aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/snort/snort.inc2
-rw-r--r--config/snort/snort_barnyard.php10
-rw-r--r--config/snort/snort_interfaces.php26
-rw-r--r--config/snort/snort_interfaces_suppress_edit.php10
-rw-r--r--config/snort/snort_rules.php422
-rw-r--r--config/snort/snort_rulesets.php392
6 files changed, 399 insertions, 463 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index a44b4bac..756740fe 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -208,7 +208,7 @@ function snort_build_list($listname = "") {
function snort_is_running($snort_uuid, $if_real, $type = 'snort') {
global $config, $g;
- if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid"))
+ if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid"))
return 'yes';
return 'no';
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 17769ca8..914bcead 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -46,11 +46,6 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_nat = &$config['installedpackages']['snortglobal']['rule'];
-if (isset($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
-}
-
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* old options */
@@ -87,10 +82,7 @@ if ($_POST) {
if (isset($id) && $a_nat[$id])
$a_nat[$id] = $natent;
else {
- if (is_numeric($after))
- array_splice($a_nat, $after+1, 0, array($natent));
- else
- $a_nat[] = $natent;
+ $a_nat[] = $natent;
}
write_config();
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index d55e8bd9..67a7257d 100644
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -219,30 +219,26 @@ if ($pfsense_stable == 'yes')
/* There has to be a smarter way to do this */
$if_real = snort_get_real_interface($natent['interface']);
$snort_uuid = $natent['uuid'];
- if (snort_is_running($snort_uuid, $if_real) == 'no') {
+ if (snort_is_running($snort_uuid, $if_real) == 'no')
$iconfn = 'pass';
- $class_color_up = 'listbg';
- }else{
- $class_color_up = 'listbg2';
+ else
$iconfn = 'block';
- }
- if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no') {
+ if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no')
$biconfn = 'pass';
- } else {
+ else
$biconfn = 'block';
- }
?>
<td class="listt">
<input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ <td class="listr"
id="frd<?=$nnats;?>"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
echo snort_get_friendly_interface($natent['interface']);
?>
</td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ <td class="listr"
id="frd<?=$nnats;?>"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
@@ -257,7 +253,7 @@ if ($pfsense_stable == 'yes')
echo strtoupper("disabled");
?>
</td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ <td class="listr"
id="frd<?=$nnats;?>"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
@@ -268,7 +264,7 @@ if ($pfsense_stable == 'yes')
$check_performance = "lowmem";
}
?> <?=strtoupper($check_performance);?></td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ <td class="listr"
id="frd<?=$nnats;?>"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
@@ -280,7 +276,7 @@ if ($pfsense_stable == 'yes')
$check_blockoffenders = disabled;
}
?> <?=strtoupper($check_blockoffenders);?></td>
- <td class="listr" onClick="fr_toggle(<?=$nnats;?>)"
+ <td class="listr"
id="frd<?=$nnats;?>"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
@@ -290,12 +286,12 @@ if ($pfsense_stable == 'yes')
echo "<a href='?act=bartoggle&id={$i}'>
<img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif'
width='13' height='13' border='0'
- title='click to toggle start/stop snort'></a>";
+ title='click to toggle start/stop barnyard'></a>";
} else
echo strtoupper("disabled");
?>
</td>
- <td class="listbg" onClick="fr_toggle(<?=$nnats;?>)"
+ <td class="listbg"
ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';">
<font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;
</td>
diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php
index 45340f21..8a7e29ef 100644
--- a/config/snort/snort_interfaces_suppress_edit.php
+++ b/config/snort/snort_interfaces_suppress_edit.php
@@ -70,7 +70,8 @@ if (isset($id) && $a_suppress[$id]) {
