aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/orionids-dev/snort.xml257
-rw-r--r--config/orionids-dev/snort_install.inc70
-rw-r--r--config/orionids-dev/snort_json_post.php106
-rw-r--r--config/orionids-dev/snort_new.inc128
-rw-r--r--config/orionids-dev/snort_rules.php73
-rw-r--r--config/orionids-dev/snort_rules_ips.php5
-rw-r--r--config/orionids-dev/snort_rulesets.php22
-rw-r--r--config/orionids-dev/snort_rulesets_ips.php23
8 files changed, 234 insertions, 450 deletions
diff --git a/config/orionids-dev/snort.xml b/config/orionids-dev/snort.xml
deleted file mode 100644
index d0d30ded..00000000
--- a/config/orionids-dev/snort.xml
+++ /dev/null
@@ -1,257 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- part of pfSense (http://www.pfsense.com)
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
-
- Pfsense Old snort GUI
- Copyright (C) 2006 Scott Ullrich.
-
- Pfsense snort GUI
- Copyright (C) 2008-2012 Robert Zelaya.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- 3. Neither the name of the pfSense nor the names of its contributors
- may be used to endorse or promote products derived from this software without
- specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>Describe your package here</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>Snort</name>
- <version>2.9.0.5</version>
- <title>Services:2.9.0.5 pkg v. 2.0</title>
- <include_file>/usr/local/pkg/snort/snort_install.inc</include_file>
- <menu>
- <name>Snort</name>
- <tooltiptext>Setup snort specific settings</tooltiptext>
- <section>Services</section>
- <url>/snort/snort_interfaces.php</url>
- </menu>
- <service>
- <name>snort</name>
- <rcfile>snort.sh</rcfile>
- <executable>snort</executable>
- <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description>
- </service>
- <tabs>
- </tabs>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snortDB</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snortDBrules</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snortDBtemp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_build.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_head.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_headbase.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_install.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_new.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_help_info.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_get.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_json_post.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_rules.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/snort/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/bin/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl</item>
- </additional_files_needed>
- <fields>
- </fields>
- <custom_add_php_command>
- </custom_add_php_command>
- <custom_php_resync_config_command>
- sync_snort_package();
- </custom_php_resync_config_command>
- <custom_php_install_command>
- snort_postinstall();
- </custom_php_install_command>
- <custom_php_deinstall_command>
- snort_deinstall();
- </custom_php_deinstall_command>
-</packagegui>
diff --git a/config/orionids-dev/snort_install.inc b/config/orionids-dev/snort_install.inc
index c805d62c..fd61150d 100644
--- a/config/orionids-dev/snort_install.inc
+++ b/config/orionids-dev/snort_install.inc
@@ -121,19 +121,19 @@ function snort_postinstall()
}
if (!file_exists('/usr/local/etc/snort/snortDBrules/custom_rules')) {
- exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules');
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules/rules');
}
if (!file_exists('/usr/local/etc/snort/snortDBrules/emerging_rules')) {
- exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules');
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules/rules');
}
if (!file_exists('/usr/local/etc/snort/snortDBrules/pfsense_rules')) {
- exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules');
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules/rules');
}
if (!file_exists('/usr/local/etc/snort/snortDBrules/snort_rules')) {
- exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules');
+ exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules/rules');
}
if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) {
@@ -226,39 +226,39 @@ function snort_postinstall()
exec('/bin/mkdir -p /usr/local/www/snort/javascript');
chdir ("/usr/local/www/snort/css/");
