aboutsummaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
Diffstat (limited to 'packages')
-rw-r--r--packages/snort/snort_rules.php693
1 files changed, 348 insertions, 345 deletions
diff --git a/packages/snort/snort_rules.php b/packages/snort/snort_rules.php
index ecce7936..27fa7012 100644
--- a/packages/snort/snort_rules.php
+++ b/packages/snort/snort_rules.php
@@ -27,6 +27,9 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+if(!is_dir("/usr/local/etc/snort/rules"))
+ Header("Location: snort_download_rules.php");
+
function get_middle($source, $beginning, $ending, $init_pos) {
$beginning_pos = strpos($source, $beginning, $init_pos);
$middle_pos = $beginning_pos + strlen($beginning);
@@ -37,45 +40,45 @@ function get_middle($source, $beginning, $ending, $init_pos) {
function write_rule_file($content_changed, $received_file)
{
- //read snort file with writing enabled
- $filehandle = fopen($received_file, "r+");
+ //read snort file with writing enabled
+ $filehandle = fopen($received_file, "w");
- //delimiter for each new rule is a new line
- $delimiter = "\n";
+ //delimiter for each new rule is a new line
+ $delimiter = "\n";
- //implode the array back into a string for writing purposes
- $fullfile = implode($delimiter, $content_changed);
+ //implode the array back into a string for writing purposes
+ $fullfile = implode($delimiter, $content_changed);
- //write data to file
- fwrite($filehandle, $fullfile);
+ //write data to file
+ fwrite($filehandle, $fullfile);
- //close file handle
- fclose($filehandle);
+ //close file handle
+ fclose($filehandle);
}
function load_rule_file($incoming_file)
{
- //read snort file
- $filehandle = fopen($incoming_file, "r");
+ //read snort file
+ $filehandle = fopen($incoming_file, "r");
- //read file into string, and get filesize
- $contents = fread($filehandle, filesize($incoming_file));
+ //read file into string, and get filesize
+ $contents = fread($filehandle, filesize($incoming_file));
- //close handler
- fclose ($filehandle);
+ //close handler
+ fclose ($filehandle);
- //string for populating category select
- $currentruleset = substr($file, 27);
+ //string for populating category select
+ $currentruleset = substr($file, 27);
- //delimiter for each new rule is a new line
- $delimiter = "\n";
+ //delimiter for each new rule is a new line
+ $delimiter = "\n";
- //split the contents of the string file into an array using the delimiter
- $splitcontents = explode($delimiter, $contents);
+ //split the contents of the string file into an array using the delimiter
+ $splitcontents = explode($delimiter, $contents);
- return $splitcontents;
+ return $splitcontents;
}
@@ -83,23 +86,23 @@ $ruledir = "/usr/local/etc/snort/rules/";
$dh = opendir($ruledir);
while (false !== ($filename = readdir($dh)))
{
- //only populate this array if its a rule file
- $isrulefile = strstr($filename, ".rules");
- if ($isrulefile !== false)
- {
- $files[] = $filename;
- }
+ //only populate this array if its a rule file
+ $isrulefile = strstr($filename, ".rules");
+ if ($isrulefile !== false)
+ {
+ $files[] = $filename;
+ }
}
sort($files);
if ($_GET['openruleset'])
{
- $file = $_GET['openruleset'];
+ $file = $_GET['openruleset'];
}
else
{
- $file = $ruledir.$files[0];
+ $file = $ruledir.$files[0];
}
@@ -109,129 +112,129 @@ $splitcontents = load_rule_file($file);
if ($_POST)
{
- //retrieve POST data
- $post_lineid = $_POST['lineid'];
- $post_enabled = $_POST['enabled'];
- $post_src = $_POST['src'];
- $post_srcport = $_POST['srcport'];
- $post_dest = $_POST['dest'];
- $post_destport = $_POST['destport'];
-
- //copy rule contents from array into string
- $tempstring = $splitcontents[$post_lineid];
-
- //explode rule contents into an array, (delimiter is space)
- $rule_content = explode(' ', $tempstring);
-
- //search string
- $findme = "# alert"; //find string for disabled alerts
