diff options
Diffstat (limited to 'packages')
-rw-r--r-- | packages/snort/snort_rules.php | 693 |
1 files changed, 348 insertions, 345 deletions
diff --git a/packages/snort/snort_rules.php b/packages/snort/snort_rules.php index ecce7936..27fa7012 100644 --- a/packages/snort/snort_rules.php +++ b/packages/snort/snort_rules.php @@ -27,6 +27,9 @@ POSSIBILITY OF SUCH DAMAGE. */ +if(!is_dir("/usr/local/etc/snort/rules")) + Header("Location: snort_download_rules.php"); + function get_middle($source, $beginning, $ending, $init_pos) { $beginning_pos = strpos($source, $beginning, $init_pos); $middle_pos = $beginning_pos + strlen($beginning); @@ -37,45 +40,45 @@ function get_middle($source, $beginning, $ending, $init_pos) { function write_rule_file($content_changed, $received_file) { - //read snort file with writing enabled - $filehandle = fopen($received_file, "r+"); + //read snort file with writing enabled + $filehandle = fopen($received_file, "w"); - //delimiter for each new rule is a new line - $delimiter = "\n"; + //delimiter for each new rule is a new line + $delimiter = "\n"; - //implode the array back into a string for writing purposes - $fullfile = implode($delimiter, $content_changed); + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); - //write data to file - fwrite($filehandle, $fullfile); + //write data to file + fwrite($filehandle, $fullfile); - //close file handle - fclose($filehandle); + //close file handle + fclose($filehandle); } function load_rule_file($incoming_file) { - //read snort file - $filehandle = fopen($incoming_file, "r"); + //read snort file + $filehandle = fopen($incoming_file, "r"); - //read file into string, and get filesize - $contents = fread($filehandle, filesize($incoming_file)); + //read file into string, and get filesize + $contents = fread($filehandle, filesize($incoming_file)); - //close handler - fclose ($filehandle); + //close handler + fclose ($filehandle); - //string for populating category select - $currentruleset = substr($file, 27); + //string for populating category select + $currentruleset = substr($file, 27); - //delimiter for each new rule is a new line - $delimiter = "\n"; + //delimiter for each new rule is a new line + $delimiter = "\n"; - //split the contents of the string file into an array using the delimiter - $splitcontents = explode($delimiter, $contents); + //split the contents of the string file into an array using the delimiter + $splitcontents = explode($delimiter, $contents); - return $splitcontents; + return $splitcontents; } @@ -83,23 +86,23 @@ $ruledir = "/usr/local/etc/snort/rules/"; $dh = opendir($ruledir); while (false !== ($filename = readdir($dh))) { - //only populate this array if its a rule file - $isrulefile = strstr($filename, ".rules"); - if ($isrulefile !== false) - { - $files[] = $filename; - } + //only populate this array if its a rule file + $isrulefile = strstr($filename, ".rules"); + if ($isrulefile !== false) + { + $files[] = $filename; + } } sort($files); if ($_GET['openruleset']) { - $file = $_GET['openruleset']; + $file = $_GET['openruleset']; } else { - $file = $ruledir.$files[0]; + $file = $ruledir.$files[0]; } @@ -109,129 +112,129 @@ $splitcontents = load_rule_file($file); if ($_POST) { - //retrieve POST data - $post_lineid = $_POST['lineid']; - $post_enabled = $_POST['enabled']; - $post_src = $_POST['src']; - $post_srcport = $_POST['srcport']; - $post_dest = $_POST['dest']; - $post_destport = $_POST['destport']; - - //copy rule contents from array into string - $tempstring = $splitcontents[$post_lineid]; - - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); - - //search string - $findme = "# alert"; //find string for disabled alerts - - //find if alert is disabled - $disabled = strstr($tempstring, $findme); - - //if find alert is false, then rule is disabled - if ($disabled !