aboutsummaryrefslogtreecommitdiffstats
path: root/config/orionids-dev
diff options
context:
space:
mode:
Diffstat (limited to 'config/orionids-dev')
-rw-r--r--config/orionids-dev/css/style_snort2.css100
-rw-r--r--config/orionids-dev/javascript/snort_globalsend.js1
-rw-r--r--config/orionids-dev/snort_alerts.php7
-rw-r--r--config/orionids-dev/snort_barnyard.php7
-rw-r--r--config/orionids-dev/snort_blocked.php7
-rw-r--r--config/orionids-dev/snort_define_servers.php7
-rw-r--r--config/orionids-dev/snort_download_updates.php7
-rw-r--r--config/orionids-dev/snort_help_info.php7
-rw-r--r--config/orionids-dev/snort_interfaces.php7
-rw-r--r--config/orionids-dev/snort_interfaces_edit.php7
-rw-r--r--config/orionids-dev/snort_interfaces_global.php7
-rw-r--r--config/orionids-dev/snort_interfaces_rules.php7
-rw-r--r--config/orionids-dev/snort_interfaces_rules_edit.php7
-rw-r--r--config/orionids-dev/snort_interfaces_suppress.php7
-rw-r--r--config/orionids-dev/snort_interfaces_suppress_edit.php7
-rw-r--r--config/orionids-dev/snort_interfaces_whitelist.php7
-rw-r--r--config/orionids-dev/snort_interfaces_whitelist_edit.php7
-rw-r--r--config/orionids-dev/snort_json_get.php7
-rw-r--r--config/orionids-dev/snort_json_post.php355
-rw-r--r--config/orionids-dev/snort_new.inc12
-rw-r--r--config/orionids-dev/snort_preprocessors.php7
-rw-r--r--config/orionids-dev/snort_rules.php93
-rw-r--r--config/orionids-dev/snort_rules_ips.php177
-rw-r--r--config/orionids-dev/snort_rulesets.php7
-rw-r--r--config/orionids-dev/snort_rulesets_ips.php7
25 files changed, 560 insertions, 311 deletions
diff --git a/config/orionids-dev/css/style_snort2.css b/config/orionids-dev/css/style_snort2.css
index bd5383f4..16b2e327 100644
--- a/config/orionids-dev/css/style_snort2.css
+++ b/config/orionids-dev/css/style_snort2.css
@@ -252,48 +252,48 @@
}
.alert {
-position:absolute;
-top:10px;
-left:-25px;
-width:100%;
-height:90%;
-z-index:999;
-background:#FCE9C0;
-background-position: 15px;
-border-top:2px solid #DBAC48;
-border-bottom:2px solid #DBAC48;
-padding: 15px 10px 85% 50px;
+ position:absolute;
+ top:10px;
+ left:-25px;
+ width:100%;
+ height:90%;
+ z-index:999;
+ background:#FCE9C0;
+ background-position: 15px;
+ border-top:2px solid #DBAC48;
+ border-bottom:2px solid #DBAC48;
+ padding: 15px 10px 85% 50px;
}
.formpre {
-font-family:arial;
-font-size: 1.1em;
+ font-family:arial;
+ font-size: 1.1em;
}
#download_rules {
-font-family: arial;
-font-size: 13px;
-font-weight: bold;
-text-align: center
+ font-family: arial;
+ font-size: 13px;
+ font-weight: bold;
+ text-align: center;
}
#download_rules_td {
-font-family: arial;
-font-size: 13px;
-font-weight: bold;
-text-align: center
+ font-family: arial;
+ font-size: 13px;
+ font-weight: bold;
+ text-align: center;
}
/* hack fix the hard coded fbegin link */
#header-left2 {
-position: absolute;
-background-position: center center;
-height: 67px;
-width: 147px;
-top: -77px;
-left: 8px;
-float: left;
-z-index:999;
+ position: absolute;
+ background-position: center center;
+ height: 67px;
+ width: 147px;
+ top: -77px;
+ left: 8px;
+ float: left;
+ z-index:999;
}
#header-left2 #status-link2 {
position: relative;
@@ -303,24 +303,24 @@ z-index:999;
/* end of fbegin hack */
.body2 {
-font-family:arial;
-font-size:12px;
+ font-family:arial;
+ font-size:12px;
}
.tabcont {
-background-color: #dddddd;
-padding-right: 12px;
-padding-left: 12px;
-padding-top: 12px;
-padding-bottom: 12px;
+ background-color: #dddddd;
+ padding-right: 12px;
+ padding-left: 12px;
+ padding-top: 12px;
+ padding-bottom: 12px;
}
.tabcont2 {
-background-color: #eeeeee;
-padding-right: 12px;
-padding-left: 12px;
-padding-top: 12px;
-padding-bottom: 12px;
+ background-color: #eeeeee;
+ padding-right: 12px;
+ padding-left: 12px;
+ padding-top: 12px;
+ padding-bottom: 12px;
}
.vncell2 {
@@ -332,15 +332,15 @@ padding-bottom: 12px;
}
.vncelltextbox {
-background-color: #eeeeee;
-padding-top: 8px;
-padding-bottom: 8px;
-padding-right: 8px;
-padding-left: 8px;
-border-bottom-width: 1px;
-border-bottom-style: solid;
-border-bottom-color: #999999;
-font-size: 11px;
+ background-color: #eeeeee;
+ padding-top: 8px;
+ padding-bottom: 8px;
+ padding-right: 8px;
+ padding-left: 8px;
+ border-bottom-width: 1px;
+ border-bottom-style: solid;
+ border-bottom-color: #999999;
+ font-size: 11px;
}
/* global tab, white lil box */
diff --git a/config/orionids-dev/javascript/snort_globalsend.js b/config/orionids-dev/javascript/snort_globalsend.js
index 07416a74..083c40ef 100644
--- a/config/orionids-dev/javascript/snort_globalsend.js
+++ b/config/orionids-dev/javascript/snort_globalsend.js
@@ -146,6 +146,7 @@ jQuery(document).ready(function() {
};
+
//--------------------------- START select all code ---------------------------
jQuery('#select_all').live('click', function(){
diff --git a/config/orionids-dev/snort_alerts.php b/config/orionids-dev/snort_alerts.php
index 79485350..3cb79c5c 100644
--- a/config/orionids-dev/snort_alerts.php
+++ b/config/orionids-dev/snort_alerts.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');
$alertnumber = $generalSettings['alertnumber'];
diff --git a/config/orionids-dev/snort_barnyard.php b/config/orionids-dev/snort_barnyard.php
index 5a40584b..1cd2113b 100644
