diff options
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/base_file.php | 132 | ||||
-rw-r--r-- | config/snort-dev/css/style_snort2.css | 53 | ||||
-rw-r--r-- | config/snort-dev/images/loading.gif | bin | 0 -> 404 bytes | |||
-rw-r--r-- | config/snort-dev/javascript/snort_globalsend.js | 156 | ||||
-rw-r--r-- | config/snort-dev/snortDBrules | bin | 12288 -> 14336 bytes | |||
-rw-r--r-- | config/snort-dev/snort_head.inc | 22 | ||||
-rw-r--r-- | config/snort-dev/snort_headbase.inc | 26 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces_edit.php | 2 | ||||
-rw-r--r-- | config/snort-dev/snort_json_get.php | 10 | ||||
-rw-r--r-- | config/snort-dev/snort_json_post.php | 78 | ||||
-rw-r--r-- | config/snort-dev/snort_new.inc | 249 | ||||
-rw-r--r-- | config/snort-dev/snort_rules.php | 517 | ||||
-rw-r--r-- | config/snort-dev/snort_rulesets.php | 278 | ||||
-rw-r--r-- | config/snort-dev/testing.php | 28 |
14 files changed, 1243 insertions, 308 deletions
diff --git a/config/snort-dev/base_file.php b/config/snort-dev/base_file.php deleted file mode 100644 index 168a39fb..00000000 --- a/config/snort-dev/base_file.php +++ /dev/null @@ -1,132 +0,0 @@ -<?php -/* $Id$ */ -/* - snort_interfaces.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -// set page vars - -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; - -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); -} - - -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); - - - - - - $pgtitle = "Services: Snort: Interface Edit:"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - -<div id="loadingWaiting"> - <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p> -</div> - -<?php include("fbegin.inc"); ?> -<!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"> -<a href="../index.php" id="status-link2"> -<img src="./images/transparent.gif" border="0"></img> -</a> -</div> - -<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> -<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> - <ul class="newtabmenu"> - <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> - <li class="newtabmenu_active"><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> - <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> - <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> - <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> - <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> - <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> - </ul> - </div> - - </td> - </tr> - <tr> - <td id="tdbggrey"> - <table width="100%" border="0" cellpadding="10px" cellspacing="0"> - <tr> - <td class="tabnavtbl"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <!-- START MAIN AREA --> - - <form id="iform" > - <input type="hidden" name="snortSaveSettings" value="1" /> <!-- what to do, save --> - <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> - <input type="hidden" name="dbTable" value="Snortrules" /> <!-- what db table--> - <input type="hidden" name="ifaceTab" value="snort_interfaces_edit" /> <!-- what interface tab --> - - - - - </form> - <!-- STOP MAIN AREA --> - </table> - </td> - </tr> - </table> - </td> - </tr> -</table> -</div> - - -<!-- footer do not touch below --> -<?php -include("fend.inc"); -echo $snort_custom_rnd_box; -?> - - -</body> -</html> diff --git a/config/snort-dev/css/style_snort2.css b/config/snort-dev/css/style_snort2.css index 91e63e88..07d21de6 100644 --- a/config/snort-dev/css/style_snort2.css +++ b/config/snort-dev/css/style_snort2.css @@ -6,24 +6,44 @@ a { } */ + +#right { + + position: relative; + top: -10px; + left: 0px; + width: 770px; + margin-top: 0px; + margin-left: 5px; + margin-right: 5px; + padding-top: 20px; + padding-left: 0px; + padding-right: 0px; + padding-bottom: 90px; + min-height: 400px; + +} + .odd_ruleset2 { + text-align: center; background-color: #ffffff; border-left: 1px solid #999999; border-bottom: 1px solid #999999; font-size: 11px; - padding-right: 6px; - padding-left: 6px; + padding-right: 2px; + padding-left: 2px; padding-top: 4px; padding-bottom: 4px; } .even_ruleset2 { + text-align: center; background-color: #eeeeee; border-left: 1px solid #999999; border-bottom: 1px solid #999999; font-size: 11px; - padding-right: 6px; - padding-left: 6px; + padding-right: 2px; + padding-left: 2px; padding-top: 4px; padding-bottom: 4px; } @@ -67,7 +87,7 @@ a { visibility:hidden; } -#loadingWaiting { +#loadingWaiting, #loadingRuleEditGUI{ display:none; position:fixed; left:0; @@ -75,8 +95,21 @@ a { width:100%; height:100%; background-image:url("/snort/images/transparentbg.png"); - z-index: 9999; - color: fff; + z-index: 9998; + color: #ffffff; +} + +.loadingRuleEditGUIDiv { + + position: absolute; + top: 2%; + left: 5%; + right: 5%; + bottom: 50%; + color: #ffffff; + z-index: 9999; + text-align: center; + } .loadingWaitingMessage { @@ -84,7 +117,7 @@ a { position: absolute; top: 25%; left: 50%; - color: #fff; + color: #ffffff; z-index: 9999; text-align: center; @@ -92,8 +125,8 @@ a { .listhdrr2 { background-color: #BBBBBB; - padding-right: 9px; - padding-left: 6px; + padding-right: 1px; + padding-left: 1px; font-weight: bold; border-right: 1px solid #999999; border-bottom: 1px solid #999999; diff --git a/config/snort-dev/images/loading.gif b/config/snort-dev/images/loading.gif Binary files differnew file mode 100644 index 00000000..cbc00f09 --- /dev/null +++ b/config/snort-dev/images/loading.gif diff --git a/config/snort-dev/javascript/snort_globalsend.js b/config/snort-dev/javascript/snort_globalsend.js index b8fde968..9f721053 100644 --- a/config/snort-dev/javascript/snort_globalsend.js +++ b/config/snort-dev/javascript/snort_globalsend.js @@ -1,30 +1,22 @@ jQuery.noConflict(); //prepare the form when the DOM is ready -jQuery(document).ready(function() { - +jQuery(document).ready(function() { + jQuery(".icon_click").live('mouseover', function() { jQuery(this).css('cursor', 'pointer'); }); //-------------------START Misc------------------------------------------- - - /* - * Gives you even true or false on even numbers - */ - window.isEven = function(someNumber) { - - return (someNumber%2 == 0) ? true : false; - - }; /*! Needs to be watched not my code <- IMPORTANT * JavaScript UUID Generator, v0.0.1 * * Copyright (c) 2009 Massimo Lombardo. * Dual licensed under the MIT and the GNU GPL licenses. - */ + */ + function genUUID() { var uuid = (function () { var i, @@ -47,40 +39,94 @@ jQuery(document).ready(function() { } }; } + + //-------------------START Misc GLOBAL WINDOW------------------------------------------- + // NOTE: try not to add to manny of thses + + /* + * Gives you even true or false on even numbers + */ + window.isEven = function(someNumber) { + + return (someNumber%2 == 0) ? true : false; + + }; + + /* + * Loop through object with timeout. + * NOTE: IE9 still has issues. Example : deleted rules (6000+ sigs). + * Break up heavy javascript intensive processing into smaller parts. Used to stop "browser Stop responding" warnings. + */ + + /* + function processLoop( actionFunc, numTimes, numWait, doneFunc ) { + var i = 0; + var f = function () { + if (i < numTimes) { + actionFunc( i++ ); // closure on i + setTimeout( f, numWait ); + } + else if (doneFunc) { + doneFunc(); + } + }; + f(); + } + */ + + window.incrementallyProcess = function(workerCallback, data, chunkSize, timeout, completionCallback) { + var i = 0; + (function() { + var remainingDataLength = (data.length - i); + var currentChunkSize = (remainingDataLength >= chunkSize) ? chunkSize : remainingDataLength; + if(i < data.length) { + while(currentChunkSize--) { + workerCallback(i++); + } + setTimeout(arguments.callee, timeout); + } else if(completionCallback) { + completionCallback(); + } + })(); + }; + + // Please wait code + window.hideLoading = function(thisLocation){ + jQuery(thisLocation).hide(); + }; + + // Please wait code + window.showLoading = function(thisLocation){ + jQuery(thisLocation).show(); + }; + //--------------------------- START select all code --------------------------- - jQuery('#select_all').live('click', function() { + jQuery('#select_all').live('click', function(){ checkAll(jQuery('.domecheck')); }); - jQuery('#deselect_all').live('click', function() { + jQuery('#deselect_all').live('click', function(){ uncheckAll(jQuery('.domecheck')); }); - function checkAll(field) - { - for (i = 0; i < field.length; i++) - { + function checkAll(field){ + for (i = 0; i < field.length; i++){ field[i].checked = true; } } - function uncheckAll(field) - { - for (i = 0; i < field.length; i++) - { + function uncheckAll(field){ + for (i = 0; i < field.length; i++){ field[i].checked = false; } } - - //--------------------------- STOP select all code -------------------------- - // -------------------------- START cancel form code ------------------------------------------- //jQuery('#cancel').click(function() { - jQuery('#cancel').live('click', function() { + jQuery('#cancel').live('click', function(){ location.reload(); @@ -94,15 +140,13 @@ jQuery(document).ready(function() { var NewRow_UUID = genUUID(); var rowNumCount = jQuery("#address").length; - if (rowNumCount > 0) - { + if (rowNumCount > 0){ // stop empty var prevAddressAll_ck = jQuery('tr[id^=maintable_]'); var prevAddress_ck = prevAddressAll_ck[prevAddressAll_ck.length-1].id; var prevAddressEmpty_ck = jQuery.trim(jQuery('#' + prevAddress_ck + ' #address').val()); - if (prevAddressEmpty_ck === '') - { + if (prevAddressEmpty_ck === ''){ return false; } } @@ -127,12 +171,11 @@ jQuery(document).ready(function() { // ------------------------------- START remove row element --------------------------------------- - function removeRow() - { + function removeRow(){ jQuery("#maintable_" + window.RemoveRow_UUID).remove(); } - jQuery(".icon_x").live('click', function() { + jQuery(".icon_x").live('click', function(){ var elem = getBaseElement(this.id); // this.id gets id of .icon_x @@ -142,8 +185,8 @@ jQuery(document).ready(function() { window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb; window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST; - if (window.RemoveRow_POST === 'true') // snort_interfaces_whitelist - { + // snort_interfaces_whitelist + if (window.RemoveRow_POST === 'true'){ if(confirm('Do you really want to delete this list? (e.g. snort rules will fall back to the default list)!')) { jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); @@ -155,8 +198,7 @@ jQuery(document).ready(function() { } // remove element NO post - if (window.RemoveRow_POST === 'false') - { + if (window.RemoveRow_POST === 'false'){ jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); @@ -169,15 +211,15 @@ jQuery(document).ready(function() { }); - function RMlistDBDelCall() { + function RMlistDBDelCall(){ return RemoveRow_DB; } - function RMlistTableDelCall() { + function RMlistTableDelCall(){ return RemoveRow_Table; } - function RMlistUuidDelCall() { + function RMlistUuidDelCall(){ return RemoveRow_UUID; } @@ -193,14 +235,13 @@ jQuery(document).ready(function() { } // post-submit callback if snort_json_post.php returns true or false - function showResponseRMlist(data) { + function showResponseRMlist(data){ //alert('test'); } - function getBaseElement(elem) - { + function getBaseElement(elem){ elem = elem + ""; var len = elem.length; var lPos = elem.lastIndexOf("_") * 1; @@ -229,7 +270,7 @@ jQuery(document).ready(function() { /* general form */ //jQuery('#iform').submit(function() { - jQuery('#iform, #iform2, #iform3').live('submit', function() { + jQuery('#iform, #iform2, #iform3').live('submit', function(){ jQuery(this).ajaxSubmit(options); @@ -241,10 +282,6 @@ jQuery(document).ready(function() { var queryString = jQuery.param(formData); - // Please wait code - function showLoading() { - jQuery("#loadingWaiting").show(); - } // call to please wait showLoading(); @@ -254,13 +291,9 @@ jQuery(document).ready(function() { return true; } - function hideLoading() - { - jQuery("#loadingWaiting").hide(); - } + - function downloadsnortlogs(data) - { + function downloadsnortlogs(data){ jQuery('.hiddendownloadlink').append('<iframe width="1" height="1" frameborder="0" src="/snort/snort_json_get.php?snortlogdownload=1&snortlogfilename=' + data.downloadfilename + '" ></iframe>'); var appendElem = jQuery('<br> <span>success...