diff options
author | robiscool <robrob2626@yahoo.com> | 2011-08-09 10:04:28 -0700 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2011-08-09 10:04:28 -0700 |
commit | 7757b8de6deea0db6a75cb60cd41745aecacba36 (patch) | |
tree | c97a25087508f9224e1f2e673ba7ddf273e89be8 /config | |
parent | 1fae858397c86fc20ea0678e756f1310cc054e35 (diff) | |
download | pfsense-packages-7757b8de6deea0db6a75cb60cd41745aecacba36.tar.gz pfsense-packages-7757b8de6deea0db6a75cb60cd41745aecacba36.tar.bz2 pfsense-packages-7757b8de6deea0db6a75cb60cd41745aecacba36.zip |
orionids-dev, finally finished sig ips db gui, start snortsam.conf work
Diffstat (limited to 'config')
-rw-r--r-- | config/orionids-dev/javascript/jquery.progressbar.min.js | 38 | ||||
-rw-r--r-- | config/orionids-dev/javascript/snort_globalsend.js | 44 | ||||
-rw-r--r-- | config/orionids-dev/snort_build.inc | 86 | ||||
-rw-r--r-- | config/orionids-dev/snort_interfaces_rules.php | 51 | ||||
-rw-r--r-- | config/orionids-dev/snort_json_post.php | 47 | ||||
-rw-r--r-- | config/orionids-dev/snort_new.inc | 48 | ||||
-rw-r--r-- | config/orionids-dev/snort_rules_ips.php | 43 |
7 files changed, 283 insertions, 74 deletions
diff --git a/config/orionids-dev/javascript/jquery.progressbar.min.js b/config/orionids-dev/javascript/jquery.progressbar.min.js index 77d147f9..e85e1120 100644 --- a/config/orionids-dev/javascript/jquery.progressbar.min.js +++ b/config/orionids-dev/javascript/jquery.progressbar.min.js @@ -1,20 +1,20 @@ -
-(function($){$.extend({progressBar:new function(){this.defaults={steps:20,stepDuration:20,max:100,showText:true,textFormat:'percentage',width:120,height:12,callback:null,boxImage:'/snort/images/progressbar.gif',barImage:{0:'images/progressbg_red.gif',30:'images/progressbg_orange.gif',70:'images/progressbg_green.gif'},running_value:0,value:0,image:null};this.construct=function(arg1,arg2){var argvalue=null;var argconfig=null;if(arg1!=null){if(!isNaN(arg1)){argvalue=arg1;if(arg2!=null){argconfig=arg2;}}else{argconfig=arg1;}}
-return this.each(function(child){var pb=this;var config=this.config;if(argvalue!=null&&this.bar!=null&&this.config!=null){this.config.value=parseInt(argvalue)
-if(argconfig!=null)
-pb.config=$.extend(this.config,argconfig);config=pb.config;}else{var $this=$(this);var config=$.extend({},$.progressBar.defaults,argconfig);config.id=$this.attr('id')?$this.attr('id'):Math.ceil(Math.random()*100000);if(argvalue==null)
-argvalue=$this.html().replace("%","")
-config.value=parseInt(argvalue);config.running_value=0;config.image=getBarImage(config);var numeric=['steps','stepDuration','max','width','height','running_value','value'];for(var i=0;i<numeric.length;i++)
-config[numeric[i]]=parseInt(config[numeric[i]]);$this.html("");var bar=document.createElement('img');var text=document.createElement('span');var $bar=$(bar);var $text=$(text);pb.bar=$bar;$bar.attr('id',config.id+"_pbImage");$text.attr('id',config.id+"_pbText");$text.html(getText(config));$bar.attr('title',getText(config));$bar.attr('alt',getText(config));$bar.attr('src',config.boxImage);$bar.attr('width',config.width);$bar.css("width",config.width+"px");$bar.css("height",config.height+"px");$bar.css("background-image","url("+config.image+")");$bar.css("background-position",((config.width*-1))+'px 50%');$bar.css("padding","0");$bar.css("margin","0");$this.append($bar);$this.append($text);}
-function getPercentage(config){return config.running_value*100/config.max;}
-function getBarImage(config){var image=config.barImage;if(typeof(config.barImage)=='object'){for(var i in config.barImage){if(config.running_value>=parseInt(i)){image=config.barImage[i];}else{break;}}}
-return image;}
-function getText(config){if(config.showText){if(config.textFormat=='percentage'){return" "+Math.round(config.running_value)+"%";}else if(config.textFormat=='fraction'){return" "+config.running_value+'/'+config.max;}}}
-config.increment=Math.round((config.value-config.running_value)/config.steps);if(config.increment<0)
-config.increment*=-1;if(config.increment<1)
