done as part of restoring saved settings.
+ if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}"))
+ safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}");
+ if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/rules"))
+ safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/rules");
+ if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules"))
+ safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/preproc_rules");
+ if (!is_dir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/dynamicpreprocessor"))
+ safe_mkdir("{$snortdir}/snort_{$value['uuid']}_{$if_real}/dynamicpreprocessor");
+
snort_apply_customizations($value, $if_real);
/* Log a message in Update Log if protecting customized preprocessor rules. */
@@ -745,10 +730,10 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
$rebuild_rules = false;
/* remove old $tmpfname files */
- if (is_dir("{$snortdir}/tmp")) {
+ if (is_dir("{$tmpfname}")) {
if ($pkg_interface <> "console")
update_status(gettext("Cleaning up after rules extraction..."));
- exec("/bin/rm -r {$snortdir}/tmp");
+ exec("/bin/rm -r {$tmpfname}");
}
/* Restart snort if already running and we are not rebooting to pick up the new rules. */
diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php
index 61989e99..218237ab 100644
--- a/config/snort/snort_migrate_config.php
+++ b/config/snort/snort_migrate_config.php
@@ -1,8 +1,8 @@
<?php
/*
- * snort_migrate_config.inc
+ * snort_migrate_config.php
*
- * Copyright (C) 2013 Bill Meeks
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -288,6 +288,40 @@ foreach ($rule as &$r) {
}
}
+ // Change any ENABLE_SID settings to new format of GID:SID
+ if (!empty($pconfig['rule_sid_on'])) {
+ $tmp = explode("||", $pconfig['rule_sid_on']);
+ $new_tmp = "";
+ foreach ($tmp as $v) {
+ if (strpos($v, ":") === false) {
+ if (preg_match('/(\d+)/', $v, $match))
+ $new_tmp .= "1:{$match[1]}||";
+ }
+ }
+ $new_tmp = rtrim($new_tmp, " ||");
+ if (!empty($new_tmp)) {
+ $pconfig['rule_sid_on'] = $new_tmp;
+ $updated_cfg = true;
+ }
+ }
+
+ // Change any DISABLE_SID settings to new format of GID:SID
+ if (!empty($pconfig['rule_sid_off'])) {
+ $tmp = explode("||", $pconfig['rule_sid_off']);
+ $new_tmp = "";
+ foreach ($tmp as $v) {
+ if (strpos($v, ":") === false) {
+ if (preg_match('/(\d+)/', $v, $match))
+ $new_tmp .= "1:{$match[1]}||";
+ }
+ }
+ $new_tmp = rtrim($new_tmp, " ||");
+ if (!empty($new_tmp)) {
+ $pconfig['rule_sid_off'] = $new_tmp;
+ $updated_cfg = true;
+ }
+ }
+
// Save the new configuration data into the $config array pointer
$r = $pconfig;
}
@@ -296,7 +330,7 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.2";
+ $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.4";
log_error("[Snort] Saving configuration settings in new format...");
write_config();
log_error("[Snort] Settings successfully migrated to new configuration format...");
diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php
index 003628be..945ddd04 100644
--- a/config/snort/snort_post_install.php
+++ b/config/snort/snort_post_install.php
@@ -793,43 +793,9 @@ EOD;
$snort_misc_include_rules .= "include {$snortcfgdir}/reference.config\n";
if (file_exists("{$snortcfgdir}/classification.config"))
$snort_misc_include_rules .= "include {$snortcfgdir}/classification.config\n";
- if (is_dir("{$snortcfgdir}/preproc_rules")) {
- if ($snortcfg['sensitive_data'] == 'on' && $protect_preproc_rules == "off") {
- $sedcmd = '/^#alert.*classtype:sdf/s/^#//';
- if (file_exists("{$snortcfgdir}/preproc_rules/sensitive-data.rules")){
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/sensitive-data.rules\n";
- #enable only selected sensitive data
- if (file_exists(SNORTDIR."/preproc_rules/sensitive-data.rules")){
- $sdf_alert_pattern="(".preg_replace("/,/","|",$snortcfg['sdf_alert_data_type']).")";
- $sd_tmp_file=file(SNORTDIR."/preproc_rules/sensitive-data.rules");
- $sd_tmp_new_file="";
- foreach ($sd_tmp_file as $sd_tmp_line)