<span>'); @@ -270,36 +303,31 @@ jQuery(document).ready(function() { // After Save Calls display var appendElem = jQuery('<br> <span>success...<span>'); - function finnish() - { + function finnish(){ hideLoading(); appendElem.remove(); updatestarted = 1; } - function showResponse(data, responseText, statusText, xhr, $form) - { + function showResponse(data, responseText, statusText, xhr, $form){ // START of fill call to user if (responseText === 'success') { // snort logs download success - if (data.downloadfilename !== '' && data.snortdownload === 'success') - { + if (data.downloadfilename !== '' && data.snortdownload === 'success'){ downloadsnortlogs(data); } // succsess display - if (data.snortgeneralsettings === 'success' || data.snortdelete === 'success' || data.snortreset === 'success') - { + if (data.snortgeneralsettings === 'success' || data.snortdelete === 'success' || data.snortreset === 'success'){ // sucsses msg appendElem.appendTo('.loadingWaitingMessage'); // Clean up Waiting code finnish(); - if (data.snortUnhideTabs === 'true') - { + if (data.snortUnhideTabs === 'true'){ jQuery('.hide_newtabmenu').show(); } diff --git a/config/snort-dev/snortDBrules b/config/snort-dev/snortDBrules Binary files differindex 7a0acc3f..cd5da7e0 100644 --- a/config/snort-dev/snortDBrules +++ b/config/snort-dev/snortDBrules diff --git a/config/snort-dev/snort_head.inc b/config/snort-dev/snort_head.inc index 8f9bf9b4..6addeaaa 100644 --- a/config/snort-dev/snort_head.inc +++ b/config/snort-dev/snort_head.inc @@ -34,14 +34,6 @@ $pagetitle = gentitle( $pgtitle ); <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="apple-touch-icon" href="/themes/<?php echo $g['theme']; ?>/apple-touch-icon.png"/> - -<!-- snort custom javascript and css --> - -<?php include('/usr/local/pkg/snort/snort_headbase.inc'); ?> - -<!-- remove Only used to test conflicts --> - - <?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false && file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?> <?php echo "<style type=\"text/css\" src=\"/themes/{$g['theme']}/wizard.css\"></style>"; ?> @@ -55,7 +47,16 @@ $pagetitle = gentitle( $pgtitle ); <script type="text/javascript"> var theme = "<?php echo $g['theme']; ?>"; </script> - <?php echo "\t<script type=\"text/javascript\" src=\"/themes/{$g['theme']}/loader.js\"></script>\n"; ?> + <?php echo "\t<script type=\"text/javascript\" src=\"/themes/{$g['theme']}/loader.js\"></script>\n"; ?> + +<?php + //<!-- snort custom javascript and css --> + echo "\n"; + include('/usr/local/pkg/snort/snort_headbase.inc'); + echo "\n"; + //<!-- snort custom javascript and css --> +?> + <?php if($_GET['enablefirebuglite']) { echo "\t<script type=\"text/javascript\" src=\"/javascript/pi.js\"></script>\n"; @@ -85,7 +86,8 @@ $pagetitle = gentitle( $pgtitle ); closedir($dh); } } - + + if (!isset($closehead)) echo "</head>"; diff --git a/config/snort-dev/snort_headbase.inc b/config/snort-dev/snort_headbase.inc index 38165213..4cf02489 100644 --- a/config/snort-dev/snort_headbase.inc +++ b/config/snort-dev/snort_headbase.inc @@ -1,27 +1,17 @@ -<?php if ($config['version'] >= 6): ?> -<link rel="stylesheet" type="text/css" href="/themes/<?php echo $g['theme']; ?>/new_tab_menu.css"media="all"> -<?php else: ?> -<link rel="stylesheet" type="text/css" href="./css/new_tab_menu.css" media="all"> -<?php endif; ?> - -<link rel="stylesheet" type="text/css" href="./css/sexybuttons.css" media="all" /> -<link rel="stylesheet" type="text/css" href="./css/style_snort2.css" media="all" /> - -<?php -echo "\t<script type=\"text/javascript\" src=\"./javascript/jquery-1.6.min.js\"></script>\n"; +<!-- START of Snort Package css and javascript --> -echo "\t<script type=\"text/javascript\" src=\"./javascript/jquery.form.js\"></script>\n"; - - -//echo "\t<link href=\"./css/jquery.bubblepopup.v2.3.1.css\" rel=\"stylesheet\" type=\"text/css\" />\n"; -//echo "\t<script src=\"./javascript/jquery.bubblepopup.v2.3.1.min.js\" type=\"text/javascript\"></script>\n"; +<link rel="stylesheet" type="text/css" href="./css/style_snort2.css" media="all" /> +<!-- <link rel="stylesheet" type="text/css" href="./css/jquery.bubblepopup.v2.3.1.css" media="all" /> --> -echo "\t<script type=\"text/javascript\" src=\"./javascript/snort_globalsend.js\"></script>\n"; +<script type="text/javascript" src="./javascript/jquery-1.6.min.js"></script> +<script type="text/javascript" src="./javascript/snort_globalsend.js"></script> +<script type="text/javascript" src="./javascript/jquery.form.js"></script> +<!-- <script type="text/javascript" src="./javascript/jquery.bubblepopup.v2.3.1.min.js"></script> --> +<!-- STOP of Snort Package css and javascript --> -?> <?php // this has to be loaded at the bottom diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index aec03e3b..2eca2b80 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -169,7 +169,7 @@ jQuery(document).ready(function() { <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> - <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <div class="newtabmenu" style="margin: 1px 0px; width: 790px;"><!