diff options
Diffstat (limited to 'config/snort-dev/snort_rules.php')
| -rw-r--r-- | config/snort-dev/snort_rules.php | 924 |
1 files changed, 391 insertions, 533 deletions
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index fd102538..871eb39e 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -1,19 +1,11 @@ <?php -/* $Id$ */ /* - - part of pfSense - All rights reserved. - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + snort_rules.php + Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2008, 2009 Robert Zelaya + Copyright (C) 2011 Ermal Luci All rights reserved. - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -24,10 +16,6 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -38,563 +26,433 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -*/ + */ + require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); -//Set no caching -header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); +global $g; -// set page vars +if (!is_array($config['installedpackages']['snortglobal']['rule'])) + $config['installedpackages']['snortglobal']['rule'] = array(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; -if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { - echo 'Error: more than one uuid'; - exit(0); +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; } -if (isset($_GET['uuid'])) { - $uuid = $_GET['uuid']; +if (isset($id) && $a_nat[$id]) { + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; } -if (isset($_GET['rdbuuid'])) { - $rdbuuid = $_GET['rdbuuid']; -}else{ - $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - $rdbuuid = $ruledbname_pre1['ruledbname']; +/* convert fake interfaces to real */ +$if_real = snort_get_real_interface($pconfig['interface']); +$iface_uuid = $a_nat[$id]['uuid']; + +/* Check if the rules dir is empy if so warn the user */ +/* TODO give the user the option to delete the installed rules rules */ +if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules")) + exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"); + +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); +if ($isrulesfolderempty == "") { + $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); + if ($isrulesfolderempty == "") { + include_once("head.inc"); + include_once("fbegin.inc"); + + echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; + + if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} + + echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n"; + + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); + echo "</td>\n + </tr>\n + <tr>\n + <td>\n + <div id=\"mainarea\">\n + <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n + <tr>\n + <td>\n + # The rules directory is empty.\n + </td>\n + </tr>\n + </table>\n + </div>\n + </td>\n + </tr>\n + </table>\n + \n + </form>\n + \n + <p>\n\n"; + + echo "Please click on the Update Rules tab to install your selected rule sets."; + include("fend.inc"); + + echo "</body>"; + echo "</html>"; + + exit(0); + } else { + /* Make sure that we have the rules */ + mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); + } } -// unset Session tmp on page load -unset($_SESSION['snort']['tmp']); +function get_middle($source, $beginning, $ending, $init_pos) { + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; +} -// list rules in the default dir -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid); +function write_rule_file($content_changed, $received_file) +{ + @file_put_contents($received_file, implode("\n", $content_changed)); +} -$snortRuleDir = '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid; +function load_rule_file($incoming_file) +{ + //read file into string, and get filesize + $contents = @file_get_contents($incoming_file); - // list rules in the default dir - $filterDirList = array(); - $filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '\.rules'); + //split the contents of the string file into an array using the delimiter + return explode("\n", $contents); +} - // START read rule file - if ($_GET['openruleset']) { - $rulefile = $_GET['openruleset']; - }else{ - $rulefile = $filterDirList[0]; +$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; +//$ruledir = "/usr/local/etc/snort/rules/"; +$dh = opendir($ruledir); +while (false !