-
- //find if alert is disabled
- $disabled = strstr($tempstring, $findme);
-
- //if find alert is false, then rule is disabled
- if ($disabled !== false)
- {
- //has rule been enabled
- if ($post_enabled == "yes")
- {
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("# alert", "alert", $tempstring);
- $counter2 = 1;
- }
- else
- {
- //rule is staying disabled
- $counter2 = 2;
-
- }
- //if enabled box was not changed, default
- $counter2 = 2;
- }
- else
- {
- //has rule been disabled
- if ($post_enabled != "yes")
- {
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("alert", "# alert", $tempstring);
- $counter2 = 2;
- }
- else
- {
- //rule is staying enabled
- $counter2 = 1;
- }
- //if enabled box was not changed, default
- $counter2 = 1;
- }
-
- $counter2++;
- $source = $rule_content[$counter2];//source location
- $counter2++;
- $source_port = $rule_content[$counter2];//source port location
- $counter2 = $counter2+2;
- $destination = $rule_content[$counter2];//destination location
- $counter2++;
- $destination_port = $rule_content[$counter2];//destination port location
-
- //insert new values into their respective places
- $tempstring = str_replace($source, $post_src, $tempstring);
- $tempstring = str_replace($source_port, $post_srcport, $tempstring);
- $tempstring = str_replace($destination, $post_dest, $tempstring);
- $tempstring = str_replace($destination_port, $post_destport, $tempstring);
-
-
- //copy string into array for writing
- $splitcontents[$post_lineid] = $tempstring;
-
- //write the new .rules file
- write_rule_file($splitcontents, $file);
-
- //once file has been written, reload file
- $splitcontents = load_rule_file($file);
+ //retrieve POST data
+ $post_lineid = $_POST['lineid'];
+ $post_enabled = $_POST['enabled'];
+ $post_src = $_POST['src'];
+ $post_srcport = $_POST['srcport'];
+ $post_dest = $_POST['dest'];
+ $post_destport = $_POST['destport'];
+
+ //copy rule contents from array into string
+ $tempstring = $splitcontents[$post_lineid];
+
+ //explode rule contents into an array, (delimiter is space)
+ $rule_content = explode(' ', $tempstring);
+
+ //search string
+ $findme = "# alert"; //find string for disabled alerts
+
+ //find if alert is disabled
+ $disabled = strstr($tempstring, $findme);
+
+ //if find alert is false, then rule is disabled
+ if ($disabled !== false)
+ {
+ //has rule been enabled
+ if ($post_enabled == "yes")
+ {
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ $tempstring = str_replace("# alert", "alert", $tempstring);
+ $counter2 = 1;
+ }
+ else
+ {
+ //rule is staying disabled
+ $counter2 = 2;
+
+ }
+ //if enabled box was not changed, default
+ $counter2 = 2;
+ }
+ else
+ {
+ //has rule been disabled
+ if ($post_enabled != "yes")
+ {
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ $tempstring = str_replace("alert", "# alert", $tempstring);
+ $counter2 = 2;
+ }
+ else
+ {
+ //rule is staying enabled
+ $counter2 = 1;
+ }
+ //if enabled box was not changed, default
+ $counter2 = 1;
+ }
+
+ $counter2++;
+ $source = $rule_content[$counter2];//source location
+ $counter2++;
+ $source_port = $rule_content[$counter2];//source port location
+ $counter2 = $counter2+2;
+ $destination = $rule_content[$counter2];//destination location
+ $counter2++;
+ $destination_port = $rule_content[$counter2];//destination port location
+
+ //insert new values into their respective places
+ $tempstring = str_replace($source, $post_src, $tempstring);
+ $tempstring = str_replace($source_port, $post_srcport, $tempstring);
+ $tempstring = str_replace($destination, $post_dest, $tempstring);
+ $tempstring = str_replace($destination_port, $post_destport, $tempstring);
+
+
+ //copy string into array for writing
+ $splitcontents[$post_lineid] = $tempstring;
+
+ //write the new .rules file
+ write_rule_file($splitcontents, $file);
