aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2011-08-09 10:04:28 -0700
committerrobiscool <robrob2626@yahoo.com>2011-08-09 10:04:28 -0700
commit7757b8de6deea0db6a75cb60cd41745aecacba36 (patch)
treec97a25087508f9224e1f2e673ba7ddf273e89be8 /config
parent1fae858397c86fc20ea0678e756f1310cc054e35 (diff)
downloadpfsense-packages-7757b8de6deea0db6a75cb60cd41745aecacba36.tar.gz
pfsense-packages-7757b8de6deea0db6a75cb60cd41745aecacba36.tar.bz2
pfsense-packages-7757b8de6deea0db6a75cb60cd41745aecacba36.zip
orionids-dev, finally finished sig ips db gui, start snortsam.conf work
Diffstat (limited to 'config')
-rw-r--r--config/orionids-dev/javascript/jquery.progressbar.min.js38
-rw-r--r--config/orionids-dev/javascript/snort_globalsend.js44
-rw-r--r--config/orionids-dev/snort_build.inc86
-rw-r--r--config/orionids-dev/snort_interfaces_rules.php51
-rw-r--r--config/orionids-dev/snort_json_post.php47
-rw-r--r--config/orionids-dev/snort_new.inc48
-rw-r--r--config/orionids-dev/snort_rules_ips.php43
7 files changed, 283 insertions, 74 deletions
diff --git a/config/orionids-dev/javascript/jquery.progressbar.min.js b/config/orionids-dev/javascript/jquery.progressbar.min.js
index 77d147f9..e85e1120 100644
--- a/config/orionids-dev/javascript/jquery.progressbar.min.js
+++ b/config/orionids-dev/javascript/jquery.progressbar.min.js
@@ -1,20 +1,20 @@
-
-(function($){$.extend({progressBar:new function(){this.defaults={steps:20,stepDuration:20,max:100,showText:true,textFormat:'percentage',width:120,height:12,callback:null,boxImage:'/snort/images/progressbar.gif',barImage:{0:'images/progressbg_red.gif',30:'images/progressbg_orange.gif',70:'images/progressbg_green.gif'},running_value:0,value:0,image:null};this.construct=function(arg1,arg2){var argvalue=null;var argconfig=null;if(arg1!=null){if(!isNaN(arg1)){argvalue=arg1;if(arg2!=null){argconfig=arg2;}}else{argconfig=arg1;}}
-return this.each(function(child){var pb=this;var config=this.config;if(argvalue!=null&&this.bar!=null&&this.config!=null){this.config.value=parseInt(argvalue)
-if(argconfig!=null)
-pb.config=$.extend(this.config,argconfig);config=pb.config;}else{var $this=$(this);var config=$.extend({},$.progressBar.defaults,argconfig);config.id=$this.attr('id')?$this.attr('id'):Math.ceil(Math.random()*100000);if(argvalue==null)
-argvalue=$this.html().replace("%","")
-config.value=parseInt(argvalue);config.running_value=0;config.image=getBarImage(config);var numeric=['steps','stepDuration','max','width','height','running_value','value'];for(var i=0;i<numeric.length;i++)
-config[numeric[i]]=parseInt(config[numeric[i]]);$this.html("");var bar=document.createElement('img');var text=document.createElement('span');var $bar=$(bar);var $text=$(text);pb.bar=$bar;$bar.attr('id',config.id+"_pbImage");$text.attr('id',config.id+"_pbText");$text.html(getText(config));$bar.attr('title',getText(config));$bar.attr('alt',getText(config));$bar.attr('src',config.boxImage);$bar.attr('width',config.width);$bar.css("width",config.width+"px");$bar.css("height",config.height+"px");$bar.css("background-image","url("+config.image+")");$bar.css("background-position",((config.width*-1))+'px 50%');$bar.css("padding","0");$bar.css("margin","0");$this.append($bar);$this.append($text);}
-function getPercentage(config){return config.running_value*100/config.max;}
-function getBarImage(config){var image=config.barImage;if(typeof(config.barImage)=='object'){for(var i in config.barImage){if(config.running_value>=parseInt(i)){image=config.barImage[i];}else{break;}}}
-return image;}
-function getText(config){if(config.showText){if(config.textFormat=='percentage'){return" "+Math.round(config.running_value)+"%";}else if(config.textFormat=='fraction'){return" "+config.running_value+'/'+config.max;}}}
-config.increment=Math.round((config.value-config.running_value)/config.steps);if(config.increment<0)
-config.increment*=-1;if(config.increment<1)
-config.increment=1;var t=setInterval(function(){var pixels=config.width/100;if(config.running_value>config.value){if(config.running_value-config.increment<config.value){config.running_value=config.value;}else{config.running_value-=config.increment;}}