== ($filename = readdir($dh))) +{ + //only populate this array if its a rule file + $isrulefile = strstr($filename, ".rules"); + if ($isrulefile !== false) + $files[] = basename($filename); +} +sort($files); + +if ($_GET['openruleset']) + $rulefile = $_GET['openruleset']; +else + $rulefile = $ruledir.$files[0]; + +//Load the rule file +$splitcontents = load_rule_file($rulefile); + +if ($_GET['act'] == "toggle" && $_GET['ids']) { + + $lineid= $_GET['ids']; + + //copy rule contents from array into string + $tempstring = $splitcontents[$lineid]; + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + + $findme = "# alert"; //find string for disabled alerts + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) { + //rule has been enabled + $tempstring = substr($tempstring, 2); + } else + $tempstring = "# ". $tempstring; + + //copy string into array for writing + $splitcontents[$lineid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $rulefile); + + //write disable/enable sid to config.xml + $sid = get_middle($tempstring, 'sid:', ';', 0); + if (is_numeric($sid)) { + // rule_sid_on registers + if (!empty($a_nat[$id]['rule_sid_on'])) + $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); + if (!empty($a_nat[$id]['rule_sid_on'])) + $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); + if ($disabled === false) + $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; + else + $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; } - // path of rule file - $workingFile = $snortRuleDir . '/rules/' . $rulefile; - -function load_rule_file($incoming_file, $splitcontents) -{ - $pattern = '/(^alert |^# alert )/'; - foreach ( $splitcontents as $val ) - { - // remove whitespaces - $rmWhitespaces = preg_replace('/\s\s+/', ' ', $val); - - // filter none alerts - if (preg_match($pattern, $rmWhitespaces)) - { - $splitcontents2[] = $val; - } - - } - unset($splitcontents); - - return $splitcontents2; + write_config(); + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}"); + exit; } - - // Load the rule file - // split the contents of the string file into an array using the delimiter - // used by rule gui edit and table build code - if (filesize($workingFile) > 0) { - $splitcontents = split_rule_file($workingFile); - - $splitcontents2 = load_rule_file($workingFile, $splitcontents); - - $countSig = count($splitcontents2); - - if ($countSig > 0) { - $newFilterRuleSigArray = newFilterRuleSig($splitcontents2); - } - } - - /* - * SET GLOBAL ARRAY $_SESSION['snort'] - * Use SESSION instead POST for security because were writing to files. - */ - - $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules'; - $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs'; - $_SESSION['snort']['tmp']['snort_rules']['rdbuuid'] = $rdbuuid; - $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile; - - -// find ./ -name test.txt | xargs grep "^disablesid 127 " - - $pgtitle = "Snort: Category: rule: $rulefile"; - include("/usr/local/pkg/snort/snort_head.inc"); -?> +$currentruleset = basename($rulefile); - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<!-- loading msg --> -<div id="loadingWaiting"> - <div class="snortModal" style="top: 200px; left: 700px;"> - <div class="snortModalTop"> - <!-- <div class="snortModalTopClose"><a href="javascript:hideLoading('#loadingWaiting');"><img src="/snort/images/close_9x9.gif" border="0" height="9" width="9"></a></div> --> - </div> - <div class="snortModalTitle"> - <p><img src="./images/loading.gif" /><br><br>Please Wait...</p> - </div> - <div> - <p class="loadingWaitingMessage"></p> - </div> - </div> -</div> - -<!-- hidden div --> -<div id="loadingRuleEditGUI"> - - <div class="loadingRuleEditGUIDiv"> - <form id="iform2" action=""> - <input type="hidden" name="snortSidRuleEdit" value="1" /> - <input type="hidden" name="snortSidRuleDBuuid" value="<?=$rdbuuid;?>" /> <!