diff options
Diffstat (limited to 'config/snort-dev')
-rw-r--r-- | config/snort-dev/snort_download_rules.php | 53 | ||||
-rw-r--r-- | config/snort-dev/snort_rules.php | 61 |
2 files changed, 94 insertions, 20 deletions
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php index 1554dd2c..8bcd20b7 100644 --- a/config/snort-dev/snort_download_rules.php +++ b/config/snort-dev/snort_download_rules.php @@ -545,15 +545,19 @@ if (file_exists("{$tmpfname}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) { /* TODO carry signature changes with the updates */ if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { +if (!empty($config['installedpackages']['snort']['rule_sid_on'])) { $enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on']; -$enabled_sid_on_array = split("\|\|", $enabled_sid_on); +$enabled_sid_on_array = split('\|\|', $enabled_sid_on); foreach($enabled_sid_on_array as $enabled_item_on) -$selected_sid_on_sections .= "enable $enabled_item_on\n"; +$selected_sid_on_sections .= "$enabled_item_on\n"; + } +if (!empty($config['installedpackages']['snort']['rule_sid_off'])) { $enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off']; -$enabled_sid_off_array = split("\|\|", $enabled_sid_off); +$enabled_sid_off_array = split('\|\|', $enabled_sid_off); foreach($enabled_sid_off_array as $enabled_item_off) -$selected_sid_off_sections .= "disable $enabled_item_off\n"; +$selected_sid_off_sections .= "$enabled_item_off\n"; + } $snort_sid_text = <<<EOD @@ -692,22 +696,43 @@ update_output_window(gettext("Please Wait...")); exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/gen-msg.map"); /* Run oinkmaster to snort_wan and cp configs */ +/* If oinkmaster is not needed cp rules normally */ +/* TODO add per interface settings here */ if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) { + + if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) { update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules...")); update_output_window(gettext("May take a while...")); -exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); -exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); -exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); -exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); -exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); -exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); -exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}"); -exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}"); -exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/"); + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); -exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log"); +} else { + exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/generators {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/sid {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}"); + exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}"); + + /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */ + /* might have to add a sleep for 3sec for flash drives or old drives */ + exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log"); + sleep(2); + exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules"); + } } /* php code to flush out cache some people are reportting missing files this might help */ diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index 0ce9ca0d..fa4a5a4a 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -27,6 +27,7 @@ POSSIBILITY OF SUCH DAMAGE. */ require("guiconfig.inc"); +require("config.inc"); if(!is_dir("/usr/local/etc/snort/rules")) header("Location: snort_rules.php", false); @@ -200,10 +201,10 @@ if ($_POST) } if ($_POST['apply']) { - stop_service("snort"); - sleep(2); - start_service("snort"); - $savemsg = "The snort rules selections have been saved. Restarting Snort."; +// stop_service("snort"); +// sleep(2); +// start_service("snort"); + $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab."; $stopMsg = false; } @@ -250,6 +251,54 @@ else if ($_GET['act'] == "toggle") $splitcontents = load_rule_file($file); $stopMsg = true; + + //write disable/enable sid to config.xml + if ($disabled == false) { + $string_sid = strstr($tempstring, 'sid:'); + $sid_pieces = explode(";", $string_sid); + $sid_off_cut = $sid_pieces[0]; + // sid being turned off + $sid_off = str_replace("sid:", "", $sid_off_cut); + // rule_sid_on registers + $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; + // if off sid is the same as on sid remove it + $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces"); + // write the replace sid back as empty + $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old; + // rule sid off registers + $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off']; + // if off sid is the same as off sid remove it + $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces"); + // write the replace sid back as empty + $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old; + // add sid off registers to new off sid + $config['installedpackages']['snort']['rule_sid_off'] = "||disablesid $sid_off" . $config['installedpackages']['snort']['rule_sid_off']; + write_config(); + } + else + { + $string_sid = strstr($tempstring, 'sid:'); + $sid_pieces = explode(";", $string_sid); + $sid_on_cut = $sid_pieces[0]; + // sid being turned off + $sid_on = str_replace("sid:", "", $sid_on_cut); + // rule_sid_off registers + $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off']; + // if off sid is the same as on sid remove it + $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces"); + // write the replace sid back as empty + $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old; + // rule sid on registers + $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; + // if on sid is the same as on sid remove it + $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces"); + // write the replace sid back as empty + $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old; + // add sid on registers to new on sid + $config['installedpackages']['snort']['rule_sid_on'] = "||enablesid $sid_on" . $config['installedpackages']['snort']['rule_sid_on']; + write_config(); + } + } @@ -410,8 +459,8 @@ function go() $counter2++; $destination_port = $rule_content[$counter2];//destination port location - $message = get_middle($tempstring, 'msg:"', '";', 0); - + $message = get_middle($tempstring, 'msg:"', '";', 0); + echo "<tr>"; echo "<td class=\"listt\">"; echo $textss; |