diff options
Diffstat (limited to 'config/snort/snort_rules.php')
| -rwxr-xr-x[-rw-r--r--] | config/snort/snort_rules.php | 749 |
1 files changed, 398 insertions, 351 deletions
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 871eb39e..f332a96d 100644..100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -1,43 +1,46 @@ <?php /* - snort_rules.php - Copyright (C) 2004, 2005 Scott Ullrich - Copyright (C) 2008, 2009 Robert Zelaya - Copyright (C) 2011 Ermal Luci - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * snort_rules.php + * + * Copyright (C) 2004, 2005 Scott Ullrich + * Copyright (C) 2008, 2009 Robert Zelaya + * Copyright (C) 2011 Ermal Luci + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $flowbit_rules_file; + +$snortdir = SNORTDIR; +$rules_map = array(); if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); -$a_nat = &$config['installedpackages']['snortglobal']['rule']; +$a_rule = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) @@ -47,182 +50,193 @@ if (is_null($id)) { exit; } -if (isset($id) && $a_nat[$id]) { - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; +if (isset($id) && $a_rule[$id]) { + $pconfig['enable'] = $a_rule[$id]['enable']; + $pconfig['interface'] = $a_rule[$id]['interface']; + $pconfig['rulesets'] = $a_rule[$id]['rulesets']; + if (!empty($a_rule[$id]['customrules'])) + $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); +} + +function truncate($string, $length) { + + /******************************** + * This function truncates the * + * passed string to the length * + * specified adding ellipsis if * + * truncation was necessary. * + ********************************/ + if (strlen($string) > $length) + $string = substr($string, 0, ($length - 3)) . "..."; + return $string; } /* convert fake interfaces to real */ $if_real = snort_get_real_interface($pconfig['interface']); -$iface_uuid = $a_nat[$id]['uuid']; - -/* Check if the rules dir is empy if so warn the user */ -/* TODO give the user the option to delete the installed rules rules */ -if (!is_dir("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules")) - exec("/bin/mkdir -p /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules"); - -$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); -if ($isrulesfolderempty == "") { - $isrulesfolderempty = exec("ls -A /usr/local/etc/snort/rules/*.rules"); - if ($isrulesfolderempty == "") { - include_once("head.inc"); - include_once("fbegin.inc"); - - echo "<body link=\"#000000\" vlink=\"#000000\" alink=\"#000000\">"; - - if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - - echo "<table width=\"99%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n"; - - $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); - echo "</td>\n - </tr>\n - <tr>\n - <td>\n - <div id=\"mainarea\">\n - <table id=\"maintable\" class=\"tabcont\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n - <tr>\n - <td>\n - # The rules directory is empty.\n - </td>\n - </tr>\n - </table>\n - </div>\n - </td>\n - </tr>\n - </table>\n - \n - </form>\n - \n - <p>\n\n"; - - echo "Please click on the Update Rules tab to install your selected rule sets."; - include("fend.inc"); - - echo "</body>"; - echo "</html>"; - - exit(0); - } else { - /* Make sure that we have the rules */ - mwexec("/bin/cp /usr/local/etc/snort/rules/*.rules /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules", true); - } -} +$snort_uuid = $a_rule[$id]['uuid']; +$snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; +$emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; +$categories = explode("||", $pconfig['rulesets']); -function get_middle($source, $beginning, $ending, $init_pos) { - $beginning_pos = strpos($source, $beginning, $init_pos); - $middle_pos = $beginning_pos + strlen($beginning); - $ending_pos = strpos($source, $ending, $beginning_pos); - $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); - return $middle; -} +if ($_GET['openruleset']) + $currentruleset = $_GET['openruleset']; +else if ($_POST['openruleset']) + $currentruleset = $_POST['openruleset']; +else + $currentruleset = $categories[0]; -function write_rule_file($content_changed, $received_file) -{ - @file_put_contents($received_file, implode("\n", $content_changed)); +if (empty($categories[0]) && ($currentruleset != "custom.rules")) { + if (!empty($a_rule[$id]['ips_policy'])) + $currentruleset = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); + else + $currentruleset = "custom.rules"; } -function load_rule_file($incoming_file) -{ - //read file into string, and get