-config.increment=1;var t=setInterval(function(){var pixels=config.width/100;if(config.running_value>config.value){if(config.running_value-config.increment<config.value){config.running_value=config.value;}else{config.running_value-=config.increment;}}
-else if(config.running_value<config.value){if(config.running_value+config.increment>config.value){config.running_value=config.value;}else{config.running_value+=config.increment;}}
-if(config.running_value==config.value)
-clearInterval(t);var $bar=$("#"+config.id+"_pbImage");var $text=$("#"+config.id+"_pbText");var image=getBarImage(config);if(image!=config.image){$bar.css("background-image","url("+image+")");config.image=image;}
-$bar.css("background-position",(((config.width*-1))+(getPercentage(config)*pixels))+'px 50%');$bar.attr('title',getText(config));$text.html(getText(config));if(config.callback!=null&&typeof(config.callback)=='function')
+ +(function($){$.extend({progressBar:new function(){this.defaults={steps:20,stepDuration:20,max:100,showText:true,textFormat:'percentage',width:120,height:12,callback:null,boxImage:'/snort/images/progressbar.gif',barImage:{0:'images/progressbg_red.gif',30:'images/progressbg_orange.gif',70:'images/progressbg_green.gif'},running_value:0,value:0,image:null};this.construct=function(arg1,arg2){var argvalue=null;var argconfig=null;if(arg1!=null){if(!isNaN(arg1)){argvalue=arg1;if(arg2!=null){argconfig=arg2;}}else{argconfig=arg1;}} +return this.each(function(child){var pb=this;var config=this.config;if(argvalue!=null&&this.bar!=null&&this.config!=null){this.config.value=parseInt(argvalue) +if(argconfig!=null) +pb.config=$.extend(this.config,argconfig);config=pb.config;}else{var $this=$(this);var config=$.extend({},$.progressBar.defaults,argconfig);config.id=$this.attr('id')?$this.attr('id'):Math.ceil(Math.random()*100000);if(argvalue==null) +argvalue=$this.html().replace("%","") +config.value=parseInt(argvalue);config.running_value=0;config.image=getBarImage(config);var numeric=['steps','stepDuration','max','width','height','running_value','value'];for(var i=0;i<numeric.length;i++) +config[numeric[i]]=parseInt(config[numeric[i]]);$this.html("");var bar=document.createElement('img');var text=document.createElement('span');var $bar=$(bar);var $text=$(text);pb.bar=$bar;$bar.attr('id',config.id+"_pbImage");$text.attr('id',config.id+"_pbText");$text.html(getText(config));$bar.attr('title',getText(config));$bar.attr('alt',getText(config));$bar.attr('src',config.boxImage);$bar.attr('width',config.width);$bar.css("width",config.width+"px");$bar.css("height",config.height+"px");$bar.css("background-image","url("+config.image+")");$bar.css("background-position",((config.width*-1))+'px 50%');$bar.css("padding","0");$bar.css("margin","0");$this.append($bar);$this.append($text);} +function getPercentage(config){return config.running_value*100/config.max;} +function getBarImage(config){var image=config.barImage;if(typeof(config.barImage)=='object'){for(var i in config.barImage){if(config.running_value>=parseInt(i)){image=config.barImage[i];}else{break;}}} +return image;} +function getText(config){if(config.showText){if(config.textFormat=='percentage'){return" "+Math.round(config.running_value)+"%";}else if(config.textFormat=='fraction'){return" "+config.running_value+'/'+config.max;}}} +config.increment=Math.round((config.value-config.running_value)/config.steps);if(config.increment<0) +config.increment*=-1;if(config.increment<1) +config.increment=1;var t=setInterval(function(){var pixels=config.width/100;if(config.running_value>config.value){if(config.running_value-config.increment<config.value){config.running_value=config.value;}else{config.running_value-=config.increment;}} +else if(config.running_value<config.value){if(config.running_value+config.increment>config.value){config.running_value=config.value;}else{config.running_value+=config.increment;}} +if(config.running_value==config.value) +clearInterval(t);var $bar=$("#"+config.id+"_pbImage");var $text=$("#"+config.id+"_pbText");var image=getBarImage(config);if(image!=config.image){$bar.css("background-image","url("+image+")");config.image=image;} +$bar.css("background-position",(((config.width*-1))+(getPercentage(config)*pixels))+'px 50%');$bar.attr('title',getText(config));$text.html(getText(config));if(config.callback!=null&&typeof(config.callback)=='function') config.callback(config);pb.config=config;},config.stepDuration);});};}});$.fn.extend({progressBar:$.progressBar.construct});})(jQuery);