--- a/config/orionids-dev/snort_barnyard.php
+++ b/config/orionids-dev/snort_barnyard.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
// set page vars
$uuid = $_GET['uuid'];
diff --git a/config/orionids-dev/snort_blocked.php b/config/orionids-dev/snort_blocked.php
index be2a3835..fdc12480 100644
--- a/config/orionids-dev/snort_blocked.php
+++ b/config/orionids-dev/snort_blocked.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');
diff --git a/config/orionids-dev/snort_define_servers.php b/config/orionids-dev/snort_define_servers.php
index c35fd2c1..05e7709e 100644
--- a/config/orionids-dev/snort_define_servers.php
+++ b/config/orionids-dev/snort_define_servers.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
// set page vars
$uuid = $_GET['uuid'];
diff --git a/config/orionids-dev/snort_download_updates.php b/config/orionids-dev/snort_download_updates.php
index 3cb2716d..445671bd 100644
--- a/config/orionids-dev/snort_download_updates.php
+++ b/config/orionids-dev/snort_download_updates.php
@@ -48,6 +48,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
require_once("/usr/local/pkg/snort/snort_download_rules.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
// set page vars
if (isset($_GET['updatenow'])) {
$updatenow = $_GET['updatenow'];
diff --git a/config/orionids-dev/snort_help_info.php b/config/orionids-dev/snort_help_info.php
index e8408209..616133ae 100644
--- a/config/orionids-dev/snort_help_info.php
+++ b/config/orionids-dev/snort_help_info.php
@@ -44,6 +44,13 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
$pgtitle = 'Snort: Help and Info';
include("/usr/local/pkg/snort/snort_head.inc");
diff --git a/config/orionids-dev/snort_interfaces.php b/config/orionids-dev/snort_interfaces.php
index c13a902b..beb50f83 100644
--- a/config/orionids-dev/snort_interfaces.php
+++ b/config/orionids-dev/snort_interfaces.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
$new_ruleUUID = genAlphaNumMixFast(7, 8);
$a_interfaces = snortSql_fetchAllInterfaceRules('SnortIfaces', 'snortDB');
diff --git a/config/orionids-dev/snort_interfaces_edit.php b/config/orionids-dev/snort_interfaces_edit.php
index 86cd6857..ade5ade8 100644
--- a/config/orionids-dev/snort_interfaces_edit.php
+++ b/config/orionids-dev/snort_interfaces_edit.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
// set page vars
$uuid = $_GET['uuid'];
diff --git a/config/orionids-dev/snort_interfaces_global.php b/config/orionids-dev/snort_interfaces_global.php
index 9af74503..fd9d27d4 100644
--- a/config/orionids-dev/snort_interfaces_global.php
+++ b/config/orionids-dev/snort_interfaces_global.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
// set page vars
$generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1');
diff --git a/config/orionids-dev/snort_interfaces_rules.php b/config/orionids-dev/snort_interfaces_rules.php
index 6c8f5a60..0f4c8b5d 100644
--- a/config/orionids-dev/snort_interfaces_rules.php
+++ b/config/orionids-dev/snort_interfaces_rules.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
$a_rules = array();
$a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', '');
diff --git a/config/orionids-dev/snort_interfaces_rules_edit.php b/config/orionids-dev/snort_interfaces_rules_edit.php
index 8c1e7b5f..be6467bc 100644
--- a/config/orionids-dev/snort_interfaces_rules_edit.php
+++ b/config/orionids-dev/snort_interfaces_rules_edit.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
if (isset($_GET['rdbuuid'])) {
$rdbuuid = $_GET['rdbuuid'];
}else{
diff --git a/config/orionids-dev/snort_interfaces_suppress.php b/config/orionids-dev/snort_interfaces_suppress.php
index 4ee5ea8f..977dcf2d 100644
--- a/config/orionids-dev/snort_interfaces_suppress.php
+++ b/config/orionids-dev/snort_interfaces_suppress.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
$a_suppress = snortSql_fetchAllWhitelistTypes('SnortSuppress', '');
diff --git a/config/orionids-dev/snort_interfaces_suppress_edit.php b/config/orionids-dev/snort_interfaces_suppress_edit.php
index 15878d6a..e9f23254 100644
--- a/config/orionids-dev/snort_interfaces_suppress_edit.php
+++ b/config/orionids-dev/snort_interfaces_suppress_edit.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
// set page vars
$uuid = $_GET['uuid'];
diff --git a/config/orionids-dev/snort_interfaces_whitelist.php b/config/orionids-dev/snort_interfaces_whitelist.php
index 42f6e788..3167b65f 100644
--- a/config/orionids-dev/snort_interfaces_whitelist.php
+++ b/config/orionids-dev/snort_interfaces_whitelist.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
$a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips');
diff --git a/config/orionids-dev/snort_interfaces_whitelist_edit.php b/config/orionids-dev/snort_interfaces_whitelist_edit.php
index 0055624f..dbdbb649 100644
--- a/config/orionids-dev/snort_interfaces_whitelist_edit.php
+++ b/config/orionids-dev/snort_interfaces_whitelist_edit.php
@@ -45,6 +45,13 @@ require_once('guiconfig.inc');
require_once('/usr/local/pkg/snort/snort_new.inc');
require_once('/usr/local/pkg/snort/snort_gui.inc');
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
//$GLOBALS['csrf']['rewrite-js'] = false;
$uuid = $_GET['uuid'];