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style_snort2.css');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/new_tab_menu.css');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/css/style_snort2.css');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/css/new_tab_menu.css');
chdir ("/usr/local/www/snort/images/");
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/arrow_down.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/awesome-overlay-sprite.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/controls.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down2.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer2.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-asc.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-desc.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/loading.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo22.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/page_white_text.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparent.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparentbg.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up2.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/close_9x9.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/new_tab_menu.png');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progress_bar2.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progressbar.gif');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/top_modal_bar_lil.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/alert.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/arrow_down.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/awesome-overlay-sprite.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/controls.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/down.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/down2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/footer.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/footer2.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon-table-sort-asc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon-table-sort-desc.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon-table-sort.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon_excli.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/loading.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/logo.jpg');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/logo22.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/page_white_text.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/transparent.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/transparentbg.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/up.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/up2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/close_9x9.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/new_tab_menu.png');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/progress_bar2.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/progressbar.gif');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/top_modal_bar_lil.jpg');
chdir ("/usr/local/www/snort/javascript/");
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.6.2.min.js');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.form.js');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/snort_globalsend.js');
- exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.progressbar.min.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/jquery-1.6.2.min.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/jquery.form.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/snort_globalsend.js');
+ exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/jquery.progressbar.min.js');
/* back to default */
chdir ('/root/');
diff --git a/config/orionids-dev/snort_json_post.php b/config/orionids-dev/snort_json_post.php
index 1b10ba3b..2b63f9b6 100644
--- a/config/orionids-dev/snort_json_post.php
+++ b/config/orionids-dev/snort_json_post.php
@@ -62,29 +62,6 @@ function snortJsonReturnCode($returnStatus)
}
}
-// snortsam save settings
-if ($_POST['snortSamSaveSettings'] == 1) {
-
- unset($_POST['snortSamSaveSettings']);
-
- if ($_POST['ifaceTab'] === 'snort_rulesets_ips') {
- function snortSamRulesetSaveFunc()
- {
- print_r($_POST);
- }
- snortSamRulesetSaveFunc();
- }
-
- if ($_POST['ifaceTab'] === 'snort_rules_ips') {