-- what to do, save --> - <input type="hidden" name="snortSidRuleFile" value="<?=$rulefile; ?>" /> <!-- what to do, save --> - <input type="hidden" name="snortSidNum" value="" /> <!-- what to do, save --> - <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> - <tr> - <td> - <input name="save" type="submit" class="formbtn" id="save" value="Save" /> - <input type="button" class="formbtn closeRuleEditGUI" value="Close" > - </td> - </tr> - <tr> - <td> - <textarea id="sidstring" name="sidstring" wrap="off" style="width: 98%; margin: 7px;" rows="1" cols="" ></textarea> <!-- SID to EDIT --> - </td> - </tr> - <tr> - <td> - <textarea wrap="off" style="width: 98%; margin: 7px;" rows="<?php if(count($splitcontents) > 24){echo 24;}else{echo count($splitcontents);} ?>" cols="" disabled > - - <?php - - echo "\n"; - - foreach ($splitcontents as $sidLineGui) - - echo $sidLineGui . "\n"; - - - - ?> - </textarea> <!-- Display rule file --> - </td> - </tr> - </table> - <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> - <tr> - <td> - <input name="save" type="submit" class="formbtn" id="save" value="Save" /> - <input type="button" class="formbtn closeRuleEditGUI" value="Close" > - </td> - </tr> - </table> - </form> - </div> +$ifname = strtoupper($pconfig['interface']); +require_once("guiconfig.inc"); +include_once("head.inc"); -</div> +$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; +?> -<?php include("fbegin.inc"); ?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php +include("fbegin.inc"); +if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> +echo "{$snort_general_css}\n"; +?> +<form action="snort_rules.php" method="post" name="iform" id="iform"> + +<script language="javascript" type="text/javascript"> +function go() +{ + var box = document.iform.selectbox; + destination = box.options[box.selectedIndex].value; + if (destination) + location.href = destination; +} +function popup(url) +{ + params = 'width='+screen.width; + params += ', height='+screen.height; + params += ', top=0, left=0' + params += ', fullscreen=yes'; + + newwin=window.open(url,'windowname4', params); + if (window.focus) {newwin.focus()} + return false; +} +</script> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <?php - if (!empty($uuid)) { - echo ' +<table style="table-layout:fixed;" width="99%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tabid = 0; + $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tabid++; + $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tabid++; + $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea2"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_edit.php?uuid=' . $uuid . '"><span>If Settings</span></a></li> - <li><a href="/snort/snort_rulesets.php?uuid=' . $uuid . '"><span>Categories</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_rules.php?uuid=' . $uuid . '"><span>Rules</span></a></li> - <li><a href="/snort/snort_rulesets_ips.php?uuid=' . $uuid . '"><span>Ruleset Ips</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=' . $uuid . '"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=' . $uuid . '"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=' . $uuid . '"><span>Barnyard2</span></a></li> - </ul> - </div> + <td class="listt" colspan="8"> + <br>Category: + <select id="selectbox" name="selectbox" class="formfld" onChange="go()"> + <?php + foreach ($files as $value) { + echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' "; + if ($value === $currentruleset) + echo "selected"; + echo ">{$value}</option>\n"; + } + ?> + </select> + </td> + </tr> + <tr id="frheader"> + <td width="3%" class="list"> </td> + <td width="5%" class="listhdr">SID</td> + <td width="6%" class="listhdrr">Proto</td> + <td width="15%" class="listhdrr">Source</td> + <td width="10%" class="listhdrr">Port</td> + <td width="15%" class="listhdrr">Destination</td> + <td width="10%" class="listhdrr">Port</td> + <td width="32%" class="listhdrr">Message</td> + </tr> + <?php + foreach ( $splitcontents as $counter => $value ) + { + $disabled = "False"; + $comments = "False"; + $findme = "# alert"; //find string for disabled alerts + $disabled_pos = strstr($value, $findme); + + $counter2 = 1; + $sid = get_middle($value, 'sid:', ';', 0); + //check to see if the sid is numberical + if (!is_numeric($sid)) + continue; + + //if find alert is false, then rule is disabled + if ($disabled_pos !