diff options
Diffstat (limited to 'config/snort/snort_rules_edit.php')
-rwxr-xr-x[-rw-r--r--] | config/snort/snort_rules_edit.php | 50 |
1 files changed, 39 insertions, 11 deletions
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 809832ea..ab1a24b2 100644..100755 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -37,6 +37,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +global $flowbit_rules_file; $snortdir = SNORTDIR; if (!is_array($config['installedpackages']['snortglobal']['rule'])) { @@ -60,27 +61,54 @@ if (isset($id) && $a_rule[$id]) { $if_real = snort_get_real_interface($pconfig['interface']); $snort_uuid = $a_rule[$id]['uuid']; $file = $_GET['openruleset']; - -//read file into string, and get filesize also chk for empty files $contents = ''; -if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}")) - $contents = file_get_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); + +// Read the contents of the argument passed to us. +// It may be an IPS policy string, an individual SID, +// a standard rules file, or a complete file name. +// Test for the special case of an IPS Policy file. +if (substr($file, 0, 10) == "IPS Policy") { + $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); + if (isset($_GET['ids'])) + $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule']; + else { + $contents = "# Snort IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']) . "\n\n"; + foreach (array_keys($rules_map) as $k1) { + foreach (array_keys($rules_map[$k1]) as $k2) { + $contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n"; + $contents .= $rules_map[$k1][$k2]['rule'] . "\n"; + } + } + } + unset($rules_map); +} +// Is it a SID to load the rule text from? +elseif (isset($_GET['ids'])) { + $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}"); + $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule']; +} +// Is it our special flowbit rules file? +elseif ($file == $flowbit_rules_file) + $contents = file_get_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); +// Is it a rules file in the ../rules/ directory? +elseif (file_exists("{$snortdir}/rules/{$file}")) + $contents = file_get_contents("{$snortdir}/rules/{$file}"); +// Is it a fully qualified path and file? +elseif (file_exists($file)) + $contents = file_get_contents($file); +// It is not something we can display, so exit. else { header("Location: /snort/snort_rules.php?id={$id}&openruleset={$file}"); exit; } -//split the contents of the string file into an array using the delimiter -$splitcontents = explode("\n", $contents); - -$pgtitle = array(gettext("Advanced"), gettext("File Editor")); - +$pgtitle = array(gettext("Advanced"), gettext("File Viewer")); ?> <?php include("head.inc");?> <body link="#000000" vlink="#000000" alink="#000000"> - <?php if ($savemsg) print_info_box($savemsg); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> <?php include("fbegin.inc");?> <form action="snort_rules_edit.php" method="post"> @@ -90,7 +118,7 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor")); <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> <tr> <td> - <input type="button" class="formbtn" value="Cancel" onclick="window.close()"> + <input type="button" class="formbtn" value="Return" onclick="window.close()"> </td> </tr> <tr> |