- function snortSamRulesSaveFunc()
- {
- snortSql_updateRulesSigsIps();
- }
- snortSamRulesSaveFunc();
- }
-
-}
-
// row from db by uuid
if ($_POST['snortSidRuleEdit'] == 1) {
@@ -94,45 +71,54 @@ if ($_POST['snortSidRuleEdit'] == 1) {
unset($_POST['snortSidRuleEdit']);
snortSidStringRuleEditGUI();
- }
- snortSidRuleEditFunc();
+ } snortSidRuleEditFunc();
}
// row from db by uuid
-if ($_POST['snortSaveRuleSets'] == 1) {
-
- if ($_POST['ifaceTab'] == 'snort_rulesets' || $_POST['ifaceTab'] == 'snort_rulesets_ips') {
+if ($_POST['snortSaveRuleSets'] == 1) {
+
+
+ if ($_POST['ifaceTab'] === 'snort_rules_ips') {
+ function snortSamRulesSaveFunc()
+ {
+ snortJsonReturnCode(snortSql_updateRulesSigsIps());
- function snortSaveRuleSetsRulesetsFunc()
- {
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveRuleSets']);
- unset($_POST['ifaceTab']);
-
- // save to database
- snortJsonReturnCode(snortSql_updateRuleSetList());
-
- // only build if uuid is valid
- if (!empty($_POST['uuid'])) {
- build_snort_settings($_POST['uuid']);
- }
- }
- snortSaveRuleSetsRulesetsFunc();
- }
+ } snortSamRulesSaveFunc();
+ }
+
+
+ if ($_POST['ifaceTab'] == 'snort_rulesets' || $_POST['ifaceTab'] == 'snort_rulesets_ips') {
- if ($_POST['ifaceTab'] == 'snort_rules') {
- function snortSaveRuleSetsRulesFunc()
- {
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveRuleSets']);
- unset($_POST['ifaceTab']);
-
- snortJsonReturnCode(snortSql_updateRuleSigList());
+ function snortSaveRuleSetsRulesetsFunc()
+ {
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveRuleSets']);
+ unset($_POST['ifaceTab']);
+
+ // save to database
+ snortJsonReturnCode(snortSql_updateRuleSetList());
+
+ // only build if uuid is valid
+ if (!empty($_POST['uuid'])) {
+ build_snort_settings($_POST['uuid']);
}
- snortSaveRuleSetsRulesFunc();
- }
+
+ } snortSaveRuleSetsRulesetsFunc();
+ }
+
+ if ($_POST['ifaceTab'] == 'snort_rules') {
+ function snortSaveRuleSetsRulesFunc()
+ {
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveRuleSets']);
+ unset($_POST['ifaceTab']);
+
+ snortJsonReturnCode(snortSql_updateRuleSigList());
+
+ } snortSaveRuleSetsRulesFunc();
+ }
} // END of rulesSets
@@ -196,6 +182,12 @@ if ($_POST['snortSaveSettings'] == 1) {
// creat iface dir and ifcae rules dir
exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ // create at least one file
+ if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules')) {
+
+ exec('touch /usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules');
+
+ }
// NOTE: code only works on php5
$listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules');
@@ -203,13 +195,13 @@ if ($_POST['snortSaveSettings'] == 1) {
$listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules');
if (!empty($listSnortRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
}
if (!empty($listEmergingRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
}
if (!empty($listPfsenseRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
}
diff --git a/config/orionids-dev/snort_new.inc b/config/orionids-dev/snort_new.inc
index ed58d42e..7a6326e8 100644
--- a/config/orionids-dev/snort_new.inc
+++ b/config/orionids-dev/snort_new.inc
@@ -401,64 +401,108 @@ function snortSql_updateRuleSigList()
function snortSql_updateRulesSigsIps()
{
- // get default settings
- $listGenRules = array();
- $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']);
-
-
- $addDate = date(U);
-
// dont let user pick the DB path
- $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}");
+ $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}");
- // checkbox off catch
- $listGenRulesEnable = $listGenRules[0]['enable'];
- if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) {
-
- $listGenRulesEnable = 'off';
- }
+ function insertUpdateDB($db)
+ {
- foreach ($_POST['snortsam']['db'] as $singleSig)
- {
-
- $resultid = sqlite_query($db,
- "SELECT id FROM {$_POST['dbTable']} WHERE signatureid = '{$singleSig['sig']}' and rdbuuid = '{$_POST['rdbuuid']}';
- ");
-
- $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);
+ // get default settings
+ $listGenRules = array();
+ $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']);
- // checkbox off catch
- $singleSigEnable = $singleSig['enable'];
- if ( empty($singleSig['enable']) ) {
-
- $singleSigEnable = 'off';
+ // if $listGenRules empty list defaults
+ if (empty($listGenRules)) {
+ $listGenRules[0] = array(
+ 'rdbuuid' => $_POST['rdbuuid'],