== false){ + $counter2 = $counter2+1; + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + + $ischecked = ""; + } else { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + + $ischecked = "checked"; + } + + $rule_content = explode(' ', $value); + + $protocol = $rule_content[$counter2];//protocol location + $counter2++; + $source = substr($rule_content[$counter2], 0, 20) . "...";//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + if (strstr($value, 'msg: "')) + $message = get_middle($value, 'msg: "', '";', 0); + else if (strstr($value, 'msg:"')) + $message = get_middle($value, 'msg:"', '";', 0); + + echo "<tr><td class=\"listt\"> $textss\n"; + ?> + <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img + src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" + width="10" height="10" border="0" + title="click to toggle enabled/disabled status"></a> + <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> + <!-- TODO: add checkbox and save so that that disabling is nicer --> + <?php + echo "$textse + </td> + <td width='5%' class=\"listlr\"> + $textss + $sid + $textse + </td> + <td width='6%' class=\"listlr\"> + $textss + $protocol"; + echo "$textse + </td> + <td width='20%' class=\"listlr\"> + $textss + $source + $textse + </td> + <td width='5%' class=\"listlr\"> + $textss + $source_port + $textse + </td> + <td width='20%' class=\"listlr\"> + $textss + $destination + $textse + </td> + <td width='5%' class=\"listlr\"> + $textss + $destination_port + $textse + </td> + <td width='30%' class=\"listbg\"><font color=\"white\"> + $textss + $message + $textse + </td>"; + ?> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><a href="javascript: void(0)" + onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" + title="edit rule" width="17" height="17" border="0"></a></td> + <!-- Codes by Quackit.com --> + </tr> + </table> + </td> + <?php + } + ?> + + </table> </td> </tr> - '; - }else{ - echo ' <tr> - <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li><a href="/snort/snort_interfaces_global.php"><span>Global Settings</span></a></li> - <li><a href="/snort/snort_download_updates.php"><span>Updates</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_rules.php"><span>RulesDB</span></a></li> - <li><a href="/snort/snort_alerts.php"><span>Alerts</span></a></li> - <li><a href="/snort/snort_blocked.php"><span>Blocked</span></a></li> - <li><a href="/snort/snort_interfaces_whitelist.php"><span>Whitelists</span></a></li> - <li><a href="/snort/snort_interfaces_suppress.php"><span>Suppress</span></a></li> - <li><a href="/snort/snort_help_info.php"><span>Help</span></a></li> - </ul> - </div> + <td class="listlr"> + <?php echo " <strong><span class='red'>There are {$counter} rules in this category. <br/><br/></span></strong>"; ?> </td> </tr> <tr> <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li class="hide_newtabmenu"><a href="/snort/snort_interfaces_rules_edit.php?rdbuuid=' . $rdbuuid . '"><span>Rules DB Edit</span></a></li> - <li class="hide_newtabmenu"><a href="/snort/snort_rulesets.php?rdbuuid=' . $rdbuuid . '"><span>Categories</span></a></li> - <li class="hide_newtabmenu newtabmenu_active"><a href="/snort/snort_rules.php?rdbuuid=' . $rdbuuid . '"><span>Rules</span></a></li> - <li><a href="/snort/snort_rulesets_ips.php?rdbuuid=' . $rdbuuid . '"><span>Ruleset Ips</span></a></li> - </ul> - </div> - </td> - </tr> - '; - } - ?> - <tr> - <td id="tdbggrey"> - <div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> - <!-- START MAIN AREA --> - - - <!