$pconfig['name'] = $a_suppress[$id]['name'];
$pconfig['uuid'] = $a_suppress[$id]['uuid'];
$pconfig['descr'] = $a_suppress[$id]['descr'];
- $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
+ if (!empty($a_suppress[$id]['suppresspassthru']));
+ $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
if (empty($a_suppress[$id]['uuid']))
$pconfig['uuid'] = uniqid();
}
@@ -106,7 +107,8 @@ if ($_POST['submit']) {
$s_list['name'] = $_POST['name'];
$s_list['uuid'] = $suppress_uuid;
$s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
- $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
+ if ($_POST['suppresspassthru'])
+ $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
if (isset($id) && $a_suppress[$id])
$a_suppress[$id] = $s_list;
@@ -190,7 +192,7 @@ if ($savemsg)
<tr>
<td width="10%" class="vncell">&nbsp;Advanced pass through</td>
<td width="100%" class="vtable"><textarea wrap="off"
- name="suppresspassthru" cols="90" rows="28" id="suppresspassthru" class="formpre"> <?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
+ name="suppresspassthru" cols="90" rows="28" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
</td>
</tr>
<tr>
@@ -199,7 +201,7 @@ if ($savemsg)
class="formbtn" value="Save" /> <input id="cancelbutton"
name="cancelbutton" type="button" class="formbtn" value="Cancel"
onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?>
+ <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?>
</td>
</tr>
</table>
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 5a13cf7b..a171dc06 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -55,73 +55,6 @@ if (isset($id) && $a_rule[$id]) {
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
}
-/* convert fake interfaces to real */
-$if_real = snort_get_real_interface($pconfig['interface']);
-$iface_uuid = $a_rule[$id]['uuid'];
-
-/* Check if the rules dir is empy if so warn the user */
-/* TODO give the user the option to delete the installed rules rules */
-if (!is_dir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules"))
- exec("/bin/mkdir -p {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules");
-
-$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
-if ($isrulesfolderempty == "" || empty($pconfig['rulesets'])) {
- $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules");
- if ($isrulesfolderempty == "" || empty($pconfig['rulesets'])) {
- include_once("head.inc");
- include_once("fbegin.inc");
-
- echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-
- if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
- echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n";
-
- $tab_array = array();
- $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
- echo "</td>\n
- </tr>\n
- <tr>\n
- <td>\n
- <div id=\"mainarea\">\n
- <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n
- # The rules directory is empty or you have not selected any rules in the Categories tab.\n
- </td>\n
- </tr>\n
- </table>\n
- </div>\n
- </td>\n
- </tr>\n
- </table>\n
- \n
- </form>\n
- \n
- <p>\n\n";
-
- echo "Please click on the Update Rules tab to install your selected rule sets.";
- include("fend.inc");
-
- echo "</body>";
- echo "</html>";
-
- exit(0);
- } else {
- /* Make sure that we have the rules */
- mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true);
- }
-}
-
function get_middle($source, $beginning, $ending, $init_pos) {
$beginning_pos = strpos($source, $beginning, $init_pos);
if (!$beginning_pos)
@@ -143,27 +76,28 @@ function load_rule_file($incoming_file)
return explode("\n", $contents);
}
-$ruledir = "{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/";
-$dh = opendir($ruledir);
-while (false !== ($filename = readdir($dh)))
-{
- //only populate this array if its a rule file
- $isrulefile = strstr($filename, ".rules");
- if ($isrulefile !== false)
- $files[] = basename($filename);
-}
-sort($files);
+/* convert fake interfaces to real */
+$if_real = snort_get_real_interface($pconfig['interface']);
+$snort_uuid = $a_rule[$id]['uuid'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