diff --git a/config/orionids-dev/snort_json_get.php b/config/orionids-dev/snort_json_get.php
index 701e75ae..92058a75 100644
--- a/config/orionids-dev/snort_json_get.php
+++ b/config/orionids-dev/snort_json_get.php
@@ -44,7 +44,12 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
-session_start(); // alwaya at the very top of a php page or "Cannot send session cache limiter - headers already sent"
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
// get json blocls sids
if ($_GET['snortsamjson'] == 1) {
diff --git a/config/orionids-dev/snort_json_post.php b/config/orionids-dev/snort_json_post.php
index 2b63f9b6..ca279f92 100644
--- a/config/orionids-dev/snort_json_post.php
+++ b/config/orionids-dev/snort_json_post.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_build.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
// unset crsf checks
if(isset($_POST['__csrf_magic'])) {
unset($_POST['__csrf_magic']);
@@ -79,6 +86,17 @@ if ($_POST['snortSidRuleEdit'] == 1) {
// row from db by uuid
if ($_POST['snortSaveRuleSets'] == 1) {
+ if ($_POST['ifaceTab'] == 'snort_rules') {
+ function snortSaveRuleSetsRulesFunc()
+ {
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveRuleSets']);
+ unset($_POST['ifaceTab']);
+
+ snortJsonReturnCode(snortSql_updateRuleSigList());
+
+ } snortSaveRuleSetsRulesFunc();
+ }
if ($_POST['ifaceTab'] === 'snort_rules_ips') {
function snortSamRulesSaveFunc()
@@ -107,18 +125,7 @@ if ($_POST['snortSaveRuleSets'] == 1) {
} snortSaveRuleSetsRulesetsFunc();
}
-
- if ($_POST['ifaceTab'] == 'snort_rules') {
- function snortSaveRuleSetsRulesFunc()
- {
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveRuleSets']);
- unset($_POST['ifaceTab']);
-
- snortJsonReturnCode(snortSql_updateRuleSigList());
-
- } snortSaveRuleSetsRulesFunc();
- }
+
} // END of rulesSets
@@ -144,9 +151,10 @@ if ($_POST['RMlistDelRow'] == 1) {
// remove db tables vals
snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RMlistUuid']);
- snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RMlistUuid']);
- snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RMlistUuid']);
snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RMlistUuid']);
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RMlistUuid']);
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RMlistUuid']);
+ snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RMlistUuid']);
// remove dir
$snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}";
@@ -159,8 +167,7 @@ if ($_POST['RMlistDelRow'] == 1) {
snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']));
- }
- RMlistDelRowFunc();
+ } RMlistDelRowFunc();
}
@@ -174,190 +181,196 @@ if ($_POST['snortSaveSettings'] == 1) {
// Save ruleDB settings
if ($_POST['dbTable'] == 'Snortrules') {
- unset($_POST['snortSaveSettings']);
- unset($_POST['ifaceTab']);
+ function saveSnortrules()
+ {
- if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) {
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
- // creat iface dir and ifcae rules dir
- exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
-
- // create at least one file
- if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules')) {
-
- exec('touch /usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules');
+ if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) {
- }
-
- // NOTE: code only works on php5
- $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules');
- $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules');
- $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules');
-
- if (!empty($listSnortRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
- }
- if (!empty($listEmergingRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
- }
- if (!empty($listPfsenseRulesDir)) {
- exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
- }
-
-
- } //end of mkdir
+ // creat iface dir and ifcae rules dir
+ exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+
+ // create at least one file
+ if (!file_exists("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules")) {
+ exec("/usr/bin/touch /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules");
+ }
+
+ // NOTE: code only works on php5
+ $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules');
+ $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules');
+ $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules');
+
+ if (!empty($listSnortRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ }
+ if (!empty($listEmergingRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ }
+ if (!empty($listPfsenseRulesDir)) {
+ exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules");
+ }
+
+
+ } //end of mkdir
+
+ } saveSnortrules();
snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
- }
+ } // END if Snortrules
// Save general settings
if ($_POST['dbTable'] == 'SnortSettings') {
+
+ function saveSnortSettings()
+ {
- if ($_POST['ifaceTab'] == 'snort_interfaces_global') {
- // checkboxes when set to off never get included in POST thus this code
- $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']);
- }
-
- if ($_POST['ifaceTab'] == 'snort_alerts') {
-
- if (!isset($_POST['arefresh']))
- $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']);
-
- }
-
- if ($_POST['ifaceTab'] == 'snort_blocked') {
-
