diff options
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/css/style_snort2.css | 61 | ||||
-rw-r--r-- | config/snort-dev/javascript/snort_globalsend.js | 370 | ||||
-rw-r--r-- | config/snort-dev/snort_blocked.php | 5 | ||||
-rw-r--r-- | config/snort-dev/snort_headbase.inc | 8 | ||||
-rw-r--r-- | config/snort-dev/snort_interfaces.php | 2 | ||||
-rw-r--r-- | config/snort-dev/snort_json_post.php | 36 | ||||
-rw-r--r-- | config/snort-dev/snort_new.inc | 189 |
7 files changed, 461 insertions, 210 deletions
diff --git a/config/snort-dev/css/style_snort2.css b/config/snort-dev/css/style_snort2.css index 301d4411..91e63e88 100644 --- a/config/snort-dev/css/style_snort2.css +++ b/config/snort-dev/css/style_snort2.css @@ -6,6 +6,63 @@ a { } */ +.odd_ruleset2 { + background-color: #ffffff; + border-left: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-right: 6px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} + +.even_ruleset2 { + background-color: #eeeeee; + border-left: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-right: 6px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} + +.odd_ruleset { + + background-color: #eeeeee; + border-bottom-width: 1px; + border-bottom-style: solid; + border-bottom-color: #000; + border-right-width: 1px; + border-right-style: solid; + border-right-color: #000; + padding-left: 20px; + +} + +.even_ruleset { + + background-color: #ffffff; + border-bottom-width: 1px; + border-bottom-style: solid; + border-bottom-color: #000; + border-right-width: 1px; + border-right-style: solid; + border-right-color: #000; + padding-left: 20px; + +} + +.rulesetbkg { + background-color: #eeeeee; + padding-right: 0px; + padding-left: 0px; + border-bottom: 1px solid #999999; + font-size: 15px; +} + + .hiddendownloadlink { visibility:hidden; } @@ -35,7 +92,7 @@ a { .listhdrr2 { background-color: #BBBBBB; - padding-right: 13px; + padding-right: 9px; padding-left: 6px; font-weight: bold; border-right: 1px solid #999999; @@ -150,7 +207,7 @@ padding-bottom: 12px; .vncell2 { background-color: #eeeeee; - padding-right: 10px; + padding-right: 5px; padding-left: 8px; border-bottom: 1px solid #999999; font-size: 11px; diff --git a/config/snort-dev/javascript/snort_globalsend.js b/config/snort-dev/javascript/snort_globalsend.js index 9147cc25..b8fde968 100644 --- a/config/snort-dev/javascript/snort_globalsend.js +++ b/config/snort-dev/javascript/snort_globalsend.js @@ -7,6 +7,77 @@ jQuery(document).ready(function() { jQuery(this).css('cursor', 'pointer'); }); + //-------------------START Misc------------------------------------------- + + + /* + * Gives you even true or false on even numbers + */ + window.isEven = function(someNumber) { + + return (someNumber%2 == 0) ? true : false; + + }; + + /*! Needs to be watched not my code <- IMPORTANT + * JavaScript UUID Generator, v0.0.1 + * + * Copyright (c) 2009 Massimo Lombardo. + * Dual licensed under the MIT and the GNU GPL licenses. + */ + function genUUID() { + var uuid = (function () { + var i, + c = "89ab", + u = []; + for (i = 0; i < 36; i += 1) { + u[i] = (Math.random() * 16 | 0).toString(16); + } + u[8] = u[13] = u[18] = u[23] = ""; + u[14] = "4"; + u[19] = c.charAt(Math.random() * 4 | 0); + return u.join(""); + })(); + return { + toString: function () { + return uuid; + }, + valueOf: function () { + return uuid; + } + }; + } + + //--------------------------- START select all code --------------------------- + + jQuery('#select_all').live('click', function() { + checkAll(jQuery('.domecheck')); + }); + + jQuery('#deselect_all').live('click', function() { + uncheckAll(jQuery('.domecheck')); + }); + + function