aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort_rules.php198
-rw-r--r--config/snort/snort_rules_edit.php16
2 files changed, 39 insertions, 175 deletions
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index f60a3e8a..2aa49865 100644
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -55,7 +55,6 @@ if (isset($id) && $a_nat[$id]) {
/* convert fake interfaces to real */
$if_real = snort_get_real_interface($pconfig['interface']);
-
$iface_uuid = $a_nat[$id]['uuid'];
/* Check if the rules dir is empy if so warn the user */
@@ -167,201 +166,53 @@ if ($_GET['openruleset'])
else
$rulefile = $ruledir.$files[0];
+//Load the rule file
+$splitcontents = load_rule_file($rulefile);
-if ($_POST)
-{
-
- conf_mount_rw();
-
- if (!$_POST['apply']) {
- //retrieve POST data
- $post_lineid = $_POST['lineid'];
- $post_enabled = $_POST['enabled'];
- $post_src = $_POST['src'];
- $post_srcport = $_POST['srcport'];
- $post_dest = $_POST['dest'];
- $post_destport = $_POST['destport'];
-
- //clean up any white spaces insert by accident
- $post_src = str_replace(" ", "", $post_src);
- $post_srcport = str_replace(" ", "", $post_srcport);
- $post_dest = str_replace(" ", "", $post_dest);
- $post_destport = str_replace(" ", "", $post_destport);
-
- //copy rule contents from array into string
- $tempstring = $splitcontents[$post_lineid];
-
- //search string
- $findme = "# alert"; //find string for disabled alerts
-
- //find if alert is disabled
- $disabled = strstr($tempstring, $findme);
-
- //if find alert is false, then rule is disabled
- if ($disabled !== false)
- {
- //has rule been enabled
- if ($post_enabled == "yes")
- {
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("# alert", "alert", $tempstring);
- $counter2 = 1;
- }
- else
- {
- //rule is staying disabled
- $counter2 = 2;
- }
- }
- else
- {
- //has rule been disabled
- if ($post_enabled != "yes")
- {
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("alert", "# alert", $tempstring);
- $counter2 = 2;
- }
- else
- {
- //rule is staying enabled
- $counter2 = 1;
- }
- }
-
- //explode rule contents into an array, (delimiter is space)
- $rule_content = explode(' ', $tempstring);
-
- //insert new values
- $counter2++;
- $rule_content[$counter2] = $post_src;//source location
- $counter2++;
- $rule_content[$counter2] = $post_srcport;//source port location
- $counter2 = $counter2+2;
- $rule_content[$counter2] = $post_dest;//destination location
- $counter2++;
- $rule_content[$counter2] = $post_destport;//destination port location
-
- //implode the array back into string
- $tempstring = implode(' ', $rule_content);
-
- //copy string into file array for writing
- $splitcontents[$post_lineid] = $tempstring;
-
- //write the new .rules file
- write_rule_file($splitcontents, $rulefile);
-
- //once file has been written, reload file
- $splitcontents = load_rule_file($rulefile);
-
- $stopMsg = true;
- }
- conf_mount_ro();
-}
-else if ($_GET['act'] == "toggle")
-{
-
- conf_mount_rw();
+if ($_GET['act'] == "toggle" && $_GET['ids']) {
- $toggleid = $_GET['ids'];
+ $lineid= $_GET['ids'];
//copy rule contents from array into string
- $tempstring = $splitcontents[$toggleid];
+ $tempstring = $splitcontents[$lineid];
//explode rule contents into an array, (delimiter is space)
$rule_content = explode(' ', $tempstring);
- //search string
$findme = "# alert"; //find string for disabled alerts
-
- //find if alert is disabled
$disabled = strstr($tempstring, $findme);
//if find alert is false, then rule is disabled
- if ($disabled !== false)
- {
+ if ($disabled !== false) {
//rule has been enabled
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("# alert", "alert", $tempstring);
-
- }
- else
- {
- //has rule been disabled
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("alert", "# alert", $tempstring);
-
- }
+ $tempstring = substr($tempstring, 2);
+ } else
+ $tempstring = "# ". $tempstring;
//copy string into array for writing
- $splitcontents[$toggleid] = $tempstring;
+ $splitcontents[$lineid] = $tempstring;
//write the new .rules file
write_rule_file($splitcontents, $rulefile);
- //once file has been written, reload file
