aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev/snort_new.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort-dev/snort_new.inc')
-rw-r--r--config/snort-dev/snort_new.inc249
1 files changed, 243 insertions, 6 deletions
diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc
index a437db09..9f318af0 100644
--- a/config/snort-dev/snort_new.inc
+++ b/config/snort-dev/snort_new.inc
@@ -6,9 +6,250 @@ if(isset($_POST['__csrf_magic']))
unset($_POST['__csrf_magic']);
}
+// Wites selected sig to file
+function snortSidStringRuleEditGUI()
+{
+
+ $workingFile = '/usr/local/etc/snort/sn_' . $_POST['snortSidRuleIface'] . '/rules/' . $_POST['snortSidRuleFile'];
+
+ $splitcontents = split_rule_file($workingFile);
+
+ if (!empty($splitcontents))
+ {
+ $sidLinePosPre = exec('/usr/bin/sed -n /sid:' . $_POST['snortSidNum'] . '\;/= ' . $workingFile);
+ $sidLinePos = $sidLinePosPre - 1;
+
+ $splitcontents[$sidLinePos] = $_POST['sidstring'];
+
+
+ write_rule_file($splitcontents, $workingFile);
+
+ return true;
+ }
+
+ return false;
+
+}
+
+function sendSidStringRuleEditGUI()
+{
+
+ $sidCall = exec('sed -n "/alert.*sid:' . $_GET['sid'] . ';.*/p" /usr/local/etc/snort/sn_' . $_GET['snortIface'] . '/rules/' . $_GET['snortRuleFile']);
+ $sidCallJsonFilter = escapeJsonString($sidCall);
+
+ echo '{"sidstring":' . '"' . $sidCallJsonFilter . '","sid":' . '"' . $_GET['sid'] . '"}';
+ return true;
+}
+
+
+function escapeJsonString($escapeString)
+{
+ $search = array('\\', '\n', '\r', '\u', '\t', '\f', '\b', '/', '"');
+ $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', '\/', '\"');
+ $encoded_string = str_replace($search, $replace, $escapeString);
+
+ return $encoded_string;
+
+}
+
+// limit the length of the given string to $MAX_LENGTH char
+function trimLength($s) {
+
+
+ $MAX_LENGTH = 13;
+ $str_to_count = $s;
+ if (strlen($str_to_count) <= $MAX_LENGTH) {
+ return $s;
+ }
+
+ $s2 = substr($str_to_count, 0, $MAX_LENGTH - 3);
+ $s2 .= "...";
+ return $s2;
+}
+
+
+// builds base array with sid etc....
+function newFilterRuleSig($baseruleArray)
+{
+
+ function get_middle($source, $beginning, $ending, $init_pos)
+ {
+ $beginning_pos = strpos($source, $beginning, $init_pos);
+ $middle_pos = $beginning_pos + strlen($beginning);
+ $ending_pos = strpos($source, $ending, $beginning_pos);
+ $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+ return $middle;
+ }
+
+
+ $i = 0;
+ $newSigArray[] = array();
+ foreach ( $baseruleArray as $value )
+ {
+
+ // add sid
+ $newSigArray[$i]['sid'] = get_middle($value, 'sid:', ';', 0);
+
+ // remove whitespaces
+ $rmWhitespaces = preg_replace('/\s\s+/', ' ', $value);
+ // remove whitespace betwin # aerrt
+ $rmAlertWhitespace = preg_replace('/^# alert/', '#alert', $rmWhitespaces);
+ $splitcontents = explode(' ', $rmAlertWhitespace);
+
+ // enable or disable
+ if ($splitcontents[0] === '#alert')
+ {
+ $newSigArray[$i]['enable'] = 'off';
+ }else{
+ $newSigArray[$i]['enable'] = 'on';
+ }
+
+ // proto
+ $newSigArray[$i]['proto'] = $splitcontents[1];
+
+ // source
+ $newSigArray[$i]['src'] = trimLength($splitcontents[2]);
+
+ // source port
+ $newSigArray[$i]['srcport'] = trimLength($splitcontents[3]);
+
+ // Destination
+ $newSigArray[$i]['dst'] = trimLength($splitcontents[5]);
+
+ // Destination port
+ $newSigArray[$i]['dstport'] = trimLength($splitcontents[6]);
+
+ // sig message