checkAll(field) + { + for (i = 0; i < field.length; i++) + { + field[i].checked = true; + } + } + + function uncheckAll(field) + { + for (i = 0; i < field.length; i++) + { + field[i].checked = false; + } + } + + //--------------------------- STOP select all code -------------------------- + + + // -------------------------- START cancel form code ------------------------------------------- //jQuery('#cancel').click(function() { jQuery('#cancel').live('click', function() { @@ -20,23 +91,21 @@ jQuery(document).ready(function() { jQuery(".icon_plus").live('click', function() { - var NewRow_UUID = genUUID(); - var rowNumCount = jQuery("#address").length; - - if (rowNumCount > 0) - { - // stop empty - var prevAddressAll_ck = jQuery('tr[id^=maintable_]'); - var prevAddress_ck = prevAddressAll_ck[prevAddressAll_ck.length-1].id; - var prevAddressEmpty_ck = jQuery('#' + prevAddress_ck + ' #address').val(); - var prevAddressEmpty_ck = jQuery.trim(prevAddressEmpty_ck); - - if (prevAddressEmpty_ck == '') - { - return false; - } + var NewRow_UUID = genUUID(); + var rowNumCount = jQuery("#address").length; + + if (rowNumCount > 0) + { + // stop empty + var prevAddressAll_ck = jQuery('tr[id^=maintable_]'); + var prevAddress_ck = prevAddressAll_ck[prevAddressAll_ck.length-1].id; + var prevAddressEmpty_ck = jQuery.trim(jQuery('#' + prevAddress_ck + ' #address').val()); - } + if (prevAddressEmpty_ck === '') + { + return false; + } + } jQuery('#listloopblock').append( "\n" + '<tr id="maintable_' + NewRow_UUID + '" ' + 'data-options=\'{"pagetable":"SnortWhitelist", "pagedb":"snortDB", "DoPOST":"false"}\' >' + '<td>' + @@ -56,6 +125,13 @@ jQuery(document).ready(function() { // ------------------------------- START remove row element --------------------------------------- + + + function removeRow() + { + jQuery("#maintable_" + window.RemoveRow_UUID).remove(); + } + jQuery(".icon_x").live('click', function() { var elem = getBaseElement(this.id); // this.id gets id of .icon_x @@ -66,16 +142,12 @@ jQuery(document).ready(function() { window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb; window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST; - if (window.RemoveRow_POST == 'true') // snort_interfaces_whitelist + if (window.RemoveRow_POST === 'true') // snort_interfaces_whitelist { if(confirm('Do you really want to delete this list? (e.g. snort rules will fall back to the default list)!')) { - - jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); - function removeRow() - { - jQuery("#maintable_" + window.RemoveRow_UUID).remove(); - } - + + jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); + setTimeout(removeRow, 600); jQuery(this).ajaxSubmit(optionsRMlist); // call POST return false; @@ -83,14 +155,11 @@ jQuery(document).ready(function() { } // remove element NO post - if (window.RemoveRow_POST == 'false') + if (window.RemoveRow_POST === 'false') { jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); - function removeRow() - { - jQuery("#maintable_" + window.RemoveRow_UUID).remove(); - } + setTimeout(removeRow, 600); return false; @@ -98,17 +167,8 @@ jQuery(document).ready(function() { } }); - - // declare variable for whitelist delete - var optionsRMlist = { - beforeSubmit: showRequestRMlist, - dataType: 'json', - success: showResponseRMlist, - type: 'POST', - data: { RMlistDelRow: '1', RMlistDB: RMlistDBDelCall, RMlistTable: RMlistTableDelCall, RMlistUuid: RMlistUuidDelCall }, - url: './snort_json_post.php' - }; + function