aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort/snort_rules.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort/snort_rules.php')
-rwxr-xr-xconfig/snort/snort_rules.php144
1 files changed, 124 insertions, 20 deletions
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index 8d9aa6ba..681c691f 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -109,6 +109,29 @@ $categories[] = "custom.rules";
$categories[] = "decoder.rules";
$categories[] = "preprocessor.rules";
$categories[] = "sensitive-data.rules";
+
+// Get any automatic rule category enable/disable modifications
+// if auto-SID Mgmt is enabled, and adjust the available rulesets
+// in the CATEGORY drop-down box as necessary.
+$cat_mods = snort_sid_mgmt_auto_categories($a_rule[$id], FALSE);
+foreach ($cat_mods as $k => $v) {
+ switch ($v) {
+ case 'disabled':
+ if (($key = array_search($k, $categories)) !== FALSE)
+ unset($categories[$key]);
+ break;
+
+ case 'enabled':
+ if (!in_array($k, $categories))
+ $categories[] = $k;
+ break;
+
+ default:
+ break;
+ }
+}
+
+// Add any enabled IPS-Policy and Auto-Flowbits File
if (!empty($a_rule[$id]['ips_policy']))
$categories[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
if ($a_rule[$id]['autoflowbitrules'] == 'on')
@@ -146,6 +169,9 @@ if ($currentruleset != 'custom.rules') {
$input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again.");
}
+/* Process the current category rules through any auto SID MGMT changes if enabled */
+snort_auto_sid_mgmt($rules_map, $a_rule[$id], FALSE);
+
/* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */
$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']);
$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']);
@@ -356,11 +382,14 @@ elseif ($_POST['clear']) {
conf_mount_ro();
$rebuild_rules = false;
$pconfig['customrules'] = '';
+
+ // Sync to configured CARP slaves if any are enabled
+ snort_sync_on_changes();
}
elseif ($_POST['save']) {
$pconfig['customrules'] = $_POST['customrules'];
if ($_POST['customrules'])
- $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
+ $a_rule[$id]['customrules'] = base64_encode(str_replace("\r\n", "\n", $_POST['customrules']));
else
unset($a_rule[$id]['customrules']);
write_config("Snort pkg: save modified custom rules for {$a_rule[$id]['interface']}.");
@@ -388,6 +417,9 @@ elseif ($_POST['save']) {
}
clear_subsystem_dirty('snort_rules');
+
+ // Sync to configured CARP slaves if any are enabled
+ snort_sync_on_changes();
}
else if ($_POST['apply']) {
/* Save new configuration */
@@ -408,6 +440,9 @@ else if ($_POST['apply']) {
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('snort_rules');
+
+ // Sync to configured CARP slaves if any are enabled
+ snort_sync_on_changes();
}
include_once("head.inc");
@@ -453,7 +488,9 @@ if ($savemsg) {
$tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
$tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
- $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+ $tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php");
+ $tab_array[9] = array(gettext("Log Mgmt"), false, "/snort/snort_log_mgmt.php");
+ $tab_array[10] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
display_top_tabs($tab_array,true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -466,6 +503,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}");
display_top_tabs($tab_array, true);
?>
</td></tr>
@@ -614,17 +652,35 @@ if ($savemsg) {
</thead>
<tbody>
<?php
- $counter = $enable_cnt = $disable_cnt = 0;
+ $counter = $enable_cnt = $disable_cnt = $user_enable_cnt = $user_disable_cnt = $managed_count = 0;
foreach ($rules_map as $k1 => $rulem) {
foreach ($rulem as $k2 => $v) {
$sid = $k2;
$gid = $k1;
-
- if (isset($disablesid[$gid][$sid])) {
+ $ruleset = $currentruleset;
+ $style = "";
+
+ if ($v['managed'] == 1) {
+ if ($v['disabled'] == 1) {
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $style= "style=\"opacity: 0.4; filter: alpha(opacity=40);\"";
+ $title = gettext("Auto-disabled by settings on SID Mgmt tab");
+ }
+ else {
+ $textss = $textse = "";
+ $ruleset = "suricata.rules";
+ $title = gettext("Auto-managed by settings on SID Mgmt tab");
+ }
+ $iconb = "icon_advanced.gif";
+ $managed_count++;
+ }
+ elseif (isset($disablesid[$gid][$sid])) {
$textss = "<span class=\"gray\">";
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
+ $user_disable_cnt++;
$title = gettext("Disabled by user. Click to toggle to enabled state");
}
elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
@@ -638,6 +694,7 @@ if ($savemsg) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