$categories = explode("||", $pconfig['rulesets']);
if ($_GET['openruleset'])
- $rulefile = $_GET['openruleset'];
+ $currentruleset = $_GET['openruleset'];
else
- $rulefile = $ruledir.$categories[0];
+ $currentruleset = $categories[0];
-//Load the rule file
-$splitcontents = load_rule_file($rulefile);
+$ruledir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules";
+$rulefile = "{$ruledir}/{$currentruleset}";
+if (!file_exists($rulefile)) {
+ $input_errors[] = "{$currentruleset} seems to be missing!!! Please go to the Category tab and save again the rule to regenerate it.";
+ $splitcontents = array();
+} else
+ //Load the rule file
+ $splitcontents = load_rule_file($rulefile);
-if ($_GET['act'] == "toggle" && $_GET['ids']) {
+if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($splitcontents)) {
$lineid= $_GET['ids'];
@@ -212,27 +146,32 @@ if ($_GET['act'] == "toggle" && $_GET['ids']) {
write_config();
}
- header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}");
+ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
exit;
}
-$currentruleset = basename($rulefile);
-
-$ifname = strtoupper($pconfig['interface']);
-
require_once("guiconfig.inc");
include_once("head.inc");
$if_friendly = snort_get_friendly_interface($pconfig['interface']);
-$pgtitle = "Snort: $id $iface_uuid {$if_friendly} Category: $currentruleset";
+$pgtitle = "Snort: {$if_friendly} Category: $currentruleset";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+
+/* Display message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+
?>
-<form action="snort_rules.php" method="post" name="iform" id="iform">
<script language="javascript" type="text/javascript">
function go()
@@ -255,6 +194,7 @@ function popup(url)
}
</script>
+<form action="snort_rules.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -272,162 +212,180 @@ function popup(url)
<tr>
<td>
<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="3%" class="list">&nbsp;</td>
- <td class="listhdr" colspan="7">
- <br/>Category:
- <select id="selectbox" name="selectbox" class="formselect" onChange="go()">
- <?php
- foreach ($files as $value) {
- if (!in_array($value, $categories))
- continue;
- echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' ";
- if ($value === $currentruleset)
- echo "selected";
- echo ">{$value}</option>\n";
- }
- ?>
- </select>
- <br/>
- </td>
- <td width="5%" class="list">&nbsp;</td>
- </tr>
- <tr id="frheader">
- <td width="3%" class="list">&nbsp;</td>
- <td width="7%" class="listhdr">SID</td>
- <td width="4%" class="listhdrr">Proto</td>
- <td width="15%" class="listhdrr">Source</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="15%" class="listhdrr">Destination</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="30%" class="listhdrr">Message</td>
- <td width="5%" class="list">&nbsp;</td>
- </tr>
+<?php
+if (empty($pconfig['rulesets'])):
+?>
+ <tr>
+ <td>
+ # You have not selected any rules in the Categories tab.
+ </td>
+ </tr>
+<?php else: ?>
+ <tr>
+ <td width="3%" class="list">&nbsp;</td>
+ <td class="listhdr" colspan="7">
+ <br/>Category:
+ <select id="selectbox" name="selectbox" class="formselect" onChange="go()">
<?php
- foreach ( $splitcontents as $counter => $value )
- {
- $disabled = "False";
- $comments = "False";
- $findme = "# alert"; //find string for disabled alerts
- $disabled_pos = strstr($value, $findme);
-
- $counter2 = 1;
- $sid = get_middle($value, 'sid:', ';', 0);
- //check to see if the sid is numberical
- if (!is_numeric($sid))
+ $files = explode("||", $pconfig['rulesets']);
+ foreach ($files as $value) {
+ if ($snortdownload != 'on' && strstr($value, "snort"))
continue;
-
- //if find alert is false, then rule is disabled
- if ($disabled_pos !== false){
- $counter2 = $counter2+1;
- $textss = "<span class=\"gray\">";
- $textse = "</span>";
- $iconb = "icon_block_d.gif";
-
- $ischecked = "";
- } else {
- $textss = $textse = "";
- $iconb = "icon_block.gif";
-
- $ischecked = "checked";
- }
-
- $rule_content = explode(' ', $value);
-
- $protocol = $rule_content[$counter2];//protocol location
- $counter2++;
