diff options
-rw-r--r-- | config/snort/snort.inc | 2 | ||||
-rw-r--r-- | config/snort/snort_barnyard.php | 10 | ||||
-rw-r--r-- | config/snort/snort_interfaces.php | 26 | ||||
-rw-r--r-- | config/snort/snort_interfaces_suppress_edit.php | 10 | ||||
-rw-r--r-- | config/snort/snort_rules.php | 422 | ||||
-rw-r--r-- | config/snort/snort_rulesets.php | 392 |
6 files changed, 399 insertions, 463 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index a44b4bac..756740fe 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -208,7 +208,7 @@ function snort_build_list($listname = "") { function snort_is_running($snort_uuid, $if_real, $type = 'snort') { global $config, $g; - if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) + if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid") && isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$snort_uuid}.pid")) return 'yes'; return 'no'; diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 17769ca8..914bcead 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -46,11 +46,6 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_nat = &$config['installedpackages']['snortglobal']['rule']; -if (isset($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - $pconfig = array(); if (isset($id) && $a_nat[$id]) { /* old options */ @@ -87,10 +82,7 @@ if ($_POST) { if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; + $a_nat[] = $natent; } write_config(); diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index d55e8bd9..67a7257d 100644 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -219,30 +219,26 @@ if ($pfsense_stable == 'yes') /* There has to be a smarter way to do this */ $if_real = snort_get_real_interface($natent['interface']); $snort_uuid = $natent['uuid']; - if (snort_is_running($snort_uuid, $if_real) == 'no') { + if (snort_is_running($snort_uuid, $if_real) == 'no') $iconfn = 'pass'; - $class_color_up = 'listbg'; - }else{ - $class_color_up = 'listbg2'; + else $iconfn = 'block'; - } - if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no') { + if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no') $biconfn = 'pass'; - } else { + else $biconfn = 'block'; - } ?> <td class="listt"> <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"></td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php echo snort_get_friendly_interface($natent['interface']); ?> </td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -257,7 +253,7 @@ if ($pfsense_stable == 'yes') echo strtoupper("disabled"); ?> </td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -268,7 +264,7 @@ if ($pfsense_stable == 'yes') $check_performance = "lowmem"; } ?> <?=strtoupper($check_performance);?></td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -280,7 +276,7 @@ if ($pfsense_stable == 'yes') $check_blockoffenders = disabled; } ?> <?=strtoupper($check_blockoffenders);?></td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" + <td class="listr" id="frd<?=$nnats;?>" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <?php @@ -290,12 +286,12 @@ if ($pfsense_stable == 'yes') echo "<a href='?act=bartoggle&id={$i}'> <img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' - title='click to toggle start/stop snort'></a>"; + title='click to toggle start/stop barnyard'></a>"; } else echo strtoupper("disabled"); ?> </td> - <td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" + <td class="listbg" ondblclick="document.location='snort_interfaces_edit.php?id=<?=$nnats;?>';"> <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?> </td> diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 45340f21..8a7e29ef 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -70,7 +70,8 @@ if (isset($id) && $a_suppress[$id]) { $pconfig['name'] = $a_suppress[$id]['name']; $pconfig['uuid'] = $a_suppress[$id]['uuid']; $pconfig['descr'] = $a_suppress[$id]['descr']; - $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); + if (!empty($a_suppress[$id]['suppresspassthru'])); + $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']); if (empty($a_suppress[$id]['uuid'])) $pconfig['uuid'] = uniqid(); } @@ -106,7 +107,8 @@ if ($_POST['submit']) { $s_list['name'] = $_POST['name']; $s_list['uuid'] = $suppress_uuid; $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); - $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); + if ($_POST['suppresspassthru']) + $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); if (isset($id) && $a_suppress[$id]) $a_suppress[$id] = $s_list; @@ -190,7 +192,7 @@ if ($savemsg) <tr> <td width="10%" class="vncell"> Advanced pass through</td> <td width="100%" class="vtable"><textarea wrap="off" - name="suppresspassthru" cols="90" rows="28" id="suppresspassthru" class="formpre"> <?