- $sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : "";
- file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX);
- }
- }
- } else
- $sedcmd = '/^alert.*classtype:sdf/s/^/#/';
- if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") &&
- file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules") && $protect_preproc_rules == "off") {
- @file_put_contents("{$g['tmp_path']}/sedcmd", $sedcmd);
- mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/preprocessor.rules");
- mwexec("/usr/bin/sed -I '' -f {$g['tmp_path']}/sedcmd {$snortcfgdir}/preproc_rules/decoder.rules");
- @unlink("{$g['tmp_path']}/sedcmd");
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
- } else if (file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") &&
- file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules") && $protect_preproc_rules == "on") {
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/decoder.rules\n";
- $snort_misc_include_rules .= "include \$PREPROC_RULE_PATH/preprocessor.rules\n";
- }
- else {
- $snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
- log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
- }
- } else {
+ if (!file_exists("{$snortcfgdir}/preproc_rules/decoder.rules") || !file_exists("{$snortcfgdir}/preproc_rules/preprocessor.rules")) {
$snort_misc_include_rules .= "config autogenerate_preprocessor_decoder_rules\n";
- log_error("[Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them");
+ log_error("[Snort] Seems preprocessor and/or decoder rules are missing, enabling autogeneration of them in conf file.");
}
/* generate rule sections to load */
@@ -1249,7 +1215,6 @@ ipvar EXTERNAL_NET [{$external_net}]
# Define Rule Paths #
var RULE_PATH {$snortcfgdir}/rules
-var PREPROC_RULE_PATH {$snortcfgdir}/preproc_rules
# Define Servers #
{$ipvardef}
@@ -1403,13 +1368,13 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
update_status(gettext("Saved settings detected..."));
/* Do one-time settings migration for new multi-engine configurations */
update_output_window(gettext("Please wait... migrating settings to new multi-engine configuration..."));
- include "/usr/local/pkg/snort/snort_migrate_config.php";
+ include('/usr/local/pkg/snort/snort_migrate_config.php');
update_output_window(gettext("Please wait... rebuilding installation with saved settings..."));
log_error(gettext("[Snort] Downloading and updating configured rule types..."));
update_output_window(gettext("Please wait... downloading and updating configured rule types..."));
if ($pkg_interface <> "console")
$snort_gui_include = true;
- include "/usr/local/pkg/snort/snort_check_for_rule_updates.php";
+ include('/usr/local/pkg/snort/snort_check_for_rule_updates.php');
update_status(gettext("Generating snort.conf configuration file from saved settings..."));
$rebuild_rules = true;
@@ -1452,7 +1417,7 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
}
/* Update Snort package version in configuration */
-$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.2";
+$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.4";
write_config();
/* Done with post-install, so clear flag */
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index a82d81d2..afc764fc 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -5,6 +5,7 @@
* Copyright (C) 2004, 2005 Scott Ullrich
* Copyright (C) 2008, 2009 Robert Zelaya
* Copyright (C) 2011 Ermal Luci
+ * Copyright (C) 2013, 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -29,7 +30,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
@@ -37,6 +37,7 @@ global $g, $rebuild_rules;
$snortdir = SNORTDIR;
$rules_map = array();
+$pconfig = array();
if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
@@ -51,11 +52,8 @@ if (is_null($id)) {
}
if (isset($id) && $a_rule[$id]) {
- $pconfig['enable'] = $a_rule[$id]['enable'];
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
- if (!empty($a_rule[$id]['customrules']))
- $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