- if (!isset($_POST['brefresh']))
- $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']);
-
- }
+ if ($_POST['ifaceTab'] == 'snort_interfaces_global') {
+ // checkboxes when set to off never get included in POST thus this code
+ $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']);
+ }
+
+ if ($_POST['ifaceTab'] == 'snort_alerts') {
+
+ if (!isset($_POST['arefresh']))
+ $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']);
+
+ }
+
+ if ($_POST['ifaceTab'] == 'snort_blocked') {
+
+ if (!isset($_POST['brefresh']))
+ $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']);
+
+ }
- //if (empty($_POST['oinkmastercode'])) {
- // $_POST['oinkmastercode'] = 'empty';
- //}
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveSettings']);
- unset($_POST['ifaceTab']);
-
+ } saveSnortSettings();
snortJsonReturnCode(snortSql_updateSettings('id', '1'));
- } // end of dbTable SnortSettings
+ } // END IF SnortSettings
// Save rule settings on the interface edit tab
if ($_POST['dbTable'] == 'SnortIfaces') {
+
+ function saveSnortIfaces()
+ {
- // snort interface edit
- if ($_POST['ifaceTab'] == 'snort_interfaces_edit') {
+ // snort interface edit
+ if ($_POST['ifaceTab'] == 'snort_interfaces_edit') {
+
+ function SnortIfaces_Snort_Interfaces_edit()
+ {
+ if (!isset($_POST['enable']))
+ $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']);
+
+ if (!isset($_POST['blockoffenders7']))
+ $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']);
- function SnortIfaces_Snort_Interfaces_edit()
- {
- if (!isset($_POST['enable']))
- $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']);
-
- if (!isset($_POST['blockoffenders7']))
- $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']);
-
- if (!isset($_POST['alertsystemlog']))
- $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']);
-
- if (!isset($_POST['tcpdumplog']))
- $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']);
-
- if (!isset($_POST['snortunifiedlog']))
- $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']);
+ if (!isset($_POST['alertsystemlog']))
+ $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']);
+
+ if (!isset($_POST['tcpdumplog']))
+ $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']);
+
+ if (!isset($_POST['snortunifiedlog']))
+ $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']);
+
+ // convert textbox to base64
+ $_POST['configpassthru'] = base64_encode($_POST['configpassthru']);
- // convert textbox to base64
- $_POST['configpassthru'] = base64_encode($_POST['configpassthru']);
-
- /*
- * make dir for the new iface, if iface exists or rule dir has changed redo soft link
- * may need to move this as a func to new_snort.inc
- */
- $newSnortDir = 'sn_' . $_POST['uuid'];
- $pathToSnortDir = '/usr/local/etc/snort';
+ /*
+ * make dir for the new iface, if iface exists or rule dir has changed redo soft link
+ * may need to move this as a func to new_snort.inc
+ */
+ $newSnortDir = 'sn_' . $_POST['uuid'];
+ $pathToSnortDir = '/usr/local/etc/snort';
+
+ // creat iface dir and ifcae rules dir
+ if (!is_dir("{$pathToSnortDir}/{$newSnortDir}")) {
+ createNewIfaceDir($pathToSnortDir, $newSnortDir);
+ } //end of mkdir
- // creat iface dir and ifcae rules dir
- if (!is_dir("{$pathToSnortDir}/{$newSnortDir}")) {
- createNewIfaceDir($pathToSnortDir, $newSnortDir);
- } //end of mkdir
+ snortRulesCreateSoftlink();
+
+ } SnortIfaces_Snort_Interfaces_edit();
+
+ } // end of snort_interfaces_edit
+
+ // snort preprocessor edit
+ if ($_POST['ifaceTab'] == 'snort_preprocessors') {
- snortRulesCreateSoftlink();
+ function SnortIfaces_Snort_PreprocessorsFunc()
+ {
+ if (!isset($_POST['dce_rpc_2'])) {
+ $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']);
+ }
+
+ if (!isset($_POST['dns_preprocessor'])) {
+ $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']);
+ }
+
+ if (!isset($_POST['ftp_preprocessor'])) {
+ $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']);
+ }
+
+ if (!isset($_POST['http_inspect'])) {
+ $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']);
+ }
+
+ if (!isset($_POST['other_preprocs'])) {
+ $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']);
+ }
+
+ if (!isset($_POST['perform_stat'])) {
+ $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']);
+ }
+
+ if (!isset($_POST['sf_portscan'])) {
+ $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']);
+ }
+
+ if (!isset($_POST['smtp_preprocessor'])) {
+ $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']);
+ }
+ } SnortIfaces_Snort_PreprocessorsFunc();
+
}
- SnortIfaces_Snort_Interfaces_edit();
-
- } // end of snort_interfaces_edit
-
- // snort preprocessor edit
- if ($_POST['ifaceTab'] == 'snort_preprocessors') {
-
- function SnortIfaces_Snort_PreprocessorsFunc()
- {
- if (!isset($_POST['dce_rpc_2'])) {
- $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']);
- }
-
- if (!isset($_POST['dns_preprocessor'])) {
- $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']);
- }
-
- if (!isset($_POST['ftp_preprocessor'])) {
- $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']);
- }
-
- if (!isset($_POST['http_inspect'])) {
- $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']);
- }
-
- if (!isset($_POST['other_preprocs'])) {
