diff options
-rw-r--r-- | config/orionids-dev/snort.xml | 257 | ||||
-rw-r--r-- | config/orionids-dev/snort_install.inc | 70 | ||||
-rw-r--r-- | config/orionids-dev/snort_json_post.php | 106 | ||||
-rw-r--r-- | config/orionids-dev/snort_new.inc | 128 | ||||
-rw-r--r-- | config/orionids-dev/snort_rules.php | 73 | ||||
-rw-r--r-- | config/orionids-dev/snort_rules_ips.php | 5 | ||||
-rw-r--r-- | config/orionids-dev/snort_rulesets.php | 22 | ||||
-rw-r--r-- | config/orionids-dev/snort_rulesets_ips.php | 23 |
8 files changed, 234 insertions, 450 deletions
diff --git a/config/orionids-dev/snort.xml b/config/orionids-dev/snort.xml deleted file mode 100644 index d0d30ded..00000000 --- a/config/orionids-dev/snort.xml +++ /dev/null @@ -1,257 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - part of pfSense (http://www.pfsense.com) - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>Snort</name> - <version>2.9.0.5</version> - <title>Services:2.9.0.5 pkg v. 2.0</title> - <include_file>/usr/local/pkg/snort/snort_install.inc</include_file> - <menu> - <name>Snort</name> - <tooltiptext>Setup snort specific settings</tooltiptext> - <section>Services</section> - <url>/snort/snort_interfaces.php</url> - </menu> - <service> - <name>snort</name> - <rcfile>snort.sh</rcfile> - <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description> - </service> - <tabs> - </tabs> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snortDB</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snortDBrules</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snortDBtemp</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_build.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_head.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_headbase.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_install.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_new.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_help_info.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_get.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_post.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/snort/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item> - </additional_files_needed> - <fields> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - sync_snort_package(); - </custom_php_resync_config_command> - <custom_php_install_command> - snort_postinstall(); - </custom_php_install_command> - <custom_php_deinstall_command> - snort_deinstall(); - </custom_php_deinstall_command> -</packagegui> diff --git a/config/orionids-dev/snort_install.inc b/config/orionids-dev/snort_install.inc index c805d62c..fd61150d 100644 --- a/config/orionids-dev/snort_install.inc +++ b/config/orionids-dev/snort_install.inc @@ -121,19 +121,19 @@ function snort_postinstall() } if (!file_exists('/usr/local/etc/snort/snortDBrules/custom_rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules'); + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules/rules'); } if (!file_exists('/usr/local/etc/snort/snortDBrules/emerging_rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules'); + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules/rules'); } if (!file_exists('/usr/local/etc/snort/snortDBrules/pfsense_rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules'); + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules/rules'); } if (!file_exists('/usr/local/etc/snort/snortDBrules/snort_rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules'); + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules/rules'); } if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { @@ -226,39 +226,39 @@ function snort_postinstall() exec('/bin/mkdir -p /usr/local/www/snort/javascript'); chdir ("/usr/local/www/snort/css/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style_snort2.css'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/new_tab_menu.css'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/css/style_snort2.css'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/css/new_tab_menu.css'); chdir ("/usr/local/www/snort/images/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/arrow_down.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/awesome-overlay-sprite.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/controls.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer2.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-asc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-desc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/loading.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo22.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/page_white_text.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparent.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparentbg.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/close_9x9.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/new_tab_menu.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progress_bar2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progressbar.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/top_modal_bar_lil.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/alert.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/arrow_down.