diff options
-rwxr-xr-x | config/snort/snort_rules.php | 34 | ||||
-rwxr-xr-x | config/snort/snort_rules_edit.php | 28 | ||||
-rw-r--r-- | config/snort/snort_rules_flowbits.php | 9 |
3 files changed, 53 insertions, 18 deletions
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index c9d90597..2882a89e 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -33,7 +33,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g, $flowbit_rules_file, $rebuild_rules; +global $g, $rebuild_rules; $snortdir = SNORTDIR; $rules_map = array(); @@ -106,6 +106,7 @@ function add_title_attribute($tag, $title) { /* convert fake interfaces to real */ $if_real = snort_get_real_interface($pconfig['interface']); $snort_uuid = $a_rule[$id]['uuid']; +$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; $categories = explode("||", $pconfig['rulesets']); @@ -133,6 +134,9 @@ $ruledir = "{$snortdir}/rules"; $rulefile = "{$ruledir}/{$currentruleset}"; if ($currentruleset != 'custom.rules') { // Read the current rules file into our rules map array. + // If it is the auto-flowbits file, set the full path. + if ($currentruleset == "Auto-Flowbit Rules") + $rulefile = "{$snortcfgdir}/rules/" . FLOWBITS_FILENAME; // Test for the special case of an IPS Policy file. if (substr($currentruleset, 0, 10) == "IPS Policy") $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); @@ -193,8 +197,6 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { write_config(); $_GET['openruleset'] = $currentruleset; -// header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); -// exit; $anchor = "rule_{$sid}"; } @@ -334,7 +336,7 @@ if ($_POST['customrules']) { $rebuild_rules = false; $output = ""; $retcode = ""; - exec("snort -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -T 2>&1", $output, $retcode); + exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode); if (intval($retcode) != 0) { $error = ""; $start = count($output); @@ -436,6 +438,8 @@ if ($savemsg) { $files = explode("||", $pconfig['rulesets']); if ($a_rule[$id]['ips_policy_enable'] == 'on') $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); + if ($a_rule[$id]['autoflowbitrules'] == 'on') + $files[] = "Auto-Flowbit Rules"; natcasesort($files); foreach ($files as $value) { if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_") @@ -517,6 +521,17 @@ if ($savemsg) { title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?> <?php echo gettext("Enable all rules in the current Category"); ?></td> </tr> + <?php if ($currentruleset == 'Auto-Flowbit Rules'): ?> + <tr> + <td colspan="3"> </td> + </tr> + <tr> + <td colspan="3" class="vexpl" align="center"><?php echo "<span class=\"red\"><b>" . gettext("WARNING: ") . "</b></span>" . + gettext("You should not disable flowbit rules! Add Suppress List entries for them instead by ") . + "<a href='snort_rules_flowbits.php?id={$id}' title=\"" . gettext("Add Suppress List entry for Flowbit Rule") . "\">" . + gettext("clicking here") . ".</a>";?></td> + </tr> + <?php endif;?> </table> </td> </tr> @@ -564,27 +579,32 @@ if ($savemsg) { foreach ($rulem as $k2 => $v) { $sid = snort_get_sid($v['rule']); $gid = snort_get_gid($v['rule']); + if (isset($disablesid[$sid])) { $textss = "<span class=\"gray\">"; $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$sid]))) { $textss = "<span class=\"gray\">"; $textse = "</span>"; $iconb = "icon_block_d.gif"; $disable_cnt++; + $title = gettext("Disabled by default. Click to toggle to enabled state"); } elseif (isset($enablesid[$sid])) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; $iconb = "icon_block.gif"; $enable_cnt++; + $title = gettext("Enabled by default. Click to toggle to disabled state"); } // Pick off the first section of the rule (prior to the start of the MSG field), @@ -611,7 +631,7 @@ if ($savemsg) { <a id=\"rule_{$sid}\" href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}'> <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" - title='" . gettext("Click to toggle enabled/disabled state") . "'></a> + title='{$title}'></a> $textse </td> <td class=\"listlr\" align=\"center\"> @@ -638,8 +658,8 @@ if ($savemsg) { ?> <td align="right" valign="middle" nowrap class="listt"> <a href="javascript: void(0)" - onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif" + onclick="wopen('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>','FileViewer',800,600)"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif" title="<?php echo gettext("Click to view the entire rule text"); ?