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> + name="suppresspassthru" cols="90" rows="28" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea> </td> </tr> <tr> @@ -199,7 +201,7 @@ if ($savemsg) class="formbtn" value="Save" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back()" /> <?php if (isset($id) && $a_suppress[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> + <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> </td> </tr> </table> diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 5a13cf7b..a171dc06 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -55,73 +55,6 @@ if (isset($id) && $a_rule[$id]) { $pconfig['rulesets'] = $a_rule[$id]['rulesets']; } -/* convert fake interfaces to real */ -$if_real = snort_get_real_interface($pconfig['interface']); -$iface_uuid = $a_rule[$id]['uuid']; - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -if (!is_dir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules"); - -$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); -if ($isrulesfolderempty == "" || empty($pconfig['rulesets'])) { - $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules"); - if ($isrulesfolderempty == "" || empty($pconfig['rulesets'])) { - include_once("head.inc"); - include_once("fbegin.inc"); - - echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - - if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - - echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - $tab_array = array(); - $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n - # The rules directory is empty or you have not selected any rules in the Categories tab.\n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n - </table>\n - \n - </form>\n - \n - <p>\n\n"; - - echo "Please click on the Update Rules tab to install your selected rule sets."; - include("fend.inc"); - - echo "</body>"; - echo "</html>"; - - exit(0); - } else { - /* Make sure that we have the rules */ - mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true); - } -} - function get_middle($source, $beginning, $ending, $init_pos) { $beginning_pos = strpos($source, $beginning, $init_pos); if (!$beginning_pos) @@ -143,27 +76,28 @@ function load_rule_file($incoming_file) return explode("\n", $contents); } -$ruledir = "{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/"; -$dh = opendir($ruledir); -while (false !== ($filename = readdir($dh))) -{ - //only populate this array if its a rule file - $isrulefile = strstr($filename, ".rules"); - if ($isrulefile !== false) - $files[] = basename($filename); -} -sort($files); +/* convert fake interfaces to real */ +$if_real = snort_get_real_interface($pconfig['interface']); +$snort_uuid = $a_rule[$id]['uuid']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; $categories = explode("||", $pconfig['rulesets']); if ($_GET['openruleset']) - $rulefile = $_GET['openruleset']; + $currentruleset = $_GET['openruleset']; else - $rulefile = $ruledir.$categories[0]; + $currentruleset = $categories[0]; -//Load the rule file -$splitcontents = load_rule_file($rulefile); +$ruledir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules"; +$rulefile = "{$ruledir}/{$currentruleset}"; +if (!file_exists($rulefile)) { + $input_errors[] = "{$currentruleset} seems to be missing!!! Please go to the Category tab and save again the rule to regenerate it."; + $splitcontents = array(); +} else + //Load the rule file + $splitcontents = load_rule_file($rulefile); -if ($_GET['act'] == "toggle" && $_GET['ids']) { +if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($splitcontents)) { $lineid= $_GET['ids']; @@ -212,27 +146,32 @@ if ($_GET['act'] == "toggle" && $_GET['ids']) { write_config(); } - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}"); + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } -$currentruleset = basename($rulefile); - -$ifname = strtoupper($pconfig['interface']); - require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = snort_get_friendly_interface($pconfig['interface']); -$pgtitle = "Snort: $id $iface_uuid {$if_friendly} Category: $currentruleset"; +$pgtitle = "Snort: {$if_friendly} Category: $currentruleset"; ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} + +/* Display message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} + +if ($savemsg) { + print_info_box($savemsg); +} + ?