filesize - $contents = @file_get_contents($incoming_file); - - //split the contents of the string file into an array using the delimiter - return explode("\n", $contents); +$ruledir = "{$snortdir}/rules"; +$rulefile = "{$ruledir}/{$currentruleset}"; +if ($currentruleset != 'custom.rules') { + // Read the current rules file into our rules map array. + // Test for the special case of an IPS Policy file. + if (substr($currentruleset, 0, 10) == "IPS Policy") + $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); + elseif (!file_exists($rulefile)) + $input_errors[] = "{$currentruleset} seems to be missing!!! Please go to the Category tab and save again the rule to regenerate it."; + else + $rules_map = snort_load_rules_map($rulefile); } -$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; -//$ruledir = "/usr/local/etc/snort/rules/"; -$dh = opendir($ruledir); -while (false !== ($filename = readdir($dh))) -{ - //only populate this array if its a rule file - $isrulefile = strstr($filename, ".rules"); - if ($isrulefile !== false) - $files[] = basename($filename); -} -sort($files); +/* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ +$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on'], "enablesid"); +$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off'], "disablesid"); -if ($_GET['openruleset']) - $rulefile = $_GET['openruleset']; -else - $rulefile = $ruledir.$files[0]; +if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { -//Load the rule file -$splitcontents = load_rule_file($rulefile); + // Get the SID tag embedded in the clicked rule icon. + $sid= $_GET['ids']; -if ($_GET['act'] == "toggle" && $_GET['ids']) { + // See if the target SID is in our list of modified SIDs, + // and toggle it if present; otherwise, add it to the + // appropriate list. + if (isset($enablesid[$sid])) { + unset($enablesid[$sid]); + if (!isset($disablesid[$sid])) + $disablesid[$sid] = "disablesid"; + } + elseif (isset($disablesid[$sid])) { + unset($disablesid[$sid]); + if (!isset($enablesid[$sid])) + $enablesid[$sid] = "enablesid"; + } + else { + if ($rules_map[1][$sid]['disabled'] == 1) + $enablesid[$sid] = "enablesid"; + else + $disablesid[$sid] = "disablesid"; + } - $lineid= $_GET['ids']; + // Write the updated enablesid and disablesid values to the config file. + $tmp = ""; + foreach ($enablesid as $k => $v) { + $tmp .= "||{$v} {$k}"; + } + if (!empty($tmp)) + $a_rule[$id]['rule_sid_on'] = $tmp; + else + unset($a_rule[$id]['rule_sid_on']); + $tmp = ""; + foreach ($disablesid as $k => $v) { + $tmp .= "||{$v} {$k}"; + } + if (!empty($tmp)) + $a_rule[$id]['rule_sid_off'] = $tmp; + else + unset($a_rule[$id]['rule_sid_off']); - //copy rule contents from array into string - $tempstring = $splitcontents[$lineid]; + /* Update the config.xml file. */ + write_config(); - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); + exit; +} - $findme = "# alert"; //find string for disabled alerts - $disabled = strstr($tempstring, $findme); +if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { - //if find alert is false, then rule is disabled - if ($disabled !== false) { - //rule has been enabled - $tempstring = substr($tempstring, 2); - } else - $tempstring = "# ". $tempstring; + // Reset any modified SIDs in the current rule category to their defaults. + foreach (array_keys($rules_map) as $k1) { + foreach (array_keys($rules_map[$k1]) as $k2) { + if (isset($enablesid[$k2])) + unset($enablesid[$k2]); + if (isset($disablesid[$k2])) + unset($disablesid[$k2]); + } + } - //copy string into array for writing - $splitcontents[$lineid] = $tempstring; + // Write the updated enablesid and disablesid values to the config file. + $tmp = ""; + foreach ($enablesid as $k => $v) { + $tmp .= "||{$v} {$k}"; + } + if (!empty($tmp)) + $a_rule[$id]['rule_sid_on'] = $tmp; + else + unset($a_rule[$id]['rule_sid_on']); + $tmp = ""; + foreach ($disablesid as $k => $v) { + $tmp .