+
+ //once file has been written, reload file
+ $splitcontents = load_rule_file($file);
}
else if ($_GET['act'] == "toggle")
{
- $toggleid = $_GET['id'];
+ $toggleid = $_GET['id'];
- //copy rule contents from array into string
- $tempstring = $splitcontents[$toggleid];
+ //copy rule contents from array into string
+ $tempstring = $splitcontents[$toggleid];
- //explode rule contents into an array, (delimiter is space)
- $rule_content = explode(' ', $tempstring);
+ //explode rule contents into an array, (delimiter is space)
+ $rule_content = explode(' ', $tempstring);
- //search string
- $findme = "# alert"; //find string for disabled alerts
+ //search string
+ $findme = "# alert"; //find string for disabled alerts
- //find if alert is disabled
- $disabled = strstr($tempstring, $findme);
+ //find if alert is disabled
+ $disabled = strstr($tempstring, $findme);
- //if find alert is false, then rule is disabled
- if ($disabled !== false)
- {
- //rule has been enabled
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("# alert", "alert", $tempstring);
+ //if find alert is false, then rule is disabled
+ if ($disabled !== false)
+ {
+ //rule has been enabled
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ $tempstring = str_replace("# alert", "alert", $tempstring);
- }
- else
- {
- //has rule been disabled
- //move counter up 1, so we do not retrieve the # in the rule_content array
- $tempstring = str_replace("alert", "# alert", $tempstring);
+ }
+ else
+ {
+ //has rule been disabled
+ //move counter up 1, so we do not retrieve the # in the rule_content array
+ $tempstring = str_replace("alert", "# alert", $tempstring);
- }
+ }
- //copy string into array for writing
- $splitcontents[$toggleid] = $tempstring;
+ //copy string into array for writing
+ $splitcontents[$toggleid] = $tempstring;
- //write the new .rules file
- write_rule_file($splitcontents, $file);
+ //write the new .rules file
+ write_rule_file($splitcontents, $file);
- //once file has been written, reload file
- $splitcontents = load_rule_file($file);
+ //once file has been written, reload file
+ $splitcontents = load_rule_file($file);
}
@@ -247,16 +250,16 @@ include("head.inc");
<p class="pgtitle"><?=$pgtitle?></p>
<script type="text/javascript" language="javascript" src="row_toggle.js">
- <script src="/javascript/sorttable.js" type="text/javascript">
+ <script src="/javascript/sorttable.js" type="text/javascript">
</script>
<script language="javascript" type="text/javascript">
<!--
function go()
{
- box = document.forms[0].selectbox;
- destination = box.options[box.selectedIndex].value;
- if (destination) location.href = destination;
+ box = document.forms[0].selectbox;
+ destination = box.options[box.selectedIndex].value;
+ if (destination) location.href = destination;
}
// -->
@@ -264,213 +267,213 @@ function go()
<table width="99%" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td>
+ <td>
<?php
- $tab_array = array();
- $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
- $tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php");
- $tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php");
- $tab_array[] = array(gettext("Snort Rules"), true, "/snort_rules.php");
- $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
- $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
- $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
- $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
- display_top_tabs($tab_array);
+ $tab_array = array();
+ $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+ $tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php");
+ $tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php");
+ $tab_array[] = array(gettext("Snort Rules"), true, "/snort_rules.php");
+ $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