> -<form action="snort_rules.php" method="post" name="iform" id="iform"> <script language="javascript" type="text/javascript"> function go() @@ -255,6 +194,7 @@ function popup(url) } </script> +<form action="snort_rules.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -272,162 +212,180 @@ function popup(url) <tr> <td> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="3%" class="list"> </td> - <td class="listhdr" colspan="7"> - <br/>Category: - <select id="selectbox" name="selectbox" class="formselect" onChange="go()"> - <?php - foreach ($files as $value) { - if (!in_array($value, $categories)) - continue; - echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' "; - if ($value === $currentruleset) - echo "selected"; - echo ">{$value}</option>\n"; - } - ?> - </select> - <br/> - </td> - <td width="5%" class="list"> </td> - </tr> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="7%" class="listhdr">SID</td> - <td width="4%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> - <td width="10%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> - <td width="10%" class="listhdrr">Port</td> - <td width="30%" class="listhdrr">Message</td> - <td width="5%" class="list"> </td> - </tr> +<?php +if (empty($pconfig['rulesets'])): +?> + <tr> + <td> + # You have not selected any rules in the Categories tab. + </td> + </tr> +<?php else: ?> + <tr> + <td width="3%" class="list"> </td> + <td class="listhdr" colspan="7"> + <br/>Category: + <select id="selectbox" name="selectbox" class="formselect" onChange="go()"> <?php - foreach ( $splitcontents as $counter => $value ) - { - $disabled = "False"; - $comments = "False"; - $findme = "# alert"; //find string for disabled alerts - $disabled_pos = strstr($value, $findme); - - $counter2 = 1; - $sid = get_middle($value, 'sid:', ';', 0); - //check to see if the sid is numberical - if (!is_numeric($sid)) + $files = explode("||", $pconfig['rulesets']); + foreach ($files as $value) { + if ($snortdownload != 'on' && strstr($value, "snort")) continue; - - //if find alert is false, then rule is disabled - if ($disabled_pos !== false){ - $counter2 = $counter2+1; - $textss = "<span class=\"gray\">"; - $textse = "</span>"; - $iconb = "icon_block_d.gif"; - - $ischecked = ""; - } else { - $textss = $textse = ""; - $iconb = "icon_block.gif"; - - $ischecked = "checked"; - } - - $rule_content = explode(' ', $value); - - $protocol = $rule_content[$counter2];//protocol location - $counter2++; - $source = substr($rule_content[$counter2], 0, 20) . "...";//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - if (strstr($value, 'msg: "')) - $message = get_middle($value, 'msg: "', '";', 0); - else if (strstr($value, 'msg:"')) - $message = get_middle($value, 'msg:"', '";', 0); - - echo "<tr><td width='3%' class='listt'> $textss - <a href='?id={$id}&openruleset={$rulefile}&act=toggle&ids={$counter}'> - <img src='../themes/{$g['theme']}/images/icons/{$iconb}' - width='10' height='10' border='0' - title='click to toggle enabled/disabled status'></a> - $textse - </td> - <td width='7%' class=\"listlr\"> - $textss $sid $textse - </td> - <td width='4%' class=\"listlr\"> - $textss $protocol $textse - </td> - <td width='15%' class=\"listlr\"> - $textss $source $textse - </td> - <td width='10%' class=\"listlr\"> - $textss $source_port $textse - </td> - <td width='15%' class=\"listlr\"> - $textss $destination $textse - </td> - <td width='10%' class=\"listlr\"> - $textss $destination_port $textse - </td> - <td width='30%' class=\"listbg\"><font color=\"white\"> - $textss $message $textse - </td>"; - ?> - <td width='5%' valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="javascript: void(0)" - onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - title="edit rule" width="17" height="17" border="0"></a></td> - <!-- Codes by Quackit.com --> - </tr> - </table> - </td> - </tr> - <?php - + if ($emergingdownload != 'on' && strstr($value, "emerging")) + continue; + echo "<option value='?id={$id}&openruleset={$value}' "; + if ($value === $currentruleset) + echo "selected"; + echo ">{$value}</option>\n"; } ?