== false) - { - //has rule been enabled - if ($post_enabled == "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("# alert", "alert", $tempstring); - $counter2 = 1; - } - else - { - //rule is staying disabled - $counter2 = 2; - - } - //if enabled box was not changed, default - $counter2 = 2; - } - else - { - //has rule been disabled - if ($post_enabled != "yes") - { - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("alert", "# alert", $tempstring); - $counter2 = 2; - } - else - { - //rule is staying enabled - $counter2 = 1; - } - //if enabled box was not changed, default - $counter2 = 1; - } - - $counter2++; - $source = $rule_content[$counter2];//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = $rule_content[$counter2];//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - //insert new values into their respective places - $tempstring = str_replace($source, $post_src, $tempstring); - $tempstring = str_replace($source_port, $post_srcport, $tempstring); - $tempstring = str_replace($destination, $post_dest, $tempstring); - $tempstring = str_replace($destination_port, $post_destport, $tempstring); - - - //copy string into array for writing - $splitcontents[$post_lineid] = $tempstring; - - //write the new .rules file - write_rule_file($splitcontents, $file); - - //once file has been written, reload file - $splitcontents = load_rule_file($file); + //retrieve POST data + $post_lineid = $_POST['lineid']; + $post_enabled = $_POST['enabled']; + $post_src = $_POST['src']; + $post_srcport = $_POST['srcport']; + $post_dest = $_POST['dest']; + $post_destport = $_POST['destport']; + + //copy rule contents from array into string + $tempstring = $splitcontents[$post_lineid]; + + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); + + //search string + $findme = "# alert"; //find string for disabled alerts + + //find if alert is disabled + $disabled = strstr($tempstring, $findme); + + //if find alert is false, then rule is disabled + if ($disabled !== false) + { + //has rule been enabled + if ($post_enabled == "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("# alert", "alert", $tempstring); + $counter2 = 1; + } + else + { + //rule is staying disabled + $counter2 = 2; + + } + //if enabled box was not changed, default + $counter2 = 2; + } + else + { + //has rule been disabled + if ($post_enabled != "yes") + { + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("alert", "# alert", $tempstring); + $counter2 = 2; + } + else + { + //rule is staying enabled + $counter2 = 1; + } + //if enabled box was not changed, default + $counter2 = 1; + } + + $counter2++; + $source = $rule_content[$counter2];//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = $rule_content[$counter2];//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + //insert new values into their respective places + $tempstring = str_replace($source, $post_src, $tempstring); + $tempstring = str_replace($source_port, $post_srcport, $tempstring); + $tempstring = str_replace($destination, $post_dest, $tempstring); + $tempstring = str_replace($destination_port, $post_destport, $tempstring); + + + //copy string into array for writing + $splitcontents[$post_lineid] = $tempstring; + + //write the new .rules file + write_rule_file($splitcontents, $file); + + //once file has been written, reload file + $splitcontents = load_rule_file($file); } else if ($_GET['act'] == "toggle") { - $toggleid = $_GET['id']; + $toggleid = $_GET['id']; - //copy rule contents from array into string - $tempstring = $splitcontents[$toggleid]; + //copy rule contents from array into string + $tempstring = $splitcontents[$toggleid]; - //explode rule contents into an array, (delimiter is space) - $rule_content = explode(' ', $tempstring); + //explode rule contents into an array, (delimiter is space) + $rule_content = explode(' ', $tempstring); - //search string - $findme = "# alert"; //find string for disabled alerts + //search string + $findme = "# alert"; //find string for disabled alerts - //find if alert is disabled - $disabled = strstr($tempstring, $findme); + //find if alert is disabled + $disabled = strstr($tempstring, $findme); - //if find alert is false, then rule is disabled - if ($disabled !== false) - { - //rule has been enabled - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("# alert", "alert", $tempstring); + //if find alert is false, then rule is disabled + if ($disabled !