-- start Interface Satus --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="maintable77" > - <td colspan="2" valign="top" class="listtopic2"> - Category: - <select name="selectbox" class="formfld" > - <?php - if(isset($_GET['uuid'])) { - $urlUuid = "&uuid=$uuid"; - } - - if(isset($_GET['rdbuuid'])) { - $urlUuid = "&rdbuuid=$rdbuuid"; - } - - $i=0; - foreach ($filterDirList as $value) - { - $selectedruleset = ''; - if ($value === $rulefile) { - $selectedruleset = 'selected'; - } - - echo "\n" . '<option value="?&openruleset=' . $ruledir . $value . $urlUuid . '" ' . $selectedruleset . ' >' . $value . '</option>' . "\r"; - - $i++; - - } - ?> - </select> - There are <?=$countSig; ?> rules in this category. - </td> - <td width="6%" colspan="2" valign="middle" class="listtopic3" > - <a href="snort_interfaces_edit.php?uuid=<?=$new_ruleUUID;?>"> - <img style="padding-left:3px;" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add rule"> - </a> - </td> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td width="16"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" + width="11" height="11"></td> + <td>Rule Enabled</td> </tr> - </table> -<br> - - <!-- Save all inputs --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <input id="select_all" type="button" class="formbtn" value="Select All" > - <input id="deselect_all" type="button" class="formbtn" value="Deselect All" > - </td> - </tr> - </table> - -<br> - - <!-- start User Interface --> - - - <form id="iform" action=""> - <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save --> - <input type="hidden" name="ifaceTab" value="snort_rules" /> <!-- what interface tab --> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="maintable77" > - <td colspan="2" valign="top" class="listtopic">Snort Signatures:</td> + <tr> + <td><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" + width="11" height="11"></td> + <td nowrap>Rule Disabled</td> + </tr> + <tr> + <!-- TODO: add save and cancel for checkbox options --> + <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> + </tr> + <tr> + <td colspan="10"> + <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>--> + </td> </tr> - </table> - - <table id="mainCreateTable" width="100%" border="0" cellpadding="0" cellspacing="0"> - - <tr id="frheader" > - <td class="listhdrr2">On</td> - <td class="listhdrr2">Sid</td> - <td class="listhdrr2">Proto</td> - <td class="listhdrr2">Src</td> - <td class="listhdrr2">Port</td> - <td class="listhdrr2">Dst</td> - <td class="listhdrr2">Port</td> - <td class="listhdrr2">Message</td> - <td class="listhdrr2"> </td> - </tr> - <tr> - <!-- START javascript sid loop here --> - <tbody class="rulesetloopblock"> - - - - </tbody> - <!-- STOP javascript sid loop here --> - </tr> - - </table> - <br> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> - <input id="cancel" type="button" class="formbtn" value="Cancel"> - </td> - </tr> </table> - </form> - <br> - - <!-- stop snortsam --> - - <!-- STOP MAIN AREA --> - </div> + </td> + </tr> + </table> </td> - </tr> +</tr> </table> </form> -</div> - -<!-- start info box --> - -<br> - -<div style="width:790px; background-color: #dddddd;" id="mainarea4"> -<div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> -<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> </td> - </tr> - <tr > - <td width="100%"> - <span class="red"><strong>Note:</strong></span> <br> - This is the <strong>Snort Rule Signature Viewer</strong>. - Please make sure not to add a <strong>whitespace</strong> before <strong>alert</strong> or <strong>#alert</strong>. - <br> - <br> - <span class="red"><strong>Warning:</strong></span> - <br> - <strong>New settings will not take effect until interface restart.</strong> - <br><br> - </td> - </tr> -</table> -</div> -</div> - - -<script type="text/javascript"> - - -//prepare the form when the DOM is ready -jQuery(document).ready(function() { - - // NOTE: needs to be watched - // change url on selected dropdown rule - jQuery('select[name=selectbox]').change(function() { - window.location.replace(jQuery(this).val()); - }); - -<?php - - /* - * NOTE: - * I could have used a php loop to build the table but I wanted to see if off loading to client is faster. - * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see. - * WARNING: - * If Json string is to long browsers start asking to terminate javascript. - * FIX: - * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended. - */ - if (!empty($newFilterRuleSigArray)) - { - $countSigList = count($newFilterRuleSigArray); - - echo "\n"; - - echo 'var snortObjlist = ['; - $i = 0; - foreach ($newFilterRuleSigArray as $val3) - { - - $i++; - - // NOTE: escapeJsonString; foward slash has added spaces on each side, ie and chrome were giving issues with tablw widths - if( $i !