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/awesome-overlay-sprite.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/controls.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/down.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/down2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/footer.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/footer2.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon-table-sort-asc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon-table-sort-desc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon-table-sort.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon_excli.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/loading.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/logo.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/logo22.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/page_white_text.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/transparent.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/transparentbg.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/up.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/up2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/close_9x9.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/new_tab_menu.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/progress_bar2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/progressbar.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/top_modal_bar_lil.jpg'); chdir ("/usr/local/www/snort/javascript/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.6.2.min.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.form.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/snort_globalsend.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.progressbar.min.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/jquery-1.6.2.min.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/jquery.form.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/snort_globalsend.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/jquery.progressbar.min.js'); /* back to default */ chdir ('/root/'); diff --git a/config/orionids-dev/snort_json_post.php b/config/orionids-dev/snort_json_post.php index 1b10ba3b..2b63f9b6 100644 --- a/config/orionids-dev/snort_json_post.php +++ b/config/orionids-dev/snort_json_post.php @@ -62,29 +62,6 @@ function snortJsonReturnCode($returnStatus) } } -// snortsam save settings -if ($_POST['snortSamSaveSettings'] == 1) { - - unset($_POST['snortSamSaveSettings']); - - if ($_POST['ifaceTab'] === 'snort_rulesets_ips') { - function snortSamRulesetSaveFunc() - { - print_r($_POST); - } - snortSamRulesetSaveFunc(); - } - - if ($_POST['ifaceTab'] === 'snort_rules_ips') { - function snortSamRulesSaveFunc() - { - snortSql_updateRulesSigsIps(); - } - snortSamRulesSaveFunc(); - } - -} - // row from db by uuid if ($_POST['snortSidRuleEdit'] == 1) { @@ -94,45 +71,54 @@ if ($_POST['snortSidRuleEdit'] == 1) { unset($_POST['snortSidRuleEdit']); snortSidStringRuleEditGUI(); - } - snortSidRuleEditFunc(); + } snortSidRuleEditFunc(); } // row from db by uuid -if ($_POST['snortSaveRuleSets'] == 1) { - - if ($_POST['ifaceTab'] == 'snort_rulesets' || $_POST['ifaceTab'] == 'snort_rulesets_ips') { +if ($_POST['snortSaveRuleSets'] == 1) { + + + if ($_POST['ifaceTab'] === 'snort_rules_ips') { + function snortSamRulesSaveFunc() + { + snortJsonReturnCode(snortSql_updateRulesSigsIps()); - function snortSaveRuleSetsRulesetsFunc() - { - // unset POSTs that are markers not in db - unset($_POST['snortSaveRuleSets']); - unset($_POST['ifaceTab']); - - // save to database - snortJsonReturnCode(snortSql_updateRuleSetList()); - - // only build if uuid is valid - if (!empty($_POST['uuid'])) { - build_snort_settings($_POST['uuid']); - } - } - snortSaveRuleSetsRulesetsFunc(); - } + } snortSamRulesSaveFunc(); + } + + + if ($_POST['ifaceTab'] == 'snort_rulesets' || $_POST['ifaceTab'] == 'snort_rulesets_ips') { - if ($_POST['ifaceTab'] == 'snort_rules') { - function snortSaveRuleSetsRulesFunc() - { - // unset POSTs that are markers not in db - unset($_POST['snortSaveRuleSets']); - unset($_POST['ifaceTab']); - - snortJsonReturnCode(snortSql_updateRuleSigList()); + function snortSaveRuleSetsRulesetsFunc() + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + // save to database + snortJsonReturnCode(snortSql_updateRuleSetList()); + + // only build if uuid is valid + if (!empty($_POST['uuid'])) { + build_snort_settings($_POST['uuid']); } - snortSaveRuleSetsRulesFunc(); - } + + } snortSaveRuleSetsRulesetsFunc(); + } + + if ($_POST['ifaceTab'] == 'snort_rules') { + function snortSaveRuleSetsRulesFunc() + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSigList()); + + } snortSaveRuleSetsRulesFunc(); + } } // END of rulesSets @@ -196,6 +182,12 @@ if ($_POST['snortSaveSettings'] == 1) { // creat iface dir and ifcae rules dir exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + // create at least one file + if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules')) { + + exec('touch /usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules'); + + } // NOTE: code only works on php5 $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); @@ -203,13 +195,13 @@ if ($_POST['snortSaveSettings'] == 