}
function truncate($string, $length) {
@@ -109,8 +107,20 @@ $snort_uuid = $a_rule[$id]['uuid'];
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etprodownload = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
$categories = explode("||", $pconfig['rulesets']);
+// add the standard rules files to the categories list
+$categories[] = "custom.rules";
+$categories[] = "decoder.rules";
+$categories[] = "preprocessor.rules";
+$categories[] = "sensitive-data.rules";
+if (!empty($a_rule[$id]['ips_policy']))
+ $categories[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
+if ($a_rule[$id]['autoflowbitrules'] == 'on')
+ $categories[] = "Auto-Flowbit Rules";
+natcasesort($categories);
+
if ($_GET['openruleset'])
$currentruleset = $_GET['openruleset'];
else if ($_POST['openruleset'])
@@ -118,13 +128,6 @@ else if ($_POST['openruleset'])
else
$currentruleset = $categories[0];
-if (empty($categories[0]) && ($currentruleset != "custom.rules") && ($currentruleset != "Auto-Flowbit Rules")) {
- if (!empty($a_rule[$id]['ips_policy']))
- $currentruleset = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
- else
- $currentruleset = "custom.rules";
-}
-
/* One last sanity check -- if the rules directory is empty, default to loading custom rules */
$tmp = glob("{$snortdir}/rules/*.rules");
if (empty($tmp))
@@ -136,58 +139,66 @@ if ($currentruleset != 'custom.rules') {
// Read the current rules file into our rules map array.
// If it is the auto-flowbits file, set the full path.
if ($currentruleset == "Auto-Flowbit Rules")
- $rulefile = "{$snortcfgdir}/rules/" . FLOWBITS_FILENAME;
+ $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME);
// Test for the special case of an IPS Policy file.
- if (substr($currentruleset, 0, 10) == "IPS Policy")
+ elseif (substr($currentruleset, 0, 10) == "IPS Policy")
$rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']);
- elseif (!file_exists($rulefile))
- $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again.");
- else
+ // Test for preproc_rules file and set the full path.
+ elseif (file_exists("{$snortdir}/preproc_rules/{$currentruleset}"))
+ $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$currentruleset}");
+ // Test for existence of regular text rules file and load it.
+ elseif (file_exists($rulefile))
$rules_map = snort_load_rules_map($rulefile);
+ else
+ $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again.");
}
/* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */
-$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on'], "enablesid");
-$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off'], "disablesid");
+$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']);
+$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']);
if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
+ // Get the GID tag embedded in the clicked rule icon.
+ $gid = $_GET['gid'];
+
// Get the SID tag embedded in the clicked rule icon.
$sid= $_GET['ids'];
// See if the target SID is in our list of modified SIDs,
- // and toggle it if present; otherwise, add it to the
- // appropriate list.
- if (isset($enablesid[$sid])) {
- unset($enablesid[$sid]);
- if (!isset($disablesid[$sid]))
- $disablesid[$sid] = "disablesid";
- }
- elseif (isset($disablesid[$sid])) {
- unset($disablesid[$sid]);
- if (!isset($enablesid[$sid]))
- $enablesid[$sid] = "enablesid";
- }
+ // and toggle it back to default if present; otherwise,
+ // add it to the appropriate modified SID list.
+ if (isset($enablesid[$gid][$sid]))
+ unset($enablesid[$gid][$sid]);
+ elseif (isset($disablesid[$gid][$sid]))
+ unset($disablesid[$gid][$sid]);
else {
- if ($rules_map[1][$sid]['disabled'] == 1)
- $enablesid[$sid] = "enablesid";
+ if ($rules_map[$gid][$sid]['disabled'] == 1)
+ $enablesid[$gid][$sid] = "enablesid";
else
- $disablesid[$sid] = "disablesid";
+ $disablesid[$gid][$sid] = "disablesid";
}
// Write the updated enablesid and disablesid values to the config file.
