aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort_rules.php44
1 files changed, 37 insertions, 7 deletions
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index df17efc0..8c31d55d 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -159,10 +159,14 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) &
// See if the target SID is in our list of modified SIDs,
// and toggle it back to default if present; otherwise,
// add it to the appropriate modified SID list.
- if (isset($enablesid[$gid][$sid]))
+ if (isset($enablesid[$gid][$sid])) {
unset($enablesid[$gid][$sid]);
- elseif (isset($disablesid[$gid][$sid]))
+ $disablesid[$gid][$sid] = "disablesid";
+ }
+ elseif (isset($disablesid[$gid][$sid])) {
unset($disablesid[$gid][$sid]);
+ $enablesid[$gid][$sid] = "enablesid";
+ }
else {
if ($rules_map[$gid][$sid]['disabled'] == 1)
$enablesid[$gid][$sid] = "enablesid";
@@ -198,6 +202,10 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) &
/* Update the config.xml file. */
write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}.");
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
+
+ // Set a scroll-to anchor location
$anchor = "rule_{$gid}_{$sid}";
}
elseif ($_POST['disable_all'] && !empty($rules_map)) {
@@ -237,6 +245,9 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
+
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
}
elseif ($_POST['enable_all'] && !empty($rules_map)) {
@@ -274,6 +285,9 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}.");
+
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
}
elseif ($_POST['resetcategory'] && !empty($rules_map)) {
@@ -313,6 +327,9 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}.");
+
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
}
elseif ($_POST['resetall'] && !empty($rules_map)) {
@@ -322,9 +339,13 @@ elseif ($_POST['resetall'] && !empty($rules_map)) {
/* Update the config.xml file. */
write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}.");
+
+ // We changed a rule state, remind user to apply the changes
+ mark_subsystem_dirty('snort_rules');
}
else if ($_POST['cancel']) {
$pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
+ clear_subsystem_dirty('snort_rules');
}
elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
@@ -365,6 +386,8 @@ elseif ($_POST['save']) {
$savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. ");
$savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules.");
}
+
+ clear_subsystem_dirty('snort_rules');
}
else if ($_POST['apply']) {
/* Save new configuration */
@@ -382,9 +405,11 @@ else if ($_POST['apply']) {
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_rule[$id]);
+
+ // We have saved changes and done a soft restart, so clear "dirty" flag
+ clear_subsystem_dirty('snort_rules');
}
-require_once("guiconfig.inc");
include_once("head.inc");
$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
@@ -411,6 +436,11 @@ if ($savemsg) {
<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/>
<input type='hidden' name='sid' id='sid' value=''/>
<input type='hidden' name='gid' id='gid' value=''/>
+
+<?php if (is_subsystem_dirty('snort_rules')): ?><p>
+<?php print_info_box_np(gettext("A change has been made to a rule state.") . "<br/>" . gettext("Click APPLY when finished to send the changes to the running configuration."));?>
+<?php endif; ?>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -595,7 +625,7 @@ if ($savemsg) {
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
- $title = gettext("Disabled by user. Click to toggle to default state");
+ $title = gettext("Disabled by user. Click to toggle to enabled state");
}
elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
$textss = "<span class=\"gray\">";
@@ -608,7 +638,7 @@ if ($savemsg) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
- $title = gettext("Enabled by user. Click to toggle to default state");
+ $title = gettext("Enabled by user. Click to toggle to disabled state");
}
else {
$textss = $textse = "";
@@ -714,7 +744,7 @@ if ($savemsg) {
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
- $title = gettext("Disabled by user. Click to toggle to default state");
+ $title = gettext("Disabled by user. Click to toggle to enabled state");
}
elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
$textss = "<span class=\"gray\">";
@@ -727,7 +757,7 @@ if ($savemsg) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
- $title = gettext("Enabled by user. Click to toggle to default state");
+ $title = gettext("Enabled by user. Click to toggle to disabled state");
}
else {
$textss = $textse = "";