== $countSigList ) { - echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},'; - }else{ - echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}'; - } - } - - echo '];' . "\n"; - } - - - - if (!empty($countSig)) { - echo 'var countRowAppend = ' . $countSig . ';' . "\n"; - }else{ - echo 'var countRowAppend = 0;' . "\n"; - } - -?> - -if(typeof escapeHtmlEntities == 'undefined') { - escapeHtmlEntities = function (text) { - return text.replace(/[\u00A0-\u2666<>\&]/g, function(c) { return '&' + - escapeHtmlEntities.entityTable[c.charCodeAt(0)] || '#'+c.charCodeAt(0) + ';'; }); - }; - - // all HTML4 entities as defined here: http://www.w3.org/TR/html4/sgml/entities.html - // added: amp, lt, gt, quot and apos - escapeHtmlEntities.entityTable = { 34 : 'quot', 38 : 'amp', 39 : 'apos', 47 : 'slash', 60 : 'lt', 62 : 'gt', 160 : 'nbsp', 161 : 'iexcl', 162 : 'cent', 163 : 'pound', 164 : 'curren', 165 : 'yen', 166 : 'brvbar', 167 : 'sect', 168 : 'uml', 169 : 'copy', 170 : 'ordf', 171 : 'laquo', 172 : 'not', 173 : 'shy', 174 : 'reg', 175 : 'macr', 176 : 'deg', 177 : 'plusmn', 178 : 'sup2', 179 : 'sup3', 180 : 'acute', 181 : 'micro', 182 : 'para', 183 : 'middot', 184 : 'cedil', 185 : 'sup1', 186 : 'ordm', 187 : 'raquo', 188 : 'frac14', 189 : 'frac12', 190 : 'frac34', 191 : 'iquest', 192 : 'Agrave', 193 : 'Aacute', 194 : 'Acirc', 195 : 'Atilde', 196 : 'Auml', 197 : 'Aring', 198 : 'AElig', 199 : 'Ccedil', 200 : 'Egrave', 201 : 'Eacute', 202 : 'Ecirc', 203 : 'Euml', 204 : 'Igrave', 205 : 'Iacute', 206 : 'Icirc', 207 : 'Iuml', 208 : 'ETH', 209 : 'Ntilde', 210 : 'Ograve', 211 : 'Oacute', 212 : 'Ocirc', 213 : 'Otilde', 214 : 'Ouml', 215 : 'times', 216 : 'Oslash', 217 : 'Ugrave', 218 : 'Uacute', 219 : 'Ucirc', 220 : 'Uuml', 221 : 'Yacute', 222 : 'THORN', 223 : 'szlig', 224 : 'agrave', 225 : 'aacute', 226 : 'acirc', 227 : 'atilde', 228 : 'auml', 229 : 'aring', 230 : 'aelig', 231 : 'ccedil', 232 : 'egrave', 233 : 'eacute', 234 : 'ecirc', 235 : 'euml', 236 : 'igrave', 237 : 'iacute', 238 : 'icirc', 239 : 'iuml', 240 : 'eth', 241 : 'ntilde', 242 : 'ograve', 243 : 'oacute', 244 : 'ocirc', 245 : 'otilde', 246 : 'ouml', 247 : 'divide', 248 : 'oslash', 249 : 'ugrave', 250 : 'uacute', 251 : 'ucirc', 252 : 'uuml', 253 : 'yacute', 254 : 'thorn', 255 : 'yuml', 402 : 'fnof', 913 : 'Alpha', 914 : 'Beta', 915 : 'Gamma', 916 : 'Delta', 917 : 'Epsilon', 918 : 'Zeta', 919 : 'Eta', 920 : 'Theta', 921 : 'Iota', 922 : 'Kappa', 923 : 'Lambda', 924 : 'Mu', 925 : 'Nu', 926 : 'Xi', 927 : 'Omicron', 928 : 'Pi', 929 : 'Rho', 931 : 'Sigma', 932 : 'Tau', 933 : 'Upsilon', 934 : 'Phi', 935 : 'Chi', 936 : 'Psi', 937 : 'Omega', 945 : 'alpha', 946 : 'beta', 947 : 'gamma', 948 : 'delta', 949 : 'epsilon', 950 : 'zeta', 951 : 'eta', 952 : 'theta', 953 : 'iota', 954 : 'kappa', 955 : 'lambda', 956 : 'mu', 957 : 'nu', 958 : 'xi', 959 : 'omicron', 960 : 'pi', 961 : 'rho', 962 : 'sigmaf', 963 : 'sigma', 964 : 'tau', 965 : 'upsilon', 966 : 'phi', 967 : 'chi', 968 : 'psi', 969 : 'omega', 977 : 'thetasym', 978 : 'upsih', 982 : 'piv', 8226 : 'bull', 8230 : 'hellip', 8242 : 'prime', 8243 : 'Prime', 8254 : 'oline', 8260 : 'frasl', 8472 : 'weierp', 8465 : 'image', 8476 : 'real', 8482 : 'trade', 8501 : 'alefsym', 8592 : 'larr', 8593 : 'uarr', 8594 : 'rarr', 8595 : 'darr', 8596 : 'harr', 8629 : 'crarr', 8656 : 'lArr', 8657 : 'uArr', 8658 : 'rArr', 8659 : 'dArr', 8660 : 'hArr', 8704 : 'forall', 8706 : 'part', 8707 : 'exist', 8709 : 'empty', 8711 : 'nabla', 8712 : 'isin', 8713 : 'notin', 8715 : 'ni', 8719 : 'prod', 8721 : 'sum', 