-else if(config.running_value<config.value){if(config.running_value+config.increment>config.value){config.running_value=config.value;}else{config.running_value+=config.increment;}}
-if(config.running_value==config.value)
-clearInterval(t);var $bar=$("#"+config.id+"_pbImage");var $text=$("#"+config.id+"_pbText");var image=getBarImage(config);if(image!=config.image){$bar.css("background-image","url("+image+")");config.image=image;}
-$bar.css("background-position",(((config.width*-1))+(getPercentage(config)*pixels))+'px 50%');$bar.attr('title',getText(config));$text.html(getText(config));if(config.callback!=null&&typeof(config.callback)=='function')
+
+(function($){$.extend({progressBar:new function(){this.defaults={steps:20,stepDuration:20,max:100,showText:true,textFormat:'percentage',width:120,height:12,callback:null,boxImage:'/snort/images/progressbar.gif',barImage:{0:'images/progressbg_red.gif',30:'images/progressbg_orange.gif',70:'images/progressbg_green.gif'},running_value:0,value:0,image:null};this.construct=function(arg1,arg2){var argvalue=null;var argconfig=null;if(arg1!=null){if(!isNaN(arg1)){argvalue=arg1;if(arg2!=null){argconfig=arg2;}}else{argconfig=arg1;}}
+return this.each(function(child){var pb=this;var config=this.config;if(argvalue!=null&&this.bar!=null&&this.config!=null){this.config.value=parseInt(argvalue)
+if(argconfig!=null)
+pb.config=$.extend(this.config,argconfig);config=pb.config;}else{var $this=$(this);var config=$.extend({},$.progressBar.defaults,argconfig);config.id=$this.attr('id')?$this.attr('id'):Math.ceil(Math.random()*100000);if(argvalue==null)
+argvalue=$this.html().replace("%","")
+config.value=parseInt(argvalue);config.running_value=0;config.image=getBarImage(config);var numeric=['steps','stepDuration','max','width','height','running_value','value'];for(var i=0;i<numeric.length;i++)
+config[numeric[i]]=parseInt(config[numeric[i]]);$this.html("");var bar=document.createElement('img');var text=document.createElement('span');var $bar=$(bar);var $text=$(text);pb.bar=$bar;$bar.attr('id',config.id+"_pbImage");$text.attr('id',config.id+"_pbText");$text.html(getText(config));$bar.attr('title',getText(config));$bar.attr('alt',getText(config));$bar.attr('src',config.boxImage);$bar.attr('width',config.width);$bar.css("width",config.width+"px");$bar.css("height",config.height+"px");$bar.css("background-image","url("+config.image+")");$bar.css("background-position",((config.width*-1))+'px 50%');$bar.css("padding","0");$bar.css("margin","0");$this.append($bar);$this.append($text);}
+function getPercentage(config){return config.running_value*100/config.max;}
+function getBarImage(config){var image=config.barImage;if(typeof(config.barImage)=='object'){for(var i in config.barImage){if(config.running_value>=parseInt(i)){image=config.barImage[i];}else{break;}}}
+return image;}
+function getText(config){if(config.showText){if(config.textFormat=='percentage'){return" "+Math.round(config.running_value)+"%";}else if(config.textFormat=='fraction'){return" "+config.running_value+'/'+config.max;}}}
+config.increment=Math.round((config.value-config.running_value)/config.steps);if(config.increment<0)
+config.increment*=-1;if(config.increment<1)
+config.increment=1;var t=setInterval(function(){var pixels=config.width/100;if(config.running_value>config.value){if(config.running_value-config.increment<config.value){config.running_value=config.value;}else{config.running_value-=config.increment;}}
+else if(config.running_value<config.value){if(config.running_value+config.increment>config.value){config.running_value=config.value;}else{config.running_value+=config.increment;}}
+if(config.running_value==config.value)
+clearInterval(t);var $bar=$("#"+config.id+"_pbImage");var $text=$("#"+config.id+"_pbText");var image=getBarImage(config);if(image!=config.image){$bar.css("background-image","url("+image+")");config.image=image;}
+$bar.css("background-position",(((config.width*-1))+(getPercentage(config)*pixels))+'px 50%');$bar.attr('title',getText(config));$text.html(getText(config));if(config.callback!=null&&typeof(config.callback)=='function')
