aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2013-10-17 16:24:40 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2013-10-17 16:24:40 -0400
commit0ff48067e191b8edb984f52e9c8cb8df777bff05 (patch)
tree0e04f07be5a28bc7a47019b52df229eb9e38cb02 /config/snort
parente8a4ccbfca3f54ddee4bcd337471cfa140c2373e (diff)
downloadpfsense-packages-0ff48067e191b8edb984f52e9c8cb8df777bff05.tar.gz
pfsense-packages-0ff48067e191b8edb984f52e9c8cb8df777bff05.tar.bz2
pfsense-packages-0ff48067e191b8edb984f52e9c8cb8df777bff05.zip
Add ability to select flowbit rules on RULES tab.
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort_rules.php34
-rwxr-xr-xconfig/snort/snort_rules_edit.php28
-rw-r--r--config/snort/snort_rules_flowbits.php9
3 files changed, 53 insertions, 18 deletions
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index c9d90597..2882a89e 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -33,7 +33,7 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $g, $flowbit_rules_file, $rebuild_rules;
+global $g, $rebuild_rules;
$snortdir = SNORTDIR;
$rules_map = array();
@@ -106,6 +106,7 @@ function add_title_attribute($tag, $title) {
/* convert fake interfaces to real */
$if_real = snort_get_real_interface($pconfig['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
+$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
$categories = explode("||", $pconfig['rulesets']);
@@ -133,6 +134,9 @@ $ruledir = "{$snortdir}/rules";
$rulefile = "{$ruledir}/{$currentruleset}";
if ($currentruleset != 'custom.rules') {
// Read the current rules file into our rules map array.
+ // If it is the auto-flowbits file, set the full path.
+ if ($currentruleset == "Auto-Flowbit Rules")
+ $rulefile = "{$snortcfgdir}/rules/" . FLOWBITS_FILENAME;
// Test for the special case of an IPS Policy file.
if (substr($currentruleset, 0, 10) == "IPS Policy")
$rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']);
@@ -193,8 +197,6 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
write_config();
$_GET['openruleset'] = $currentruleset;
-// header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
-// exit;
$anchor = "rule_{$sid}";
}
@@ -334,7 +336,7 @@ if ($_POST['customrules']) {
$rebuild_rules = false;
$output = "";
$retcode = "";
- exec("snort -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -T 2>&1", $output, $retcode);
+ exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode);
if (intval($retcode) != 0) {
$error = "";
$start = count($output);
@@ -436,6 +438,8 @@ if ($savemsg) {
$files = explode("||", $pconfig['rulesets']);
if ($a_rule[$id]['ips_policy_enable'] == 'on')
$files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
+ if ($a_rule[$id]['autoflowbitrules'] == 'on')
+ $files[] = "Auto-Flowbit Rules";
natcasesort($files);
foreach ($files as $value) {
if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_")
@@ -517,6 +521,17 @@ if ($savemsg) {
title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?>
&nbsp;&nbsp;<?php echo gettext("Enable all rules in the current Category"); ?></td>
</tr>
+ <?php if ($currentruleset == 'Auto-Flowbit Rules'): ?>
+ <tr>
+ <td colspan="3">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" .
+ gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") .
+ "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" .