8722 : 'minus', 8727 : 'lowast', 8730 : 'radic', 8733 : 'prop', 8734 : 'infin', 8736 : 'ang', 8743 : 'and', 8744 : 'or', 8745 : 'cap', 8746 : 'cup', 8747 : 'int', 8756 : 'there4', 8764 : 'sim', 8773 : 'cong', 8776 : 'asymp', 8800 : 'ne', 8801 : 'equiv', 8804 : 'le', 8805 : 'ge', 8834 : 'sub', 8835 : 'sup', 8836 : 'nsub', 8838 : 'sube', 8839 : 'supe', 8853 : 'oplus', 8855 : 'otimes', 8869 : 'perp', 8901 : 'sdot', 8968 : 'lceil', 8969 : 'rceil', 8970 : 'lfloor', 8971 : 'rfloor', 9001 : 'lang', 9002 : 'rang', 9674 : 'loz', 9824 : 'spades', 9827 : 'clubs', 9829 : 'hearts', 9830 : 'diams', 34 : 'quot', 38 : 'amp', 60 : 'lt', 62 : 'gt', 338 : 'OElig', 339 : 'oelig', 352 : 'Scaron', 353 : 'scaron', 376 : 'Yuml', 710 : 'circ', 732 : 'tilde', 8194 : 'ensp', 8195 : 'emsp', 8201 : 'thinsp', 8204 : 'zwnj', 8205 : 'zwj', 8206 : 'lrm', 8207 : 'rlm', 8211 : 'ndash', 8212 : 'mdash', 8216 : 'lsquo', 8217 : 'rsquo', 8218 : 'sbquo', 8220 : 'ldquo', 8221 : 'rdquo', 8222 : 'bdquo', 8224 : 'dagger', 8225 : 'Dagger', 8240 : 'permil', 8249 : 'lsaquo', 8250 : 'rsaquo', 8364 : 'euro' }; -} - - // if rowcount is not empty do this - if (countRowAppend > 0){ - - // if rowcount is more than 300 - if (countRowAppend > 200){ - // call to please wait - showLoading('#loadingWaiting'); - } - - - // Break up append row adds by chunks of 300 - // NOTE: ie9 is still giving me issues on deleted.rules 6000 sigs. I should break up the json code above into smaller parts. - incrementallyProcess(function (i){ - // loop code goes in here - //console.log('loop: ', i); - - if (isEven(i) === true){ - var rowIsEvenOdd = 'odd_ruleset2'; - }else{ - var rowIsEvenOdd = 'even_ruleset2'; - } - - if (snortObjlist[i].enable === 'on'){ - var rulesetChecked = 'checked'; - }else{ - var rulesetChecked = ''; - } - - jQuery('.rulesetloopblock').append( - - "\n" + '<tr valign="top" id="fr0">' + "\n" + - '<td class="' + rowIsEvenOdd + '">' + "\n" + - '<input class="domecheck" type="checkbox" name="filenamcheckbox2[]" value="' + snortObjlist[i].sid + '" ' + rulesetChecked + ' >' + "\n" + - '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].sid + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].proto + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].src + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].srcport + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dst + '</td>' + "\n" + - '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dstport + '</td>' + "\n" + - '<td class="listbg" id="frd0" ><font color="white">' + escapeHtmlEntities(snortObjlist[i].msg) + '</font></td>' + "\n" + - '<td class="' + rowIsEvenOdd+ '">' + "\n" + - '<img id="' + snortObjlist[i].sid + '" class="icon_click showeditrulegui" src="/themes/<?=$g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule">' + "\n" + - '</td>' + "\n" + - '</tr>' + "\n" - - ); - - }, - snortObjlist, // Object to work with the case Json object - 500, // chunk size - 200, // how many secs to wait - function (){ - // things that happen after the processing is done go here - // console.log('done!'); - - // if rowcount is more than 300 - if (countRowAppend > 200){ - // call to please wait - hideLoading('#loadingWaiting'); - } - - }); - } // end of if stopRowAppend - - - // On click show rule edit GUI - jQuery('.showeditrulegui').live('click', function(){ - - // Get sid - jQuery.getJSON('/snort/snort_json_get.php', - { - "snortGetSidString": "1", - "snortIface": "<?=$uuid . '_' . $a_list['interface']; ?>", - "snortRuleFile": "<?=$rulefile; ?>", - "sid": jQuery(this).attr('id') - }, - function(data){ - jQuery("textarea#sidstring").val(data.sidstring); // add string to textarea - jQuery("input[name=snortSidNum]").val(data.sid); // add sid to input - showLoading('#loadingRuleEditGUI'); - }); - }); - - jQuery('.closeRuleEditGUI').live('click', function(){ - hideLoading('#loadingRuleEditGUI'); - }); - - -}); // end of document ready - -</script> - - -<!-- stop info box --> - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - +<?php include("fend.inc"); ?> </body> </html> |