-- Tabbed bar code--> <ul class="newtabmenu"> <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> <li class="newtabmenu_active"><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> diff --git a/config/snort-dev/snort_json_get.php b/config/snort-dev/snort_json_get.php index f991f10b..a8cdcd2d 100644 --- a/config/snort-dev/snort_json_get.php +++ b/config/snort-dev/snort_json_get.php @@ -18,7 +18,17 @@ if ($_GET['snortlogdownload'] == 1) } +// send Json sid string +if ($_GET['snortGetSidString'] == 1) +{ + + // unset + unset($_GET['snortGetSidString']); + + // get the SID string from file + sendSidStringRuleEditGUI(); +} diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php index 2431beec..8cf72f67 100644 --- a/config/snort-dev/snort_json_post.php +++ b/config/snort-dev/snort_json_post.php @@ -11,55 +11,55 @@ if(isset($_POST['__csrf_magic'])) } // return codes -$snortJsonReturnCode_success = ' -{ -"snortgeneralsettings": "success" +$snortJsonReturnCode_success = '{"snortgeneralsettings":"success"}'; + +$snortJsonReturnCode_fail = '{"snortgeneralsettings":"fail"}'; + +function snortJsonReturnCode($returnStatus) +{ + if ($returnStatus == true) + { + echo '{"snortgeneralsettings":"success","snortUnhideTabs":"true"}'; + }else{ + echo '{"snortgeneralsettings":"fail"}'; + } } -'; -$snortJsonReturnCode_fail = ' +// row from db by uuid +if ($_POST['snortSidRuleEdit'] == 1) { -"snortgeneralsettings": "fail" + + unset($_POST['snortSidRuleEdit']); + + snortSidStringRuleEditGUI(); + } -'; - - function snortJsonReturnCode($returnStatus) - { - - if ($returnStatus == true) - { - echo ' - { - "snortgeneralsettings": "success", "snortUnhideTabs": "true" - } - '; - }else{ - echo ' - { - "snortgeneralsettings": "fail" - } - '; - } - - } - // row from db by uuid +// row from db by uuid if ($_POST['snortSaveRuleSets'] == 1) { - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); + if ($_POST['ifaceTab'] == 'snort_rulesets') + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSetList()); + + } + + + if ($_POST['ifaceTab'] == 'snort_rules') + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSigList()); + } - if(snortSql_updateRuleSetList($_POST['dbName'], $_POST['dbTable'], $_POST['filenamcheckbox'], $_POST['ifaceuuid'])) - { - echo $snortJsonReturnCode_success; - return true; - }else{ - echo $snortJsonReturnCode_fail; - return false; - } } // END of rulesSets diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc index a437db09..9f318af0 100644 --- a/config/snort-dev/snort_new.inc +++ b/config/snort-dev/snort_new.inc @@ -6,9 +6,250 @@ if(isset($_POST['__csrf_magic'])) unset($_POST['__csrf_magic']); } +// Wites selected sig to file +function snortSidStringRuleEditGUI() +{ + + $workingFile = '/usr/local/etc/snort/sn_' . $_POST['snortSidRuleIface'] . '/rules/' . $_POST['snortSidRuleFile']; + + $splitcontents = split_rule_file($workingFile); + + if (!empty($splitcontents)) + { + $sidLinePosPre = exec('/usr/bin/sed -n /sid:' . $_POST['snortSidNum'] . '\;/= ' . $workingFile); + $sidLinePos = $sidLinePosPre - 1; + + $splitcontents[$sidLinePos] = $_POST['sidstring']; + + + write_rule_file($splitcontents, $workingFile); + + return true; + } + + return false; + +} + +function sendSidStringRuleEditGUI() +{ + + $sidCall = exec('sed -n "/alert.*sid:' . $_GET['sid'] . ';.*/p" /usr/local/etc/snort/sn_' . $_GET['snortIface'] . '/rules/' . $_GET['snortRuleFile']); + $sidCallJsonFilter = escapeJsonString($sidCall); + + echo '{"sidstring":' . '"' . $sidCallJsonFilter . '","sid":' . '"' . $_GET['sid'] . '"}'; + return true; +} + + +function escapeJsonString($escapeString) +{ + $search = array('\\', '\n', '\r', '\u', '\t', '\f', '\b', '/', '"'); + $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', '\/', '\"'); + $encoded_string = str_replace($search, $replace, $escapeString); + + return $encoded_string; + +} + +// limit the length of the given string to $MAX_LENGTH char +function trimLength($s) { + + + $MAX_LENGTH = 13; + $str_to_count = $s; + if (strlen($str_to_count) <= $MAX_LENGTH) { + return $s; + } + + $s2 = substr($str_to_count, 0, $MAX_LENGTH - 3); + $s2 .= "..."; + return $s2; +} + + +// builds base array with sid etc.... +function newFilterRuleSig($baseruleArray) +{ + + function get_middle($source, $beginning, $ending, $init_pos) + { + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; + } + + + $i = 0; + $newSigArray[] = array(); + foreach ( $baseruleArray as $value ) + { + + // add sid + $newSigArray[$i]['sid'] = get_middle($value, 'sid:', ';', 0); + + // remove whitespaces + $rmWhitespaces = preg_replace('/\s\s+/', ' ', $value); + // remove whitespace betwin # aerrt + $rmAlertWhitespace = preg_replace('/^# alert/', '#alert', $rmWhitespaces); + $splitcontents = explode(' ', $rmAlertWhitespace); + + // enable or disable + if ($splitcontents[0] === '#alert') + { + $newSigArray[$i]['enable'] = 'off'; + }else{ + $newSigArray[$i]['enable'] = 'on'; + } + + // proto + $newSigArray[$i]['proto'] = $splitcontents[1]; + + // source + $newSigArray[$i]['src'] = trimLength($splitcontents[2]); + + // source port + $newSigArray[$i]['srcport'] = trimLength($splitcontents[3]); + + // Destination + $newSigArray[$i]['dst'] = trimLength($splitcontents[5]); + + // Destination port + $newSigArray[$i]['dstport'] = trimLength($splitcontents[6]); + + // sig message + $newSigArray[$i]['msg'] = get_middle($value, 'msg:"', '";', 0); + + $i++; + } + + return $newSigArray; +} + + +function split_rule_file($workingFile) +{ + $filehandle = fopen($workingFile, "r"); + $contents = fread($filehandle, filesize($workingFile)); + + fclose ($filehandle); + + $delimiter = "\n"; + + $splitcontents = explode($delimiter, $contents); + + return $splitcontents; +} + + +// write rule file to disk +function write_rule_file($content_changed, $received_file) +{ + //read snort file with writing enabled + $filehandle = fopen($received_file, "w"); + + //delimiter for each new rule is a new line + $delimiter = "\n"; + + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); + + //write data to file + fwrite($filehandle, $fullfile); + + //close file handle + fclose($filehandle); + +} // Save ruleSets settings +function snortSql_updateRuleSigList() +{ + + $snortDir = '/usr/local/etc/snort/sn_' . $_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] . '_' . $_SESSION['snort']['tmp']['snort_rules']['ifaceselected']; + + // selected snort rule file + $workingFile = $snortDir . '/rules/' . $_SESSION['snort']['tmp']['snort_rules']['rulefile']; + + $splitcontents = split_rule_file($workingFile); + + // open rule file and change enable/disable sids + function read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray) + { + + foreach ($splitcontents as $sigLine) + { + $replaceChars = array('/sid:/', '/;/'); + preg_match('/sid:[0-9]*;/', $sigLine, $matches); + $sidLine = preg_replace($replaceChars, '', $matches[0]); + + + if ($sidLine == '') + { + $tempstring[] = $sigLine; + }else{ + + if (in_array($sidLine, $enableSigsArray)) + { + $tempstring[] = str_replace("# alert", "alert", $sigLine); + } + + if (in_array($sidLine, $disableSigsArray)) + { + $tempstring[] = str_replace("alert", "# alert", $sigLine); + } + + if (!in_array($sidLine, $enableSigsArray) && !in_array($sidLine, $disableSigsArray)) + { + $tempstring[] = $sigLine; + } + } + } + + return $tempstring; + } + + // build user selected enbled and disabled arrays + $enableSigsArray = array(); + $disableSigsArray = array(); + + if (!isset($_POST['filenamcheckbox2'])) + { + $_POST['filenamcheckbox2'] = array(); + } + + $newFilterRuleSigArray = newFilterRuleSig($splitcontents); + + foreach ($newFilterRuleSigArray as $sigArray) + { + // enable sig + if(in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'off') + { + $enableSigsArray[] = $sigArray['sid']; + } + + // disable sig + if(!in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'on') + { + $disableSigsArray[] = $sigArray['sid']; + } + } + + // read rule file change disable/enable then write to file if arrays are not empty + if (!empty($enableSigsArray) || !empty($disableSigsArray)) + { + write_rule_file(read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray), $workingFile); + } + + return true; + + +} // END Save ruleSets settings + +// Save ruleSets settings function snortSql_updateRuleSetList($dbname, $table, $ruleSetfilenames, $ifaceuuid) { @@ -798,14 +1039,10 @@ function snortScanDirFilter($path, $filtername) { $filterDirList[] = $val; } - } - unset($listDir); - + unset($listDir); } - - return $filterDirList; - + return $filterDirList; } ?> diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php new file mode 100644 index 00000000..e030173d --- /dev/null +++ b/config/snort-dev/snort_rules.php @@ -0,0 +1,517 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Pfsense snort GUI + Copyright (C) 2008-2011 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars + +$uuid = $_GET['uuid']; +if (isset($_POST['uuid'])) +$uuid = $_POST['uuid']; + +if ($uuid == '') { + echo 'error: no uuid'; + exit(0); +} + +// unset Session tmp on page load +unset($_SESSION['snort']['tmp']); + +// list rules in the default dir +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); + +$snortRuleDir = '/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface']; + + // list rules in the default dir + $filterDirList = array(); + $filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '.rules'); + + // START read rule file + if ($_GET['openruleset']) + { + $rulefile = $_GET['openruleset']; + }else{ + $rulefile = $filterDirList[0]; + } + + $workingFile = $snortRuleDir . '/rules/' . $rulefile; + + //split the contents of the string file into an array using the delimiter + // used by rule gui edit and table build code + $splitcontents = split_rule_file($workingFile); + +function load_rule_file($incoming_file, $splitcontents) +{ + + //read snort file + $filehandle = fopen($incoming_file, "r"); + + //read file into string, and get filesize + $contents = fread($filehandle, filesize($incoming_file)); + + //close handler + fclose ($filehandle); + + + $pattern = '/(^alert |^# alert )/'; + foreach ( $splitcontents as $val ) + { + // remove whitespaces + $rmWhitespaces = preg_replace('/\s\s+/', ' ', $val); + + // filter none alerts + if (preg_match($pattern, $rmWhitespaces)) + { + $splitcontents2[] = $val; + } + + } + unset($splitcontents); + + return $splitcontents2; + +} + + //Load the rule file + $splitcontents2 = load_rule_file($workingFile, $splitcontents); + + $countSig = count($splitcontents2); + + if ($countSig > 0) + { + $newFilterRuleSigArray = newFilterRuleSig($splitcontents2); + } + + /* + * SET GLOBAL ARRAY $_SESSION['snort'] + */ + $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules'; + $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs'; + $_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] = $uuid; + $_SESSION['snort']['tmp']['snort_rules']['ifaceselected'] = $a_list['interface']; + $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile; + + +// find ./ -name test.txt | xargs grep "^disablesid 127 " + + $pgtitle = "Snort: Category: rule: $rulefile"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + + +<div id="loadingWaiting"> + <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p> +</div> + +<div id="loadingRuleEditGUI"> + + <div class="loadingRuleEditGUIDiv"> + <form id="iform2" action=""> + <input type="hidden" name="snortSidRuleEdit" value="1" /> + <input type="hidden" name="snortSidRuleIface" value="<?