\ No newline at end of file diff --git a/config/orionids-dev/javascript/snort_globalsend.js b/config/orionids-dev/javascript/snort_globalsend.js index 083c40ef..dc92efba 100644 --- a/config/orionids-dev/javascript/snort_globalsend.js +++ b/config/orionids-dev/javascript/snort_globalsend.js @@ -216,7 +216,8 @@ jQuery(document).ready(function() { // ------------------------------- START remove row element --------------------------------------- - + + // removes row and deletes db entries function removeRow(){ jQuery("#maintable_" + window.RemoveRow_UUID).remove(); } @@ -255,6 +256,35 @@ jQuery(document).ready(function() { } }); + + // resets db entries + function removeRow(){ + jQuery("#maintable_" + window.RemoveRow_UUID).remove(); + } + + jQuery(".icon_r").live('click', function(){ + + var elem = getBaseElement(this.id); // this.id gets id of .icon_x + + // window.RemoveRow_UUID = jQuery("#rowlist_" + elem.index).data("options").rowuuid; + window.RemoveRow_UUID = elem.index; + window.RemoveRow_Table = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagetable; + window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb; + window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST; + + // snort_interfaces_whitelist + if (window.RemoveRow_POST === 'true'){ + if(confirm('Do you really want to reset this list ? (e.g. DB will reset, all saved settings will be lost!)')) { + + jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); + jQuery("#maintable_" + window.RemoveRow_UUID).fadeIn("fast"); + + jQuery(this).ajaxSubmit(optionsRSTlist); // call POST + return false; + } + } + + }); function RMlistDBDelCall(){ @@ -303,7 +333,17 @@ jQuery(document).ready(function() { type: 'POST', data: { RMlistDelRow: '1', RMlistDB: RMlistDBDelCall, RMlistTable: RMlistTableDelCall, RMlistUuid: RMlistUuidDelCall }, url: './snort_json_post.php' - }; + }; + + // declare variable for DB reset + var optionsRSTlist = { + beforeSubmit: showRequestRMlist, + dataType: 'json', + success: showResponseRMlist, + type: 'POST', + data: { RSTlistRow: '1', RSTlistDB: RMlistDBDelCall, RSTlistTable: RMlistTableDelCall, RSTlistUuid: RMlistUuidDelCall }, + url: './snort_json_post.php' + }; // STOP remove row element diff --git a/config/orionids-dev/snort_build.inc b/config/orionids-dev/snort_build.inc index edc9583a..2c18d3d3 100644 --- a/config/orionids-dev/snort_build.inc +++ b/config/orionids-dev/snort_build.inc @@ -43,6 +43,86 @@ if(isset($_POST['__csrf_magic'])) { unset($_POST['__csrf_magic']); } + +/* + * Builds sid-block.map for snortsam + * May have to break this down into smaller funcs so that there is no namespace conflick + */ +function buildSnortSamSidBlockMap($rdbuuid) +{ + + + function buildSidMap($rdbuuid) + { + // list rules in the default dir + $filterDirList = array(); + $filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules'); + + // list rules in db that are on in a array + $listOnRules = array(); + $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSetsIps', 'rdbuuid', $rdbuuid); + + // list rules in db that are on in a array + $listGenRules = array(); + $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid); + + // get sigs in db + $listSigRules = array(); + $listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid); + + // clear tmp db + exec('rm /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/*.rules'); + + foreach ($listOnRules as $listRule) + { + if ( $listRule['enable'] === 'on' ) { + exec('cp /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules/' . $listRule['rulesetname'] . ' /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/' . $listRule['rulesetname']); + } + } + + // get list of sids + exec('perl /usr/local/bin/make_snortsam_map.pl /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/', $getEnableSidArray); + + // make sidMapFile lines 1023: src, 15 min + // remember to chech is Gen