- $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']);
- }
-
- if (!isset($_POST['perform_stat'])) {
- $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']);
- }
-
- if (!isset($_POST['sf_portscan'])) {
- $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']);
- }
-
- if (!isset($_POST['smtp_preprocessor'])) {
- $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']);
- }
-
- }
- SnortIfaces_Snort_PreprocessorsFunc();
- }
-
- // snort barnyard edit
- if ($_POST['ifaceTab'] == 'snort_barnyard') {
- function SnortIfaces_Snort_Barnyard()
- {
- // make shure iface is lower case
- $_POST['interface'] = strtolower($_POST['interface']);
-
- if (!isset($_POST['barnyard_enable'])) {
- $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']);
- }
+
+ // snort barnyard edit
+ if ($_POST['ifaceTab'] == 'snort_barnyard') {
+ function SnortIfaces_Snort_Barnyard()
+ {
+ // make shure iface is lower case
+ $_POST['interface'] = strtolower($_POST['interface']);
+
+ if (!isset($_POST['barnyard_enable'])) {
+ $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']);
+ }
+ } SnortIfaces_Snort_Barnyard();
}
- SnortIfaces_Snort_Barnyard();
- }
-
+
+
+ // unset POSTs that are markers not in db
+ unset($_POST['snortSaveSettings']);
+ unset($_POST['ifaceTab']);
+
+ snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
+ build_snort_settings($_POST['uuid']);
- // unset POSTs that are markers not in db
- unset($_POST['snortSaveSettings']);
- unset($_POST['ifaceTab']);
-
- snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid']));
- build_snort_settings($_POST['uuid']);
+ } saveSnortIfaces();
- } // end of dbTable SnortIfaces
+ } // END IF SnortIfaces
- }
- snortSaveSettingsFunc();
+ } snortSaveSettingsFunc();
+
} // STOP General Settings Save
diff --git a/config/orionids-dev/snort_new.inc b/config/orionids-dev/snort_new.inc
index 75535ab8..93de4a21 100644
--- a/config/orionids-dev/snort_new.inc
+++ b/config/orionids-dev/snort_new.inc
@@ -59,6 +59,7 @@ if (file_exists('/usr/local/pkg/snort/snortDBtemp')) {
exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp');
}
+
/*
* make dir for the new iface, if iface exists or rule dir has changed redo soft link
*/
@@ -147,8 +148,9 @@ function createNewIfaceDir($pathToSnortDir, $newSnortDir) {
function escapeJsonString($escapeString)
{
+ // NOTE: foward slash has added spaces on each side ie and chrome were giving issues with
$search = array('\\', '\n', '\r', '\u', '\t', '\f', '\b', '/', '"');
- $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', '\/', '\"');
+ $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', ' \/ ', '\"');
$encoded_string = str_replace($search, $replace, $escapeString);
return $encoded_string;
@@ -412,7 +414,8 @@ function snortSql_updateRulesSigsIps()
// if $listGenRules empty list defaults
if (empty($listGenRules)) {
- $listGenRules[0] = array(
+ $listGenRules[0] = array(
+ 'id' => 1,
'rdbuuid' => $_POST['rdbuuid'],
'enable' => 'on',
'who' => 'src',
@@ -430,6 +433,7 @@ function snortSql_updateRulesSigsIps()
$listGenRulesEnable = 'off';
}
+ // TODO: inprove this foreach so we only interact with db once
foreach ($_POST['snortsam']['db'] as $singleSig)
{
@@ -461,9 +465,7 @@ function snortSql_updateRulesSigsIps()
");
- }
-
- if ( !empty($chktable) ) {
+ }else{
$query_ck = sqlite_query($db, // @ supress warnings usonly in production
"UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}';
diff --git a/config/orionids-dev/snort_preprocessors.php b/config/orionids-dev/snort_preprocessors.php
index 78863b35..d99f7f75 100644
--- a/config/orionids-dev/snort_preprocessors.php
+++ b/config/orionids-dev/snort_preprocessors.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
// set page vars
$uuid = $_GET['uuid'];
diff --git a/config/orionids-dev/snort_rules.php b/config/orionids-dev/snort_rules.php
index 09490a37..fd102538 100644
--- a/config/orionids-dev/snort_rules.php
+++ b/config/orionids-dev/snort_rules.php
@@ -45,12 +45,20 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+// set page vars
+
if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) {
echo 'Error: more than one uuid';
exit(0);
}
-// set page vars
if (isset($_GET['uuid'])) {
$uuid = $_GET['uuid'];
}
@@ -331,43 +339,40 @@ function load_rule_file($incoming_file, $splitcontents)
<br>
<!-- start User Interface -->
+
+
+ <form id="iform" action="">
+ <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="ifaceTab" value="snort_rules" /> <!-- what interface tab -->
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr id="maintable77" >
<td colspan="2" valign="top" class="listtopic">Snort Signatures:</td>
</tr>
- </table>
+ </table>
- <form id="iform" action="">
- <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0">
-
- <td class="list" colspan="8"></td>
- <td class="list" valign="middle" >
+ <table id="mainCreateTable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader" >
- <td width="1%" class="listhdrr2">On</td>
- <td width="1%" class="listhdrr2">Sid</td>
- <td width="1%" class="listhdrr2">Proto</td>
- <td width="1%" class="listhdrr2">Src</td>
- <td width="1%" class="listhdrr2">Port</td>
- <td width="1%" class="listhdrr2">Dst</td>
- <td width="1%" class="listhdrr2">Port</td>
- <td width="20%" class="listhdrr2">Message</td>