+ $newSigArray[$i]['msg'] = get_middle($value, 'msg:"', '";', 0);
+
+ $i++;
+ }
+
+ return $newSigArray;
+}
+
+
+function split_rule_file($workingFile)
+{
+ $filehandle = fopen($workingFile, "r");
+ $contents = fread($filehandle, filesize($workingFile));
+
+ fclose ($filehandle);
+
+ $delimiter = "\n";
+
+ $splitcontents = explode($delimiter, $contents);
+
+ return $splitcontents;
+}
+
+
+// write rule file to disk
+function write_rule_file($content_changed, $received_file)
+{
+ //read snort file with writing enabled
+ $filehandle = fopen($received_file, "w");
+
+ //delimiter for each new rule is a new line
+ $delimiter = "\n";
+
+ //implode the array back into a string for writing purposes
+ $fullfile = implode($delimiter, $content_changed);
+
+ //write data to file
+ fwrite($filehandle, $fullfile);
+
+ //close file handle
+ fclose($filehandle);
+
+}
// Save ruleSets settings
+function snortSql_updateRuleSigList()
+{
+
+ $snortDir = '/usr/local/etc/snort/sn_' . $_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] . '_' . $_SESSION['snort']['tmp']['snort_rules']['ifaceselected'];
+
+ // selected snort rule file
+ $workingFile = $snortDir . '/rules/' . $_SESSION['snort']['tmp']['snort_rules']['rulefile'];
+
+ $splitcontents = split_rule_file($workingFile);
+
+ // open rule file and change enable/disable sids
+ function read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray)
+ {
+
+ foreach ($splitcontents as $sigLine)
+ {
+ $replaceChars = array('/sid:/', '/;/');
+ preg_match('/sid:[0-9]*;/', $sigLine, $matches);
+ $sidLine = preg_replace($replaceChars, '', $matches[0]);
+
+
+ if ($sidLine == '')
+ {
+ $tempstring[] = $sigLine;
+ }else{
+
+ if (in_array($sidLine, $enableSigsArray))
+ {
+ $tempstring[] = str_replace("# alert", "alert", $sigLine);
+ }
+
+ if (in_array($sidLine, $disableSigsArray))
+ {
+ $tempstring[] = str_replace("alert", "# alert", $sigLine);
+ }
+
+ if (!in_array($sidLine, $enableSigsArray) && !in_array($sidLine, $disableSigsArray))
+ {
+ $tempstring[] = $sigLine;
+ }
+ }
+ }
+
+ return $tempstring;
+ }
+
+ // build user selected enbled and disabled arrays
+ $enableSigsArray = array();
+ $disableSigsArray = array();
+
+ if (!isset($_POST['filenamcheckbox2']))
+ {
+ $_POST['filenamcheckbox2'] = array();
+ }
+
+ $newFilterRuleSigArray = newFilterRuleSig($splitcontents);
+
+ foreach ($newFilterRuleSigArray as $sigArray)
+ {
+ // enable sig
+ if(in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'off')
+ {
+ $enableSigsArray[] = $sigArray['sid'];
+ }
+
+ // disable sig
+ if(!in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'on')
+ {
+ $disableSigsArray[] = $sigArray['sid'];
+ }
+ }
+
+ // read rule file change disable/enable then write to file if arrays are not empty
+ if (!empty($enableSigsArray) || !empty($disableSigsArray))
+ {
+ write_rule_file(read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray), $workingFile);
+ }
+
+ return true;
+
+
+} // END Save ruleSets settings
+
+// Save ruleSets settings
function snortSql_updateRuleSetList($dbname, $table, $ruleSetfilenames, $ifaceuuid)
{
@@ -798,14 +1039,10 @@ function snortScanDirFilter($path, $filtername)
{
$filterDirList[] = $val;
}
-
}
- unset($listDir);
-
+ unset($listDir);
}
-
- return $filterDirList;
-
+ return $filterDirList;
}
?>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 21:05:42 +0000