=$uuid . '_' . $a_list['interface']; ?>" /> <!-- what to do, save --> + <input type="hidden" name="snortSidRuleFile" value="<?=$rulefile; ?>" /> <!-- what to do, save --> + <input type="hidden" name="snortSidNum" value="" /> <!-- what to do, save --> + <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> + <tr> + <td> + <input name="save" type="submit" class="formbtn" id="save" value="Save" /> + <input type="button" class="formbtn closeRuleEditGUI" value="Close" > + </td> + </tr> + <tr> + <td> + <textarea id="sidstring" name="sidstring" wrap="off" style="width: 98%; margin: 7px;" rows="1" cols="" ></textarea> <!-- SID to EDIT --> + </td> + </tr> + <tr> + <td> + <textarea wrap="off" style="width: 98%; margin: 7px;" rows="<?php if(count($splitcontents) > 24){echo 24;}else{echo count($splitcontents);} ?>" cols="" disabled > + + <?php + + echo "\n"; + + foreach ($splitcontents as $sidLineGui) + + echo $sidLineGui . "\n"; + + + + ?> + </textarea> <!-- Display rule file --> + </td> + </tr> + </table> + <table width="100%" cellpadding="9" cellspacing="9" bgcolor="#eeeeee"> + <tr> + <td> + <input name="save" type="submit" class="formbtn" id="save" value="Save" /> + <input type="button" class="formbtn closeRuleEditGUI" value="Close" > + </td> + </tr> + </table> + </form> + </div> + + +</div> + +<?php include("fbegin.inc"); ?> + +<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> +<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0"></img></a></div> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + + <div class="newtabmenu" style="margin: 1px 0px; width: 790px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> + <li><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> + <li class="newtabmenu_active"><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> + <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> + <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> + <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> + </ul> + </div> + + </td> + </tr> + <tr> + <td id="tdbggrey"> + <div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> + <!-- START MAIN AREA --> + + + <!-- start Interface Satus --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="maintable77" > + <td colspan="2" valign="top" class="listtopic2"> + Category: + <select name="selectbox" class="formfld" > + <?php + $i=0; + foreach ($filterDirList as $value) + { + $selectedruleset = ''; + if ($value === $rulefile) + { + $selectedruleset = 'selected'; + } + + echo "\n" . '<option value="?uuid=' . $uuid . '&openruleset=' . $ruledir . $value . '" ' . $selectedruleset . ' >' . $value . '</option>' . "\r"; + + $i++; + + } + ?> + </select> + There are <?=$countSig; ?> rules in this category. + </td> + <td width="6%" colspan="2" valign="middle" class="listtopic3" > + <a href="snort_interfaces_edit.php?uuid=<?=$new_ruleUUID;?>"> + <img style="padding-left:3px;" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="add rule"> + </a> + </td> + </tr> + </table> +<br> + + <!-- Save all inputs --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <input id="select_all" type="button" class="formbtn" value="Select All" > + <input id="deselect_all" type="button" class="formbtn" value="Deselect All" > + </td> + </tr> + </table> + +<br> + + <!-- start User Interface --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="maintable77" > + <td colspan="2" valign="top" class="listtopic">Snort Signatures:</td> + </tr> + </table> + + <form id="iform" action=""> + <table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> + + <td class="list" colspan="8"></td> + <td class="list" valign="middle" > + + <tr id="frheader" > + <td width="1%" class="listhdrr2">On</td> + <td width="1%" class="listhdrr2">Sid</td> + <td width="1%" class="listhdrr2">Proto</td> + <td width="1%" class="listhdrr2">Src</td> + <td width="1%" class="listhdrr2">Port</td> + <td width="1%" class="listhdrr2">Dst</td> + <td width="1%" class="listhdrr2">Port</td> + <td width="20%" class="listhdrr2">Message</td> + <td width="1%" class="listhdrr2"> </td> + </tr> + <form id="iform" action="" > + <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save --> + <input type="hidden" name="ifaceTab" value="snort_rules" /> <!-- what interface tab --> + + <!-- START javascript sid loop here --> + <tbody class="rulesetloopblock"> + + + + </tbody> + <!-- STOP javascript sid loop here --> + + </td> + <td class="list" colspan="8"></td> + + </table> + <br> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input id="cancel" type="button" class="formbtn" value="Cancel"> + </td> + </tr> + </table> + <br> + </form> + + <!-- stop snortsam --> + + <!-- STOP MAIN AREA --> + </div> + </td> + </tr> +</table> +</form> +</div> + +<!-- start info box --> + +<br> + +<div style="width:790px; background-color: #dddddd;" id="mainarea4"> +<div style="width:780px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 10px;"> +<table class="vncell2" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> </td> + </tr> + <tr > + <td width="100%"> + <span class="red"><strong>Note:</strong></span> <br> + This is the <strong>Snort Rule Signature Viewer</strong>. + Please make sure not to add a <strong>whitespace</strong> before <strong>alert</strong> or <strong>#alert</strong>. + <br> + <br> + <span class="red"><strong>Warning:</strong></span> + <br> + <strong>New settings will not take effect until interface restart.