config.callback(config);pb.config=config;},config.stepDuration);});};}});$.fn.extend({progressBar:$.progressBar.construct});})(jQuery); \ No newline at end of file
diff --git a/config/orionids-dev/javascript/snort_globalsend.js b/config/orionids-dev/javascript/snort_globalsend.js
index 083c40ef..dc92efba 100644
--- a/config/orionids-dev/javascript/snort_globalsend.js
+++ b/config/orionids-dev/javascript/snort_globalsend.js
@@ -216,7 +216,8 @@ jQuery(document).ready(function() {
// ------------------------------- START remove row element ---------------------------------------
-
+
+ // removes row and deletes db entries
function removeRow(){
jQuery("#maintable_" + window.RemoveRow_UUID).remove();
}
@@ -255,6 +256,35 @@ jQuery(document).ready(function() {
}
});
+
+ // resets db entries
+ function removeRow(){
+ jQuery("#maintable_" + window.RemoveRow_UUID).remove();
+ }
+
+ jQuery(".icon_r").live('click', function(){
+
+ var elem = getBaseElement(this.id); // this.id gets id of .icon_x
+
+ // window.RemoveRow_UUID = jQuery("#rowlist_" + elem.index).data("options").rowuuid;
+ window.RemoveRow_UUID = elem.index;
+ window.RemoveRow_Table = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagetable;
+ window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb;
+ window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST;
+
+ // snort_interfaces_whitelist
+ if (window.RemoveRow_POST === 'true'){
+ if(confirm('Do you really want to reset this list ? (e.g. DB will reset, all saved settings will be lost!)')) {
+
+ jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast");
+ jQuery("#maintable_" + window.RemoveRow_UUID).fadeIn("fast");
+
+ jQuery(this).ajaxSubmit(optionsRSTlist); // call POST
+ return false;
+ }
+ }
+
+ });
function RMlistDBDelCall(){
@@ -303,7 +333,17 @@ jQuery(document).ready(function() {
type: 'POST',
data: { RMlistDelRow: '1', RMlistDB: RMlistDBDelCall, RMlistTable: RMlistTableDelCall, RMlistUuid: RMlistUuidDelCall },
url: './snort_json_post.php'
- };
+ };
+
+ // declare variable for DB reset
+ var optionsRSTlist = {
+ beforeSubmit: showRequestRMlist,
+ dataType: 'json',
+ success: showResponseRMlist,
+ type: 'POST',
+ data: { RSTlistRow: '1', RSTlistDB: RMlistDBDelCall, RSTlistTable: RMlistTableDelCall, RSTlistUuid: RMlistUuidDelCall },
+ url: './snort_json_post.php'
+ };
// STOP remove row element
diff --git a/config/orionids-dev/snort_build.inc b/config/orionids-dev/snort_build.inc
index edc9583a..2c18d3d3 100644
--- a/config/orionids-dev/snort_build.inc
+++ b/config/orionids-dev/snort_build.inc
@@ -43,6 +43,86 @@ if(isset($_POST['__csrf_magic'])) {
unset($_POST['__csrf_magic']);
}
+
+/*
+ * Builds sid-block.map for snortsam
+ * May have to break this down into smaller funcs so that there is no namespace conflick
+ */
+function buildSnortSamSidBlockMap($rdbuuid)
+{
+
+
+ function buildSidMap($rdbuuid)
+ {
+ // list rules in the default dir
+ $filterDirList = array();
+ $filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules');
+
+ // list rules in db that are on in a array
+ $listOnRules = array();
+ $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSetsIps', 'rdbuuid', $rdbuuid);
+
+ // list rules in db that are on in a array
+ $listGenRules = array();
+ $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid);
+
+ // get sigs in db
+ $listSigRules = array();
+ $listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid);
+
+ // clear tmp db
+ exec('rm /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/*.rules');
+
+ foreach ($listOnRules as $listRule)
+ {
+ if ( $listRule['enable'] === 'on' ) {
+ exec('cp /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules/' . $listRule['rulesetname'] . ' /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/' . $listRule['rulesetname']);
+ }
+ }
+
+ // get list of sids
+ exec('perl /usr/local/bin/make_snortsam_map.pl /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/', $getEnableSidArray);
+
+ // make sidMapFile lines 1023: src, 15 min
+ // remember to chech is Gen enable is on
+ foreach ( getCurrentIpsRuleArray($getEnableSidArray) as $sidLineMap )