- $source = substr($rule_content[$counter2], 0, 20) . "...";//source location
- $counter2++;
- $source_port = $rule_content[$counter2];//source port location
- $counter2 = $counter2+2;
- $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location
- $counter2++;
- $destination_port = $rule_content[$counter2];//destination port location
-
- if (strstr($value, 'msg: "'))
- $message = get_middle($value, 'msg: "', '";', 0);
- else if (strstr($value, 'msg:"'))
- $message = get_middle($value, 'msg:"', '";', 0);
-
- echo "<tr><td width='3%' class='listt'> $textss
- <a href='?id={$id}&openruleset={$rulefile}&act=toggle&ids={$counter}'>
- <img src='../themes/{$g['theme']}/images/icons/{$iconb}'
- width='10' height='10' border='0'
- title='click to toggle enabled/disabled status'></a>
- $textse
- </td>
- <td width='7%' class=\"listlr\">
- $textss $sid $textse
- </td>
- <td width='4%' class=\"listlr\">
- $textss $protocol $textse
- </td>
- <td width='15%' class=\"listlr\">
- $textss $source $textse
- </td>
- <td width='10%' class=\"listlr\">
- $textss $source_port $textse
- </td>
- <td width='15%' class=\"listlr\">
- $textss $destination $textse
- </td>
- <td width='10%' class=\"listlr\">
- $textss $destination_port $textse
- </td>
- <td width='30%' class=\"listbg\"><font color=\"white\">
- $textss $message $textse
- </td>";
- ?>
- <td width='5%' valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="javascript: void(0)"
- onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- title="edit rule" width="17" height="17" border="0"></a></td>
- <!-- Codes by Quackit.com -->
- </tr>
- </table>
- </td>
- </tr>
- <?php
-
+ if ($emergingdownload != 'on' && strstr($value, "emerging"))
+ continue;
+ echo "<option value='?id={$id}&openruleset={$value}' ";
+ if ($value === $currentruleset)
+ echo "selected";
+ echo ">{$value}</option>\n";
}
?>
-
+ </select>
+ <br/>
+ </td>
+ <td width="5%" class="list">&nbsp;</td>
+ </tr>
+ <tr>
+ <td width="3%" class="list">&nbsp;</td>
+ <td colspan="7" class="listhdr" >&nbsp;</td><
+ <td width="5%" class="list">&nbsp;</td>
+ </tr>
+ <tr id="frheader">
+ <td width="3%" class="list">&nbsp;</td>
+ <td width="7%" class="listhdr">SID</td>
+ <td width="4%" class="listhdrr">Proto</td>
+ <td width="15%" class="listhdrr">Source</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="15%" class="listhdrr">Destination</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="30%" class="listhdrr">Message</td>
+ <td width="5%" class="list">&nbsp;</td>
+ </tr>
+<?php
+ foreach ( $splitcontents as $counter => $value )
+ {
+ $disabled = "False";
+ $comments = "False";
+ $findme = "# alert"; //find string for disabled alerts
+ $disabled_pos = strstr($value, $findme);
+
+ $counter2 = 1;
+ $sid = get_middle($value, 'sid:', ';', 0);
+ //check to see if the sid is numberical
+ if (!is_numeric($sid))
+ continue;
+
+ //if find alert is false, then rule is disabled
+ if ($disabled_pos !== false){
+ $counter2 = $counter2+1;
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $iconb = "icon_block_d.gif";
+
+ $ischecked = "";
+ } else {
+ $textss = $textse = "";
+ $iconb = "icon_block.gif";
+
+ $ischecked = "checked";
+ }
+
+ $rule_content = explode(' ', $value);
+
+ $protocol = $rule_content[$counter2];//protocol location
+ $counter2++;
+ $source = substr($rule_content[$counter2], 0, 20) . "...";//source location
+ $counter2++;
+ $source_port = $rule_content[$counter2];//source port location
+ $counter2 = $counter2+2;
+ $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location
+ $counter2++;
+ $destination_port = $rule_content[$counter2];//destination port location
+
+ if (strstr($value, 'msg: "'))
+ $message = get_middle($value, 'msg: "', '";', 0);
+ else if (strstr($value, 'msg:"'))
+ $message = get_middle($value, 'msg:"', '";', 0);
+
+ echo "<tr><td width='3%' class='listt'> $textss
+ <a href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$counter}'>
+ <img src='../themes/{$g['theme']}/images/icons/{$iconb}'
+ width='10' height='10' border='0'
+ title='click to toggle enabled/disabled status'></a>
+ $textse
+ </td>
+ <td width='7%' class=\"listlr\">