- <td width="1%" class="listhdrr2">&nbsp;</td>
- </tr>
- <form id="iform" action="" >
- <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
- <input type="hidden" name="ifaceTab" value="snort_rules" /> <!-- what interface tab -->
-
- <!-- START javascript sid loop here -->
- <tbody class="rulesetloopblock">
-
-
-
- </tbody>
- <!-- STOP javascript sid loop here -->
-
- </td>
- <td class="list" colspan="8"></td>
+ <tr id="frheader" >
+ <td class="listhdrr2">On</td>
+ <td class="listhdrr2">Sid</td>
+ <td class="listhdrr2">Proto</td>
+ <td class="listhdrr2">Src</td>
+ <td class="listhdrr2">Port</td>
+ <td class="listhdrr2">Dst</td>
+ <td class="listhdrr2">Port</td>
+ <td class="listhdrr2">Message</td>
+ <td class="listhdrr2">&nbsp;</td>
+ </tr>
+ <tr>
+ <!-- START javascript sid loop here -->
+ <tbody class="rulesetloopblock">
+
+
+
+ </tbody>
+ <!-- STOP javascript sid loop here -->
+ </tr>
</table>
<br>
@@ -379,8 +384,8 @@ function load_rule_file($incoming_file, $splitcontents)
</td>
</tr>
</table>
- <br>
</form>
+ <br>
<!-- stop snortsam -->
@@ -453,11 +458,11 @@ jQuery(document).ready(function() {
$i = 0;
foreach ($newFilterRuleSigArray as $val3)
{
-
- $i++;
- if ( $i !== $countSigList )
- {//
+ $i++;
+
+ // NOTE: escapeJsonString; foward slash has added spaces on each side, ie and chrome were giving issues with tablw widths
+ if( $i !== $countSigList ) {
echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},';
}else{
echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}';
@@ -477,6 +482,17 @@ jQuery(document).ready(function() {
?>
+if(typeof escapeHtmlEntities == 'undefined') {
+ escapeHtmlEntities = function (text) {
+ return text.replace(/[\u00A0-\u2666<>\&]/g, function(c) { return '&' +
+ escapeHtmlEntities.entityTable[c.charCodeAt(0)] || '#'+c.charCodeAt(0) + ';'; });
+ };
+
+ // all HTML4 entities as defined here: http://www.w3.org/TR/html4/sgml/entities.html
+ // added: amp, lt, gt, quot and apos
+ escapeHtmlEntities.entityTable = { 34 : 'quot', 38 : 'amp', 39 : 'apos', 47 : 'slash', 60 : 'lt', 62 : 'gt', 160 : 'nbsp', 161 : 'iexcl', 162 : 'cent', 163 : 'pound', 164 : 'curren', 165 : 'yen', 166 : 'brvbar', 167 : 'sect', 168 : 'uml', 169 : 'copy', 170 : 'ordf', 171 : 'laquo', 172 : 'not', 173 : 'shy', 174 : 'reg', 175 : 'macr', 176 : 'deg', 177 : 'plusmn', 178 : 'sup2', 179 : 'sup3', 180 : 'acute', 181 : 'micro', 182 : 'para', 183 : 'middot', 184 : 'cedil', 185 : 'sup1', 186 : 'ordm', 187 : 'raquo', 188 : 'frac14', 189 : 'frac12', 190 : 'frac34', 191 : 'iquest', 192 : 'Agrave', 193 : 'Aacute', 194 : 'Acirc', 195 : 'Atilde', 196 : 'Auml', 197 : 'Aring', 198 : 'AElig', 199 : 'Ccedil', 200 : 'Egrave', 201 : 'Eacute', 202 : 'Ecirc', 203 : 'Euml', 204 : 'Igrave', 205 : 'Iacute', 206 : 'Icirc', 207 : 'Iuml', 208 : 'ETH', 209 : 'Ntilde', 210 : 'Ograve', 211 : 'Oacute', 212 : 'Ocirc', 213 : 'Otilde', 214 : 'Ouml', 215 : 'times', 216 : 'Oslash', 217 : 'Ugrave', 218 : 'Uacute', 219 : 'Ucirc', 220 : 'Uuml', 221 : 'Yacute', 222 : 'THORN', 223 : 'szlig', 224 : 'agrave', 225 : 'aacute', 226 : 'acirc', 227 : 'atilde', 228 : 'auml', 229 : 'aring', 230 : 'aelig', 231 : 'ccedil', 232 : 'egrave', 233 : 'eacute', 234 : 'ecirc', 235 : 'euml', 236 : 'igrave', 237 : 'iacute', 238 : 'icirc', 239 : 'iuml', 240 : 'eth', 241 : 'ntilde', 242 : 'ograve', 243 : 'oacute', 244 : 'ocirc', 245 : 'otilde', 246 : 'ouml', 247 : 'divide', 248 : 'oslash', 249 : 'ugrave', 250 : 'uacute', 251 : 'ucirc', 252 : 'uuml', 253 : 'yacute', 254 : 'thorn', 255 : 'yuml', 402 : 'fnof', 913 : 'Alpha', 914 : 'Beta', 915 : 'Gamma', 916 : 'Delta', 917 : 'Epsilon', 918 : 'Zeta', 919 : 'Eta', 920 : 'Theta', 921 : 'Iota', 922 : 'Kappa', 923 : 'Lambda', 924 : 'Mu', 925 : 'Nu', 926 : 'Xi', 927 : 'Omicron', 928 : 'Pi', 929 : 'Rho', 931 : 'Sigma', 932 : 'Tau', 933 : 'Upsilon', 934 : 'Phi', 935 : 'Chi', 936 : 'Psi', 937 : 'Omega', 945 : 'alpha', 946 : 'beta', 947 : 'gamma', 948 : 'delta', 949 : 'epsilon', 950 : 'zeta', 951 : 'eta', 952 : 'theta', 953 : 'iota', 954 : 'kappa', 955 : 'lambda', 956 : 'mu', 957 : 'nu', 958 : 'xi', 959 : 'omicron', 960 : 'pi', 961 : 'rho', 962 : 'sigmaf', 963 : 'sigma', 964 : 'tau', 965 : 'upsilon', 966 : 'phi', 967 : 'chi', 968 : 'psi', 969 : 'omega', 977 : 'thetasym', 978 : 'upsih', 982 : 'piv', 8226 : 'bull', 8230 : 'hellip', 8242 : 'prime', 8243 : 'Prime', 8254 : 'oline', 8260 : 'frasl', 8472 : 'weierp', 8465 : 'image', 8476 : 'real', 8482 : 'trade', 8501 : 'alefsym', 8592 : 'larr', 8593 : 'uarr', 8594 : 'rarr', 8595 : 'darr', 8596 : 'harr', 8629 : 'crarr', 8656 : 'lArr', 8657 : 'uArr', 8658 : 'rArr', 8659 : 'dArr', 8660 : 'hArr', 8704 : 'forall', 8706 : 'part', 8707 : 'exist', 8709 : 'empty', 8711 : 'nabla', 8712 : 'isin', 8713 : 'notin', 8715 : 'ni', 8719 : 'prod', 8721 : 'sum', 8722 : 'minus', 8727 : 'lowast', 8730 : 'radic', 8733 : 'prop', 8734 : 'infin', 8736 : 'ang', 8743 : 'and', 8744 : 'or', 8745 : 'cap', 8746 : 'cup', 8747 : 'int', 8756 : 'there4', 8764 : 'sim', 8773 : 'cong', 8776 : 'asymp', 8800 : 'ne', 8801 : 'equiv', 8804 : 'le', 8805 : 'ge', 8834 : 'sub', 8835 : 'sup', 8836 : 'nsub', 8838 : 'sube', 8839 : 'supe', 8853 : 'oplus', 8855 : 'otimes', 8869 : 'perp', 8901 : 'sdot', 8968 : 'lceil', 8969 : 'rceil', 8970 : 'lfloor', 8971 : 'rfloor', 9001 : 'lang', 9002 : 'rang', 9674 : 'loz', 9824 : 'spades', 9827 : 'clubs', 9829 : 'hearts', 9830 : 'diams', 34 : 'quot', 38 : 'amp', 60 : 'lt', 62 : 'gt', 338 : 'OElig', 339 : 'oelig', 352 : 'Scaron', 353 : 'scaron', 376 : 'Yuml', 710 : 'circ', 732 : 'tilde', 8194 : 'ensp', 8195 : 'emsp', 8201 : 'thinsp', 8204 : 'zwnj', 8205 : 'zwj', 8206 : 'lrm', 8207 : 'rlm', 8211 : 'ndash', 8212 : 'mdash', 8216 : 'lsquo', 8217 : 'rsquo', 8218 : 'sbquo', 8220 : 'ldquo', 8221 : 'rdquo', 8222 : 'bdquo', 8224 : 'dagger', 8225 : 'Dagger', 8240 : 'permil', 8249 : 'lsaquo', 8250 : 'rsaquo', 8364 : 'euro' };