+ {
+
+ $snortSigIpsExists = snortSearchArray($listSigRules, 'siguuid', $sidLineMap[0]);
+
+ // if sig is in db use its settings else use default settings
+ if(!empty($snortSigIpsExists['siguuid'])) {
+
+ $getSid = $snortSigIpsExists['siguuid'];
+ $getEnable = $snortSigIpsExists['enable'];
+ $getWho = $snortSigIpsExists['who'];
+ $getTimeamount = $snortSigIpsExists['timeamount'];
+ $getTimetype = $snortSigIpsExists['timetype'];
+
+ }else{
+
+ $getSid = $sidLineMap[0];
+ $getEnable = $listGenRules[0]['enable'];
+ $getWho = $listGenRules[0]['who'];
+ $getTimeamount = $listGenRules[0]['timeamount'];
+ $getTimetype = $listGenRules[0]['timetype'];
+
+ }
+
+
+ if ( $getEnable === 'on' ) {
+ $newMapFileLine[] = $getSid . ': ' . $getWho . ', ' . $getTimeamount . ' ' . $getTimetype . "\n";
+ }
+
+ } // END forech
+
+ return $newMapFileLine;
+ } // END buildSidMap Func
+
+ write_rule_file(buildSidMap($rdbuuid), '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/sid-block.map');
+
+} // END Func buildSnortSidBlockMap
+
// -------------------------- START snort.conf -------------------------
/* func builds custom whitelests */
@@ -264,7 +344,7 @@ function generate_snort_conf($uuid)
// define snortsam
$snortsam_info_chk = $ifaceSettingsArray['blockoffenders7'];
if ($snortsam_info_chk === 'on') {
- $snortsam_type = "output alert_fwsam: 127.0.0.1:898/addpasshere";
+ $snortsam_type = "output alert_fwsam: 127.0.0.1:786/snortsam1234";
}else{
$snortsam_type = '';
}
@@ -834,14 +914,14 @@ EOD;
if (empty($def_max_queued_bytes_info_chk)) {
$def_max_queued_bytes_type = '';
}else{
- $def_max_queued_bytes_type = ' max_queued_bytes ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'] . ',';
+ $def_max_queued_bytes_type = ' max_queued_bytes ' . $ifaceSettingsArray['max_queued_bytes'] . ',';
}
$def_max_queued_segs_info_chk = $ifaceSettingsArray['max_queued_segs'];
if (empty($def_max_queued_segs_info_chk)) {
$def_max_queued_segs_type = '';
}else{
- $def_max_queued_segs_type = ' max_queued_segs ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'] . ',';
+ $def_max_queued_segs_type = ' max_queued_segs ' . $ifaceSettingsArray['max_queued_segs'] . ',';
}
diff --git a/config/orionids-dev/snort_interfaces_rules.php b/config/orionids-dev/snort_interfaces_rules.php
index 0f4c8b5d..12f9cec0 100644
--- a/config/orionids-dev/snort_interfaces_rules.php
+++ b/config/orionids-dev/snort_interfaces_rules.php
@@ -139,10 +139,10 @@ $a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', '');
<table width="100%" border="0px" cellpadding="0px" cellspacing="0px">
<!-- START MAIN AREA -->
- <table width="94%">
+ <table width="100%">
<tr > <!-- db to lookup -->
- <td width="32%" class="listhdrr">File Name</td>
- <td width="68%" class="listhdr">Description</td>
+ <td width="25%" class="listhdrr">File Name</td>
+ <td width="60%" class="listhdr">Description</td>
</tr>
</table>
@@ -154,49 +154,78 @@ $a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', '');
<tr id="maintable_default" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' >
- <td class="listlr" width="32%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">Default</td>
- <td class="listbg" width="68%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">
+ <td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">Default</td>
+ <td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">
<font color="#FFFFFF">Default rule database&nbsp;</font>
</td>
<td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
+ <table border="0" cellspacing="0" cellpadding="2">
+ <?php
+ /*
+ * TODO: Must add snort process id to the rest disable block
+ * Example: only disable reset when snort is running and database is selected
+ */
+ if (in_array('default', $listUsedRules)) {
+ $resetObjectDf = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >';
+ }else{
+ $resetObjectDf = '<img id="icon_r_default" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >';
+ }
+
+ ?>
<tr>
<td valign="middle">
<a href="snort_interfaces_rules_edit.php?rdbuuid=default"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a>
</td>
<td>
+ <?=$resetObjectDf; ?>
+ </td>