+ $textss $sid $textse
+ </td>
+ <td width='4%' class=\"listlr\">
+ $textss $protocol $textse
+ </td>
+ <td width='15%' class=\"listlr\">
+ $textss $source $textse
+ </td>
+ <td width='10%' class=\"listlr\">
+ $textss $source_port $textse
+ </td>
+ <td width='15%' class=\"listlr\">
+ $textss $destination $textse
+ </td>
+ <td width='10%' class=\"listlr\">
+ $textss $destination_port $textse
+ </td>
+ <td width='30%' class=\"listbg\"><font color=\"white\">
+ $textss $message $textse
+ </td>";
+ ?>
+ <td width='5%' valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="javascript: void(0)"
+ onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$counter;?>')"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ title="edit rule" width="17" height="17" border="0"></a></td>
+ <!-- Codes by Quackit.com -->
+ </tr>
</table>
</td>
</tr>
+<?php
+
+ }
+?>
+
+ </table>
+ </td>
+</tr>
+<tr>
+ <td colspan="9">
+ <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td width="16"><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
+ width="11" height="11"></td>
+ <td>Rule Enabled</td>
+ </tr>
<tr>
- <td colspan="9">
- <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td width="16"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
- width="11" height="11"></td>
- <td>Rule Enabled</td>
- </tr>
- <tr>
- <td><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif"
- width="11" height="11"></td>
- <td nowrap>Rule Disabled</td>
- </tr>
- <tr>
- <!-- TODO: add save and cancel for checkbox options -->
- <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
- </tr>
- <tr>
- <td colspan="10">
- <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>-->
- </td>
- </tr>
- </table>
+ <td><img
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif"
+ width="11" height="11"></td>
+ <td nowrap>Rule Disabled</td>
+ </tr>
+ <tr>
+ <!-- TODO: add save and cancel for checkbox options -->
+ <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> -->
+ </tr>
+ <tr>
+ <td colspan="10">
+ <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>-->
</td>
</tr>
</table>
</td>
</tr>
+<?php endif; ?>
+ </table>
+ </td>
+</tr>
</table>
</form>
<?php include("fend.inc"); ?>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 050ec2ce..34bba9e5 100644
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -49,92 +49,39 @@ if (is_null($id)) {
exit;
}
+function snort_copy_rules($files, $snortdir, $snort_uuid, $if_real) {
+
+ if (empty($files))
+ return;
+
+ conf_mount_rw();
+ foreach ($files as $file) {
+ if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"))
+ @copy("{$snortdir}/rules/{$file}", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}");
+ }
+ conf_mount_ro();
+}
+
if (isset($id) && $a_nat[$id]) {
$pconfig['enable'] = $a_nat[$id]['enable'];
$pconfig['interface'] = $a_nat[$id]['interface'];
$pconfig['rulesets'] = $a_nat[$id]['rulesets'];
-
- /* convert fake interfaces to real */
- $if_real = snort_get_real_interface($pconfig['interface']);
-
- $iface_uuid = $a_nat[$id]['uuid'];
}
-$if_friendly = snort_get_friendly_interface($pconfig['interface']);
-$pgtitle = "Snort: Interface {$if_friendly} Categories";
-
-
-/* Check if the rules dir is empy if so warn the user */
-/* TODO give the user the option to delete the installed rules rules */
-$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
-if ($isrulesfolderempty == "") {
- $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules");
- if ($isrulesfolderempty == "") {
- include_once("head.inc");
- include("fbegin.inc");
-
- echo "<p class=\"pgtitle\">";
- if($pfsense_stable == 'yes'){echo $pgtitle;}
- echo "</p>\n";
-
- echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">";
-
- echo "
- <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr><td>\n";
-
- $tab_array = array();
- $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
- $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
- $tab_array[] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}");
- $tab_array[] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
- $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}");