== false) + { + //rule has been enabled + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("# alert", "alert", $tempstring); - } - else - { - //has rule been disabled - //move counter up 1, so we do not retrieve the # in the rule_content array - $tempstring = str_replace("alert", "# alert", $tempstring); + } + else + { + //has rule been disabled + //move counter up 1, so we do not retrieve the # in the rule_content array + $tempstring = str_replace("alert", "# alert", $tempstring); - } + } - //copy string into array for writing - $splitcontents[$toggleid] = $tempstring; + //copy string into array for writing + $splitcontents[$toggleid] = $tempstring; - //write the new .rules file - write_rule_file($splitcontents, $file); + //write the new .rules file + write_rule_file($splitcontents, $file); - //once file has been written, reload file - $splitcontents = load_rule_file($file); + //once file has been written, reload file + $splitcontents = load_rule_file($file); } @@ -247,16 +250,16 @@ include("head.inc"); <p class="pgtitle"><?=$pgtitle?></p> <script type="text/javascript" language="javascript" src="row_toggle.js"> - <script src="/javascript/sorttable.js" type="text/javascript"> + <script src="/javascript/sorttable.js" type="text/javascript"> </script> <script language="javascript" type="text/javascript"> <!-- function go() { - box = document.forms[0].selectbox; - destination = box.options[box.selectedIndex].value; - if (destination) location.href = destination; + box = document.forms[0].selectbox; + destination = box.options[box.selectedIndex].value; + if (destination) location.href = destination; } // --> @@ -264,213 +267,213 @@ function go() <table width="99%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td> + <td> <?php - $tab_array = array(); - $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Snort Rules"), true, "/snort_rules.php"); - $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Snort Rules"), true, "/snort_rules.php"); + $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); + $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); + display_top_tabs($tab_array); ?> - </td> + </td> </tr> <tr> <td> - <div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="5%" class="listhdr">SID</td> - <td width="6%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> - <td width="10%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> - <td width="10%" class="listhdrr">Port</td> - <td width="32%" class="listhdrr">Message</td> - - </tr> - <tr> - <?php - - echo "<br>Category: "; - - //string for populating category select - $currentruleset = substr($file, 27); - ?> - <form name="forms"> - <select name="selectbox" class="formfld" onChange="go()"> - <?php - $i=0; - foreach ($files as $value) - { - $selectedruleset = ""; - if ($files[$i] === $currentruleset) - $selectedruleset = "selected"; - ?> - <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>" - <?php - $i++; - - } - ?> - </select> - </form> - </tr> - <?php - - $counter = 0; - $printcounter = 0; - - foreach ( $splitcontents as $value ) - { - - $counter++; - $disabled = "False"; - $comments = "False"; - - $tempstring = $splitcontents[$counter]; - $findme = "# alert"; //find string for disabled alerts - - //find alert - $disabled_pos = strstr($tempstring, $findme); - - - //do soemthing, this rule is enabled - $counter2 = 1; - - //retrieve sid value - $sid = get_middle($tempstring, 'sid:', ';', 0); - - //check to see if the sid is numberical - $is_sid_num = is_numeric($sid); - - //if SID is numerical, proceed - if ($is_sid_num) - { - - //if find alert is false, then rule is disabled - if ($disabled_pos !== false){ - $counter2 = $counter2+1; - $textss = "<span class=\"gray\">"; - $textse = "</span>"; - $iconb = "icon_block_d.gif"; - } - else - { - $textss = $textse = ""; - $iconb = "icon_block.gif"; - } - - $rule_content = explode(' ', $tempstring); - - $protocol = $rule_content[$counter2];//protocol location - $counter2++; - $source = $rule_content[$counter2];//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = $rule_content[$counter2];//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - $message = get_middle($tempstring, 'msg:"', '";', 0); - - echo "<tr>"; - echo "<td class=\"listt\">"; - echo $textss; - ?> - <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a> - <?php - echo $textse; - echo "</td>"; - - - echo "<td class=\"listlr\">"; - echo $textss; - echo $sid; - echo $textse; - echo "</td>"; - - echo "<td class=\"listlr\">"; - echo $textss; - echo $protocol; - $printcounter++; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $source; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $source_port; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $destination; - echo $textse; - echo "</td>"; - echo "<td class=\"listlr\">"; - echo $textss; - echo $destination_port; - echo $textse; - echo "</td>"; - ?