diff options
Diffstat (limited to 'config/snort')
| -rwxr-xr-x | config/snort/snort.inc | 29 | ||||
| -rwxr-xr-x | config/snort/snort_check_for_rule_updates.php | 5 | ||||
| -rwxr-xr-x | config/snort/snort_rules.php | 7 | ||||
| -rwxr-xr-x | config/snort/snort_rulesets.php | 6 |
4 files changed, 31 insertions, 16 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index cf36ca86..0f0a24e4 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -39,6 +39,9 @@ require_once("pkg-utils.inc"); // Needed on 2.0 because of filter_get_vpns_list() require_once("filter.inc"); +// Snort GUI needs some extra PHP memory space to manipulate large rules arrays +ini_set("memory_limit", "192M"); + // Explicitly declare these as global so they work through function call includes global $snort_rules_file, $snort_version, $emerging_threats_version, $snort_rules_upd_log; global $all_rules, $flowbit_rules_file, $snort_enforcing_rules_file, $rebuild_rules, $is_postinstall; @@ -1529,20 +1532,21 @@ function snort_load_vrt_policy($policy, $load_rules_map=true) { $snortdir = SNORTDIR; $vrt_policy_rules = array(); - /* Create regular expression for searching. */ - $policy_pcre = "/policy\\s" . $policy . "/i"; - /* Refresh the map of all the rules if flag */ /* is set. */ - if ($load_rules_map == true) - $all_rules = snort_load_rules_map("{$snortdir}/rules/"); + if ($load_rules_map) { + /* Since only Snort VRT rules have IPS Policy metadata, */ + /* limit our search to just those files. */ + $snort_vrt_files = glob("{$snortdir}/rules/snort_*.rules"); + $all_rules = array(); + $all_rules = snort_load_rules_map($snort_vrt_files); + } - /* Now walk the rules list and find all those */ - /* that are defined as active for the chosen */ - /* security policy. */ + /* Now walk the rules list and find all those that are defined */ + /* defined as active for the chosen security policy. */ foreach ($all_rules as $k1 => $arulem) { foreach ($arulem as $k2 => $arulem2) { - if (preg_match($policy_pcre, $arulem2['rule'])) { + if (strripos($arulem2['rule'], "policy {$policy}-ips") !== false) { if (!preg_match('/flowbits\s*:\s*noalert/i', $arulem2['rule'])) { if (!is_array($vrt_policy_rules[$k1])) $vrt_policy_rules[$k1] = array(); @@ -1564,9 +1568,9 @@ function snort_load_vrt_policy($policy, $load_rules_map=true) { unset($arulem, $arulem2); /* If we loaded the ALL_RULES map, */ - /* then release the memory. */ + /* then release the global memory. */ if ($load_rules_map == true) - unset($all_rules); + unset($GLOBALS['all_rules']); /* Return all the rules that match the policy. */ return $vrt_policy_rules; @@ -2075,6 +2079,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { $no_rules_defined = false; /* Load up all the rules into a Rules Map array. */ + $all_rules = array(); $all_rules = snort_load_rules_map("{$snortdir}/rules/"); /* Create an array with the filenames of the enabled */ @@ -2160,7 +2165,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Just put an empty file to always have the file present */ snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); - unset($enabled_rules, $all_rules); + unset($GLOBALS['all_rules']); } else { snort_write_enforcing_rules_file(array(), "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}"); snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index f08ebc18..2b60b6ce 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -41,6 +41,8 @@ $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; +/* Save the state of $pkg_interface so we can restore it */ +$pkg_interface_orig = $pkg_interface; if ($snort_gui_include) $pkg_interface = ""; else @@ -740,4 +742,7 @@ log_error(gettext("[Snort] The Rules update has finished.")); error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $snort_rules_upd_log); conf_mount_ro(); +/* Restore the state of $pkg_interface */ +$pkg_interface = $pkg_interface_orig; + ?> diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 2ef529b9..3475577c 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -496,6 +496,7 @@ h += 96; <tbody> <?php + $counter = 0; foreach ($rules_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { $sid = snort_get_sid($v['rule']); @@ -576,6 +577,7 @@ h += 96; </td> </tr> <?php + $counter++; } } unset($rulem, $v); @@ -586,7 +588,10 @@ h += 96; </tr> <tr> <td> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="1"> + <table width="100%" border="0" cellspacing="0" cellpadding="1"> + <tr> + <td class="vexpl" colspan="2" height="30" valign="middle"><?php echo gettext("Rule Count: {$counter}"); ?></td> + </tr> <tr> <td width="16"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index fce1616b..62200ba4 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -167,7 +167,7 @@ if ($_POST['selectall']) { $rulesets[] = basename($file); } if ($snortcommunitydownload == 'on') { - $files = glob("{$snortdir}/rules/sc_*.rules"); + $files = glob("{$snortdir}/rules/*_community.rules"); foreach ($files as $file) $rulesets[] = basename($file); } @@ -348,7 +348,7 @@ function enable_change() </td> </tr> <tr> - <td colspan="6" class="listtopic"><?php echo gettext("Snort IPS Policy Selection"); ?><br/></td> + <td colspan="6" class="listtopic"><?php echo gettext("Snort IPS Policy selection"); ?><br/></td> </tr> <tr> <td colspan="6" valign="center" class="listn"> @@ -389,7 +389,7 @@ function enable_change() </td> </tr> <tr> - <td colspan="6" class="listtopic"><?php echo gettext("Select the rulesets you would like Snort to load at startup"); ?><br/></td> + <td colspan="6" class="listtopic"><?php echo gettext("Select the rulesets Snort will load at startup"); ?><br/></td> </tr> <tr> <td colspan="6"> |