</strong> + <br><br> + </td> + </tr> +</table> +</div> +</div> + + +<script type="text/javascript"> + + +//prepare the form when the DOM is ready +jQuery(document).ready(function() { + + // NOTE: needs to be watched + // change url on selected dropdown rule + jQuery('select[name=selectbox]').change(function() { + window.location.replace(jQuery(this).val()); + }); + +<?php + + /* + * NOTE: + * I could have used a php loop to build the table but I wanted to see if off loading to client is faster. + * Seems to be faster on embeded systems with low specs. On higher end systems there is no difference that I can see. + * WARNING: + * If Json string is to long browsers start asking to terminate javascript. + * FIX: + * Use julienlecomte()net/blog/2007/10/28/, the more reading I do about this subject it seems that off loading to a client is not recomended. + */ + if (!empty($newFilterRuleSigArray)) + { + $countSigList = count($newFilterRuleSigArray); + + echo "\n"; + + echo 'var snortObjlist = ['; + $i = 0; + foreach ($newFilterRuleSigArray as $val3) + { + + $i++; + + if ( $i !== $countSigList ) + {// + echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},'; + }else{ + echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}'; + } + } + + echo '];' . "\n"; + } + +?> + + // disable Row Append if row count is less than 0 + var countRowAppend = <?=$countSig; ?>; + + // if rowcount is not empty do this + if (countRowAppend > 0){ + + // if rowcount is more than 300 + if (countRowAppend > 200){ + // call to please wait + showLoading('#loadingWaiting'); + } + + + // Break up append row adds by chunks of 300 + // NOTE: ie9 is still giving me issues on deleted.rules 6000 sigs. I should break up the json code above into smaller parts. + incrementallyProcess(function (i){ + // loop code goes in here + //console.log('loop: ', i); + + if (isEven(i) === true){ + var rowIsEvenOdd = 'odd_ruleset2'; + }else{ + var rowIsEvenOdd = 'even_ruleset2'; + } + + if (snortObjlist[i].enable === 'on'){ + var rulesetChecked = 'checked'; + }else{ + var rulesetChecked = ''; + } + + jQuery('.rulesetloopblock').append( + + "\n" + '<tr valign="top" id="fr0">' + "\n" + + '<td class="' + rowIsEvenOdd + '">' + "\n" + + '<input class="domecheck" type="checkbox" name="filenamcheckbox2[]" value="' + snortObjlist[i].sid + '" ' + rulesetChecked + ' >' + "\n" + + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].sid + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].proto + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].src + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].srcport + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dst + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '" id="frd0" >' + snortObjlist[i].dstport + '</td>' + "\n" + + '<td class="listbg" id="frd0" ><font color="white">' + snortObjlist[i].msg + '</font></td>' + "\n" + + '<td class="' + rowIsEvenOdd+ '">' + "\n" + + '<img id="' + snortObjlist[i].sid + '" class="icon_click showeditrulegui" src="/themes/<?=$g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule">' + "\n" + + '</td>' + "\n" + + '</tr>' + "\n" + + ); + + }, + snortObjlist, // Object to work with the case Json object + 500, // chunk size + 200, // how many secs to wait + function (){ + // things that happen after the processing is done go here + // console.log('done!'); + + // if rowcount is more than 300 + if (countRowAppend > 200){ + // call to please wait + hideLoading('#loadingWaiting'); + } + + }); + } // end of if stopRowAppend + + // On click show rule edit GUI + jQuery('.showeditrulegui').live('click', function(){ + + // Get sid + jQuery.getJSON('/snort/snort_json_get.php', + { + "snortGetSidString": "1", + "snortIface": "<?=$uuid . '_' . $a_list['interface']; ?>", + "snortRuleFile": "<?=$rulefile; ?>", + "sid": jQuery(this).attr('id') + }, + function(data){ + jQuery("textarea#sidstring").val(data.sidstring); // add string to textarea + jQuery("input[name=snortSidNum]").val(data.sid); // add sid to input + showLoading('#loadingRuleEditGUI'); + }); + }); + + jQuery('.closeRuleEditGUI').live('click', function(){ + hideLoading('#loadingRuleEditGUI'); + }); + + +}); // end of document ready + +</script> + + +<!-- stop info box --> + +<!-- footer do not touch below --> +<?php +include("fend.inc"); +echo $snort_custom_rnd_box; +?> + + +</body> +</html> diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php new file mode 100644 index 00000000..9d41eb0b --- /dev/null +++ b/config/snort-dev/snort_rulesets.php @@ -0,0 +1,278 @@ +<?php +/* $Id$ */ +/* + snort_interfaces.php + part of m0n0wall (http://m0n0.ch/wall) + + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars + +$uuid = $_GET['uuid']; +if (isset($_POST['uuid'])) +$uuid = $_POST['uuid']; + +if ($uuid == '') { + echo 'error: no uuid'; + exit(0); +} + +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); + + // list rules in the default dir + $filterDirList = array(); + $filterDirList = snortScanDirFilter('/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'] . '/rules', '.rules'); + + // list rules in db that are on in a array + $listOnRules = array(); + $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'ifaceuuid', $uuid); + + if (!empty($listOnRules)) + { + foreach ( $listOnRules as $val2 ) + { + if ($val2['enable'] == 'on') + { + $rulesetOn[] = $val2['rulesetname']; + } + } + unset($listOnRules); + } + + $pgtitle = "Snort: Interface Rule Categories"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<script type="text/javascript"> + +//prepare the form when the DOM is ready +jQuery(document).ready(function() { + + <?php + /* + * NOTE: I could have used a php loop to build the table but off loading to client is faster + * use jQuery jason parse, make sure its in one line + */ + if (!empty($filterDirList)) + { + $countDirList = count($filterDirList); + + echo "\n"; + + echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [ '; + $i = 0; + foreach ($filterDirList as $val3) + { + + $i++; + + // if list ruleset is in the db ON mark it checked + $rulesetOnChecked = 'off'; + if(!empty($rulesetOn)) + { + if (in_array($val3, $rulesetOn)) + { + $rulesetOnChecked = 'on'; + } + } + + if ( $i !