$tmp = "";
- foreach ($enablesid as $k => $v) {
- $tmp .= "||{$v} {$k}";
+ foreach (array_keys($enablesid) as $k1) {
+ foreach (array_keys($enablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
}
+ $tmp = rtrim($tmp, "||");
+
if (!empty($tmp))
$a_rule[$id]['rule_sid_on'] = $tmp;
else
unset($a_rule[$id]['rule_sid_on']);
+
$tmp = "";
- foreach ($disablesid as $k => $v) {
- $tmp .= "||{$v} {$k}";
+ foreach (array_keys($disablesid) as $k1) {
+ foreach (array_keys($disablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
}
+ $tmp = rtrim($tmp, "||");
+
if (!empty($tmp))
$a_rule[$id]['rule_sid_off'] = $tmp;
else
@@ -197,7 +208,7 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
write_config();
$_GET['openruleset'] = $currentruleset;
- $anchor = "rule_{$sid}";
+ $anchor = "rule_{$gid}_{$sid}";
}
if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
@@ -205,28 +216,37 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
// Mark all rules in the currently selected category "disabled".
foreach (array_keys($rules_map) as $k1) {
foreach (array_keys($rules_map[$k1]) as $k2) {
- if (isset($enablesid[$k2]))
- unset($enablesid[$k2]);
- $disablesid[$k2] = "disablesid";
+ if (isset($enablesid[$k1][$k2]))
+ unset($enablesid[$k1][$k2]);
+ $disablesid[$k1][$k2] = "disablesid";
}
}
+
// Write the updated enablesid and disablesid values to the config file.
$tmp = "";
- foreach ($enablesid as $k => $v) {
- $tmp .= "||{$v} {$k}";
+ foreach (array_keys($enablesid) as $k1) {
+ foreach (array_keys($enablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
}
+ $tmp = rtrim($tmp, "||");
+
if (!empty($tmp))
$a_rule[$id]['rule_sid_on'] = $tmp;
else
unset($a_rule[$id]['rule_sid_on']);
+
$tmp = "";
- foreach ($disablesid as $k => $v) {
- $tmp .= "||{$v} {$k}";
+ foreach (array_keys($disablesid) as $k1) {
+ foreach (array_keys($disablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
}
+ $tmp = rtrim($tmp, "||");
+
if (!empty($tmp))
$a_rule[$id]['rule_sid_off'] = $tmp;
else
unset($a_rule[$id]['rule_sid_off']);
+
write_config();
$_GET['openruleset'] = $currentruleset;
@@ -239,28 +259,36 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
// Mark all rules in the currently selected category "enabled".
foreach (array_keys($rules_map) as $k1) {
foreach (array_keys($rules_map[$k1]) as $k2) {
- if (isset($disablesid[$k2]))
- unset($disablesid[$k2]);
- $enablesid[$k2] = "enablesid";
+ if (isset($disablesid[$k1][$k2]))
+ unset($disablesid[$k1][$k2]);
+ $enablesid[$k1][$k2] = "enablesid";
}
}
// Write the updated enablesid and disablesid values to the config file.
$tmp = "";
- foreach ($enablesid as $k => $v) {
- $tmp .= "||{$v} {$k}";
+ foreach (array_keys($enablesid) as $k1) {
+ foreach (array_keys($enablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
}
+ $tmp = rtrim($tmp, "||");
+
if (!empty($tmp))
$a_rule[$id]['rule_sid_on'] = $tmp;
else
unset($a_rule[$id]['rule_sid_on']);
+
$tmp = "";
- foreach ($disablesid as $k => $v) {
- $tmp .= "||{$v} {$k}";
+ foreach (array_keys($disablesid) as $k1) {
+ foreach (array_keys($disablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
}
+ $tmp = rtrim($tmp, "||");
+
if (!empty($tmp))
$a_rule[$id]['rule_sid_off'] = $tmp;
else
unset($a_rule[$id]['rule_sid_off']);
+
write_config();
$_GET['openruleset'] = $currentruleset;
@@ -273,30 +301,38 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
// Reset any modified SIDs in the current rule category to their defaults.
foreach (array_keys($rules_map) as $k1) {
foreach (array_keys($rules_map[$k1]) as $k2) {
- if (isset($enablesid[$k2]))
- unset($enablesid[$k2]);
- if (isset($disablesid[$k2]))
- unset($disablesid[$k2]);
+ if (isset($enablesid[$k1][$k2]))
+ unset($enablesid[$k1][$k2]);
+ if (isset($disablesid[$k1][$k2]))
+ unset($disablesid[$k1][$k2]);
}
}
// Write the updated enablesid and disablesid values to the config file.
