diff options
Diffstat (limited to 'config/snort')
-rwxr-xr-x | config/snort/snort_rules.php | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index df17efc0..8c31d55d 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -159,10 +159,14 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & // See if the target SID is in our list of modified SIDs, // and toggle it back to default if present; otherwise, // add it to the appropriate modified SID list. - if (isset($enablesid[$gid][$sid])) + if (isset($enablesid[$gid][$sid])) { unset($enablesid[$gid][$sid]); - elseif (isset($disablesid[$gid][$sid])) + $disablesid[$gid][$sid] = "disablesid"; + } + elseif (isset($disablesid[$gid][$sid])) { unset($disablesid[$gid][$sid]); + $enablesid[$gid][$sid] = "enablesid"; + } else { if ($rules_map[$gid][$sid]['disabled'] == 1) $enablesid[$gid][$sid] = "enablesid"; @@ -198,6 +202,10 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & /* Update the config.xml file. */ write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}."); + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); + + // Set a scroll-to anchor location $anchor = "rule_{$gid}_{$sid}"; } elseif ($_POST['disable_all'] && !empty($rules_map)) { @@ -237,6 +245,9 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['enable_all'] && !empty($rules_map)) { @@ -274,6 +285,9 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetcategory'] && !empty($rules_map)) { @@ -313,6 +327,9 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } elseif ($_POST['resetall'] && !empty($rules_map)) { @@ -322,9 +339,13 @@ elseif ($_POST['resetall'] && !empty($rules_map)) { /* Update the config.xml file. */ write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}."); + + // We changed a rule state, remind user to apply the changes + mark_subsystem_dirty('snort_rules'); } else if ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); + clear_subsystem_dirty('snort_rules'); } elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); @@ -365,6 +386,8 @@ elseif ($_POST['save']) { $savemsg = gettext("Custom rules validated successfully and have been saved to the Snort configuration files. "); $savemsg .= gettext("Any active Snort process on this interface has been signalled to live-load the new rules."); } + + clear_subsystem_dirty('snort_rules'); } else if ($_POST['apply']) { /* Save new configuration */ @@ -382,9 +405,11 @@ else if ($_POST['apply']) { /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('snort_rules'); } -require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); @@ -411,6 +436,11 @@ if ($savemsg) { <input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/> <input type='hidden' name='sid' id='sid' value=''/> <input type='hidden' name='gid' id='gid' value=''/> + +<?php if (is_subsystem_dirty('snort_rules')): ?><p> +<?php print_info_box_np(gettext("A change has been made to a rule state.") . "<br/>" . gettext("Click APPLY when finished to send the changes to the running configuration."));?> +<?php endif; ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -595,7 +625,7 @@ if ($savemsg) { $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; @@ -608,7 +638,7 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; @@ -714,7 +744,7 @@ if ($savemsg) { $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; - $title = gettext("Disabled by user. Click to toggle to default state"); + $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { $textss = "<span class=\"gray\">"; @@ -727,7 +757,7 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; - $title = gettext("Enabled by user. Click to toggle to default state"); + $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { $textss = $textse = ""; |