+}
+
// if rowcount is not empty do this
if (countRowAppend > 0){
@@ -517,7 +533,7 @@ jQuery(document).ready(function() {
'<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].srcport + '</td>' + "\n" +
'<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dst + '</td>' + "\n" +
'<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dstport + '</td>' + "\n" +
- '<td class="listbg" id="frd0" ><font color="white">' + snortObjlist[i].msg + '</font></td>' + "\n" +
+ '<td class="listbg" id="frd0" ><font color="white">' + escapeHtmlEntities(snortObjlist[i].msg) + '</font></td>' + "\n" +
'<td class="' + rowIsEvenOdd+ '">' + "\n" +
'<img id="' + snortObjlist[i].sid + '" class="icon_click showeditrulegui" src="/themes/<?=$g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule">' + "\n" +
'</td>' + "\n" +
@@ -542,6 +558,7 @@ jQuery(document).ready(function() {
});
} // end of if stopRowAppend
+
// On click show rule edit GUI
jQuery('.showeditrulegui').live('click', function(){
diff --git a/config/orionids-dev/snort_rules_ips.php b/config/orionids-dev/snort_rules_ips.php
index b1bd8b08..618a684a 100644
--- a/config/orionids-dev/snort_rules_ips.php
+++ b/config/orionids-dev/snort_rules_ips.php
@@ -1,13 +1,19 @@
<?php
/* $Id$ */
/*
- snort_interfaces.php
- part of m0n0wall (http://m0n0.ch/wall)
+
+ part of pfSense
+ All rights reserved.
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
- Copyright (C) 2008-2009 Robert Zelaya.
All rights reserved.
+ Pfsense Old snort GUI
+ Copyright (C) 2006 Scott Ullrich.
+
+ Pfsense snort GUI
+ Copyright (C) 2008-2012 Robert Zelaya.
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -18,6 +24,10 @@
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the pfSense nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -28,12 +38,20 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+
+*/
require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
// set page vars
if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) {
@@ -65,6 +83,34 @@ if (isset($_GET['rulefilename'])) {
exit;
}
+
+function snortSearchArray($array, $key, $value)
+{
+ $results = array();
+
+ if (is_array($array))
+ {
+ foreach ($array as $subarray)
+ {
+ if ($subarray[$key] == $value) {
+ $results = $subarray;
+ }
+
+ }
+
+ }
+
+ return $results;
+}
+
+// get default settings
+$listGenRules = array();
+$listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid);
+
+// get sigs in db
+$listSigRules = array();
+$listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid);
+
$pgtitle = "Services: Snort: Ruleset Ips:";
include("/usr/local/pkg/snort/snort_head.inc");
@@ -87,8 +133,6 @@ if (isset($_GET['rulefilename'])) {
<div class="body2"><!-- hack to fix the hardcoed fbegin link in header -->
<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div>
-<form id="iform" >
-
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<?php
if (!empty($uuid)) {
@@ -150,41 +194,59 @@ if (isset($_GET['rulefilename'])) {
<tr>
<td class="tabnavtbl">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <!-- START MAIN AREA -->
-
-<table width="100%" border="0" cellpadding="10px" cellspacing="0">
- <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
- <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
- <input type="hidden" name="dbTable" value="SnortruleSigsIps" /> <!-- what db table-->
- <input type="hidden" name="ifaceTab" value="snort_rules_ips" /> <!-- what interface tab -->
- <input type="hidden" name="rdbuuid" value="<?=$rdbuuid;?>" /> <!-- what interface to save for -->
- <input type="hidden" name="uuid" value="<?=$uuid;?>" /> <!-- create snort.conf -->
-
- <tr id="frheader" >
- <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;On</td>
- <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Sid</td>
- <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Source</td>
- <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Amount</td>
- <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Duration</td>
- <td width="20%" class="listhdrr2">Message</td>
- </tr>
-
- <tbody class="rulesetloopblock">
-
- </tbody>
-
-</table>
-<br>
-<table>
-<tr>
- <td>
- <input name="Submit" type="submit" class="formbtn" value="Save">
- <input id="cancel" type="button" class="formbtn" value="Cancel">
- </td>
-</tr>
-</table>
-
+ <!-- START MAIN AREA -->
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" >
+ <tr>
+ <td>
+ </td>
+ <td>
+ <input id="select_all" type="button" class="formbtn" value="Select All" >
+ <input id="deselect_all" type="button" class="formbtn" value="Deselect All" >
+ </td>
+ </tr>
+ </table>
+
+ <div id="checkboxdo" style="width:100%; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 0px;">