enable is on + foreach ( getCurrentIpsRuleArray($getEnableSidArray) as $sidLineMap ) + { + + $snortSigIpsExists = snortSearchArray($listSigRules, 'siguuid', $sidLineMap[0]); + + // if sig is in db use its settings else use default settings + if(!empty($snortSigIpsExists['siguuid'])) { + + $getSid = $snortSigIpsExists['siguuid']; + $getEnable = $snortSigIpsExists['enable']; + $getWho = $snortSigIpsExists['who']; + $getTimeamount = $snortSigIpsExists['timeamount']; + $getTimetype = $snortSigIpsExists['timetype']; + + }else{ + + $getSid = $sidLineMap[0]; + $getEnable = $listGenRules[0]['enable']; + $getWho = $listGenRules[0]['who']; + $getTimeamount = $listGenRules[0]['timeamount']; + $getTimetype = $listGenRules[0]['timetype']; + + } + + + if ( $getEnable === 'on' ) { + $newMapFileLine[] = $getSid . ': ' . $getWho . ', ' . $getTimeamount . ' ' . $getTimetype . "\n"; + } + + } // END forech + + return $newMapFileLine; + } // END buildSidMap Func + + write_rule_file(buildSidMap($rdbuuid), '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/sid-block.map'); + +} // END Func buildSnortSidBlockMap + // -------------------------- START snort.conf ------------------------- /* func builds custom whitelests */ @@ -264,7 +344,7 @@ function generate_snort_conf($uuid) // define snortsam $snortsam_info_chk = $ifaceSettingsArray['blockoffenders7']; if ($snortsam_info_chk === 'on') { - $snortsam_type = "output alert_fwsam: 127.0.0.1:898/addpasshere"; + $snortsam_type = "output alert_fwsam: 127.0.0.1:786/snortsam1234"; }else{ $snortsam_type = ''; } @@ -834,14 +914,14 @@ EOD; if (empty($def_max_queued_bytes_info_chk)) { $def_max_queued_bytes_type = ''; }else{ - $def_max_queued_bytes_type = ' max_queued_bytes ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'] . ','; + $def_max_queued_bytes_type = ' max_queued_bytes ' . $ifaceSettingsArray['max_queued_bytes'] . ','; } $def_max_queued_segs_info_chk = $ifaceSettingsArray['max_queued_segs']; if (empty($def_max_queued_segs_info_chk)) { $def_max_queued_segs_type = ''; }else{ - $def_max_queued_segs_type = ' max_queued_segs ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'] . ','; + $def_max_queued_segs_type = ' max_queued_segs ' . $ifaceSettingsArray['max_queued_segs'] . ','; } diff --git a/config/orionids-dev/snort_interfaces_rules.php b/config/orionids-dev/snort_interfaces_rules.php index 0f4c8b5d..12f9cec0 100644 --- a/config/orionids-dev/snort_interfaces_rules.php +++ b/config/orionids-dev/snort_interfaces_rules.php @@ -139,10 +139,10 @@ $a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); <table width="100%" border="0px" cellpadding="0px" cellspacing="0px"> <!-- START MAIN AREA --> - <table width="94%"> + <table width="100%"> <tr > <!-- db to lookup --> - <td width="32%" class="listhdrr">File Name</td> - <td width="68%" class="listhdr">Description</td> + <td width="25%" class="listhdrr">File Name</td> + <td width="60%" class="listhdr">Description</td> </tr> </table> @@ -154,49 +154,78 @@ $a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); <tr id="maintable_default" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' > - <td class="listlr" width="32%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">Default</td> - <td class="listbg" width="68%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'"> + <td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">Default</td> + <td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'"> <font color="#FFFFFF">Default rule database </font> </td> <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> + <table border="0" cellspacing="0" cellpadding="2"> + <?php + /* + * TODO: Must add snort process id to the rest disable block + * Example: only disable reset when snort is running and database is selected + */ + if (in_array('default', $listUsedRules)) { + $resetObjectDf = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >'; + }else{ + $resetObjectDf = '<img id="icon_r_default" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >'; + } + + ?> <tr> <td valign="middle"> <a href="snort_interfaces_rules_edit.php?rdbuuid=default"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a> </td> <td> + <?