+ $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+ $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
+ $tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+ display_top_tabs($tab_array);
?>
- </td>
+ </td>
</tr>
<tr>
<td>
- <div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td>
- <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr id="frheader">
- <td width="3%" class="list">&nbsp;</td>
- <td width="5%" class="listhdr">SID</td>
- <td width="6%" class="listhdrr">Proto</td>
- <td width="15%" class="listhdrr">Source</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="15%" class="listhdrr">Destination</td>
- <td width="10%" class="listhdrr">Port</td>
- <td width="32%" class="listhdrr">Message</td>
-
- </tr>
- <tr>
- <?php
-
- echo "<br>Category: ";
-
- //string for populating category select
- $currentruleset = substr($file, 27);
- ?>
- <form name="forms">
- <select name="selectbox" class="formfld" onChange="go()">
- <?php
- $i=0;
- foreach ($files as $value)
- {
- $selectedruleset = "";
- if ($files[$i] === $currentruleset)
- $selectedruleset = "selected";
- ?>
- <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>"
- <?php
- $i++;
-
- }
- ?>
- </select>
- </form>
- </tr>
- <?php
-
- $counter = 0;
- $printcounter = 0;
-
- foreach ( $splitcontents as $value )
- {
-
- $counter++;
- $disabled = "False";
- $comments = "False";
-
- $tempstring = $splitcontents[$counter];
- $findme = "# alert"; //find string for disabled alerts
-
- //find alert
- $disabled_pos = strstr($tempstring, $findme);
-
-
- //do soemthing, this rule is enabled
- $counter2 = 1;
-
- //retrieve sid value
- $sid = get_middle($tempstring, 'sid:', ';', 0);
-
- //check to see if the sid is numberical
- $is_sid_num = is_numeric($sid);
-
- //if SID is numerical, proceed
- if ($is_sid_num)
- {
-
- //if find alert is false, then rule is disabled
- if ($disabled_pos !== false){
- $counter2 = $counter2+1;
- $textss = "<span class=\"gray\">";
- $textse = "</span>";
- $iconb = "icon_block_d.gif";
- }
- else
- {
- $textss = $textse = "";
- $iconb = "icon_block.gif";
- }
-
- $rule_content = explode(' ', $tempstring);
-
- $protocol = $rule_content[$counter2];//protocol location
- $counter2++;
- $source = $rule_content[$counter2];//source location
- $counter2++;
- $source_port = $rule_content[$counter2];//source port location
- $counter2 = $counter2+2;
- $destination = $rule_content[$counter2];//destination location
- $counter2++;
- $destination_port = $rule_content[$counter2];//destination port location
-
- $message = get_middle($tempstring, 'msg:"', '";', 0);
-
- echo "<tr>";
- echo "<td class=\"listt\">";
- echo $textss;
- ?>
- <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
- <?php
- echo $textse;
- echo "</td>";
-
-
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $sid;
- echo $textse;
- echo "</td>";
-
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $protocol;
- $printcounter++;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $source;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $source_port;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $destination;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $destination_port;
- echo $textse;
- echo "</td>";
- ?>
- <td class="listbg"><font color="white">
- <?php
- echo $textss;
- echo $message;
- echo $textse;
- echo "</td>";
- ?>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- <?php
- }
- }
- echo " ";
- echo "There are ";
- echo $printcounter;
- echo " rules in this category. <br><br>";
- ?>
- </table>
- </td>
- </tr>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr id="frheader">
+ <td width="3%" class="list">&nbsp;</td>
+ <td width="5%" class="listhdr">SID</td>
+ <td width="6%" class="listhdrr">Proto</td>
+ <td width="15%" class="listhdrr">Source</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="15%" class="listhdrr">Destination</td>