RMlistDBDelCall() { return RemoveRow_DB; } @@ -135,7 +195,7 @@ jQuery(document).ready(function() { // post-submit callback if snort_json_post.php returns true or false function showResponseRMlist(data) { - //alert('test'); + //alert('test'); } @@ -150,35 +210,111 @@ jQuery(document).ready(function() { return {"base": baseElem, "index": index}; } + + + // declare variable for whitelist delete + var optionsRMlist = { + beforeSubmit: showRequestRMlist, + dataType: 'json', + success: showResponseRMlist, + type: 'POST', + data: { RMlistDelRow: '1', RMlistDB: RMlistDBDelCall, RMlistTable: RMlistTableDelCall, RMlistUuid: RMlistUuidDelCall }, + url: './snort_json_post.php' + }; + + // STOP remove row element // ------------------- START iform Submit/RETURN code --------------------------------------------- /* general form */ //jQuery('#iform').submit(function() { - jQuery('#iform').live('submit', function() { + jQuery('#iform, #iform2, #iform3').live('submit', function() { jQuery(this).ajaxSubmit(options); return false; }); - - /* general form2 */ - jQuery('#iform2').submit(function() { - jQuery(this).ajaxSubmit(options); - - return false; - }); - - /* general form3 */ - jQuery('#iform3').submit(function() { + // pre-submit callback + function showRequest(formData, jqForm, options) { + + var queryString = jQuery.param(formData); + + // Please wait code + function showLoading() { + jQuery("#loadingWaiting").show(); + } + // call to please wait + showLoading(); + + alert('About to submit: \n\n' + queryString); + + // call false to prevent the form + return true; + } + + function hideLoading() + { + jQuery("#loadingWaiting").hide(); + } + + function downloadsnortlogs(data) + { + jQuery('.hiddendownloadlink').append('<iframe width="1" height="1" frameborder="0" src="/snort/snort_json_get.php?snortlogdownload=1&snortlogfilename=' + data.downloadfilename + '" ></iframe>'); + + var appendElem = jQuery('<br> <span>success...<span>'); + appendElem.appendTo('.loadingWaitingMessage'); + setTimeout(hideLoading, 3000); + } + + // After Save Calls display + var appendElem = jQuery('<br> <span>success...<span>'); + function finnish() + { + hideLoading(); + appendElem.remove(); + updatestarted = 1; + } + + function showResponse(data, responseText, statusText, xhr, $form) + { - jQuery(this).ajaxSubmit(options); + // START of fill call to user + if (responseText === 'success') { + + // snort logs download success + if (data.downloadfilename !== '' && data.snortdownload === 'success') + { + downloadsnortlogs(data); + } + + // succsess display + if (data.snortgeneralsettings === 'success' || data.snortdelete === 'success' || data.snortreset === 'success') + { + // sucsses msg + appendElem.appendTo('.loadingWaitingMessage'); + + // Clean up Waiting code + finnish(); + + if (data.snortUnhideTabs === 'true') + { + jQuery('.hide_newtabmenu').show(); + } + + if (data.snortreset) {location.reload();} // hard refresh + + } + + // END of fill call to user + }else{ + // On FAIL get some info back + alert('responseText: \n' + data.responseText + 'FAIL'); + } + } + // END iform code - return false; - }); - // declare variable for iform var options = { beforeSubmit: showRequest, @@ -186,127 +322,7 @@ jQuery(document).ready(function() { success: showResponse, type: 'POST', url: './snort_json_post.php' - }; - -}); - -// pre-submit callback -function showRequest(formData, jqForm, options) { - - var queryString = jQuery.param(formData); - - // Please wait code - function showLoading() { - jQuery("#loadingWaiting").show(); - } - // call to please wait - showLoading(); - - alert('About to submit: \n\n' + queryString); - - // call false to prevent the form - return true; -} - -// post-submit callback -function showResponse(data, responseText, statusText, xhr, $form) { - - - function snortUnhideTabsCall() { - // unhide tabs for iface edit - if (data.snortUnhideTabs == 'true') - { - jQuery('.hide_newtabmenu').show(); - } - }; - - function hideLoading() { - jQuery("#loadingWaiting").hide(); - }; + }; - // START of fill call to user - if (responseText == 'success') { - - // snort logs download success - if (data.downloadfilename != '' && data.snortdownload == 'success') { - function downloadsnortlogs(){ - jQuery('.hiddendownloadlink').append('<iframe width="1" height="1" frameborder="0" src="./snort_json_get.php?snortlogdownload=1&snortlogfilename=' + data.downloadfilename + '></iframe>'); - var appendElem = jQuery('<br> <span>success...<span>'); - appendElem.appendTo('.loadingWaitingMessage'); - setTimeout(hideLoading, 3000); - } - downloadsnortlogs(); - } - - // succsess display - if (data.snortgeneralsettings == 'success' || data.snortdelete == 'success' || data.snortreset == 'success') - { - var appendElem = jQuery('<br> <span>success...<span>'); - appendElem.appendTo('.loadingWaitingMessage'); - - // After Save Calls display - function finnish() { - snortUnhideTabsCall(); - hideLoading(); - appendElem.remove(); - updatestarted = 1; - }; - setTimeout(finnish, 2000); - - if (data.snortreset) {location.reload();}; // hard refresh - - } - - - // END of fill call to user - }else{ - // On FAIL get some info back - alert('responseText: \n' + data.responseText + 'FAIL'); - } -} -// END iform code - - - -//-------------------START Misc------------------------------------------- - -/*! Needs to be watched not my code <- IMPORTANT -* JavaScript UUID Generator, v0.0.1 -* -* Copyright (c) 2009 Massimo Lombardo. -* Dual licensed under the MIT and the GNU GPL licenses. -*/ -function genUUID() { - var uuid = (function () { - var i, - c = "89ab", - u = []; - for (i = 0; i < 36; i += 1) { - u[i] = (Math.random() * 16 | 0).toString(16); - } - u[8] = u[13] = u[18] = u[23] = ""; - u[14] = "4"; - u[19] = c.charAt(Math.random() * 4 | 0); - return u.join(""); - })(); - return { - toString: function () { - return uuid; - }, - valueOf: function () { - return uuid; - } - }; -} - -//-----------------STOP Misc---------------------------------------------- - - - - - - - - - +}); // end of document ready diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php index c5400298..5e835c80 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/snort_blocked.php @@ -113,7 +113,10 @@ $brefresh_on = ($generalSettings['brefresh'] == 'on' ? 'checked' : ''); <span class="vexpl red"><strong>Warning:</strong></span><span class="vexpl"> all hosts will be removed.</span> </form> </td> - <div class="hiddendownloadlink"></div> + + <div class="hiddendownloadlink"> + </div> + </tr> <tr> <td class="vncell2" valign="center"><span class="vexpl">Auto Refresh and Log View</span></td> diff --git a/config/snort-dev/snort_headbase.inc b/config/snort-dev/snort_headbase.inc index 8176b4bf..38165213 100644 --- a/config/snort-dev/snort_headbase.inc +++ b/config/snort-dev/snort_headbase.inc @@ -10,15 +10,15 @@ <?php -//echo "\t<script type=\"text/javascript\" src=\"./javascript/jquery-1.6.min.js\"></script>\n"; +echo "\t<script type=\"text/javascript\" src=\"./javascript/jquery-1.6.min.js\"></script>\n"; -//echo "\t<script type=\"text/javascript\" src=\"./javascript/jquery.form.js\"></script>\n"; +echo "\t<script type=\"text/javascript\" src=\"./javascript/jquery.form.js\"></script>\n"; //echo "\t<link href=\"./css/jquery.bubblepopup.v2.3.1.css\" rel=\"stylesheet\" type=\"text/css\" />\n"; //echo "\t<script src=\"./javascript/jquery.bubblepopup.v2.3.1.min.js\" type=\"text/javascript\"></script>\n"; -//echo "\t<script type=\"text/javascript\" src=\"./javascript/snort_globalsend.js\"></script>\n"; +echo "\t<script type=\"text/javascript\" src=\"./javascript/snort_globalsend.js\"></script>\n"; ?