- $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}");
- $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
- echo "
- </td></tr>
- <tr>\n
- <td>\n
- <div id=\"mainarea\">\n
- <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n
- <tr>\n
- <td>\n
- # The rules directory is empty. {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules \n
- </td>\n
- </tr>\n
- </table>\n
- </div>\n
- </td>\n
- </tr>\n
- </table>\n
- \n
- </form>\n
- \n
- <p>\n\n";
-
- echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty";
- include("fend.inc");
-
- echo "</body>";
- echo "</html>";
-
- exit(0);
- } else {
- /* Make sure that we have the rules */
- mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true);
- }
-}
+$if_real = snort_get_real_interface($pconfig['interface']);
+$snort_uuid = $a_nat[$id]['uuid'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
/* alert file */
if ($_POST["Submit"]) {
$enabled_items = "";
- $isfirst = true;
if (is_array($_POST['toenable']))
$enabled_items = implode("||", $_POST['toenable']);
else
$enabled_items = $_POST['toenable'];
$a_nat[$id]['rulesets'] = $enabled_items;
+ snort_copy_rules(explode("||", $enabled_items), $snortdir, $snort_uuid, $if_real);
write_config();
sync_snort_package_config();
@@ -144,6 +91,13 @@ if ($_POST["Submit"]) {
}
if ($_POST['unselectall']) {
+ if (!empty($pconfig['rulesets'])) {
+ conf_mount_rw();
+ foreach (explode("||", $pconfig['rulesets']) as $file)
+ @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}");
+ conf_mount_ro();
+ }
+
$a_nat[$id]['rulesets'] = "";
write_config();
@@ -154,10 +108,18 @@ if ($_POST['unselectall']) {
}
if ($_POST['selectall']) {
- $files = glob("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules");
$rulesets = array();
- foreach ($files as $file)
- $rulesets[] = basename($file);
+ if ($emergingdownload == 'on') {
+ $files = glob("{$snortdir}/rules/emerging*.rules");
+ foreach ($files as $file)
+ $rulesets[] = basename($file);
+ }
+ if ($snortdownload == 'on') {
+ $files = glob("{$snortdir}/rules/snort*.rules");
+ foreach ($files as $file)
+ $rulesets[] = basename($file);
+ }
+ snort_copy_rules($rulesets, $snortdir, $snort_uuid, $if_real);
$a_nat[$id]['rulesets'] = implode("||", $rulesets);
@@ -168,21 +130,18 @@ if ($_POST['selectall']) {
exit;
}
-$enabled_rulesets = $a_nat[$id]['rulesets'];
-if($enabled_rulesets)
- $enabled_rulesets_array = explode("||", $enabled_rulesets);
-
+$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
include_once("head.inc");
-
?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<?php
+include("fbegin.inc");
+$if_friendly = snort_get_friendly_interface($pconfig['interface']);
+$pgtitle = "Snort: Interface {$if_friendly} Categories";
-<form action="snort_rulesets.php" method="post" name="iform" id="iform">";
-<input type="hidden" name="id" id="id" value="<?=$id;?>" />
+if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
<?php
/* Display message */
@@ -196,6 +155,8 @@ if ($savemsg) {
?>
+<form action="snort_rulesets.php" method="post" name="iform" id="iform">
+<input type="hidden" name="id" id="id" value="<?=$id;?>" />
<table width="99%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -210,134 +171,161 @@ if ($savemsg) {
display_top_tabs($tab_array);
?>
</td></tr>
- <tr>
- <td>
- <div id="mainarea2">
- <table id="maintable" class="tabcont" width="100%" border="0"
- cellpadding="0" cellspacing="0">
+<tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+<?php
+ $isrulesfolderempty = glob("{$snortdir}/rules/*.rules");
+ if (empty($isrulesfolderempty)):
+?>
+ <tr>
+ <td>
+ # The rules directory is empty. <?=$snortdir;?>/rules <br/>
+ Please go to the updates page to download/fetch the rules configured.
+ </td>
+ </tr>
+<?php else:
+ $colspan = 6;
+ if ($emergingdownload != 'on')
+ $colspan -= 2;
+ if ($snortdownload != 'on')
+ $colspan -= 4;
+
+?>
+ <tr>
+ <td>
+ <table id="sortabletable1" class="sortable" width="100%" border="0"
+ cellpadding="0" cellspacing="0">
<tr>
- <td>
- <table id="sortabletable1" class="sortable" width="100%" border="0"