+ 'enable' => 'on',
+ 'who' => 'src',
+ 'timeamount' => 15,
+ 'timetype' => 'minutes'
+ );
}
- // only do this if something change from defauts settings
- $somthingChanged = FALSE;
- if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] !== $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) {
- $somthingChanged = TRUE;
+ $addDate = date(U);
+
+ // checkbox off catch
+ $listGenRulesEnable = $listGenRules[0]['enable'];
+ if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) {
+
+ $listGenRulesEnable = 'off';
}
- if ( empty($chktable) && $somthingChanged ) {
+ foreach ($_POST['snortsam']['db'] as $singleSig)
+ {
+
+ $resultid = sqlite_query($db,
+ "SELECT id FROM {$_POST['dbTable']} WHERE siguuid = '{$singleSig['siguuid']}' and rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+
+ $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);
+
+ // checkbox off catch
+ $singleSigEnable = $singleSig['enable'];
+ if ( empty($singleSig['enable']) ) {
- $rulesetUuid = genAlphaNumMixFast(11, 14);
+ $singleSigEnable = 'off';
+ }
+
+ // only do this if something change from defauts settings, note: timeamount Not equal
+ $somthingChanged = FALSE;
+ if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] != $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) {
+ $somthingChanged = TRUE;
+ }
- $query_ck = sqlite_query($db, // @ supress warnings usonly in production
- "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}');
- ");
+ if ( empty($chktable) && $somthingChanged ) {
- }
+ $rulesetUuid = genAlphaNumMixFast(11, 14);
+
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, siguuid, sigfilename, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['siguuid']}', '{$singleSig['sigfilename']}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}');
+ ");
+
+
+ }
+
+ if ( !empty($chktable) ) {
+
+ $query_ck = sqlite_query($db, // @ supress warnings usonly in production
+ "UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}';
+ ");
+
+ }
- if ( !empty($chktable) && $somthingChanged ) {
+ } // END foreach
+
+ } insertUpdateDB($db);
- echo $singleSig['sig'];
-
+ function cleanupDB($db)
+ {
+ // clean database of old names and turn rulesets off
+ $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$_POST['rdbuuid']}/rules/", '\.rules');
+
+ $resultAllRulesetname = sqlite_query($db,
+ "SELECT sigfilename FROM {$_POST['dbTable']} WHERE rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+
+ $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC);
+
+ if (!empty($chktable2)) {
+ foreach ($chktable2 as $value)
+ {
+
+ if(!in_array($value['sigfilename'], $listDir)) {
+ $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production
+ "DELETE FROM {$_POST['dbTable']} WHERE sigfilename = '{$value['sigfilename']}' and rdbuuid = '{$_POST['rdbuuid']}';
+ ");
+ }
+
+ }
}
-
- } // END foreach
+ } cleanupDB($db);
sqlite_close($db);
+ return true;
}
diff --git a/config/orionids-dev/snort_rules.php b/config/orionids-dev/snort_rules.php
index 78134d52..09490a37 100644
--- a/config/orionids-dev/snort_rules.php
+++ b/config/orionids-dev/snort_rules.php
@@ -434,43 +434,48 @@ jQuery(document).ready(function() {
<?php
- /*
- * NOTE:
- * I could have used a php loop to build the table but I wanted to see if off loading to client is faster.
- * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see.
- * WARNING:
- * If Json string is to long browsers start asking to terminate javascript.
- * FIX:
- * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended.
- */
- if (!empty($newFilterRuleSigArray))
- {
- $countSigList = count($newFilterRuleSigArray);
-
- echo "\n";
-
- echo 'var snortObjlist = [';
- $i = 0;
- foreach ($newFilterRuleSigArray as $val3)
- {
+ /*
+ * NOTE:
+ * I could have used a php loop to build the table but I wanted to see if off loading to client is faster.
+ * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see.
+ * WARNING:
+ * If Json string is to long browsers start asking to terminate javascript.
+ * FIX:
+ * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended.
+ */
+ if (!empty($newFilterRuleSigArray))
+ {
+ $countSigList = count($newFilterRuleSigArray);
+
+ echo "\n";
+
+ echo 'var snortObjlist = [';
+ $i = 0;
+ foreach ($newFilterRuleSigArray as $val3)
+ {
+
+ $i++;
- $i++;
-
- if ( $i !== $countSigList )
- {//
- echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},';
- }else{
- echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}';
- }
- }
-
- echo '];' . "\n";
- }
+ if ( $i !== $countSigList )
+ {//
+ echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},';
+ }else{
+ echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}';
+ }
+ }
+
+ echo '];' . "\n";
+ }
-?>
- // disable Row Append if row count is less than 0
- var countRowAppend = <?=$countSig; ?>;
+
+ if (!empty($countSig)) {
+ echo 'var countRowAppend = ' . $countSig . ';' . "\n";
+ }else{
+ echo 'var countRowAppend = 0;' . "\n";
+ }
+
+?>
// if rowcount is not empty do this
if (countRowAppend > 0){
diff --git a/config/orionids-dev/snort_rules_ips.php b/config/orionids-dev/snort_rules_ips.php
index 3e39501d..b1bd8b08 100644
--- a/config/orionids-dev/snort_rules_ips.php
+++ b/config/orionids-dev/snort_rules_ips.php
@@ -153,7 +153,7 @@ if (isset($_GET['rulefilename'])) {
<!-- START MAIN AREA -->
<table width="100%" border="0" cellpadding="10px" cellspacing="0">
- <input type="hidden" name="snortSamSaveSettings" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
<input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
<input type="hidden" name="dbTable" value="SnortruleSigsIps" /> <!-- what db table-->
<input type="hidden" name="ifaceTab" value="snort_rules_ips" /> <!-- what interface tab -->
@@ -348,7 +348,8 @@ function makeLargeSidTables(snortObjlist) {
'</td>' + "\n" +
'<td class="listbg" id="msg_' + snortObjlist[i].sid + '"><font color="white">' + snortObjlist[i].msg + '</font></td>' + "\n" +
'</tr>' + "\n" +
- '<input type="hidden" name="snortsam[db][' + i + '][sig]" value="' + snortObjlist[i].sid + '" />' + "\n"
+ '<input type="hidden" name="snortsam[db][' + i + '][siguuid]" value="' + snortObjlist[i].sid + '" />' + "\n" +
+ '<input type="hidden" name="snortsam[db][' + i + '][sigfilename]" value="<?=$rulefilename; ?>" />' + "\n"
);
},
diff --git a/config/orionids-dev/snort_rulesets.php b/config/orionids-dev/snort_rulesets.php
index 3935d49a..5182b803 100644
--- a/config/orionids-dev/snort_rulesets.php
+++ b/config/orionids-dev/snort_rulesets.php
@@ -102,8 +102,8 @@ jQuery(document).ready(function() {
* NOTE: I could have used a php loop to build the table but off loading to client is faster
* use jQuery jason parse, make sure its in one line
*/
- if (!empty($filterDirList))
- {
+ if (!empty($filterDirList)) {
+
$countDirList = count($filterDirList);
echo "\n";
@@ -134,27 +134,27 @@ jQuery(document).ready(function() {
}
echo ' ]}\');' . "\n";
- }
+
+ }else{
+ echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n";
+
+ }
?>
// loop through object, dont use .each in jQuery as its slow
- if(snortObjlist.ruleSets.length > 0)
- {
- for (var i = 0; i < snortObjlist.ruleSets.length; i++)
- {
+ if(snortObjlist.ruleSets.length > 0) {
+ for (var i = 0; i < snortObjlist.ruleSets.length; i++) {
- if (isEven(i) === true)
- {
+ if (isEven(i) === true) {
var rowIsEvenOdd = 'even_ruleset';
}else{
var rowIsEvenOdd = 'odd_ruleset';
}
- if (snortObjlist.ruleSets[i].enable === 'on')
- {
+ if (snortObjlist.ruleSets[i].enable === 'on') {
var rulesetChecked = 'checked';
}else{
var rulesetChecked = '';
diff --git a/config/orionids-dev/snort_rulesets_ips.php b/config/orionids-dev/snort_rulesets_ips.php
index 459f2868..dd3e943e 100644
--- a/config/orionids-dev/snort_rulesets_ips.php
+++ b/config/orionids-dev/snort_rulesets_ips.php
@@ -106,8 +106,8 @@ jQuery(document).ready(function() {
* NOTE: I could have used a php loop to build the table but off loading to client is faster
* use jQuery jason parse, make sure its in one line
*/
- if (!empty($filterDirList))
- {
+ if (!empty($filterDirList)) {
+
$countDirList = count($filterDirList);
echo "\n";
@@ -138,27 +138,26 @@ jQuery(document).ready(function() {
}
echo ' ]}\');' . "\n";
+
+ }else{
+ //
+ echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n";
+
}
-
-
?>
// loop through object, dont use .each in jQuery as its slow
- if(snortObjlist.ruleSets.length > 0)
- {
- for (var i = 0; i < snortObjlist.ruleSets.length; i++)
- {
+ if(snortObjlist.ruleSets.length > 0) {
+ for (var i = 0; i < snortObjlist.ruleSets.length; i++) {
- if (isEven(i) === true)
- {
+ if (isEven(i) === true) {
var rowIsEvenOdd = 'even_ruleset';
}else{
var rowIsEvenOdd = 'odd_ruleset';
}
- if (snortObjlist.ruleSets[i].enable === 'on')
- {
+ if (snortObjlist.ruleSets[i].enable === 'on') {
var rulesetChecked = 'checked';
}else{
var rulesetChecked = '';