> @@ -26,7 +26,7 @@ <?php // this has to be loaded at the bottom $snort_custom_rnd_box = ' -<script> +<script type="text/javascript" > /* makes boxes round */ /* load at bottom */ NiftyCheck(); diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index fba6c028..56e4a600 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -36,7 +36,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); -$new_ruleUUID = genAlphaNumMixFast(28, 28); +$new_ruleUUID = genAlphaNumMixFast(7, 8); $a_interfaces = snortSql_fetchAllInterfaceRules('Snortrules', 'snortDBrules'); diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php index 3fea91c0..2431beec 100644 --- a/config/snort-dev/snort_json_post.php +++ b/config/snort-dev/snort_json_post.php @@ -43,6 +43,25 @@ $snortJsonReturnCode_fail = ' } + + // row from db by uuid +if ($_POST['snortSaveRuleSets'] == 1) +{ + + // unset POSTs that are markers not in db + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + if(snortSql_updateRuleSetList($_POST['dbName'], $_POST['dbTable'], $_POST['filenamcheckbox'], $_POST['ifaceuuid'])) + { + echo $snortJsonReturnCode_success; + return true; + }else{ + echo $snortJsonReturnCode_fail; + return false; + } + +} // END of rulesSets // row from db by uuid if ($_POST['RMlistDelRow'] == 1) @@ -161,6 +180,23 @@ if ($_POST['snortSaveSettings'] == 1) // convert textbox to base64 $_POST['configpassthru'] = base64_encode($_POST['configpassthru']); + + /* + * make dir for the new iface + * may need to move this as a func to new_snort,inc + */ + if (!is_dir('/usr/local/etc/snort/sn_' . $_POST['uuid'] . '_' . $_POST['interface'])) + { + $newSnortDirCraete = 'mkdir -p /usr/local/etc/snort/sn_' . $_POST['uuid'] . '_' . $_POST['interface']; + exec($newSnortDirCraete); + // NOTE: code only works on php5 + $listRulesDir = snortScanDirFilter('/usr/local/etc/snort/rules', '.rules'); + if (!empty($listRulesDir) && file_exists('/usr/local/etc/snort/base_rules.tar.gz')) + { + $newSnortDir = 'sn_' . $_POST['uuid'] . '_' . $_POST['interface']; + exec('/usr/bin/tar xvfz /usr/local/etc/snort/base_rules.tar.gz ' . '-C /usr/local/etc/snort/' . $newSnortDir); + } + } } diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc index b16ec6fc..a437db09 100644 --- a/config/snort-dev/snort_new.inc +++ b/config/snort-dev/snort_new.inc @@ -7,6 +7,92 @@ if(isset($_POST['__csrf_magic'])) } + +// Save ruleSets settings +function snortSql_updateRuleSetList($dbname, $table, $ruleSetfilenames, $ifaceuuid) +{ + + $addDate = date(U); + + // do let user pick the DB path + $db = sqlite_open("/usr/local/pkg/snort/{$dbname}"); + + if (empty($ruleSetfilenames)) + { + $ruleSetfilenames = array(); + } + + // foreach selected rulesets do this + if (!empty($ruleSetfilenames)) + { + foreach ($ruleSetfilenames as $ruleSetfilename) + { + + $resultid = sqlite_query($db, + "SELECT id, enable FROM {$table} WHERE rulesetname = '{$ruleSetfilename}' and ifaceuuid = '{$ifaceuuid}'; + "); + + $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); + + if (empty($chktable)) + { + + $rulesetUuid = genAlphaNumMixFast(11, 14); + + $query_ck = sqlite_query($db, // @ supress warnings usonly in production + "INSERT INTO {$table} (date, uuid, ifaceuuid, rulesetname, enable) VALUES ('{$addDate}', '{$rulesetUuid}', '{$ifaceuuid}', '{$ruleSetfilename}', 'on'); + "); + + }else{ + if ($chktable[0]['enable'] == 'off') + { + $query_ck = sqlite_query($db, // @ supress warnings usonly in production + "UPDATE {$table} SET enable = 'on' WHERE id = '{$chktable[0]['id']}'; + "); + } + } + } + } // end foreach if + + + // clean database of old names and turn rulesets off + $listDir = snortScanDirFilter('/usr/local/etc/snort/rules/', '.rules'); + + $resultAllRulesetname = sqlite_query($db, + "SELECT rulesetname FROM {$table} WHERE ifaceuuid = '{$ifaceuuid}'; + "); + + $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC); + + + if (!empty($chktable2)) + { + foreach ($chktable2 as $value) + { + + if(!in_array($value['rulesetname'], $listDir)) + { + $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production + "DELETE FROM {$table} WHERE rulesetname = '{$value['rulesetname']}' and ifaceuuid = '{$ifaceuuid}'; + "); + } + + if(!in_array($value['rulesetname'], $ruleSetfilenames)) + { + $ruleSetisOff = sqlite_query($db, // @ supress warnings usonly in production + "UPDATE {$table} SET enable = 'off' WHERE rulesetname = '{$value['rulesetname']}' and ifaceuuid = '{$ifaceuuid}'; + "); + } + } + } + + sqlite_close($db); + + return true; + +} // END Save ruleSets settings + + function snortSql_fetchAllInterfaceRules($table, $dbname) { // do let user pick the DB path @@ -29,32 +115,54 @@ function snortSql_fetchAllInterfaceRules($table, $dbname) function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid) { - if ($table == '') - { - return false; - } - - $db = sqlite_open("/usr/local/pkg/snort/$dbname"); - - if ($type == 'id') - { - $result = sqlite_query($db, - "SELECT * FROM {$table} where id = '{$id_uuid}'; - "); - } - - if ($type == 'uuid') - { - $result = sqlite_query($db, - "SELECT * FROM {$table} where uuid = '{$id_uuid}'; - "); - } + if ($dbname == '' || $table == '' || $type == '') + { + return false; + } + + $db = sqlite_open("/usr/local/pkg/snort/$dbname"); - $chktable = sqlite_fetch_array($result, SQLITE_ASSOC); + if ($type == 'All') + { + $result = sqlite_query($db, + "SELECT * FROM {$table} WHERE id > 0; + "); + } + + if ($type == 'id') + { + $result = sqlite_query($db, + "SELECT * FROM {$table} where id = '{$id_uuid}'; + "); + } + + if ($type == 'uuid') + { + $result = sqlite_query($db, + "SELECT * FROM {$table} where uuid = '{$id_uuid}'; + "); + } - sqlite_close($db); - - return $chktable; + if ($type == 'ifaceuuid') + { + $result = sqlite_query($db, + "SELECT * FROM {$table} where ifaceuuid = '{$id_uuid}'; + "); + } + + if ($type == 'id' || $type == 'uuid') + { + $chktable = sqlite_fetch_array($result, SQLITE_ASSOC); + } + + if ($type == 'All' || $type == 'ifaceuuid') + { + $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); + } + + sqlite_close($db); + + return $chktable; } // end func @@ -669,5 +777,36 @@ function genAlphaNumMixFast($min = 14, $max = 28) } +// scan a dir, build array with filetr +function snortScanDirFilter($path, $filtername) +{ + // list rules in the default dir + $listDir = array(); + $listDir = scandir("{$path}"); + + if ($filtername == '') + { + + return $listDir; + + }else{ + + $pattern = "/{$filtername}/"; + foreach ( $listDir as $val ) + { + if (preg_match($pattern, $val)) + { + $filterDirList[] = $val; + } + + } + unset($listDir); + + } + + return $filterDirList; + +} + +?> -?>
\ No newline at end of file |