- cellpadding="0" cellspacing="0">
- <tr>
- <td colspan="6" class="listtopic">Check the rulesets that you would like Snort to load at startup.<br/><br/></td>
- </tr>
- <tr>
- <td colspan="2" valign="center"><br/><input value="Save" type="submit" name="Submit" id="Submit" /><br/<br/></td>
- <td colspan="2" valign="center"><br/><input value="Select All" type="submit" name="selectall" id="selectall" /><br/<br/></td>
- <td colspan="2" valign="center"><br/><input value="Unselect All" type="submit" name="unselectall" id="selectall" /><br/<br/></td>
+ <td colspan="6" class="listtopic">Check the rulesets that you would like Snort to load at startup.<br/><br/></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="center"><br/><input value="Save" type="submit" name="Submit" id="Submit" /><br/<br/></td>
+ <td colspan="2" valign="center"><br/><input value="Select All" type="submit" name="selectall" id="selectall" /><br/<br/></td>
+ <td colspan="2" valign="center"><br/><input value="Unselect All" type="submit" name="unselectall" id="selectall" /><br/<br/></td>
+ </tr>
+ <tr> <td colspan="6">&nbsp;</td> </tr>
+ <tr id="frheader">
+ <?php if ($emergingdownload == 'on'): ?>
+ <td width="5%" class="listhdrr">Enabled</td>
+ <td width="25%" class="listhdrr"><?php echo 'Ruleset: Emerging Threats.';?></td>
+ <?php else: ?>
+ <td colspan="2" width="30%" class="listhdrr">Emerging rules have not been enabled</td>
+ <?php endif; ?>
+ <?php if ($snortdownload == 'on'): ?>
+ <td width="5%" class="listhdrr">Enabled</td>
+ <td width="25%" class="listhdrr"><?php echo 'Ruleset: Snort';?></td>
+ <td width="5%" class="listhdrr">Enabled</td>
+ <td width="25%" class="listhdrr"><?php echo 'Ruleset: Snort SO';?></td>
+ <?php else: ?>
+ <td colspan="2" width="60%" class="listhdrr">Snort rules have not been enabled</td>
+ <?php endif; ?>
</tr>
- <tr> <td colspan="6">&nbsp;</td> </tr>
- <tr id="frheader">
- <td width="5%" class="listhdrr">Enabled</td>
- <td width="25%" class="listhdrr"><?php echo 'Ruleset: Emerging Threats.';?></td>
- <td width="5%" class="listhdrr">Enabled</td>
- <td width="25%" class="listhdrr"><?php echo 'Ruleset: Snort';?></td>
- <td width="5%" class="listhdrr">Enabled</td>
- <td width="25%" class="listhdrr"><?php echo 'Ruleset: Snort SO';?></td>
- </tr>
- <?php
- $emergingrules = array();
- $snortsorules = array();
- $snortrules = array();
- $dh = opendir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/");
- while (false !== ($filename = readdir($dh))) {
- $filename = basename($filename);
- if (substr($filename, -5) != "rules")
- continue;
- if (strstr($filename, "emerging"))
- $emergingrules[] = $filename;
- else if (strstr($filename, "snort")) {
- if (strstr($filename, ".so.rules"))
- $snortsorules[] = $filename;
- else
- $snortrules[] = $filename;
- }
+ <?php
+ $emergingrules = array();
+ $snortsorules = array();
+ $snortrules = array();
+ $dh = opendir("{$snortdir}/rules/");
+ while (false !== ($filename = readdir($dh))) {
+ $filename = basename($filename);
+ if (substr($filename, -5) != "rules")
+ continue;
+ if (strstr($filename, "emerging") && $emergingdownload == 'on')
+ $emergingrules[] = $filename;
+ else if (strstr($filename, "snort") && $snortdownload == 'on') {
+ if (strstr($filename, ".so.rules"))
+ $snortsorules[] = $filename;
+ else
+ $snortrules[] = $filename;
}
- sort($emergingrules);
- sort($snortsorules);
- sort($snortrules);
- $i = count($emergingrules);
- if ($i < count($snortsorules))
- $i = count(snortsorules);
- if ($i < count($snortrules))
- $i = count($snortrules);
-
- for ($j = 0; $j < $i; $j++) {
- echo "<tr>\n";
- if (!empty($emergingrules[$j])) {
- $file = $emergingrules[$j];
- echo "<td width='5%' class='listr' align=\"center\" valign=\"top\">";
- if(is_array($enabled_rulesets_array)) {
- if(in_array($file, $enabled_rulesets_array))
- $CHECKED = " checked=\"checked\"";
- else
- $CHECKED = "";
- } else
- $CHECKED = "";
- echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n";
- echo "</td>\n";
- echo "<td class='listr' width='25%' >\n";
- if (empty($CHECKED))
- echo $file;
+ }
+ sort($emergingrules);