1) { $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); if (!empty($listSnortRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); } if (!empty($listEmergingRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); } if (!empty($listPfsenseRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); } diff --git a/config/orionids-dev/snort_new.inc b/config/orionids-dev/snort_new.inc index ed58d42e..7a6326e8 100644 --- a/config/orionids-dev/snort_new.inc +++ b/config/orionids-dev/snort_new.inc @@ -401,64 +401,108 @@ function snortSql_updateRuleSigList() function snortSql_updateRulesSigsIps() { - // get default settings - $listGenRules = array(); - $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']); - - - $addDate = date(U); - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); + $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); - // checkbox off catch - $listGenRulesEnable = $listGenRules[0]['enable']; - if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) { - - $listGenRulesEnable = 'off'; - } + function insertUpdateDB($db) + { - foreach ($_POST['snortsam']['db'] as $singleSig) - { - - $resultid = sqlite_query($db, - "SELECT id FROM {$_POST['dbTable']} WHERE signatureid = '{$singleSig['sig']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); + // get default settings + $listGenRules = array(); + $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']); - // checkbox off catch - $singleSigEnable = $singleSig['enable']; - if ( empty($singleSig['enable']) ) { - - $singleSigEnable = 'off'; + // if $listGenRules empty list defaults + if (empty($listGenRules)) { + $listGenRules[0] = array( + 'rdbuuid' => $_POST['rdbuuid'], + 'enable' => 'on', + 'who' => 'src', + 'timeamount' => 15, + 'timetype' => 'minutes' + ); } - // only do this if something change from defauts settings - $somthingChanged = FALSE; - if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] !== $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) { - $somthingChanged = TRUE; + $addDate = date(U); + + // checkbox off catch + $listGenRulesEnable = $listGenRules[0]['enable']; + if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) { + + $listGenRulesEnable = 'off'; } - if ( empty($chktable) && $somthingChanged ) { + foreach ($_POST['snortsam']['db'] as $singleSig) + { + + $resultid = sqlite_query($db, + "SELECT id FROM {$_POST['dbTable']} WHERE siguuid = '{$singleSig['siguuid']}' and rdbuuid = '{$_POST['rdbuuid']}'; + "); + + $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); + + // checkbox off catch + $singleSigEnable = $singleSig['enable']; + if ( empty($singleSig['enable']) ) { - $rulesetUuid = genAlphaNumMixFast(11, 14); + $singleSigEnable = 'off'; + } + + // only do this if something change from defauts settings, note: timeamount Not equal + $somthingChanged = FALSE; + if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] != $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) { + $somthingChanged = TRUE; + } - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}'); - "); + if ( empty($chktable) && $somthingChanged ) { - } + $rulesetUuid = genAlphaNumMixFast(11, 14); + + $query_ck = sqlite_query($db, // @ supress warnings usonly in production + "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, siguuid, sigfilename, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['siguuid']}', '{$singleSig['sigfilename']}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}'); + "); + + + } + + if ( !empty($chktable) ) { + + $query_ck = sqlite_query($db, // @ supress warnings usonly in production + "UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}'; + "); + + } - if ( !empty($chktable) && $somthingChanged ) { + } // END foreach + + } insertUpdateDB($db); - echo $singleSig['sig']; - + function cleanupDB($db) + { + // clean database of old names and turn rulesets off + $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$_POST['rdbuuid']}/rules/", '\.rules'); + + $resultAllRulesetname = sqlite_query($db, + "SELECT sigfilename FROM {$_POST['dbTable']} WHERE rdbuuid = '{$_POST['rdbuuid']}'; + "); + + $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC); + + if (!empty($chktable2)) { + foreach ($chktable2 as $value) + { + + if(!in_array($value['sigfilename'], $listDir)) { + $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production + "DELETE FROM {$_POST['dbTable']} WHERE sigfilename = '{$value['sigfilename']}' and rdbuuid = '{$_POST['rdbuuid']}'; + "); + } + + } } - - } // END foreach + } cleanupDB($db); sqlite_close($db); + return true; } diff --git a/config/orionids-dev/snort_rules.php b/config/orionids-dev/snort_rules.php index 78134d52..09490a37 100644 --- a/config/orionids-dev/snort_rules.php +++ b/config/orionids-dev/snort_rules.php @@ -434,43 +434,48 @@ jQuery(document).ready(function() { <?php - /* - * NOTE: - * I could have used a php loop to build the table but I wanted to see if off loading to client is faster. - * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see. - * WARNING: - * If Json string is to long browsers start asking to terminate javascript. - * FIX: - * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended. - */ - if (!empty($newFilterRuleSigArray)) - { - $countSigList = count($newFilterRuleSigArray); - - echo "\n"; - - echo 'var snortObjlist = ['; - $i = 0; - foreach ($newFilterRuleSigArray as $val3) - { + /* + * NOTE: + * I could have used a php loop to build the table but I wanted to see if off loading to client is faster. + * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see. + * WARNING: + * If Json string is to long browsers start asking to terminate javascript. + * FIX: + * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended. + */ + if (!empty($newFilterRuleSigArray)) + { + $countSigList = count($newFilterRuleSigArray); + + echo "\n"; + + echo 'var snortObjlist = ['; + $i = 0; + foreach ($newFilterRuleSigArray as $val3) + { + + $i++; - $i++; - - if ( $i !