> - + </select> + <br/> + </td> + <td width="5%" class="list"> </td> + </tr> + <tr> + <td width="3%" class="list"> </td> + <td colspan="7" class="listhdr" > </td>< + <td width="5%" class="list"> </td> + </tr> + <tr id="frheader"> + <td width="3%" class="list"> </td> + <td width="7%" class="listhdr">SID</td> + <td width="4%" class="listhdrr">Proto</td> + <td width="15%" class="listhdrr">Source</td> + <td width="10%" class="listhdrr">Port</td> + <td width="15%" class="listhdrr">Destination</td> + <td width="10%" class="listhdrr">Port</td> + <td width="30%" class="listhdrr">Message</td> + <td width="5%" class="list"> </td> + </tr> +<?php + foreach ( $splitcontents as $counter => $value ) + { + $disabled = "False"; + $comments = "False"; + $findme = "# alert"; //find string for disabled alerts + $disabled_pos = strstr($value, $findme); + + $counter2 = 1; + $sid = get_middle($value, 'sid:', ';', 0); + //check to see if the sid is numberical + if (!is_numeric($sid)) + continue; + + //if find alert is false, then rule is disabled + if ($disabled_pos !== false){ + $counter2 = $counter2+1; + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + + $ischecked = ""; + } else { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + + $ischecked = "checked"; + } + + $rule_content = explode(' ', $value); + + $protocol = $rule_content[$counter2];//protocol location + $counter2++; + $source = substr($rule_content[$counter2], 0, 20) . "...";//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + if (strstr($value, 'msg: "')) + $message = get_middle($value, 'msg: "', '";', 0); + else if (strstr($value, 'msg:"')) + $message = get_middle($value, 'msg:"', '";', 0); + + echo "<tr><td width='3%' class='listt'> $textss + <a href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$counter}'> + <img src='../themes/{$g['theme']}/images/icons/{$iconb}' + width='10' height='10' border='0' + title='click to toggle enabled/disabled status'></a> + $textse + </td> + <td width='7%' class=\"listlr\"> + $textss $sid $textse + </td> + <td width='4%' class=\"listlr\"> + $textss $protocol $textse + </td> + <td width='15%' class=\"listlr\"> + $textss $source $textse + </td> + <td width='10%' class=\"listlr\"> + $textss $source_port $textse + </td> + <td width='15%' class=\"listlr\"> + $textss $destination $textse + </td> + <td width='10%' class=\"listlr\"> + $textss $destination_port $textse + </td> + <td width='30%' class=\"listbg\"><font color=\"white\"> + $textss $message $textse + </td>"; + ?> + <td width='5%' valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><a href="javascript: void(0)" + onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$counter;?>')"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + title="edit rule" width="17" height="17" border="0"></a></td> + <!-- Codes by Quackit.com --> + </tr> </table> </td> </tr> +<?php + + } +?> + + </table> + </td> +</tr> +<tr> + <td colspan="9"> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td width="16"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" + width="11" height="11"></td> + <td>Rule Enabled</td> + </tr> <tr> - <td colspan="9"> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" - width="11" height="11"></td> - <td>Rule Enabled</td> - </tr> - <tr> - <td><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" - width="11" height="11"></td> - <td nowrap>Rule Disabled</td> - </tr> - <tr> - <!-- TODO: add save and cancel for checkbox options --> - <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> - </tr> - <tr> - <td colspan="10"> - <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>--> - </td> - </tr> - </table> + <td><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" + width="11" height="11"></td> + <td nowrap>Rule Disabled</td> + </tr> + <tr> + <!-- TODO: add save and cancel for checkbox options --> + <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> + </tr> + <tr> + <td colspan="10"> + <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>--> </td> </tr> </table> </td> </tr> +<?php endif; ?> + </table> + </td> +</tr> </table> </form> <?php include("fend.inc"); ?> diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 050ec2ce..34bba9e5 100644 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -49,92 +49,39 @@ if (is_null($id)) { exit; } +function snort_copy_rules($files, $snortdir, $snort_uuid, $if_real) { + + if (empty($files)) + return; + + conf_mount_rw(); + foreach ($files as $file) { + if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}")) + @copy("{$snortdir}/rules/{$file}", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); + } + conf_mount_ro(); +} + if (isset($id) && $a_nat[$id]) { $pconfig['enable'] = $a_nat[$id]['enable']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['rulesets'] = $a_nat[$id]['rulesets']; - - /* convert fake interfaces to real */ - $if_real = snort_get_real_interface($pconfig['interface']); - - $iface_uuid = $a_nat[$id]['uuid']; } -$if_friendly = snort_get_friendly_interface($pconfig['interface']); -$pgtitle = "Snort: Interface {$if_friendly} Categories"; - - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec("ls -A {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); -if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A {$snortdir}/rules/*.rules"); - if ($isrulesfolderempty == "") { - include_once("head.inc"); - include("fbegin.inc"); - - echo "<p class=\"pgtitle\">"; - if($pfsense_stable == 'yes'){echo $pgtitle;} - echo "</p>\n"; - - echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - - echo " - <table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr><td>\n"; - - $tab_array = array(); - $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array(gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array(gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - echo " - </td></tr> - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n - # The rules directory is empty. {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules \n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n - </table>\n - \n - </form>\n - \n - <p>\n\n"; - - echo "Please click on the Update Rules tab to install your selected rule sets. $isrulesfolderempty"; - include("fend.inc"); - - echo "</body>"; - echo "</html>"; - - exit(0); - } else { - /* Make sure that we have the rules */ - mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true); - } -} +$if_real = snort_get_real_interface($pconfig['interface']); +$snort_uuid = $a_nat[$id]['uuid']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; /* alert file */ if ($_POST["Submit"]) { $enabled_items = ""; - $isfirst = true; if (is_array($_POST['toenable'])) $enabled_items = implode("||", $_POST['toenable']); else $enabled_items = $_POST['toenable']; $a_nat[$id]['rulesets'] = $enabled_items; + snort_copy_rules(explode("||", $enabled_items), $snortdir, $snort_uuid, $if_real); write_config(); sync_snort_package_config(); @@ -144,6 +91,13 @@ if ($_POST["Submit"]) { } if ($_POST['unselectall']) { + if (!empty($pconfig['rulesets'])) { + conf_mount_rw(); + foreach (explode("||", $pconfig['rulesets']) as $file) + @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); + conf_mount_ro(); + } + $a_nat[$id]['rulesets'] = ""; write_config(); @@ -154,10 +108,18 @@ if ($_POST['unselectall']) { } if ($_POST['selectall']) { - $files = glob("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); $rulesets = array(); - foreach ($files as $file) - $rulesets[] = basename($file); + if ($emergingdownload == 'on') { + $files = glob("{$snortdir}/rules/emerging*.rules"); + foreach ($files as $file) + $rulesets[] = basename($file); + } + if ($snortdownload == 'on') { + $files = glob("{$snortdir}/rules/snort*.rules"); + foreach ($files as $file) + $rulesets[] = basename($file); + } + snort_copy_rules($rulesets, $snortdir, $snort_uuid, $if_real); $a_nat[$id]['rulesets'] = implode("||", $rulesets); @@ -168,21 +130,18 @@ if ($_POST['selectall']) { exit; } -$enabled_rulesets = $a_nat[$id]['rulesets']; -if($enabled_rulesets) - $enabled_rulesets_array = explode("||", $enabled_rulesets); - +$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); include_once("head.inc"); - ?> <body link="#000000" vlink="#000000" alink="#000000"> -<?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> +<?php +include("fbegin.inc"); +$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$pgtitle = "Snort: Interface {$if_friendly} Categories"; -<form action="snort_rulesets.php" method="post" name="iform" id="iform">"; -<input type="hidden" name="id" id="id" value="<?=$id;?>" /> +if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> <?php /* Display message */ @@ -196,6 +155,8 @@ if ($savemsg) { ?> +<form action="snort_rulesets.php" method="post" name="iform" id="iform"> +<input type="hidden" name="id" id="id" value="<?=$id;?>" /> <table width="99%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -210,134 +171,161 @@ if ($savemsg) { display_top_tabs($tab_array); ?