+ $user_enable_cnt++;
$title = gettext("Enabled by user. Click to toggle to disabled state");
}
else {
@@ -668,12 +725,18 @@ if ($savemsg) {
$message = snort_get_msg($v['rule']); // description field
$sid_tooltip = gettext("View the raw text for this rule");
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss}
- <a id=\"rule_{$gid}_{$sid}\" href=''><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
- document.getElementById('gid').value='{$gid}';\"
- src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
- title='{$title}' name=\"toggle[]\"/></a>{$textse}
- </td>
+ echo "<tr><td class=\"listt\" style=\"align:center;\" valign=\"middle\">{$textss}";
+ if ($v['managed'] == 1) {
+ echo "<img {$style} src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}'/>{$textse}";
+ }
+ else {
+ echo "<a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/></a>{$textse}";
+ }
+ echo "</td>
<td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
@@ -734,16 +797,35 @@ if ($savemsg) {
</thead>
<tbody>
<?php
- $counter = $enable_cnt = $disable_cnt = 0;
+ $counter = $enable_cnt = $disable_cnt = $user_enable_cnt = $user_disable_cnt = $managed_count = 0;
foreach ($rules_map as $k1 => $rulem) {
foreach ($rulem as $k2 => $v) {
+ $ruleset = $currentruleset;
+ $style = "";
$sid = snort_get_sid($v['rule']);
$gid = snort_get_gid($v['rule']);
- if (isset($disablesid[$gid][$sid])) {
+
+ if ($v['managed'] == 1) {
+ if ($v['disabled'] == 1) {
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $style= "style=\"opacity: 0.4; filter: alpha(opacity=40);\"";
+ $title = gettext("Auto-disabled by settings on SID Mgmt tab");
+ }
+ else {
+ $textss = $textse = "";
+ $ruleset = "suricata.rules";
+ $title = gettext("Auto-managed by settings on SID Mgmt tab");
+ }
+ $iconb = "icon_advanced.gif";
+ $managed_count++;
+ }
+ elseif (isset($disablesid[$gid][$sid])) {
$textss = "<span class=\"gray\">";
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
+ $user_disable_cnt++;
$title = gettext("Disabled by user. Click to toggle to enabled state");
}
elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
@@ -757,6 +839,7 @@ if ($savemsg) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
+ $user_enable_cnt++;
$title = gettext("Enabled by user. Click to toggle to disabled state");
}
else {
@@ -777,12 +860,18 @@ if ($savemsg) {
else
$policy = "none";
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss}
- <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
- document.getElementById('gid').value='{$gid}';\"
- src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
- title='{$title}' name=\"toggle[]\"/>{$textse}
- </td>
+ echo "<tr><td class=\"listt\" style=\"align:center;\" valign=\"middle\">{$textss}";
+ if ($v['managed'] == 1) {
+ echo "<img {$style} src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}'/>{$textse}";
+ }
+ else {
+ echo "<a id=\"rule_{$gid}_{$sid}\" href='#'><input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/></a>{$textse}";
+ }
+ echo "</td>
<td class=\"listr\" align=\"center\" ondblclick=\"wopen('snort_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
@@ -824,7 +913,10 @@ if ($savemsg) {
<strong><?php echo gettext("--- Category Rules Summary ---") . "</strong><br/>" .
gettext("Total Rules: {$counter}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
gettext("Enabled: {$enable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
- gettext("Disabled: {$disable_cnt}"); ?></td>
+ gettext("Disabled: {$disable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
+ gettext("User Enabled: {$user_enable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
+ gettext("User Disabled: {$user_disable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
+ gettext("Auto-Managed: {$managed_count}"); ?></td>
</tr>
<tr>
<td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif"
@@ -846,6 +938,18 @@ if ($savemsg) {
width="11" height="11"></td>
<td nowrap><?php echo gettext("Rule changed to Disabled by user"); ?></td>
</tr>
+ <?php if (!empty($cat_mods)): ?>
+ <tr>
+ <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_advanced.gif"
+ width="11" height="11"></td>
+ <td nowrap><?php echo gettext("Rule auto-enabled by files configured on SID Mgmt tab"); ?></td>
+ </tr>
+ <tr>
+ <td width="16"><img style="opacity: 0.4; filter: alpha(opacity=40);" src="../themes/<?= $g['theme']; ?>/images/icons/icon_advanced.gif"
+ width="11" height="11"></td>
+ <td nowrap><?php echo gettext("Rule auto-disabled by files configured on SID Mgmt tab"); ?></td>
+ </tr>
+ <?php endif; ?>
</table>
</td>
</tr>