== $countSigList ) - {// - echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},'; - }else{ - echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}'; - } - } - - echo '];' . "\n"; - } + if ( $i !== $countSigList ) + {// + echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},'; + }else{ + echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}'; + } + } + + echo '];' . "\n"; + } -?> - // disable Row Append if row count is less than 0 - var countRowAppend = <?=$countSig; ?>; + + if (!empty($countSig)) { + echo 'var countRowAppend = ' . $countSig . ';' . "\n"; + }else{ + echo 'var countRowAppend = 0;' . "\n"; + } + +?> // if rowcount is not empty do this if (countRowAppend > 0){ diff --git a/config/orionids-dev/snort_rules_ips.php b/config/orionids-dev/snort_rules_ips.php index 3e39501d..b1bd8b08 100644 --- a/config/orionids-dev/snort_rules_ips.php +++ b/config/orionids-dev/snort_rules_ips.php @@ -153,7 +153,7 @@ if (isset($_GET['rulefilename'])) { <!-- START MAIN AREA --> <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <input type="hidden" name="snortSamSaveSettings" value="1" /> <!-- what to do, save --> + <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save --> <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> <input type="hidden" name="dbTable" value="SnortruleSigsIps" /> <!-- what db table--> <input type="hidden" name="ifaceTab" value="snort_rules_ips" /> <!-- what interface tab --> @@ -348,7 +348,8 @@ function makeLargeSidTables(snortObjlist) { '</td>' + "\n" + '<td class="listbg" id="msg_' + snortObjlist[i].sid + '"><font color="white">' + snortObjlist[i].msg + '</font></td>' + "\n" + '</tr>' + "\n" + - '<input type="hidden" name="snortsam[db][' + i + '][sig]" value="' + snortObjlist[i].sid + '" />' + "\n" + '<input type="hidden" name="snortsam[db][' + i + '][siguuid]" value="' + snortObjlist[i].sid + '" />' + "\n" + + '<input type="hidden" name="snortsam[db][' + i + '][sigfilename]" value="<?=$rulefilename; ?>" />' + "\n" ); }, diff --git a/config/orionids-dev/snort_rulesets.php b/config/orionids-dev/snort_rulesets.php index 3935d49a..5182b803 100644 --- a/config/orionids-dev/snort_rulesets.php +++ b/config/orionids-dev/snort_rulesets.php @@ -102,8 +102,8 @@ jQuery(document).ready(function() { * NOTE: I could have used a php loop to build the table but off loading to client is faster * use jQuery jason parse, make sure its in one line */ - if (!empty($filterDirList)) - { + if (!empty($filterDirList)) { + $countDirList = count($filterDirList); echo "\n"; @@ -134,27 +134,27 @@ jQuery(document).ready(function() { } echo ' ]}\');' . "\n"; - } + + }else{ + echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n"; + + } ?> // loop through object, dont use .each in jQuery as its slow - if(snortObjlist.ruleSets.length > 0) - { - for (var i = 0; i < snortObjlist.ruleSets.length; i++) - { + if(snortObjlist.ruleSets.length > 0) { + for (var i = 0; i < snortObjlist.ruleSets.length; i++) { - if (isEven(i) === true) - { + if (isEven(i) === true) { var rowIsEvenOdd = 'even_ruleset'; }else{ var rowIsEvenOdd = 'odd_ruleset'; } - if (snortObjlist.ruleSets[i].enable === 'on') - { + if (snortObjlist.ruleSets[i].enable === 'on') { var rulesetChecked = 'checked'; }else{ var rulesetChecked = ''; diff --git a/config/orionids-dev/snort_rulesets_ips.php b/config/orionids-dev/snort_rulesets_ips.php index 459f2868..dd3e943e 100644 --- a/config/orionids-dev/snort_rulesets_ips.php +++ b/config/orionids-dev/snort_rulesets_ips.php @@ -106,8 +106,8 @@ jQuery(document).ready(function() { * NOTE: I could have used a php loop to build the table but off loading to client is faster * use jQuery jason parse, make sure its in one line */ - if (!empty($filterDirList)) - { + if (!empty($filterDirList)) { + $countDirList = count($filterDirList); echo "\n"; @@ -138,27 +138,26 @@ jQuery(document).ready(function() { } echo ' ]}\');' . "\n"; + + }else{ + // + echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n"; + } - - ?> // loop through object, dont use .each in jQuery as its slow - if(snortObjlist.ruleSets.length > 0) - { - for (var i = 0; i < snortObjlist.ruleSets.length; i++) - { + if(snortObjlist.ruleSets.length > 0) { + for (var i = 0; i < snortObjlist.ruleSets.length; i++) { - if (isEven(i) === true) - { + if (isEven(i) === true) { var rowIsEvenOdd = 'even_ruleset'; }else{ var rowIsEvenOdd = 'odd_ruleset'; } - if (snortObjlist.ruleSets[i].enable === 'on') - { + if (snortObjlist.ruleSets[i].enable === 'on') { var rulesetChecked = 'checked'; }else{ var rulesetChecked = ''; |