== $countDirList ) + { + echo '{"rule": ' . '"' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '}, '; + }else{ + echo '{"rule": "' . $val3 . '", ' . '"enable": ' . '"' . $rulesetOnChecked . '"' . '} '; + } + } + + echo ' ]}\');' . "\n"; + } + + + + ?> + + // loop through object, dont use .each in jQuery as its slow + if(snortObjlist.ruleSets.length > 0) + { + for (var i = 0; i < snortObjlist.ruleSets.length; i++) + { + + if (isEven(i) === true) + { + var rowIsEvenOdd = 'even_ruleset'; + }else{ + var rowIsEvenOdd = 'odd_ruleset'; + } + + if (snortObjlist.ruleSets[i].enable === 'on') + { + var rulesetChecked = 'checked'; + }else{ + var rulesetChecked = ''; + } + + jQuery('.rulesetloopblock').append( + "\n" + '<tr>' + "\n" + + '<td class="' + rowIsEvenOdd + '" align="center" valign="top" width="9%">' + "\n" + + ' <input class="domecheck" name="filenamcheckbox[]" value="' + snortObjlist.ruleSets[i].rule + '" type="checkbox" ' + rulesetChecked + ' >' + "\n" + + '</td>' + "\n" + + '<td class="' + rowIsEvenOdd + '">' + "\n" + + ' <a href="snort_rules.php?uuid=0&openruleset=//usr//local//etc//snort//snort_44035_em0//rules//attack-responses.rules">' + snortObjlist.ruleSets[i].rule + '</a>' + "\n" + + '</td>' + "\n" + + '</tr>' + "\n\n" + ); + }; + } + + +}); // end of document ready + +</script> + + + + +<div id="loadingWaiting"> + <p class="loadingWaitingMessage"><img src="./images/loading.gif" /> <br>Please Wait...</p> +</div> + +<?php include("fbegin.inc"); ?> + +<div class="body2"><!-- hack to fix the hardcoed fbegin link in header --> +<div id="header-left2"><a href="../index.php" id="status-link2"><img src="./images/transparent.gif" border="0" alt="transgif" ></img></a></div> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + + <div class="newtabmenu" style="margin: 1px 0px; width: 775px;"><!-- Tabbed bar code--> + <ul class="newtabmenu"> + <li><a href="/snort/snort_interfaces.php"><span>Snort Interfaces</span></a></li> + <li><a href="/snort/snort_interfaces_edit.php?uuid=<?=$uuid;?>"><span>If Settings</span></a></li> + <li class="newtabmenu_active"><a href="/snort/snort_rulesets.php?uuid=<?=$uuid;?>"><span>Categories</span></a></li> + <li><a href="/snort/snort_rules.php?uuid=<?=$uuid;?>"><span>Rules</span></a></li> + <li><a href="/snort/snort_define_servers.php?uuid=<?=$uuid;?>"><span>Servers</span></a></li> + <li><a href="/snort/snort_preprocessors.php?uuid=<?=$uuid;?>"><span>Preprocessors</span></a></li> + <li><a href="/snort/snort_barnyard.php?uuid=<?=$uuid;?>"><span>Barnyard2</span></a></li> + </ul> + </div> + + </td> + </tr> + <tr> + <td id="tdbggrey"> + <table width="100%" border="0" cellpadding="10px" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" > + <!-- START MAIN AREA --> + + + + <table width="100%" border="0" cellpadding="0" cellspacing="0" > + <tr> + <td> + </td> + <td> + <input id="select_all" type="button" class="formbtn" value="Select All" > + <input id="deselect_all" type="button" class="formbtn" value="Deselect All" > + </td> + </tr> + </table> + + <div id="checkboxdo" style="width:750px; margin-left: auto ; margin-right: auto ; padding-top: 10px; padding-bottom: 0px;"> + <form id="iform" action="" > + <input type="hidden" name="snortSaveRuleSets" value="1" /> <!-- what to do, save --> + <input type="hidden" name="dbName" value="snortDBrules" /> <!-- what db--> + <input type="hidden" name="dbTable" value="SnortruleSets" /> <!-- what db table--> + <input type="hidden" name="ifaceTab" value="snort_rulesets" /> <!-- what interface tab --> + <input type="hidden" name="ifaceuuid" value="<?=$uuid; ?>" /> <!-- what interface to save for --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + + <tr > + <td width="5%" class="listtopic">Enabled</td> + <td class="listtopic">Ruleset: Rules that end with "so.rules" are shared object rules.</td> + </tr> + <table class="rulesetbkg" width="100%"> + + <tbody class="rulesetloopblock" > + <!-- javscript loop table build here --> + </tbody> + + </table> + <table class="vncell1" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listtopic" >Check the rulesets that you would like Snort to load at startup.</td> + </tr> + </table> + <tr> + <td> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input id="cancel" type="button" class="formbtn" value="Cancel"> + </td> + </tr> + <tr> + <td width="78%"> + <span class="vexpl"><span class="red"><strong>Note:</strong></span> + Please save your settings before you click start.</span> + </td> + </tr> + + </table> + </form> + </div> + + <!-- STOP MAIN AREA --> + </table> + </td> + </tr> + </table> + </td> + </tr> +</table> +</div> + +<!-- footer do not touch below --> +<?php +include("fend.inc"); +echo $snort_custom_rnd_box; +?> + + +</body> +</html> + diff --git a/config/snort-dev/testing.php b/config/snort-dev/testing.php deleted file mode 100644 index f36a9edd..00000000 --- a/config/snort-dev/testing.php +++ /dev/null @@ -1,28 +0,0 @@ -<?php - -require_once("/usr/local/pkg/snort/snort_new.inc"); - -// set page vars - -$a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips'); - -$a_suppresslist = snortSql_fetchAllWhitelistTypes('SnortSuppress', ''); - -//$a_whitelist = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', '42770'); - - echo '<pre>' . "\n\n"; - - print_r($a_suppresst); - - //foreach ($a_whitelist as $value) - //{ - //echo $value['filename'] . "\n"; - //} - - echo "\n" . '</pre>'; - -?> - - - - |