$tmp = "";
- foreach ($enablesid as $k => $v) {
- $tmp .= "||{$v} {$k}";
+ foreach (array_keys($enablesid) as $k1) {
+ foreach (array_keys($enablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
}
+ $tmp = rtrim($tmp, "||");
+
if (!empty($tmp))
$a_rule[$id]['rule_sid_on'] = $tmp;
else
unset($a_rule[$id]['rule_sid_on']);
+
$tmp = "";
- foreach ($disablesid as $k => $v) {
- $tmp .= "||{$v} {$k}";
+ foreach (array_keys($disablesid) as $k1) {
+ foreach (array_keys($disablesid[$k1]) as $k2)
+ $tmp .= "{$k1}:{$k2}||";
}
+ $tmp = rtrim($tmp, "||");
+
if (!empty($tmp))
$a_rule[$id]['rule_sid_off'] = $tmp;
else
unset($a_rule[$id]['rule_sid_off']);
+
write_config();
$_GET['openruleset'] = $currentruleset;
@@ -328,8 +364,11 @@ if ($_POST['clear']) {
exit;
}
-if ($_POST['customrules']) {
- $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
+if ($_POST['submit']) {
+ if ($_POST['customrules'])
+ $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
+ else
+ unset($a_rule[$id]['customrules']);
write_config();
$rebuild_rules = true;
snort_generate_conf($a_rule[$id]);
@@ -416,15 +455,15 @@ if ($savemsg) {
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
- $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");;
- $tab_array = array();
- $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
+ $tab_array = array();
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -435,19 +474,14 @@ if ($savemsg) {
<tr>
<td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;<select id="selectbox" name="selectbox" class="formselect" onChange="go()">
- <option value='?id=<?=$id;?>&openruleset=custom.rules'>custom.rules</option>
<?php
- $files = explode("||", $pconfig['rulesets']);
- if ($a_rule[$id]['ips_policy_enable'] == 'on')
- $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
- if ($a_rule[$id]['autoflowbitrules'] == 'on')
- $files[] = "Auto-Flowbit Rules";
- natcasesort($files);
- foreach ($files as $value) {
+ foreach ($categories as $value) {
if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_")
continue;
if ($emergingdownload != 'on' && substr($value, 0, 8) == "emerging")
continue;
+ if ($etprodownload != 'on' && substr($value, 0, 6) == "etpro-")
+ continue;
if (empty($value))
continue;
echo "<option value='?id={$id}&openruleset={$value}' ";
@@ -468,12 +502,12 @@ if ($savemsg) {
<td valign="top" class="vtable">
<input type='hidden' name='openruleset' value='custom.rules'>
<input type='hidden' name='id' value='<?=$id;?>'>
- <textarea wrap="soft" cols="90" rows="40" name="customrules"><?=$pconfig['customrules'];?></textarea>
+ <textarea wrap="soft" cols="90" rows="40" name="customrules"><?=base64_decode($a_rule[$id]['customrules']);?></textarea>
</td>
</tr>
<tr>
<td>
- <input name="Submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
+ <input name="submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
<input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel changes and return to last page"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/>
</td>
@@ -491,7 +525,7 @@ if ($savemsg) {
<input type='hidden' name='id' value='<?=$id;?>'/>
<input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/><br/><br/>
<span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" .