=$resetObjectDf; ?> + </td> + <td> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" > - </td> + </td> + </td> </tr> </table> </td> </tr> - <?php foreach ($a_rules as $list): ?> <?php + /* + * TODO: Must add snort process id to the rest disable block + * Example: only disable reset when snort is running and database is selected + */ if (in_array($list['uuid'], $listUsedRules)) { $deleteObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" >'; }else{ $deleteObject = '<img id="icon_x_' . $list['uuid'] . '" class="icon_click icon_x" src="/themes/' . $g['theme'] . '/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete database" >'; } + + if (in_array($list['uuid'], $listUsedRules)) { + $resetObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >'; + }else{ + $resetObject = '<img id="icon_r_' . $list['uuid'] . '" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >'; + } + ?> <tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' > - <td class="listlr" width="32%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"><?=$list['ruledbname'];?></td> - <td class="listbg" width="68%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"> + <td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"><?=$list['ruledbname'];?></td> + <td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"> <font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?> </font> </td> <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> + <table border="0" cellspacing="0" cellpadding="2"> <tr> <td valign="middle"> <a href="snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a> </td> <td> + <?=$resetObject; ?> + </td> + <td> <?=$deleteObject; ?> </td> </tr> diff --git a/config/orionids-dev/snort_json_post.php b/config/orionids-dev/snort_json_post.php index ca279f92..418a90be 100644 --- a/config/orionids-dev/snort_json_post.php +++ b/config/orionids-dev/snort_json_post.php @@ -102,6 +102,7 @@ if ($_POST['snortSaveRuleSets'] == 1) { function snortSamRulesSaveFunc() { snortJsonReturnCode(snortSql_updateRulesSigsIps()); + buildSnortSamSidBlockMap($_POST['rdbuuid']); // } snortSamRulesSaveFunc(); } @@ -118,6 +119,10 @@ if ($_POST['snortSaveRuleSets'] == 1) { // save to database snortJsonReturnCode(snortSql_updateRuleSetList()); + if (!empty($_POST['rdbuuid'])) { + buildSnortSamSidBlockMap($_POST['rdbuuid']); // + } + // only build if uuid is valid if (!empty($_POST['uuid'])) { build_snort_settings($_POST['uuid']); @@ -130,7 +135,7 @@ if ($_POST['snortSaveRuleSets'] == 1) { } // END of rulesSets // row from db by uuid -if ($_POST['RMlistDelRow'] == 1) { +if ( $_POST['RMlistDelRow'] == 1 || $_POST['RSTlistRow'] == 1 ) { function RMlistDelRowFunc() @@ -167,7 +172,45 @@ if ($_POST['RMlistDelRow'] == 1) { snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); - } RMlistDelRowFunc(); + } if ( $_POST['RMlistDelRow'] == 1 ) { RMlistDelRowFunc(); } + + function RSTlistDelRowFunc() + { + + // rm ruledb and files + if ($_POST['RSTlistTable'] == 'Snortrules') { + + // remove dir + $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}"; + exec('/bin/rm -r ' . $snortRuleDir . '/rules/*.rules'); + + // remove db tables vals + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RSTlistUuid']); + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RSTlistUuid']); + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RSTlistUuid']); + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RSTlistUuid']); + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RSTlistUuid']); + + // NOTE: code only works on php5 + $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); + $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); + $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); + + if (!empty($listSnortRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules"); + } + if (!empty($listEmergingRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules"); + } + if (!empty($listPfsenseRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules"); + } + + + } + + } if ( $_POST['RSTlistRow'] == 1 ) { RSTlistDelRowFunc(); } + } diff --git a/config/orionids-dev/snort_new.inc