From 0841fc3fe30892fcbbf7ea9dc330ffae6bfb62a3 Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 2 Aug 2011 15:54:21 -0700 Subject: orionids-dev, remake paths --- config/orionids-dev/snort.xml | 257 ----------------------------- config/orionids-dev/snort_install.inc | 70 ++++---- config/orionids-dev/snort_json_post.php | 106 ++++++------ config/orionids-dev/snort_new.inc | 128 +++++++++----- config/orionids-dev/snort_rules.php | 73 ++++---- config/orionids-dev/snort_rules_ips.php | 5 +- config/orionids-dev/snort_rulesets.php | 22 +-- config/orionids-dev/snort_rulesets_ips.php | 23 ++- 8 files changed, 234 insertions(+), 450 deletions(-) delete mode 100644 config/orionids-dev/snort.xml diff --git a/config/orionids-dev/snort.xml b/config/orionids-dev/snort.xml deleted file mode 100644 index d0d30ded..00000000 --- a/config/orionids-dev/snort.xml +++ /dev/null @@ -1,257 +0,0 @@ - - - - - - . - All rights reserved. - */ -/* ========================================================================== */ -/* - - Pfsense Old snort GUI - Copyright (C) 2006 Scott Ullrich. - - Pfsense snort GUI - Copyright (C) 2008-2012 Robert Zelaya. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the pfSense nor the names of its contributors - may be used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - - Describe your package here - Describe your package requirements here - Currently there are no FAQ items provided. - Snort - 2.9.0.5 - Services:2.9.0.5 pkg v. 2.0 - /usr/local/pkg/snort/snort_install.inc - - Snort - Setup snort specific settings -
Services
- /snort/snort_interfaces.php - - - snort - snort.sh - snort - Snort is the most widely deployed IDS/IPS technology worldwide. - - - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort.xml - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snortDB - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snortDBrules - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snortDBtemp - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_build.inc - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_download_rules.inc - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_gui.inc - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_head.inc - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_headbase.inc - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_install.inc - - - /usr/local/pkg/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_new.inc - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_alerts.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_barnyard.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_blocked.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_define_servers.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_download_updates.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_help_info.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_interfaces.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_edit.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_global.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_rules_edit.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_suppress_edit.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_interfaces_whitelist_edit.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_json_get.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_json_post.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_preprocessors.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_rules.php - - - /usr/local/www/snort/ - 077 - http://www.pfsense.com/packages/config/snort-dev/snort_rulesets.php - - - /usr/local/bin/ - 077 - http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/create-sidmap.pl - - - /usr/local/bin/ - 077 - http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/oinkmaster.pl - - - /usr/local/bin/ - 077 - http://www.pfsense.com/packages/config/snort/bin/oinkmaster_contrib/snort_rename.pl - - - - - - - sync_snort_package(); - - - snort_postinstall(); - - - snort_deinstall(); - - diff --git a/config/orionids-dev/snort_install.inc b/config/orionids-dev/snort_install.inc index c805d62c..fd61150d 100644 --- a/config/orionids-dev/snort_install.inc +++ b/config/orionids-dev/snort_install.inc @@ -121,19 +121,19 @@ function snort_postinstall() } if (!file_exists('/usr/local/etc/snort/snortDBrules/custom_rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules'); + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/custom_rules/rules'); } if (!file_exists('/usr/local/etc/snort/snortDBrules/emerging_rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules'); + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/emerging_rules/rules'); } if (!file_exists('/usr/local/etc/snort/snortDBrules/pfsense_rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules'); + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/pfsense_rules/rules'); } if (!file_exists('/usr/local/etc/snort/snortDBrules/snort_rules')) { - exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules'); + exec('/bin/mkdir -p /usr/local/etc/snort/snortDBrules/snort_rules/rules'); } if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/default/rules')) { @@ -226,39 +226,39 @@ function snort_postinstall() exec('/bin/mkdir -p /usr/local/www/snort/javascript'); chdir ("/usr/local/www/snort/css/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/style_snort2.css'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/css/new_tab_menu.css'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/css/style_snort2.css'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/css/new_tab_menu.css'); chdir ("/usr/local/www/snort/images/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/alert.