> </td></tr> - <tr> - <td> - <div id="mainarea2"> - <table id="maintable" class="tabcont" width="100%" border="0" - cellpadding="0" cellspacing="0"> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> +<?php + $isrulesfolderempty = glob("{$snortdir}/rules/*.rules"); + if (empty($isrulesfolderempty)): +?> + <tr> + <td> + # The rules directory is empty. <?=$snortdir;?>/rules <br/> + Please go to the updates page to download/fetch the rules configured. + </td> + </tr> +<?php else: + $colspan = 6; + if ($emergingdownload != 'on') + $colspan -= 2; + if ($snortdownload != 'on') + $colspan -= 4; + +?> + <tr> + <td> + <table id="sortabletable1" class="sortable" width="100%" border="0" + cellpadding="0" cellspacing="0"> <tr> - <td> - <table id="sortabletable1" class="sortable" width="100%" border="0" - cellpadding="0" cellspacing="0"> - <tr> - <td colspan="6" class="listtopic">Check the rulesets that you would like Snort to load at startup.<br/><br/></td> - </tr> - <tr> - <td colspan="2" valign="center"><br/><input value="Save" type="submit" name="Submit" id="Submit" /><br/<br/></td> - <td colspan="2" valign="center"><br/><input value="Select All" type="submit" name="selectall" id="selectall" /><br/<br/></td> - <td colspan="2" valign="center"><br/><input value="Unselect All" type="submit" name="unselectall" id="selectall" /><br/<br/></td> + <td colspan="6" class="listtopic">Check the rulesets that you would like Snort to load at startup.<br/><br/></td> + </tr> + <tr> + <td colspan="2" valign="center"><br/><input value="Save" type="submit" name="Submit" id="Submit" /><br/<br/></td> + <td colspan="2" valign="center"><br/><input value="Select All" type="submit" name="selectall" id="selectall" /><br/<br/></td> + <td colspan="2" valign="center"><br/><input value="Unselect All" type="submit" name="unselectall" id="selectall" /><br/<br/></td> + </tr> + <tr> <td colspan="6"> </td> </tr> + <tr id="frheader"> + <?php if ($emergingdownload == 'on'): ?> + <td width="5%" class="listhdrr">Enabled</td> + <td width="25%" class="listhdrr"><?php echo 'Ruleset: Emerging Threats.';?></td> + <?php else: ?> + <td colspan="2" width="30%" class="listhdrr">Emerging rules have not been enabled</td> + <?php endif; ?> + <?php if ($snortdownload == 'on'): ?> + <td width="5%" class="listhdrr">Enabled</td> + <td width="25%" class="listhdrr"><?php echo 'Ruleset: Snort';?></td> + <td width="5%" class="listhdrr">Enabled</td> + <td width="25%" class="listhdrr"><?php echo 'Ruleset: Snort SO';?></td> + <?php else: ?> + <td colspan="2" width="60%" class="listhdrr">Snort rules have not been enabled</td> + <?php endif; ?> </tr> - <tr> <td colspan="6"> </td> </tr> - <tr id="frheader"> - <td width="5%" class="listhdrr">Enabled</td> - <td width="25%" class="listhdrr"><?php echo 'Ruleset: Emerging Threats.';?></td> - <td width="5%" class="listhdrr">Enabled</td> - <td width="25%" class="listhdrr"><?php echo 'Ruleset: Snort';?></td> - <td width="5%" class="listhdrr">Enabled</td> - <td width="25%" class="listhdrr"><?php echo 'Ruleset: Snort SO';?></td> - </tr> - <?php - $emergingrules = array(); - $snortsorules = array(); - $snortrules = array(); - $dh = opendir("{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/"); - while (false !== ($filename = readdir($dh))) { - $filename = basename($filename); - if (substr($filename, -5) != "rules") - continue; - if (strstr($filename, "emerging")) - $emergingrules[] = $filename; - else if (strstr($filename, "snort")) { - if (strstr($filename, ".so.rules")) - $snortsorules[] = $filename; - else - $snortrules[] = $filename; - } + <?php + $emergingrules = array(); + $snortsorules = array(); + $snortrules = array(); + $dh = opendir("{$snortdir}/rules/"); + while (false !== ($filename = readdir($dh))) { + $filename = basename($filename); + if (substr($filename, -5) != "rules") + continue; + if (strstr($filename, "emerging") && $emergingdownload == 'on') + $emergingrules[] = $filename; + else if (strstr($filename, "snort") && $snortdownload == 'on') { + if (strstr($filename, ".so.rules")) + $snortsorules[] = $filename; + else + $snortrules[] = $filename; } - sort($emergingrules); - sort($snortsorules); - sort($snortrules); - $i = count($emergingrules); - if ($i < count($snortsorules)) - $i = count(snortsorules); - if ($i < count($snortrules)) - $i = count($snortrules); - - for ($j = 0; $j < $i; $j++) { - echo "<tr>\n"; - if (!empty($emergingrules[$j])) { - $file = $emergingrules[$j]; - echo "<td