aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/snort_download_rules.php53
-rw-r--r--config/snort-dev/snort_rules.php61
2 files changed, 94 insertions, 20 deletions
diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php
index 1554dd2c..8bcd20b7 100644
--- a/config/snort-dev/snort_download_rules.php
+++ b/config/snort-dev/snort_download_rules.php
@@ -545,15 +545,19 @@ if (file_exists("{$tmpfname}/so_rules/precompiled/FreeBSD-7.0/i386/2.8.4/")) {
/* TODO carry signature changes with the updates */
if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+if (!empty($config['installedpackages']['snort']['rule_sid_on'])) {
$enabled_sid_on = $config['installedpackages']['snort']['rule_sid_on'];
-$enabled_sid_on_array = split("\|\|", $enabled_sid_on);
+$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
foreach($enabled_sid_on_array as $enabled_item_on)
-$selected_sid_on_sections .= "enable $enabled_item_on\n";
+$selected_sid_on_sections .= "$enabled_item_on\n";
+ }
+if (!empty($config['installedpackages']['snort']['rule_sid_off'])) {
$enabled_sid_off = $config['installedpackages']['snort']['rule_sid_off'];
-$enabled_sid_off_array = split("\|\|", $enabled_sid_off);
+$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
foreach($enabled_sid_off_array as $enabled_item_off)
-$selected_sid_off_sections .= "disable $enabled_item_off\n";
+$selected_sid_off_sections .= "$enabled_item_off\n";
+ }
$snort_sid_text = <<<EOD
@@ -692,22 +696,43 @@ update_output_window(gettext("Please Wait..."));
exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort_bkup/rules > /usr/local/etc/snort_bkup/gen-msg.map");
/* Run oinkmaster to snort_wan and cp configs */
+/* If oinkmaster is not needed cp rules normally */
+/* TODO add per interface settings here */
if ($snort_md5_check_ok != on || $emerg_md5_check_chk_ok != on || $pfsense_md5_check_ok != on) {
+
+ if (empty($config['installedpackages']['snort']['rule_sid_on']) || empty($config['installedpackages']['snort']['rule_sid_off'])) {
update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
update_output_window(gettext("May take a while..."));
-exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
-exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/rules/");
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
-exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
+} else {
+ exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/generators {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/snort.conf {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/threshold.conf {$snortdir_wan}");
+ exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}");
+
+ /* oinkmaster.pl will convert saved changes for the new updates then we have to change #alert to # alert for the gui */
+ /* might have to add a sleep for 3sec for flash drives or old drives */
+ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort_bkup/oinkmaster.conf -o /usr/local/etc/snort/rules > /usr/local/etc/snort_bkup/oinkmaster.log");
+ sleep(2);
+ exec("/usr/local/bin/perl -pi -e 's/#alert/# alert/g' /usr/local/etc/snort/rules/*.rules");
+ }
}
/* php code to flush out cache some people are reportting missing files this might help */
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php
index 0ce9ca0d..fa4a5a4a 100644
--- a/config/snort-dev/snort_rules.php
+++ b/config/snort-dev/snort_rules.php
@@ -27,6 +27,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
require("guiconfig.inc");
+require("config.inc");
if(!is_dir("/usr/local/etc/snort/rules"))
header("Location: snort_rules.php", false);
@@ -200,10 +201,10 @@ if ($_POST)
}
if ($_POST['apply']) {
- stop_service("snort");
- sleep(2);
- start_service("snort");
- $savemsg = "The snort rules selections have been saved. Restarting Snort.";
+// stop_service("snort");
+// sleep(2);
+// start_service("snort");
+ $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab.";
$stopMsg = false;
}
@@ -250,6 +251,54 @@ else if ($_GET['act'] == "toggle")
$splitcontents = load_rule_file($file);
$stopMsg = true;
+
+ //write disable/enable sid to config.xml
+ if ($disabled == false) {
+ $string_sid = strstr($tempstring, 'sid:');
+ $sid_pieces = explode(";", $string_sid);
+ $sid_off_cut = $sid_pieces[0];
+ // sid being turned off
+ $sid_off = str_replace("sid:", "", $sid_off_cut);
+ // rule_sid_on registers
+ $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on'];
+ // if off sid is the same as on sid remove it
+ $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces");
+ // write the replace sid back as empty
+ $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old;
+ // rule sid off registers
+ $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off'];
+ // if off sid is the same as off sid remove it
+ $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces");
+ // write the replace sid back as empty
+ $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old;
+ // add sid off registers to new off sid
+ $config['installedpackages']['snort']['rule_sid_off'] = "||disablesid $sid_off" . $config['installedpackages']['snort']['rule_sid_off'];
+ write_config();
+ }
+ else
+ {
+ $string_sid = strstr($tempstring, 'sid:');
+ $sid_pieces = explode(";", $string_sid);
+ $sid_on_cut = $sid_pieces[0];
+ // sid being turned off
+ $sid_on = str_replace("sid:", "", $sid_on_cut);
+ // rule_sid_off registers
+ $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off'];
+ // if off sid is the same as on sid remove it
+ $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces");
+ // write the replace sid back as empty
+ $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old;
+ // rule sid on registers
+ $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on'];
+ // if on sid is the same as on sid remove it
+ $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces");
+ // write the replace sid back as empty
+ $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old;
+ // add sid on registers to new on sid
+ $config['installedpackages']['snort']['rule_sid_on'] = "||enablesid $sid_on" . $config['installedpackages']['snort']['rule_sid_on'];
+ write_config();
+ }
+
}
@@ -410,8 +459,8 @@ function go()
$counter2++;
$destination_port = $rule_content[$counter2];//destination port location
- $message = get_middle($tempstring, 'msg:"', '";', 0);
-
+ $message = get_middle($tempstring, 'msg:"', '";', 0);
+
echo "<tr>";
echo "<td class=\"listt\">";
echo $textss;