- $splitcontents = load_rule_file($rulefile);
-
- $stopMsg = true;
-
//write disable/enable sid to config.xml
- if ($disabled == false) {
- $string_sid = strstr($tempstring, 'sid:');
- $sid_pieces = explode(";", $string_sid);
- $sid_off_cut = $sid_pieces[0];
- // sid being turned off
- $sid_off = str_replace("sid:", "", $sid_off_cut);
+ $sid = get_middle($tempstring, 'sid:', ';', 0);
+ if (is_numeric($sid)) {
// rule_sid_on registers
- $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
- // if off sid is the same as on sid remove it
- $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces");
- // write the replace sid back as empty
- $a_nat[$id]['rule_sid_on'] = $sid_on_old;
- // rule sid off registers
- $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
- // if off sid is the same as off sid remove it
- $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces");
- // write the replace sid back as empty
- $a_nat[$id]['rule_sid_off'] = $sid_off_old;
- // add sid off registers to new off sid
- $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
- }
- else
- {
- $string_sid = strstr($tempstring, 'sid:');
- $sid_pieces = explode(";", $string_sid);
- $sid_on_cut = $sid_pieces[0];
- // sid being turned off
- $sid_on = str_replace("sid:", "", $sid_on_cut);
- // rule_sid_off registers
- $sid_off_pieces = $a_nat[$id]['rule_sid_off'];
- // if off sid is the same as on sid remove it
- $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces");
- // write the replace sid back as empty
- $a_nat[$id]['rule_sid_off'] = $sid_off_old;
- // rule sid on registers
- $sid_on_pieces = $a_nat[$id]['rule_sid_on'];
- // if on sid is the same as on sid remove it
- $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces");
- // write the replace sid back as empty
- $a_nat[$id]['rule_sid_on'] = $sid_on_old;
- // add sid on registers to new on sid
- $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']);
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']);
+ if ($disabled === false)
+ $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off'];
+ else
+ $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on'];
}
- write_config();
- conf_mount_ro();
-}
-
-if ($_GET['saved'] == 'yes')
-{
- $message = "The Snort rule configuration has been changed.<br>You must restart this snort interface in order for the changes to take effect.";
+ write_config();
- // stop_service("snort");
- // sleep(2);
- // start_service("snort");
- // $savemsg = "";
- // $stopMsg = false;
+ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}");
+ exit;
}
$currentruleset = basename($rulefile);
@@ -382,7 +233,6 @@ if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
echo "{$snort_general_css}\n";
?>
<form action="snort_rules.php" method="post" name="iform" id="iform">
-<?php if ($_GET['saved'] == 'yes') {print_info_box_np2($message);}?>
<script language="javascript" type="text/javascript">
function go()
@@ -456,8 +306,6 @@ function popup(url)
<td width="32%" class="listhdrr">Message</td>
</tr>
<?php
- //Load the rule file
- $splitcontents = load_rule_file($rulefile);
foreach ( $splitcontents as $counter => $value )
{
$disabled = "False";
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 7c31b017..266750fa 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -95,9 +95,25 @@ if ($_POST) {
else
$splitcontents[$lineid] = "# " . $_POST['code'];
+ //write disable/enable sid to config.xml
+ $sid = get_middle($splitcontents[$lineid], 'sid:', ';', 0);
+ if (is_numeric($sid)) {
+ // rule_sid_on registers
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']);
+ if (!empty($a_nat[$id]['rule_sid_on']))
+ $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']);
+ if ($_POST['highlight'] == "yes")
+ $a_nat[$id]['rule_sid_on'] = "||enablesid $sid" . $a_nat[$id]['rule_sid_on'];
+ else
+ $a_nat[$id]['rule_sid_off'] = "||disablesid $sid" . $a_nat[$id]['rule_sid_off'];
+ }
+
//write the new .rules file
@file_put_contents($file, implode($delimiter, $splitcontents));
+ write_config();
+
echo "<script> opener.window.location.reload(); window.close(); </script>";
exit;
}