+ <form id="iform" action="" >
+
+ <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save -->
+ <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db-->
+ <input type="hidden" name="dbTable" value="SnortruleSigsIps" /> <!-- what db table-->
+ <input type="hidden" name="ifaceTab" value="snort_rules_ips" /> <!-- what interface tab -->
+ <input type="hidden" name="rdbuuid" value="<?=$rdbuuid;?>" /> <!-- what interface to save for -->
+ <input type="hidden" name="uuid" value="<?=$uuid;?>" /> <!-- create snort.conf -->
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Rule File Ips Settings</td>
+ </tr>
+ </table>
+
+ <table class="rulesetloopblock" width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-bottom: 10px;">
+ <tr id="frheader" >
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;On</td>
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Sid</td>
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Source</td>
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Amount</td>
+ <td width="1%" class="listhdrr2">&nbsp;&nbsp;&nbsp;Duration</td>
+ <td width="20%" class="listhdrr2">Message</td>
+ </tr>
+
+ </table>
+ <br>
+ <table>
+ <tr>
+ <td>
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input id="cancel" type="button" class="formbtn" value="Cancel">
+ </td>
+ </tr>
+ </table>
+ </div>
</form >
+
+
<!-- STOP MAIN AREA -->
</table>
</td>
@@ -226,6 +288,7 @@ jQuery(document).ready(function() {
function getSidBlockJsonArray($getEnableSid)
{
+ global $listGenRules, $listSigRules;
if (!empty($getEnableSid)) {
@@ -235,16 +298,38 @@ jQuery(document).ready(function() {
foreach ($getEnableSid as $val3)
{
+ //$listGenRules $listSigRules
+ $snortSigIpsExists = snortSearchArray($listSigRules, 'siguuid', trim($val3['0']));
+
+ // if sig is in db use its settings else use default settings
+ if(!empty($snortSigIpsExists['siguuid'])) {
+
+ $getSid = $snortSigIpsExists['siguuid'];
+ $getEnable = $snortSigIpsExists['enable'];
+ $getWho = $snortSigIpsExists['who'];
+ $getTimeamount = $snortSigIpsExists['timeamount'];
+ $getTimetype = $snortSigIpsExists['timetype'];
+
+ }else{
+
+ $getSid = escapeJsonString(trim($val3['0']));
+ $getEnable = $listGenRules[0]['enable'];
+ $getWho = $listGenRules[0]['who'];
+ $getTimeamount = $listGenRules[0]['timeamount'];
+ $getTimetype = $listGenRules[0]['timetype'];
+
+ }
+
$i++;
-
+
if ($i == 1) {
$main .= '[';
}
if ( $i == $countSigList ) {
- $main .= '{"sid":"' . escapeJsonString($val3['0']) . '","enable":"' . 'on' . '","who":"' . 'src' . '","timeamount":"' . '15' . '","timetype":"' . 'minutes' . '","msg":"' . escapeJsonString($val3['1']) . '"}';
+ $main .= '{"sid":"' . $getSid . '","enable":"' . $getEnable . '","who":"' . $getWho . '","timeamount":"' . $getTimeamount . '","timetype":"' . $getTimetype . '","msg":"' . escapeJsonString($val3['1']) . '"}';
}else{
- $main .= '{"sid":"' . escapeJsonString($val3['0']) . '","enable":"' . 'on' . '","who":"' . 'src' . '","timeamount":"' . '15' . '","timetype":"' . 'minutes' . '","msg":"' . escapeJsonString($val3['1']) . '"},';
+ $main .= '{"sid":"' . $getSid . '","enable":"' . $getEnable . '","who":"' . $getWho . '","timeamount":"' . $getTimeamount . '","timetype":"' . $getTimetype . '","msg":"' . escapeJsonString($val3['1']) . '"},';
}
if ($i == $countSigList) {
@@ -321,8 +406,8 @@ function makeLargeSidTables(snortObjlist) {
var rowIsEvenOdd = 'even_ruleset2';
}
- if (snortObjlist[i].enable === 'on'){
- var rulesetChecked = 'checked';
+ if (snortObjlist[i].enable == 'on'){
+ var rulesetChecked = 'checked="checked"';
}else{
var rulesetChecked = '';
}
@@ -330,7 +415,7 @@ function makeLargeSidTables(snortObjlist) {
jQuery('.rulesetloopblock').append(
"\n" + '<tr class="hidemetr" id="ipstable_' + snortObjlist[i].sid + '" valign="top">' + "\n" +
'<td class="' + rowIsEvenOdd + '">' + "\n" +
- '<input class="domecheck" id="checkbox_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][enable]" value="' + snortObjlist[i].enable + '" checked="' + rulesetChecked + '" type="checkbox">' + "\n" +
+ '<input class="domecheck" id="checkbox_' + snortObjlist[i].sid + '" name="snortsam[db][' + i + '][enable]" value="on" ' + rulesetChecked + ' type="checkbox">' + "\n" +
'</td>' + "\n" +
'<td class="' + rowIsEvenOdd + '" id="sid_' + snortObjlist[i].sid + '" >' + snortObjlist[i].sid + '</td>' + "\n" +
'<td class="' + rowIsEvenOdd + '">' + "\n" +
diff --git a/config/orionids-dev/snort_rulesets.php b/config/orionids-dev/snort_rulesets.php
index 5182b803..a2e4f7f3 100644
--- a/config/orionids-dev/snort_rulesets.php
+++ b/config/orionids-dev/snort_rulesets.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) {
echo 'Error: more than one uuid';
exit(0);
diff --git a/config/orionids-dev/snort_rulesets_ips.php b/config/orionids-dev/snort_rulesets_ips.php
index dd3e943e..abac2b6b 100644
--- a/config/orionids-dev/snort_rulesets_ips.php
+++ b/config/orionids-dev/snort_rulesets_ips.php
@@ -45,6 +45,13 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/snort/snort_new.inc");
require_once("/usr/local/pkg/snort/snort_gui.inc");
+//Set no caching
+header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) {
echo 'Error: more than one uuid';
exit(0);