+ <td>
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" >
- </td>
+ </td>
+ </td>
</tr>
</table>
</td>
</tr>
-
<?php foreach ($a_rules as $list): ?>
<?php
+ /*
+ * TODO: Must add snort process id to the rest disable block
+ * Example: only disable reset when snort is running and database is selected
+ */
if (in_array($list['uuid'], $listUsedRules)) {
$deleteObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" >';
}else{
$deleteObject = '<img id="icon_x_' . $list['uuid'] . '" class="icon_click icon_x" src="/themes/' . $g['theme'] . '/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete database" >';
}
+
+ if (in_array($list['uuid'], $listUsedRules)) {
+ $resetObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >';
+ }else{
+ $resetObject = '<img id="icon_r_' . $list['uuid'] . '" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >';
+ }
+
?>
<tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' >
- <td class="listlr" width="32%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"><?=$list['ruledbname'];?></td>
- <td class="listbg" width="68%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'">
+ <td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"><?=$list['ruledbname'];?></td>
+ <td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'">
<font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?>&nbsp;</font>
</td>
<td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
+ <table border="0" cellspacing="0" cellpadding="2">
<tr>
<td valign="middle">
<a href="snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a>
</td>
<td>
+ <?=$resetObject; ?>
+ </td>
+ <td>
<?=$deleteObject; ?>
</td>
</tr>
diff --git a/config/orionids-dev/snort_json_post.php b/config/orionids-dev/snort_json_post.php
index ca279f92..418a90be 100644
--- a/config/orionids-dev/snort_json_post.php
+++ b/config/orionids-dev/snort_json_post.php
@@ -102,6 +102,7 @@ if ($_POST['snortSaveRuleSets'] == 1) {
function snortSamRulesSaveFunc()
{
snortJsonReturnCode(snortSql_updateRulesSigsIps());
+ buildSnortSamSidBlockMap($_POST['rdbuuid']); //
} snortSamRulesSaveFunc();
}
@@ -118,6 +119,10 @@ if ($_POST['snortSaveRuleSets'] == 1) {
// save to database
snortJsonReturnCode(snortSql_updateRuleSetList());
+ if (!empty($_POST['rdbuuid'])) {
+ buildSnortSamSidBlockMap($_POST['rdbuuid']); //
+ }
+
// only build if uuid is valid
if (!empty($_POST['uuid'])) {
build_snort_settings($_POST['uuid']);
@@ -130,7 +135,7 @@ if ($_POST['snortSaveRuleSets'] == 1) {
} // END of rulesSets
// row from db by uuid
-if ($_POST['RMlistDelRow'] == 1) {
+if ( $_POST['RMlistDelRow'] == 1 || $_POST['RSTlistRow'] == 1 ) {
function RMlistDelRowFunc()
@@ -167,7 +172,45 @@ if ($_POST['RMlistDelRow'] == 1) {
snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']));
- } RMlistDelRowFunc();
+ } if ( $_POST['RMlistDelRow'] == 1 ) { RMlistDelRowFunc(); }
+
+ function RSTlistDelRowFunc()
+ {
+
+ // rm ruledb and files
+ if ($_POST['RSTlistTable'] == 'Snortrules') {
+
+ // remove dir
+ $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}";
+ exec('/bin/rm -r ' . $snortRuleDir . '/rules/*.rules');
+
+ // remove db tables vals
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RSTlistUuid']);
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RSTlistUuid']);
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RSTlistUuid']);
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RSTlistUuid']);
+ snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RSTlistUuid']);
+
+ // NOTE: code only works on php5
+ $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules');
+ $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules');
+ $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules');
+
+ if (!empty($listSnortRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules");
+ }
+ if (!empty($listEmergingRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules");
+ }
+ if (!empty($listPfsenseRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules");
+ }
+
+
+ }
+
+ } if ( $_POST['RSTlistRow'] == 1 ) { RSTlistDelRowFunc(); }
+
}
diff --git a/config/orionids-dev/snort_new.inc b/config/orionids-dev/snort_new.inc