width='5%' class='listr' align=\"center\" valign=\"top\">"; - if(is_array($enabled_rulesets_array)) { - if(in_array($file, $enabled_rulesets_array)) - $CHECKED = " checked=\"checked\""; - else - $CHECKED = ""; - } else - $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; - echo "</td>\n"; - echo "<td class='listr' width='25%' >\n"; - if (empty($CHECKED)) - echo $file; + } + sort($emergingrules); + sort($snortsorules); + sort($snortrules); + $i = count($emergingrules); + if ($i < count($snortsorules)) + $i = count(snortsorules); + if ($i < count($snortrules)) + $i = count($snortrules); + + for ($j = 0; $j < $i; $j++) { + echo "<tr>\n"; + if (!empty($emergingrules[$j])) { + $file = $emergingrules[$j]; + echo "<td width='5%' class='listr' align=\"center\" valign=\"top\">"; + if(is_array($enabled_rulesets_array)) { + if(in_array($file, $enabled_rulesets_array)) + $CHECKED = " checked=\"checked\""; else - echo "<a href='snort_rules.php?id={$jd}&openruleset={$snortdir}/snort_{$jface_uuid}_{$jf_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; - echo "</td>\n"; - } else - echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n"; - if (!empty($snortrules[$j])) { - $file = $snortrules[$j]; - echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">"; - if(is_array($enabled_rulesets_array)) { - if(in_array($file, $enabled_rulesets_array)) - $CHECKED = " checked=\"checked\""; - else - $CHECKED = ""; - } else $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; - echo "</td>\n"; - echo "<td class='listr' width='25%' >\n"; - if (empty($CHECKED)) - echo $file; - else - echo "<a href='snort_rules.php?id={$jd}&openruleset={$snortdir}/snort_{$jface_uuid}_{$jf_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; - echo "</td>\n"; } else - echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n"; - if (!empty($snortsorules[$j])) { - $file = $snortsorules[$j]; - echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">"; - if(is_array($enabled_rulesets_array)) { - if(in_array($file, $enabled_rulesets_array)) - $CHECKED = " checked=\"checked\""; - else - $CHECKED = ""; - } else + $CHECKED = ""; + echo " \n<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />\n"; + echo "</td>\n"; + echo "<td class='listr' width='25%' >\n"; + if (empty($CHECKED)) + echo $file; + else + echo "<a href='snort_rules.php?id={$id}&openruleset=" . urlencode($file) . "'>{$file}</a>\n"; + echo "</td>\n"; + } else + echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n"; + + if (!empty($snortrules[$j])) { + $file = $snortrules[$j]; + echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">"; + if(is_array($enabled_rulesets_array)) { + if(in_array($file, $enabled_rulesets_array)) + $CHECKED = " checked=\"checked\""; + else $CHECKED = ""; - echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; - echo "</td>\n"; - echo "<td class='listr' width='25%' >\n"; - if (empty($CHECKED)) - echo $file; + } else + $CHECKED = ""; + echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + echo "</td>\n"; + echo "<td class='listr' width='25%' >\n"; + if (empty($CHECKED)) + echo $file; + else + echo "<a href='snort_rules.php?id={$id}&openruleset=" . urlencode($file) . "'>{$file}</a>\n"; + echo "</td>\n"; + } else + echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n"; + if (!empty($snortsorules[$j])) { + $file = $snortsorules[$j]; + echo "<td class='listr' width='5%' align=\"center\" valign=\"top\">"; + if(is_array($enabled_rulesets_array)) { + if(in_array($file, $enabled_rulesets_array)) + $CHECKED = " checked=\"checked\""; else - echo "<a href='snort_rules.php?id={$jd}&openruleset={$snortdir}/snort_{$jface_uuid}_{$jf_real}/rules/" . urlencode($file) . "'>{$file}</a>\n"; - echo "</td>\n"; + $CHECKED = ""; } else - echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n"; - echo "</tr>\n"; - } - ?> - </table> - </td> - </tr> - <tr> - <td colspan="6"> </td> - </tr> - </table> - </div> - </td> - </tr> + $CHECKED = ""; + echo " \n<input type='checkbox' name='toenable[]' value='{$file}' {$CHECKED} />\n"; + echo "</td>\n"; + echo "<td class='listr' width='25%' >\n"; + if (empty($CHECKED)) + echo $file; + else + echo "<a href='snort_rules.php?id={$id}&openruleset=" . urlencode($file) . "'>{$file}</a>\n"; + echo "</td>\n"; + } else + echo "<td class='listbggrey' width='30%' colspan='2'><br/></td>\n"; + echo "</tr>\n"; + } + ?> + </table> + </td> +</tr> +<tr> +<td colspan="6"> </td> +</tr> +<?php endif; ?> +</table> +</div> +</td> +</tr> </table> </form> <?php |