- gettext("Snort must be restarted to activate any SID enable/disable changes made on this tab."); ?></span></td>
+ gettext("Snort must be restarted to activate any rule enable/disable changes made on this tab."); ?></span></td>
<td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'>
<img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
@@ -543,11 +577,14 @@ if ($savemsg) {
</tr>
<tr>
<td>
+
+ <?php if ($currentruleset != 'decoder.rules' && $currentruleset != 'preprocessor.rules'): ?>
<table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0">
<colgroup>
<col width="15" align="left" valign="middle">
- <col width="9%" align="center" axis="number">
- <col width="60" align="center" axis="string">
+ <col width="6%" align="center" axis="number">
+ <col width="8%" align="center" axis="number">
+ <col width="54" align="center" axis="string">
<col width="14%" align="center" axis="string">
<col width="11%" align="center" axis="string">
<col width="14%" align="center" axis="string">
@@ -558,6 +595,7 @@ if ($savemsg) {
<thead>
<tr>
<th class="list">&nbsp;</th>
+ <th class="listhdrr"><?php echo gettext("GID"); ?></th>
<th class="listhdrr"><?php echo gettext("SID"); ?></th>
<th class="listhdrr"><?php echo gettext("Proto"); ?></th>
<th class="listhdrr"><?php echo gettext("Source"); ?></th>
@@ -579,28 +617,28 @@ if ($savemsg) {
$counter = $enable_cnt = $disable_cnt = 0;
foreach ($rules_map as $k1 => $rulem) {
foreach ($rulem as $k2 => $v) {
- $sid = snort_get_sid($v['rule']);
- $gid = snort_get_gid($v['rule']);
+ $sid = $k2;
+ $gid = $k1;
- if (isset($disablesid[$sid])) {
+ if (isset($disablesid[$gid][$sid])) {
$textss = "<span class=\"gray\">";
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
- $title = gettext("Disabled by user. Click to toggle to enabled state");
+ $title = gettext("Disabled by user. Click to toggle to default state");
}
- elseif (($v['disabled'] == 1) && (!isset($enablesid[$sid]))) {
+ elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
$textss = "<span class=\"gray\">";
$textse = "</span>";
$iconb = "icon_block_d.gif";
$disable_cnt++;
$title = gettext("Disabled by default. Click to toggle to enabled state");
}
- elseif (isset($enablesid[$sid])) {
+ elseif (isset($enablesid[$gid][$sid])) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
- $title = gettext("Enabled by user. Click to toggle to disabled state");
+ $title = gettext("Enabled by user. Click to toggle to default state");
}
else {
$textss = $textse = "";
@@ -630,13 +668,16 @@ if ($savemsg) {
$message = snort_get_msg($v['rule']);
echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss
- <a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}'>
+ <a id=\"rule_{$gid}_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&gid={$gid}&ids={$sid}'>
<img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
width=\"11\" height=\"11\" border=\"0\"
title='{$title}'></a>
$textse
</td>
<td class=\"listlr\" align=\"center\">
+ {$textss}{$gid}{$textse}
+ </td>
+ <td class=\"listlr\" align=\"center\">
{$textss}{$sid}{$textse}
</td>
<td class=\"listlr\" align=\"center\">
@@ -673,6 +714,119 @@ if ($savemsg) {
?>
</tbody>
</table>
+
+ <?php else: ?>
+
+ <table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <colgroup>
+ <col width="15" align="left" valign="middle">
+ <col width="6%" align="center" axis="number">
+ <col width="6%" align="center" axis="number">
+ <col width="22%" align="center" axis="string">
+ <col width="15%" align="center" axis="string">
+ <col align="left" axis="string">
+ <col width="22" align="right" valign="middle">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="list">&nbsp;</th>
+ <th class="listhdrr"><?php echo gettext("GID"); ?></th>
+ <th class="listhdrr"><?php echo gettext("SID"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Classification"); ?></th>
+ <th class="listhdrr"><?php echo gettext("IPS Policy"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Message"); ?></th>
+ <th class="list"><a href="javascript: void(0)"
+ onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php
+ echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"'
+ onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?>