= "||{$v} {$k}"; + } + if (!empty($tmp)) + $a_rule[$id]['rule_sid_off'] = $tmp; + else + unset($a_rule[$id]['rule_sid_off']); + write_config(); - //write the new .rules file - write_rule_file($splitcontents, $rulefile); + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); + exit; +} - //write disable/enable sid to config.xml - $sid = get_middle($tempstring, 'sid:', ';', 0); - if (is_numeric($sid)) { - // rule_sid_on registers - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); - if ($disabled === false) - $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; - else - $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; - } +if ($_GET['act'] == "resetall" && !empty($rules_map)) { + // Remove all modified SIDs from config.xml and save the changes. + unset($a_rule[$id]['rule_sid_on']); + unset($a_rule[$id]['rule_sid_off']); + + /* Update the config.xml file. */ write_config(); - header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}"); + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } -$currentruleset = basename($rulefile); - -$ifname = strtoupper($pconfig['interface']); +if ($_POST['customrules']) { + $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); + write_config(); + sync_snort_package_config(); + $output = ""; + $retcode = ""; + exec("snort -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -T 2>&1", $output, $retcode); + if (intval($retcode) != 0) { + $error = ""; + $start = count($output); + $end = $start - 4; + for($i = $start; $i > $end; $i--) + $error .= $output[$i]; + $input_errors[] = "Custom rules have errors:\n {$error}"; + } else { + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); + exit; + } +} else if ($_POST) { + unset($a_rule[$id]['customrules']); + write_config(); + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); + exit; +} require_once("guiconfig.inc"); include_once("head.inc"); -$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; +$if_friendly = snort_get_friendly_interface($pconfig['interface']); +$pgtitle = "Snort: {$if_friendly} Category: $currentruleset"; ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -230,9 +244,16 @@ $pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; include("fbegin.inc"); if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} -echo "{$snort_general_css}\n"; +/* Display message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} + +if ($savemsg) { + print_info_box($savemsg); +} + ?> -<form action="snort_rules.php" method="post" name="iform" id="iform"> <script language="javascript" type="text/javascript"> function go() @@ -255,203 +276,229 @@ function popup(url) } </script> -<table style="table-layout:fixed;" width="99%" border="0" cellpadding="0" cellspacing="0"> +<form action="/snort/snort_rules.php" method="post" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php $tab_array = array(); - $tabid = 0; - $tab_array[$tabid] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); - $tabid++; - $tab_array[$tabid] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tabid++; - $tab_array[$tabid] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); + $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array(gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); ?> </td></tr> <tr> <td> - <div id="mainarea2"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listt" colspan="8"> - <br>Category: - <select id="selectbox" name="selectbox" class="formfld" onChange="go()"> - <?php - foreach ($files as $value) { - echo "<option value='?id={$id}&openruleset={$ruledir}{$value}' "; - if ($value === $currentruleset) - echo "selected"; - echo ">{$value}</option>\n"; - } - ?> - </select> - </td> - </tr> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="5%" class="listhdr">SID</td> - <td width="6%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> - <td width="10%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> - <td width="10%" class="listhdrr">Port</td> - <td width="32%" class="listhdrr">Message</td> - </tr> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="3%" class="list"> </td> + <td class="listhdr" colspan="4"> + <br/>Category: + <select id="selectbox" name="selectbox" class="formselect" onChange="go()"> + <option value='?id=<?=$id;?>&openruleset=custom.rules'>custom.rules</option> <?php - foreach ( $splitcontents as $counter => $value ) - { - $disabled = "False"; - $comments = "False"; - $findme = "# alert"; //find string for disabled alerts - $disabled_pos = strstr($value, $findme); - - $counter2 = 1; - $sid = get_middle($value, 'sid:', ';', 0); - //check to see if the sid is numberical - if (!is_numeric($sid)) + $files = explode("||", $pconfig['rulesets']); + if ($a_rule[$id]['ips_policy_enable'] == 'on') + $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); + natcasesort($files); + foreach ($files as $value) { + if ($snortdownload != 'on' && substr($value, 0, 6) == "snort_") continue; - - //if find alert is false, then rule is disabled - if ($disabled_pos !