+ <td width="10%" class="listhdrr">Port</td>
+ <td width="32%" class="listhdrr">Message</td>
+
+ </tr>
+ <tr>
+ <?php
+
+ echo "<br>Category: ";
+
+ //string for populating category select
+ $currentruleset = substr($file, 27);
+ ?>
+ <form name="forms">
+ <select name="selectbox" class="formfld" onChange="go()">
+ <?php
+ $i=0;
+ foreach ($files as $value)
+ {
+ $selectedruleset = "";
+ if ($files[$i] === $currentruleset)
+ $selectedruleset = "selected";
+ ?>
+ <option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>"
+ <?php
+ $i++;
+
+ }
+ ?>
+ </select>
+ </form>
+ </tr>
+ <?php
+
+ $counter = 0;
+ $printcounter = 0;
+
+ foreach ( $splitcontents as $value )
+ {
+
+ $counter++;
+ $disabled = "False";
+ $comments = "False";
+
+ $tempstring = $splitcontents[$counter];
+ $findme = "# alert"; //find string for disabled alerts
+
+ //find alert
+ $disabled_pos = strstr($tempstring, $findme);
+
+
+ //do soemthing, this rule is enabled
+ $counter2 = 1;
+
+ //retrieve sid value
+ $sid = get_middle($tempstring, 'sid:', ';', 0);
+
+ //check to see if the sid is numberical
+ $is_sid_num = is_numeric($sid);
+
+ //if SID is numerical, proceed
+ if ($is_sid_num)
+ {
+
+ //if find alert is false, then rule is disabled
+ if ($disabled_pos !== false){
+ $counter2 = $counter2+1;
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $iconb = "icon_block_d.gif";
+ }
+ else
+ {
+ $textss = $textse = "";
+ $iconb = "icon_block.gif";
+ }
+
+ $rule_content = explode(' ', $tempstring);
+
+ $protocol = $rule_content[$counter2];//protocol location
+ $counter2++;
+ $source = $rule_content[$counter2];//source location
+ $counter2++;
+ $source_port = $rule_content[$counter2];//source port location
+ $counter2 = $counter2+2;
+ $destination = $rule_content[$counter2];//destination location
+ $counter2++;
+ $destination_port = $rule_content[$counter2];//destination port location
+
+ $message = get_middle($tempstring, 'msg:"', '";', 0);
+
+ echo "<tr>";
+ echo "<td class=\"listt\">";
+ echo $textss;
+ ?>
+ <a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
+ <?php
+ echo $textse;
+ echo "</td>";
+
+
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $sid;
+ echo $textse;
+ echo "</td>";
+
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $protocol;
+ $printcounter++;
+ echo $textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $source;
+ echo $textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $source_port;
+ echo $textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $destination;
+ echo $textse;
+ echo "</td>";
+ echo "<td class=\"listlr\">";
+ echo $textss;
+ echo $destination_port;
+ echo $textse;
+ echo "</td>";
+ ?>
+ <td class="listbg"><font color="white">
+ <?php
+ echo $textss;
+ echo $message;
+ echo $textse;
+ echo "</td>";
+ ?>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ <?php
+ }
+ }
+ echo " ";
+ echo "There are ";
+ echo $printcounter;
+ echo " rules in this category. <br><br>";
+ ?>
+ </table>
+ </td>
+ </tr>
<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
- <td>Rule Enabled</td>
- </tr>
- <tr>
- <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
- <td nowrap>Rule Disabled</td>
-
-
- </tr>
- <tr>
- <td colspan="10">
- <p>
- <!--<strong><span class="red">Warning:<br>
- </span></strong>Editing these r</p>-->
- </td>
- </tr>
+ <tr>
+ <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
+ <td>Rule Enabled</td>
+ </tr>
+ <tr>
+ <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
+ <td nowrap>Rule Disabled</td>
+
+
+ </tr>
+ <tr>
+ <td colspan="10">
+ <p>
+ <!--<strong><span class="red">Warning:<br>
+ </span></strong>Editing these r</p>-->
+ </td>
+ </tr>
</table>
- </table>
+ </table>
</td>
</tr>
@@ -479,4 +482,4 @@ function go()
<?php include("fend.inc"); ?>
</div></body>
-</html>
+</html> \ No newline at end of file