+ title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php
+ $counter = $enable_cnt = $disable_cnt = 0;
+ foreach ($rules_map as $k1 => $rulem) {
+ foreach ($rulem as $k2 => $v) {
+ $sid = snort_get_sid($v['rule']);
+ $gid = snort_get_gid($v['rule']);
+ if (isset($disablesid[$gid][$sid])) {
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $iconb = "icon_reject_d.gif";
+ $disable_cnt++;
+ $title = gettext("Disabled by user. Click to toggle to default state");
+ }
+ elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $iconb = "icon_block_d.gif";
+ $disable_cnt++;
+ $title = gettext("Disabled by default. Click to toggle to enabled state");
+ }
+ elseif (isset($enablesid[$gid][$sid])) {
+ $textss = $textse = "";
+ $iconb = "icon_reject.gif";
+ $enable_cnt++;
+ $title = gettext("Enabled by user. Click to toggle to default state");
+ }
+ else {
+ $textss = $textse = "";
+ $iconb = "icon_block.gif";
+ $enable_cnt++;
+ $title = gettext("Enabled by default. Click to toggle to disabled state");
+ }
+ $message = snort_get_msg($v['rule']);
+ $matches = array();
+ if (preg_match('/(?:classtype\b\s*:)\s*(\S*\s*;)/iU', $v['rule'], $matches))
+ $classtype = trim($matches[1], " ;");
+ else
+ $classtype = "No Classtype Defined";
+ $matches = array();
+ if (preg_match_all('/(\S*-ips)(?:\s*drop|alert)(?:,|\s*|;)/i', $v['rule'], $matches))
+ $policy = implode("<br/>", $matches[1]);
+ else
+ $policy = "none";
+
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\"> $textss
+ <a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}&gid={$gid}'>
+ <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
+ width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}'></a>
+ $textse
+ </td>
+ <td class=\"listlr\" align=\"center\">
+ {$textss}{$gid}{$textse}
+ </td>
+ <td class=\"listlr\" align=\"center\">
+ {$textss}{$sid}{$textse}
+ </td>
+ <td class=\"listlr\" align=\"center\">
+ {$textss}{$classtype}</span>
+ </td>
+ <td class=\"listlr\" align=\"center\">
+ {$textss}{$policy}</span>
+ </td>
+ <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line;\"><font color=\"white\">
+ {$textss}{$message}{$textse}</font>
+ </td>";
+ ?>
+ <td align="right" valign="middle" nowrap class="listt">
+ <a href="javascript: void(0)"
+ onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
+ title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a>
+ </td>
+ </tr>
+ <?php
+ $counter++;
+ }
+ }
+ unset($rulem, $v);
+ ?>
+ </tbody>
+ </table>
+ <?php endif;?>
</td>
</tr>
<tr>
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index c0087464..61a9574a 100755
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -4,6 +4,7 @@
*
* Copyright (C) 2004, 2005 Scott Ullrich
* Copyright (C) 2011 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Adapted for FreeNAS by Volker Theile (votdev@gmx.de)
@@ -97,21 +98,29 @@ elseif (isset($_GET['ids'])) {
// If flowbit rule, point to interface-specific file
if ($file == "Auto-Flowbit Rules")
$rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME);
+ elseif (file_exists("{$snortdir}/preproc_rules/{$file}"))
+ $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$file}");
else
$rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}");
$contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
$wrap_flag = "soft";
}
-
// Is it our special flowbit rules file?
elseif ($file == "Auto-Flowbit Rules")
$contents = file_get_contents("{$snortcfgdir}/rules/{$flowbit_rules_file}");
// Is it a rules file in the ../rules/ directory?
elseif (file_exists("{$snortdir}/rules/{$file}"))
$contents = file_get_contents("{$snortdir}/rules/{$file}");
+// Is it a rules file in the ../preproc_rules/ directory?
+elseif (file_exists("{$snortdir}/preproc_rules/{$file}"))
+ $contents = file_get_contents("{$snortdir}/preproc_rules/{$file}");
// Is it a fully qualified path and file?
-elseif (file_exists($file))
- $contents = file_get_contents($file);
+elseif (file_exists($file)) {
+ if (substr(realpath($file), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
+ $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!");
+ else
+ $contents = file_get_contents($file);
+}
// It is not something we can display, so exit.
else
$input_errors[] = gettext("Unable to open file: {$displayfile}");