== false){ - $counter2 = $counter2+1; - $textss = "<span class=\"gray\">"; - $textse = "</span>"; - $iconb = "icon_block_d.gif"; - - $ischecked = ""; - } else { - $textss = $textse = ""; - $iconb = "icon_block.gif"; - - $ischecked = "checked"; - } - - $rule_content = explode(' ', $value); - - $protocol = $rule_content[$counter2];//protocol location - $counter2++; - $source = substr($rule_content[$counter2], 0, 20) . "...";//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - if (strstr($value, 'msg: "')) - $message = get_middle($value, 'msg: "', '";', 0); - else if (strstr($value, 'msg:"')) - $message = get_middle($value, 'msg:"', '";', 0); - - echo "<tr><td class=\"listt\"> $textss\n"; - ?> - <a href="?id=<?=$id;?>&openruleset=<?=$rulefile;?>&act=toggle&ids=<?=$counter;?>"><img - src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" - width="10" height="10" border="0" - title="click to toggle enabled/disabled status"></a> - <!-- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)"> --> - <!-- TODO: add checkbox and save so that that disabling is nicer --> - <?php - echo "$textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $sid - $textse - </td> - <td width='6%' class=\"listlr\"> - $textss - $protocol"; - echo "$textse - </td> - <td width='20%' class=\"listlr\"> - $textss - $source - $textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $source_port - $textse - </td> - <td width='20%' class=\"listlr\"> - $textss - $destination - $textse - </td> - <td width='5%' class=\"listlr\"> - $textss - $destination_port - $textse - </td> - <td width='30%' class=\"listbg\"><font color=\"white\"> - $textss - $message - $textse - </td>"; - ?> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="javascript: void(0)" - onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$rulefile;?>&ids=<?=$counter;?>')"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - title="edit rule" width="17" height="17" border="0"></a></td> - <!-- Codes by Quackit.com --> - </tr> - </table> - </td> - <?php + if ($emergingdownload != 'on' && substr($value, 0, 8) == "emerging") + continue; + if (empty($value)) + continue; + echo "<option value='?id={$id}&openruleset={$value}' "; + if ($value == $currentruleset) + echo "selected"; + echo ">{$value}</option>\n"; } ?> - - </table> + </select> + <br/> + </td> + <td class="listhdr" colspan="3" valign="middle"> +<?php if ($currentruleset != 'custom.rules'): ?> + <?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'> + <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' + onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' + title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'></a>"?> + <?php echo gettext("Remove Enable/Disable changes in the current Category");?><br> + <?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetall'> + <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"' + onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0' + title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'></a>"?> + <?php echo gettext("Remove all Enable/Disable changes in all Categories");?> +<?php endif;?> + </td> + <td width="3%" class="list"> </td> + </tr> +<?php if ($currentruleset == 'custom.rules'): ?> + <tr> + <td width="3%" class="list"> </td> + <td colspan="7" valign="top" class="vtable"> + <input type='hidden' name='openruleset' value='custom.rules'> + <input type='hidden' name='id' value='<?=$id;?>'> + + <textarea wrap="on" cols="85" rows="40" name="customrules"><?=$pconfig['customrules'];?></textarea> + </td> + <td width="3%" class="list"> </td> + </tr> + <tr> + <td width="3%" class="list"> </td> + <td colspan="7" class="vtable"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> + </td> + <td width="3%" class="list"> </td> + </tr> +<?php else: ?> + <tr> + <td width="3%" class="list"> </td> + <td colspan="7" class="listhdr" > </td> + <td width="3%" align="center" valign="middle" class="list"><a href="javascript: void(0)" + onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>')"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php + echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"' + onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_service_restart.gif\"' ";?> + title="<?php echo gettext("Click to view all rules"); ?>" width="17" height="17" border="0"></a></td> + </tr> + <tr id="frheader"> + <td width="3%" class="list"> </td> + <td width="9%" class="listhdr"><?php echo gettext("SID"); ?></td> + <td width="2%" class="listhdrr"><?php echo gettext("Proto"); ?></td> + <td width="14%" class="listhdrr"><?php echo gettext("Source"); ?></td> + <td width="12%" class="listhdrr"><?php echo gettext("Port"); ?></td> + <td width="14%" class="listhdrr"><?php echo gettext("Destination"); ?