+ sort($snortsorules);
+ sort($snortrules);
+ $i = count($emergingrules);
+ if ($i < count($snortsorules))
+ $i = count(snortsorules);
+ if ($i < count($snortrules))
+ $i = count($snortrules);
+
+ for ($j = 0; $j < $i; $j++) {
+ echo "<tr>\n";
+ if (!empty($emergingrules[$j])) {
+ $file = $emergingrules[$j];
+ echo "<td width='5%' class='listr' align=\"center\" valign=\"top\">";
+ if(is_array($enabled_rulesets_array)) {
+ if(in_array($file, $enabled_rulesets_array))
+ $CHECKED = " checked=\"checked\"";
else
- echo "<a href='snort_rules.php?id={$jd}&openruleset={$snortdir}/snort_{$jface_uuid}_{$jf_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
- echo "</td>\n";
- } else
- echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n";
- if (!empty($snortrules[$j])) {
- $file = $snortrules[$j];
- echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">";
- if(is_array($enabled_rulesets_array)) {
- if(in_array($file, $enabled_rulesets_array))
- $CHECKED = " checked=\"checked\"";
- else
- $CHECKED = "";
- } else
$CHECKED = "";
- echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n";
- echo "</td>\n";
- echo "<td class='listr' width='25%' >\n";
- if (empty($CHECKED))
- echo $file;
- else
- echo "<a href='snort_rules.php?id={$jd}&openruleset={$snortdir}/snort_{$jface_uuid}_{$jf_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
- echo "</td>\n";
} else
- echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n";
- if (!empty($snortsorules[$j])) {
- $file = $snortsorules[$j];
- echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">";
- if(is_array($enabled_rulesets_array)) {
- if(in_array($file, $enabled_rulesets_array))
- $CHECKED = " checked=\"checked\"";
- else
- $CHECKED = "";
- } else
+ $CHECKED = "";
+ echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n";
+ echo "</td>\n";
+ echo "<td class='listr' width='25%' >\n";
+ if (empty($CHECKED))
+ echo $file;
+ else
+ echo "<a href='snort_rules.php?id={$id}&openruleset=" . urlencode($file) . "'>{$file}</a>\n";
+ echo "</td>\n";
+ } else
+ echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n";
+
+ if (!empty($snortrules[$j])) {
+ $file = $snortrules[$j];
+ echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">";
+ if(is_array($enabled_rulesets_array)) {
+ if(in_array($file, $enabled_rulesets_array))
+ $CHECKED = " checked=\"checked\"";
+ else
$CHECKED = "";
- echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n";
- echo "</td>\n";
- echo "<td class='listr' width='25%' >\n";
- if (empty($CHECKED))
- echo $file;
+ } else
+ $CHECKED = "";
+ echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n";
+ echo "</td>\n";
+ echo "<td class='listr' width='25%' >\n";
+ if (empty($CHECKED))
+ echo $file;
+ else
+ echo "<a href='snort_rules.php?id={$id}&openruleset=" . urlencode($file) . "'>{$file}</a>\n";
+ echo "</td>\n";
+ } else
+ echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n";
+ if (!empty($snortsorules[$j])) {
+ $file = $snortsorules[$j];
+ echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">";
+ if(is_array($enabled_rulesets_array)) {
+ if(in_array($file, $enabled_rulesets_array))
+ $CHECKED = " checked=\"checked\"";
else
- echo "<a href='snort_rules.php?id={$jd}&openruleset={$snortdir}/snort_{$jface_uuid}_{$jf_real}/rules/" . urlencode($file) . "'>{$file}</a>\n";
- echo "</td>\n";
+ $CHECKED = "";
} else
- echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n";
- echo "</tr>\n";
- }
- ?>
- </table>
- </td>
- </tr>
- <tr>
- <td colspan="6">&nbsp;</td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
+ $CHECKED = "";
+ echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n";
+ echo "</td>\n";
+ echo "<td class='listr' width='25%' >\n";
+ if (empty($CHECKED))
+ echo $file;
+ else
+ echo "<a href='snort_rules.php?id={$id}&openruleset=" . urlencode($file) . "'>{$file}</a>\n";
+ echo "</td>\n";
+ } else
+ echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n";
+ echo "</tr>\n";
+ }
+ ?>
+ </table>
+ </td>
+</tr>
+<tr>
+<td colspan="6">&nbsp;</td>
+</tr>
+<?php endif; ?>
+</table>
+</div>
+</td>
+</tr>
</table>
</form>
<?php