+ gettext("clicking here") . ".</a>";?></td>
+ </tr>
+ <?php endif;?>
</table>
</td>
</tr>
@@ -564,27 +579,32 @@ if ($savemsg) {
foreach ($rulem as $k2 => $v) {
$sid = snort_get_sid($v['rule']);
$gid = snort_get_gid($v['rule']);
+
if (isset($disablesid[$sid])) {
$textss = "<span class=\"gray\">";
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
+ $title = gettext("Disabled by user. Click to toggle to enabled state");
}
elseif (($v['disabled'] == 1) && (!isset($enablesid[$sid]))) {
$textss = "<span class=\"gray\">";
$textse = "</span>";
$iconb = "icon_block_d.gif";
$disable_cnt++;
+ $title = gettext("Disabled by default. Click to toggle to enabled state");
}
elseif (isset($enablesid[$sid])) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
+ $title = gettext("Enabled by user. Click to toggle to disabled state");
}
else {
$textss = $textse = "";
$iconb = "icon_block.gif";
$enable_cnt++;
+ $title = gettext("Enabled by default. Click to toggle to disabled state");
}
// Pick off the first section of the rule (prior to the start of the MSG field),
@@ -611,7 +631,7 @@ if ($savemsg) {
<a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}'>
<img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
width=\"11\" height=\"11\" border=\"0\"
- title='" . gettext("Click to toggle enabled/disabled state") . "'></a>
+ title='{$title}'></a>
$textse
</td>
<td class=\"listlr\" align=\"center\">
@@ -638,8 +658,8 @@ if ($savemsg) {
?>
<td align="right" valign="middle" nowrap class="listt">
<a href="javascript: void(0)"
- onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
+ onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif"
title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a>
</td>
</tr>
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index a1f45c07..c0087464 100755
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -37,7 +37,7 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort.inc");
-global $flowbit_rules_file;
+$flowbit_rules_file = FLOWBITS_FILENAME;
$snortdir = SNORTDIR;
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
@@ -60,10 +60,17 @@ if (isset($id) && $a_rule[$id]) {
/* convert fake interfaces to real */
$if_real = snort_get_real_interface($pconfig['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
+$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}";
$file = $_GET['openruleset'];
$contents = '';
$wrap_flag = "off";
+// Correct displayed file title if necessary
+if ($file == "Auto-Flowbit Rules")
+ $displayfile = FLOWBITS_FILENAME;
+else
+ $displayfile = $file;
+
// Read the contents of the argument passed to us.
// It may be an IPS policy string, an individual SID,
// a standard rules file, or a complete file name.
@@ -87,13 +94,18 @@ if (substr($file, 0, 10) == "IPS Policy") {
}
// Is it a SID to load the rule text from?
elseif (isset($_GET['ids'])) {
- $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}");
+ // If flowbit rule, point to interface-specific file
+ if ($file == "Auto-Flowbit Rules")
+ $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME);
+ else
+ $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}");
$contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
$wrap_flag = "soft";
}
+
// Is it our special flowbit rules file?
-elseif ($file == $flowbit_rules_file)
- $contents = file_get_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
+elseif ($file == "Auto-Flowbit Rules")
+ $contents = file_get_contents("{$snortcfgdir}/rules/{$flowbit_rules_file}");
// Is it a rules file in the ../rules/ directory?
elseif (file_exists("{$snortdir}/rules/{$file}"))
$contents = file_get_contents("{$snortdir}/rules/{$file}");
@@ -101,10 +113,8 @@ elseif (file_exists("{$snortdir}/rules/{$file}"))
elseif (file_exists($file))
$contents = file_get_contents($file);
// It is not something we can display, so exit.
-else {
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$file}");
- exit;
-}
+else
+ $input_errors[] = gettext("Unable to open file: {$displayfile}");
$pgtitle = array(gettext("Snort"), gettext("File Viewer"));
?>
@@ -128,7 +138,7 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer"));
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
<td align="right">
- <b><?php echo gettext("Rules File: ") . '</b>&nbsp;' . $file; ?>&nbsp;&nbsp;&nbsp;&nbsp;
+ <b><?php echo gettext("Rules File: ") . '</b>&nbsp;' . $displayfile; ?>&nbsp;&nbsp;&nbsp;&nbsp;
</td>
</tr>
<tr>
diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php
index 499d093c..578f6c66 100644
--- a/config/snort/snort_rules_flowbits.php
+++ b/config/snort/snort_rules_flowbits.php
@@ -58,6 +58,11 @@ if (is_null($id)) {
exit;
}
+// Set who called us so we can return to the correct page with
+// the RETURN button. We will just trust this User-Agent supplied
+// string for now.
+$referrer = $_SERVER['HTTP_REFERER'];
+
$if_real = snort_get_real_interface($a_nat[$id]['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
@@ -185,7 +190,7 @@ if ($savemsg)
<tr>
<td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus.gif" width='12' height='12' border='0'/></td>
<td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td>
- <td rowspan="3" align="right"><input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='snort_rulesets.php?id=<?=$id;?>'" <?php
+ <td rowspan="3" align="right"><input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='<?=$referrer;?>'" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/></td>
</tr>
<tr>
@@ -278,7 +283,7 @@ if ($savemsg)
<?php if ($count > 20): ?>
<tr>
<td align="center" valign="middle">
- <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='snort_rulesets.php?id=<?=$id;?>'" <?php
+ <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='<?=$referrer;?>'" <?php
echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/>
<input name="id" type="hidden" value="<?=$id;?>" />
</td>