> - <td class="listbg"><font color="white"> - <?php - echo $textss; - echo $message; - echo $textse; - echo "</td>"; - ?> - <td valign="middle" nowrap class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - <?php - } - } - echo " "; - echo "There are "; - echo $printcounter; - echo " rules in this category. <br><br>"; - ?> - </table> - </td> - </tr> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr id="frheader"> + <td width="3%" class="list"> </td> + <td width="5%" class="listhdr">SID</td> + <td width="6%" class="listhdrr">Proto</td> + <td width="15%" class="listhdrr">Source</td> + <td width="10%" class="listhdrr">Port</td> + <td width="15%" class="listhdrr">Destination</td> + <td width="10%" class="listhdrr">Port</td> + <td width="32%" class="listhdrr">Message</td> + + </tr> + <tr> + <?php + + echo "<br>Category: "; + + //string for populating category select + $currentruleset = substr($file, 27); + ?> + <form name="forms"> + <select name="selectbox" class="formfld" onChange="go()"> + <?php + $i=0; + foreach ($files as $value) + { + $selectedruleset = ""; + if ($files[$i] === $currentruleset) + $selectedruleset = "selected"; + ?> + <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>" + <?php + $i++; + + } + ?> + </select> + </form> + </tr> + <?php + + $counter = 0; + $printcounter = 0; + + foreach ( $splitcontents as $value ) + { + + $counter++; + $disabled = "False"; + $comments = "False"; + + $tempstring = $splitcontents[$counter]; + $findme = "# alert"; //find string for disabled alerts + + //find alert + $disabled_pos = strstr($tempstring, $findme); + + + //do soemthing, this rule is enabled + $counter2 = 1; + + //retrieve sid value + $sid = get_middle($tempstring, 'sid:', ';', 0); + + //check to see if the sid is numberical + $is_sid_num = is_numeric($sid); + + //if SID is numerical, proceed + if ($is_sid_num) + { + + //if find alert is false, then rule is disabled + if ($disabled_pos !== false){ + $counter2 = $counter2+1; + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconb = "icon_block_d.gif"; + } + else + { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + } + + $rule_content = explode(' ', $tempstring); + + $protocol = $rule_content[$counter2];//protocol location + $counter2++; + $source = $rule_content[$counter2];//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = $rule_content[$counter2];//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + $message = get_middle($tempstring, 'msg:"', '";', 0); + + echo "<tr>"; + echo "<td class=\"listt\">"; + echo $textss; + ?> + <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a> + <?php + echo $textse; + echo "</td>"; + + + echo "<td class=\"listlr\">"; + echo $textss; + echo $sid; + echo $textse; + echo "</td>"; + + echo "<td class=\"listlr\">"; + echo $textss; + echo $protocol; + $printcounter++; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $source; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $source_port; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $destination; + echo $textse; + echo "</td>"; + echo "<td class=\"listlr\">"; + echo $textss; + echo $destination_port; + echo $textse; + echo "</td>"; + ?> + <td class="listbg"><font color="white"> + <?php + echo $textss; + echo $message; + echo $textse; + echo "</td>"; + ?> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + <?php + } + } + echo " "; + echo "There are "; + echo $printcounter; + echo " rules in this category. <br><br>"; + ?> + </table> + </td> + </tr> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> - <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> - <td>Rule Enabled</td> - </tr> - <tr> - <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> - <td nowrap>Rule Disabled</td> - - - </tr> - <tr> - <td colspan="10"> - <p> - <!--<strong><span class="red">Warning:<br> - </span></strong>Editing these r</p>--> - </td> - </tr> + <tr> + <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td> + <td>Rule Enabled</td> + </tr> + <tr> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td> + <td nowrap>Rule Disabled</td> + + + </tr> + <tr> + <td colspan="10"> + <p> + <!--<strong><span class="red">Warning:<br> + </span></strong>Editing these r</p>--> + </td> + </tr> </table> - </table> + </table> </td> </tr> @@ -479,4 +482,4 @@ function go() <?php include("fend.inc"); ?> </div></body> -</html> +</html>
\ No newline at end of file |