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/arrow_down.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/awesome-overlay-sprite.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/controls.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/down2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/footer2.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-asc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort-desc.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon-table-sort.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/icon_excli.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/loading.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo.jpg'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/logo22.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/page_white_text.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparent.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/transparentbg.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/up2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/close_9x9.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/new_tab_menu.png'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progress_bar2.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progressbar.gif'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/top_modal_bar_lil.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/alert.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/arrow_down.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/awesome-overlay-sprite.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/controls.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/down.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/down2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/footer.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/footer2.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon-table-sort-asc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon-table-sort-desc.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon-table-sort.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/icon_excli.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/loading.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/logo.jpg'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/logo22.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/page_white_text.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/transparent.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/transparentbg.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/up.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/up2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/close_9x9.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/new_tab_menu.png'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/progress_bar2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/progressbar.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/images/top_modal_bar_lil.jpg'); chdir ("/usr/local/www/snort/javascript/"); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.6.2.min.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.form.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/snort_globalsend.js'); - exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery.progressbar.min.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/jquery-1.6.2.min.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/jquery.form.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/snort_globalsend.js'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/orionids-dev/javascript/jquery.progressbar.min.js'); /* back to default */ chdir ('/root/'); diff --git a/config/orionids-dev/snort_json_post.php b/config/orionids-dev/snort_json_post.php index 1b10ba3b..2b63f9b6 100644 --- a/config/orionids-dev/snort_json_post.php +++ b/config/orionids-dev/snort_json_post.php @@ -62,29 +62,6 @@ function snortJsonReturnCode($returnStatus) } } -// snortsam save settings -if ($_POST['snortSamSaveSettings'] == 1) { - - unset($_POST['snortSamSaveSettings']); - - if ($_POST['ifaceTab'] === 'snort_rulesets_ips') { - function snortSamRulesetSaveFunc() - { - print_r($_POST); - } - snortSamRulesetSaveFunc(); - } - - if ($_POST['ifaceTab'] === 'snort_rules_ips') { - function snortSamRulesSaveFunc() - { - snortSql_updateRulesSigsIps(); - } - snortSamRulesSaveFunc(); - } - -} - // row from db by uuid if ($_POST['snortSidRuleEdit'] == 1) { @@ -94,45 +71,54 @@ if ($_POST['snortSidRuleEdit'] == 1) { unset($_POST['snortSidRuleEdit']); snortSidStringRuleEditGUI(); - } - snortSidRuleEditFunc(); + } snortSidRuleEditFunc(); } // row from db by uuid -if ($_POST['snortSaveRuleSets'] == 