aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-07-16 09:56:55 +0000
committerErmal <eri@pfsense.org>2012-07-16 09:56:55 +0000
commitb6ea1ca75782c61f4729136b30a5459feb9ccb1c (patch)
tree5b408956ad7a4ffc17e161b45d042c7259d719b1 /config/snort
parentfc886e5bd05dd82701f0d7961e92de87c3ba1bd4 (diff)
downloadpfsense-packages-b6ea1ca75782c61f4729136b30a5459feb9ccb1c.tar.gz
pfsense-packages-b6ea1ca75782c61f4729136b30a5459feb9ccb1c.tar.bz2
pfsense-packages-b6ea1ca75782c61f4729136b30a5459feb9ccb1c.zip
Allow looking at rule content but not editing them. Custom rules can be used for that
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort_rules.php6
-rw-r--r--config/snort/snort_rules_edit.php102
2 files changed, 25 insertions, 83 deletions
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 41e8e761..1bf774eb 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -162,7 +162,7 @@ if ($_POST['customrules']) {
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
exit;
}
-} else if ($_POST)
+} else if ($_POST) {
unset($a_rule[$id]['customrules']);
write_config();
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
@@ -368,8 +368,8 @@ function popup(url)
<table border="0" cellspacing="0" cellpadding="1">
<tr>
<td><a href="javascript: void(0)"
- onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$counter;?>')"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>')"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
title="edit rule" width="17" height="17" border="0"></a></td>
<!-- Codes by Quackit.com -->
</tr>
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 127bfe0c..809832ea 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -37,83 +37,41 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
+$snortdir = SNORTDIR;
+
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
$config['installedpackages']['snortglobal']['rule'] = array();
}
-$a_nat = &$config['installedpackages']['snortglobal']['rule'];
+$a_rule = &$config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-
-$ids = $_GET['ids'];
-if (isset($_POST['ids']))
- $ids = $_POST['ids'];
-
-if (isset($id) && $a_nat[$id]) {
- $pconfig['enable'] = $a_nat[$id]['enable'];
- $pconfig['interface'] = $a_nat[$id]['interface'];
- $pconfig['rulesets'] = $a_nat[$id]['rulesets'];
+if (is_null($id)) {
+ header("Location: /snort/snort_interfaces.php");
+ exit;
}
-//get rule id
-$lineid = $_GET['ids'];
-if (isset($_POST['ids']))
- $lineid = $_POST['ids'];
+if (isset($id) && $a_rule[$id]) {
+ $pconfig['enable'] = $a_rule[$id]['enable'];
+ $pconfig['interface'] = $a_rule[$id]['interface'];
+ $pconfig['rulesets'] = $a_rule[$id]['rulesets'];
+}
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+$snort_uuid = $a_rule[$id]['uuid'];
$file = $_GET['openruleset'];
-if (isset($_POST['openruleset']))
- $file = $_POST['openruleset'];
//read file into string, and get filesize also chk for empty files
$contents = '';
-if (filesize($file) > 0 )
- $contents = file_get_contents($file);
-
-//delimiter for each new rule is a new line
-$delimiter = "\n";
+if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"))
+ $contents = file_get_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}");
+else {
+ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$file}");
+ exit;
+}
//split the contents of the string file into an array using the delimiter
-$splitcontents = explode($delimiter, $contents);
-$findme = "# alert"; //find string for disabled alerts
-$highlight = "yes";
-if (strstr($splitcontents[$lineid], $findme))
- $highlight = "no";
-if ($highlight == "no")
- $splitcontents[$lineid] = substr($splitcontents[$lineid], 2);
-
-if ($_POST) {
- if ($_POST['save']) {
-
- //copy string into file array for writing
- if ($_POST['highlight'] == "yes")
- $splitcontents[$lineid] = $_POST['code'];
- else
- $splitcontents[$lineid] = "# " . $_POST['code'];
-
- //write disable/enable sid to config.xml
- $sid = snort_get_rule_part($splitcontents[$lineid], 'sid:', ';', 0);
- if (is_numeric($sid)) {
- // rule_sid_on registers
- if (!empty($a_nat[$id]['rule_sid_on']))
- $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']);
- if (!empty($a_nat[$id]['rule_sid_on']))
- $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']);
- if ($_POST['highlight'] == "yes")
- $a_nat[$id]['rule_sid_on'] = "||enablesid $sid" . $a_nat[$id]['rule_sid_on'];
- else
- $a_nat[$id]['rule_sid_off'] = "||disablesid $sid" . $a_nat[$id]['rule_sid_off'];
- }
-
- //write the new .rules file
- @file_put_contents($file, implode($delimiter, $splitcontents));
-
- write_config();
-
- echo "<script> opener.window.location.reload(); window.close(); </script>";
- exit;
- }
-}
+$splitcontents = explode("\n", $contents);
$pgtitle = array(gettext("Advanced"), gettext("File Editor"));
@@ -126,35 +84,19 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor"));
<?php include("fbegin.inc");?>
<form action="snort_rules_edit.php" method="post">
-<input type='hidden' name='id' value='<?=$id;?>' />
-<input type='hidden' name='ids' value='<?=$ids;?>' />
-<input type='hidden' name='openruleset' value='<?=$file;?>' />
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
<table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
<tr>
<td>
- <input name="save" type="submit" class="formbtn" id="save" value="save" />
<input type="button" class="formbtn" value="Cancel" onclick="window.close()">
- <hr noshade="noshade" />
- Disable original rule :<br/>
-
- <input id="highlighting_enabled" name="highlight2" type="radio" value="yes" <?php if($highlight == "yes") echo " checked=\"checked\""; ?> />
- <label for="highlighting_enabled"><?=gettext("Enabled");?> </label>
- <input id="highlighting_disabled" name="highlight2" type="radio" value="no" <?php if($highlight == "no") echo " checked=\"checked\""; ?> />
- <label for="highlighting_disabled"> <?=gettext("Disabled");?></label>
</td>
</tr>
- <tr>
- <td valign="top" class="label">
- <textarea wrap="off" cols="90" rows="3" name="code"><?=$splitcontents[$lineid];?></textarea>
- </td>
- </tr>
<tr>
<td valign="top" class="label">
<div style="background: #eeeeee;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea disabled wrap="off" rows="33" cols="90" name="code2"><?=$contents;?></textarea>
+ <textarea wrap="off" rows="33" cols="90" name="code2"><?=$contents;?></textarea>
</div>
</td>
</tr>