b/config/orionids-dev/snort_new.inc index 93de4a21..b9fc2322 100644 --- a/config/orionids-dev/snort_new.inc +++ b/config/orionids-dev/snort_new.inc @@ -59,6 +59,38 @@ if (file_exists('/usr/local/pkg/snort/snortDBtemp')) { exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp'); } +// used in snort_rules_ips.php and create sid block map +function snortSearchArray($array, $key, $value) +{ + $results = array(); + + if (is_array($array)) + { + foreach ($array as $subarray) + { + if ($subarray[$key] == $value) { + $results = $subarray; + } + + } + + } + + return $results; +} + +// used in snort_rules_ips.php and create sid block map +function getCurrentIpsRuleArray($output) +{ + + foreach (array_unique($output) as $line) + { + $newOutput = explode(' # ', $line); + $newLine[] = $newOutput; + } + + return $newLine; +} /* * make dir for the new iface, if iface exists or rule dir has changed redo soft link @@ -255,6 +287,7 @@ function split_rule_file($workingFile) // write rule file to disk function write_rule_file($content_changed, $received_file) { + //read snort file with writing enabled $filehandle = fopen($received_file, "w"); @@ -431,7 +464,7 @@ function snortSql_updateRulesSigsIps() if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) { $listGenRulesEnable = 'off'; - } + } // TODO: inprove this foreach so we only interact with db once foreach ($_POST['snortsam']['db'] as $singleSig) @@ -441,20 +474,20 @@ function snortSql_updateRulesSigsIps() "SELECT id FROM {$_POST['dbTable']} WHERE siguuid = '{$singleSig['siguuid']}' and rdbuuid = '{$_POST['rdbuuid']}'; "); - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); + $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); // checkbox off catch $singleSigEnable = $singleSig['enable']; if ( empty($singleSig['enable']) ) { $singleSigEnable = 'off'; - } + } // only do this if something change from defauts settings, note: timeamount Not equal $somthingChanged = FALSE; if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] != $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) { $somthingChanged = TRUE; - } + } if ( empty($chktable) && $somthingChanged ) { @@ -463,10 +496,11 @@ function snortSql_updateRulesSigsIps() $query_ck = sqlite_query($db, // @ supress warnings usonly in production "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, siguuid, sigfilename, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['siguuid']}', '{$singleSig['sigfilename']}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}'); "); - - }else{ - + } + + if ( !empty($chktable) && $somthingChanged ) { + $query_ck = sqlite_query($db, // @ supress warnings usonly in production "UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}'; "); diff --git a/config/orionids-dev/snort_rules_ips.php b/config/orionids-dev/snort_rules_ips.php index 618a684a..d026b566 100644 --- a/config/orionids-dev/snort_rules_ips.php +++ b/config/orionids-dev/snort_rules_ips.php @@ -84,24 +84,7 @@ if (isset($_GET['rulefilename'])) { } -function snortSearchArray($array, $key, $value) -{ - $results = array(); - - if (is_array($array)) - { - foreach ($array as $subarray) - { - if ($subarray[$key] == $value) { - $results = $subarray; - } - - } - - } - - return $results; -} + // get default settings $listGenRules = array(); @@ -111,6 +94,18 @@ $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rd $listSigRules = array(); $listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid); +// if $listGenRules empty list defaults +if (empty($listGenRules)) { + $listGenRules[0] = array( + 'id' => 1, + 'rdbuuid' => $_POST['rdbuuid'], + 'enable' => 'on', + 'who' => 'src', + 'timeamount' => 15, + 'timetype' => 'minutes' + ); +} + $pgtitle = "Services: Snort: Ruleset Ips:"; include("/usr/local/pkg/snort/snort_head.inc"); @@ -273,18 +268,6 @@ jQuery(document).ready(function() { */ function createSidTmpBlockSpit($rdbuuid, $rulefilename) { - - function getCurrentIpsRuleArray($output) - { - - foreach (array_unique($output) as $line) - { - $newOutput = explode(' # ', $line); - $newLine[] = $newOutput; - } - - return $newLine; - } function getSidBlockJsonArray($getEnableSid) { |