>" width="17" height="17" border="0"></a> </td> </tr> diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index a1f45c07..c0087464 100755 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -37,7 +37,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $flowbit_rules_file; +$flowbit_rules_file = FLOWBITS_FILENAME; $snortdir = SNORTDIR; if (!is_array($config['installedpackages']['snortglobal']['rule'])) { @@ -60,10 +60,17 @@ if (isset($id) && $a_rule[$id]) { /* convert fake interfaces to real */ $if_real = snort_get_real_interface($pconfig['interface']); $snort_uuid = $a_rule[$id]['uuid']; +$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; $file = $_GET['openruleset']; $contents = ''; $wrap_flag = "off"; +// Correct displayed file title if necessary +if ($file == "Auto-Flowbit Rules") + $displayfile = FLOWBITS_FILENAME; +else + $displayfile = $file; + // Read the contents of the argument passed to us. // It may be an IPS policy string, an individual SID, // a standard rules file, or a complete file name. @@ -87,13 +94,18 @@ if (substr($file, 0, 10) == "IPS Policy") { } // Is it a SID to load the rule text from? elseif (isset($_GET['ids'])) { - $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}"); + // If flowbit rule, point to interface-specific file + if ($file == "Auto-Flowbit Rules") + $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME); + else + $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}"); $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule']; $wrap_flag = "soft"; } + // Is it our special flowbit rules file? -elseif ($file == $flowbit_rules_file) - $contents = file_get_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); +elseif ($file == "Auto-Flowbit Rules") + $contents = file_get_contents("{$snortcfgdir}/rules/{$flowbit_rules_file}"); // Is it a rules file in the ../rules/ directory? elseif (file_exists("{$snortdir}/rules/{$file}")) $contents = file_get_contents("{$snortdir}/rules/{$file}"); @@ -101,10 +113,8 @@ elseif (file_exists("{$snortdir}/rules/{$file}")) elseif (file_exists($file)) $contents = file_get_contents($file); // It is not something we can display, so exit. -else { - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$file}"); - exit; -} +else + $input_errors[] = gettext("Unable to open file: {$displayfile}"); $pgtitle = array(gettext("Snort"), gettext("File Viewer")); ?> @@ -128,7 +138,7 @@ $pgtitle = array(gettext("Snort"), gettext("File Viewer")); <input type="button" class="formbtn" value="Return" onclick="window.close()"> </td> <td align="right"> - <b><?php echo gettext("Rules File: ") . '</b> ' . $file; ?> + <b><?php echo gettext("Rules File: ") . '</b> ' . $displayfile; ?> </td> </tr> <tr> diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index 499d093c..578f6c66 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -58,6 +58,11 @@ if (is_null($id)) { exit; } +// Set who called us so we can return to the correct page with +// the RETURN button. We will just trust this User-Agent supplied +// string for now. +$referrer = $_SERVER['HTTP_REFERER']; + $if_real = snort_get_real_interface($a_nat[$id]['interface']); $snort_uuid = $a_nat[$id]['uuid']; @@ -185,7 +190,7 @@ if ($savemsg) <tr> <td width="17px"><img src="../themes/<?=$g['theme']?>/images/icons/icon_plus.gif" width='12' height='12' border='0'/></td> <td><span class="vexpl"><?php echo gettext("Alert is Not Suppressed"); ?></span></td> - <td rowspan="3" align="right"><input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='snort_rulesets.php?id=<?=$id;?>'" <?php + <td rowspan="3" align="right"><input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='<?=$referrer;?>'" <?php echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/></td> </tr> <tr> @@ -278,7 +283,7 @@ if ($savemsg) <?php if ($count > 20): ?> <tr> <td align="center" valign="middle"> - <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='snort_rulesets.php?id=<?=$id;?>'" <?php + <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" onclick="parent.location='<?=$referrer;?>'" <?php echo "value=\"" . gettext("Return") . "\" title=\"" . gettext("Return to previous page") . "\""; ?>/> <input name="id" type="hidden" value="<?=$id;?>" /> </td> |