1) { - - if ($_POST['ifaceTab'] == 'snort_rulesets' || $_POST['ifaceTab'] == 'snort_rulesets_ips') { +if ($_POST['snortSaveRuleSets'] == 1) { + + + if ($_POST['ifaceTab'] === 'snort_rules_ips') { + function snortSamRulesSaveFunc() + { + snortJsonReturnCode(snortSql_updateRulesSigsIps()); - function snortSaveRuleSetsRulesetsFunc() - { - // unset POSTs that are markers not in db - unset($_POST['snortSaveRuleSets']); - unset($_POST['ifaceTab']); - - // save to database - snortJsonReturnCode(snortSql_updateRuleSetList()); - - // only build if uuid is valid - if (!empty($_POST['uuid'])) { - build_snort_settings($_POST['uuid']); - } - } - snortSaveRuleSetsRulesetsFunc(); - } + } snortSamRulesSaveFunc(); + } + + + if ($_POST['ifaceTab'] == 'snort_rulesets' || $_POST['ifaceTab'] == 'snort_rulesets_ips') { - if ($_POST['ifaceTab'] == 'snort_rules') { - function snortSaveRuleSetsRulesFunc() - { - // unset POSTs that are markers not in db - unset($_POST['snortSaveRuleSets']); - unset($_POST['ifaceTab']); - - snortJsonReturnCode(snortSql_updateRuleSigList()); + function snortSaveRuleSetsRulesetsFunc() + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + // save to database + snortJsonReturnCode(snortSql_updateRuleSetList()); + + // only build if uuid is valid + if (!empty($_POST['uuid'])) { + build_snort_settings($_POST['uuid']); } - snortSaveRuleSetsRulesFunc(); - } + + } snortSaveRuleSetsRulesetsFunc(); + } + + if ($_POST['ifaceTab'] == 'snort_rules') { + function snortSaveRuleSetsRulesFunc() + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSigList()); + + } snortSaveRuleSetsRulesFunc(); + } } // END of rulesSets @@ -196,6 +182,12 @@ if ($_POST['snortSaveSettings'] == 1) { // creat iface dir and ifcae rules dir exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + // create at least one file + if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules')) { + + exec('touch /usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules'); + + } // NOTE: code only works on php5 $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); @@ -203,13 +195,13 @@ if ($_POST['snortSaveSettings'] == 1) { $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); if (!empty($listSnortRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); } if (!empty($listEmergingRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); } if (!empty($listPfsenseRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); } diff --git a/config/orionids-dev/snort_new.inc b/config/orionids-dev/snort_new.inc index ed58d42e..7a6326e8 100644 --- a/config/orionids-dev/snort_new.inc +++ b/config/orionids-dev/snort_new.inc @@ -401,64 +401,108 @@ function snortSql_updateRuleSigList() function snortSql_updateRulesSigsIps() { - // get default settings - $listGenRules = array(); - $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']); - - - $addDate = date(U); - // dont let user pick the DB path - $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); + $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); - // checkbox off catch - $listGenRulesEnable = $listGenRules[0]['enable']; - if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) { - - $listGenRulesEnable = 'off'; - } + function insertUpdateDB($db) + { - foreach ($_POST['snortsam']['db'] as $singleSig) - { - - $resultid = sqlite_query($db, - "SELECT id FROM {$_POST['dbTable']} WHERE signatureid = '{$singleSig['sig']}' and rdbuuid = '{$_POST['rdbuuid']}'; - "); - - $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); + // get default settings + $listGenRules = array(); + $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']); - // checkbox off catch - $singleSigEnable = $singleSig['enable']; - if ( empty($singleSig['enable']) ) { - - $singleSigEnable = 'off'; + // if $listGenRules empty list defaults + if (empty($listGenRules)) { + $listGenRules[0] = array( + 'rdbuuid' => $_POST['rdbuuid'], + 'enable' => 'on', + 'who' => 'src', + 'timeamount' => 15, + 'timetype' => 'minutes' + ); } - // only do this if something change from defauts settings - $somthingChanged = FALSE; - if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] !== $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) { - $somthingChanged = TRUE; + $addDate = date(U); + + // checkbox off catch + $listGenRulesEnable = $listGenRules[0]['enable']; + if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) { + + $listGenRulesEnable = 'off'; } - if ( empty($chktable) && $somthingChanged ) { + foreach ($_POST['snortsam']['db'] as $singleSig) + { + + $resultid = sqlite_query($db, + "SELECT id FROM {$_POST['dbTable']} WHERE siguuid = '{$singleSig['siguuid']}' and rdbuuid = '{$_POST['rdbuuid']}'; + "); + + $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); + + // checkbox off catch + $singleSigEnable = $singleSig['enable']; + if ( empty($singleSig['enable']) ) { - $rulesetUuid = genAlphaNumMixFast(11, 14); + $singleSigEnable = 'off'; + } + + // only do this if something change from defauts settings, note: timeamount Not equal + $somthingChanged = FALSE; + if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] != $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) { + $somthingChanged = TRUE; + } - $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}'); - "); + if ( empty($chktable) && $somthingChanged ) { - } + $rulesetUuid = genAlphaNumMixFast(11, 14); + + $query_ck = sqlite_query($db, // @ supress warnings usonly in production + "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, siguuid, sigfilename, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['siguuid']}', '{$singleSig['sigfilename']}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}'); + "); + + + } + + if ( !empty($chktable) ) { + + $query_ck = sqlite_query($db, // @ supress warnings usonly in production + "UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}'; + "); + + } - if ( !empty($chktable) && $somthingChanged ) { + } // END foreach + + } insertUpdateDB($db); - echo $singleSig['sig']; - + function cleanupDB($db) + { + // clean database of old names and turn rulesets off + $listDir = snortScanDirFilter("/usr/local/etc/snort/snortDBrules/DB/{$_POST['rdbuuid']}/rules/", '\.rules'); + + $resultAllRulesetname = sqlite_query($db, + "SELECT sigfilename FROM {$_POST['dbTable']} WHERE rdbuuid = '{$_POST['rdbuuid']}'; + "); + + $chktable2 = sqlite_fetch_all($resultAllRulesetname, SQLITE_ASSOC); + + if (!empty($chktable2)) { + foreach ($chktable2 as $value) + { + + if(!in_array($value['sigfilename'], $listDir)) { + $deleteMissingRuleset = sqlite_query($db, // @ supress warnings use only in production + "DELETE FROM {$_POST['dbTable']} WHERE sigfilename = '{$value['sigfilename']}' and rdbuuid = '{$_POST['rdbuuid']}'; + "); + } + + } } - - } // END foreach + } cleanupDB($db); sqlite_close($db); + return true; } diff --git a/config/orionids-dev/snort_rules.php b/config/orionids-dev/snort_rules.php index 78134d52..09490a37 100644 --- a/config/orionids-dev/snort_rules.php +++ b/config/orionids-dev/snort_rules.php @@ -434,43 +434,48 @@ jQuery(document).ready(function() { - // disable Row Append if row count is less than 0 - var countRowAppend = ; + + if (!empty($countSig)) { + echo 'var countRowAppend = ' . $countSig . ';' . "\n"; + }else{ + echo 'var countRowAppend = 0;' . "\n"; + } + +?> // if rowcount is not empty do this if (countRowAppend > 0){ diff --git a/config/orionids-dev/snort_rules_ips.php b/config/orionids-dev/snort_rules_ips.php index 3e39501d..b1bd8b08 100644 --- a/config/orionids-dev/snort_rules_ips.php +++ b/config/orionids-dev/snort_rules_ips.php @@ -153,7 +153,7 @@ if (isset($_GET['rulefilename'])) { - + @@ -348,7 +348,8 @@ function makeLargeSidTables(snortObjlist) { '' + "\n" + '' + "\n" + '' + "\n" + - '' + "\n" + '' + "\n" + + '' + "\n" ); }, diff --git a/config/orionids-dev/snort_rulesets.php b/config/orionids-dev/snort_rulesets.php index 3935d49a..5182b803 100644 --- a/config/orionids-dev/snort_rulesets.php +++ b/config/orionids-dev/snort_rulesets.php @@ -102,8 +102,8 @@ jQuery(document).ready(function() { * NOTE: I could have used a php loop to build the table but off loading to client is faster * use jQuery jason parse, make sure its in one line */ - if (!empty($filterDirList)) - { + if (!empty($filterDirList)) { + $countDirList = count($filterDirList); echo "\n"; @@ -134,27 +134,27 @@ jQuery(document).ready(function() { } echo ' ]}\');' . "\n"; - } + + }else{ + echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n"; + + } ?> // loop through object, dont use .each in jQuery as its slow - if(snortObjlist.ruleSets.length > 0) - { - for (var i = 0; i < snortObjlist.ruleSets.length; i++) - { + if(snortObjlist.ruleSets.length > 0) { + for (var i = 0; i < snortObjlist.ruleSets.length; i++) { - if (isEven(i) === true) - { + if (isEven(i) === true) { var rowIsEvenOdd = 'even_ruleset'; }else{ var rowIsEvenOdd = 'odd_ruleset'; } - if (snortObjlist.ruleSets[i].enable === 'on') - { + if (snortObjlist.ruleSets[i].enable === 'on') { var rulesetChecked = 'checked'; }else{ var rulesetChecked = ''; diff --git a/config/orionids-dev/snort_rulesets_ips.php b/config/orionids-dev/snort_rulesets_ips.php index 459f2868..dd3e943e 100644 --- a/config/orionids-dev/snort_rulesets_ips.php +++ b/config/orionids-dev/snort_rulesets_ips.php @@ -106,8 +106,8 @@ jQuery(document).ready(function() { * NOTE: I could have used a php loop to build the table but off loading to client is faster * use jQuery jason parse, make sure its in one line */ - if (!empty($filterDirList)) - { + if (!empty($filterDirList)) { + $countDirList = count($filterDirList); echo "\n"; @@ -138,27 +138,26 @@ jQuery(document).ready(function() { } echo ' ]}\');' . "\n"; + + }else{ + // + echo 'var snortObjlist = jQuery.parseJSON(\' { "ruleSets": [] } \');' . "\n"; + } - - ?> // loop through object, dont use .each in jQuery as its slow - if(snortObjlist.ruleSets.length > 0) - { - for (var i = 0; i < snortObjlist.ruleSets.length; i++) - { + if(snortObjlist.ruleSets.length > 0) { + for (var i = 0; i < snortObjlist.ruleSets.length; i++) { - if (isEven(i) === true) - { + if (isEven(i) === true) { var rowIsEvenOdd = 'even_ruleset'; }else{ var rowIsEvenOdd = 'odd_ruleset'; } - if (snortObjlist.ruleSets[i].enable === 'on') - { + if (snortObjlist.ruleSets[i].enable === 'on') { var rulesetChecked = 'checked'; }else{ var rulesetChecked = ''; -- cgit v1.2.3
' + snortObjlist[i].msg + '