></td> + <td width="12%" class="listhdrr"><?php echo gettext("Port"); ?></td> + <td width="31%" class="listhdrr"><?php echo gettext("Message"); ?></td> + <td width="3%" class="list"> </td> + </tr> +<?php + foreach (array_keys($rules_map) as $k1) { + foreach (array_keys($rules_map[$k1]) as $k2) { + $sid = snort_get_sid($rules_map[$k1][$k2]['rule']); + $gid = snort_get_gid($rules_map[$k1][$k2]['rule']); + if (isset($disablesid[$sid])) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_reject_d.gif"; + } + elseif (($rules_map[$k1][$k2]['disabled'] == 1) && (!isset($enablesid[$sid]))) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + } + elseif (isset($enablesid[$sid])) { + $textss = $textse = ""; + $iconb = "icon_reject.gif"; + } + else { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + } + + // Pick off the first section of the rule (prior to the start of the MSG field), + // and then use a REGX split to isolate the remaining fields into an array. + $tmp = substr($rules_map[$k1][$k2]['rule'], 0, strpos($rules_map[$k1][$k2]['rule'], "(")); + $tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp)); + $rule_content = preg_split('/[\s]+/', $tmp); + + $protocol = truncate($rule_content[1], 5); //protocol location + $source = truncate($rule_content[2], 13); //source location + $source_port = truncate($rule_content[3], 11); //source port location + $destination = truncate($rule_content[5], 13); //destination location + $destination_port = truncate($rule_content[6], 11); //destination port location + $message = snort_get_msg($rules_map[$k1][$k2]['rule']); + + echo "<tr><td width=\"3%\" class=\"listt\" align=\"center\" valign=\"middle\"> $textss + <a href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}'> + <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" + width=\"10\" height=\"10\" border=\"0\" + title='" . gettext("Click to toggle enabled/disabled state") . "'></a> + $textse + </td> + <td width=\"9%\" class=\"listlr\"> + $textss $sid $textse + </td> + <td width=\"2%\" class=\"listlr\"> + $textss $protocol $textse + </td> + <td width=\"14%\" class=\"listlr\"> + $textss $source $textse + </td> + <td width=\"12%\" class=\"listlr\"> + $textss $source_port $textse + </td> + <td width=\"14%\" class=\"listlr\"> + $textss $destination $textse + </td> + <td width=\"12%\" class=\"listlr\"> + $textss $destination_port $textse + </td> + <td width=\"31%\" class=\"listbg\" style=\"word-break:break-all;\"><font color=\"white\"> + $textss $message $textse + </td>"; + ?> + <td width="3%" align="center" valign="middle" nowrap class="list"> + <a href="javascript: void(0)" + onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>')"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif" + title="<?php echo gettext("Click to view rule"); ?>" width="17" height="17" border="0"></a> + <!-- Codes by Quackit.com --> </td> </tr> +<?php + } + } +?> + + </table> + </td> +</tr> +<?php endif;?> +<tr> + <td colspan="9"> +<?php if ($currentruleset != 'custom.rules'): ?> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="1"> <tr> - <td class="listlr"> - <?php echo " <strong><span class='red'>There are {$counter} rules in this category. <br/><br/></span></strong>"; ?> - </td> + <td width="16"><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" + width="11" height="11"></td> + <td><?php echo gettext("Rule default is Enabled"); ?></td> </tr> <tr> - <td> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" - width="11" height="11"></td> - <td>Rule Enabled</td> - </tr> - <tr> - <td><img - src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" - width="11" height="11"></td> - <td nowrap>Rule Disabled</td> - </tr> - <tr> - <!-- TODO: add save and cancel for checkbox options --> - <!-- <td><pre><input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"><pre></td> --> - </tr> - <tr> - <td colspan="10"> - <p><!--<strong><span class="red">Warning:<br/> </span></strong>Editing these r</p>--> - </td> - </tr> - </table> - </td> + <td><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule default is Disabled"); ?></td> + </tr> + <tr> + <td><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_reject.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule changed to Enabled by user"); ?></td> + </tr> + <tr> + <td><img + src="../themes/<?= $g['theme']; ?>/images/icons/icon_reject_d.gif" + width="11" height="11"></td> + <td nowrap><?php echo gettext("Rule changed to Disabled by user"); ?></td> </tr> </table> +<?php endif;?> </td> </tr> </table> +</td> +</tr> +</table> </form> <?php include("fend.inc"); ?> </body> |