index 93de4a21..b9fc2322 100644
--- a/config/orionids-dev/snort_new.inc
+++ b/config/orionids-dev/snort_new.inc
@@ -59,6 +59,38 @@ if (file_exists('/usr/local/pkg/snort/snortDBtemp')) {
exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp');
}
+// used in snort_rules_ips.php and create sid block map
+function snortSearchArray($array, $key, $value)
+{
+ $results = array();
+
+ if (is_array($array))
+ {
+ foreach ($array as $subarray)
+ {
+ if ($subarray[$key] == $value) {
+ $results = $subarray;
+ }
+
+ }
+
+ }
+
+ return $results;
+}
+
+// used in snort_rules_ips.php and create sid block map
+function getCurrentIpsRuleArray($output)
+{
+
+ foreach (array_unique($output) as $line)
+ {
+ $newOutput = explode(' # ', $line);
+ $newLine[] = $newOutput;
+ }
+
+ return $newLine;
+}
/*
* make dir for the new iface, if iface exists or rule dir has changed redo soft link
@@ -255,6 +287,7 @@ function split_rule_file($workingFile)
// write rule file to disk
function write_rule_file($content_changed, $received_file)
{
+
//read snort file with writing enabled
$filehandle = fopen($received_file, "w");
@@ -431,7 +464,7 @@ function snortSql_updateRulesSigsIps()
if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) {
$listGenRulesEnable = 'off';
- }
+ }
// TODO: inprove this foreach so we only interact with db once
foreach ($_POST['snortsam']['db'] as $singleSig)
@@ -441,20 +474,20 @@ function snortSql_updateRulesSigsIps()
"SELECT id FROM {$_POST['dbTable']} WHERE siguuid = '{$singleSig['siguuid']}' and rdbuuid = '{$_POST['rdbuuid']}';
");
- $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);
+ $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);
// checkbox off catch
$singleSigEnable = $singleSig['enable'];
if ( empty($singleSig['enable']) ) {
$singleSigEnable = 'off';
- }
+ }
// only do this if something change from defauts settings, note: timeamount Not equal
$somthingChanged = FALSE;
if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] != $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) {
$somthingChanged = TRUE;
- }
+ }
if ( empty($chktable) && $somthingChanged ) {
@@ -463,10 +496,11 @@ function snortSql_updateRulesSigsIps()
$query_ck = sqlite_query($db, // @ supress warnings usonly in production
"INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, siguuid, sigfilename, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['siguuid']}', '{$singleSig['sigfilename']}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}');
");
-
- }else{
-
+ }
+
+ if ( !empty($chktable) && $somthingChanged ) {
+
$query_ck = sqlite_query($db, // @ supress warnings usonly in production
"UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}';
");
diff --git a/config/orionids-dev/snort_rules_ips.php b/config/orionids-dev/snort_rules_ips.php
index 618a684a..d026b566 100644
--- a/config/orionids-dev/snort_rules_ips.php
+++ b/config/orionids-dev/snort_rules_ips.php
@@ -84,24 +84,7 @@ if (isset($_GET['rulefilename'])) {
}
-function snortSearchArray($array, $key, $value)
-{
- $results = array();
-
- if (is_array($array))
- {
- foreach ($array as $subarray)
- {
- if ($subarray[$key] == $value) {
- $results = $subarray;
- }
-
- }
-
- }
-
- return $results;
-}
+
// get default settings
$listGenRules = array();
@@ -111,6 +94,18 @@ $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rd
$listSigRules = array();
$listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid);
+// if $listGenRules empty list defaults
+if (empty($listGenRules)) {
+ $listGenRules[0] = array(
+ 'id' => 1,
+ 'rdbuuid' => $_POST['rdbuuid'],
+ 'enable' => 'on',
+ 'who' => 'src',
+ 'timeamount' => 15,
+ 'timetype' => 'minutes'
+ );
+}
+
$pgtitle = "Services: Snort: Ruleset Ips:";
include("/usr/local/pkg/snort/snort_head.inc");
@@ -273,18 +268,6 @@ jQuery(document).ready(function() {
*/
function createSidTmpBlockSpit($rdbuuid, $rulefilename)
{
-
- function getCurrentIpsRuleArray($output)
- {
-
- foreach (array_unique($output) as $line)
- {
- $newOutput = explode(' # ', $line);
- $newLine[] = $newOutput;
- }
-
- return $newLine;
- }
function getSidBlockJsonArray($getEnableSid)
{