From 4402b0beeea5e15b479664fb4410293bf1b885be Mon Sep 17 00:00:00 2001 From: robiscool Date: Sat, 30 Jul 2011 21:19:37 -0700 Subject: snort-dev, add more clean up db code, add new tables to ips db --- config/snort-dev/snortDBrules | Bin 8192 -> 18432 bytes config/snort-dev/snort_json_post.php | 10 ++-- config/snort-dev/snort_new.inc | 78 +++++++++++++++++++++++++++++++- config/snort-dev/snort_rules_ips.php | 17 ++++--- config/snort-dev/snort_rulesets_ips.php | 20 +++++++- 5 files changed, 110 insertions(+), 15 deletions(-) diff --git a/config/snort-dev/snortDBrules b/config/snort-dev/snortDBrules index 9d4e33a3..9723d664 100644 Binary files a/config/snort-dev/snortDBrules and b/config/snort-dev/snortDBrules differ diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php index 11b055c1..1b10ba3b 100644 --- a/config/snort-dev/snort_json_post.php +++ b/config/snort-dev/snort_json_post.php @@ -68,19 +68,19 @@ if ($_POST['snortSamSaveSettings'] == 1) { unset($_POST['snortSamSaveSettings']); if ($_POST['ifaceTab'] === 'snort_rulesets_ips') { - function snortSamSaveFunc() + function snortSamRulesetSaveFunc() { print_r($_POST); } - snortSamSaveFunc(); + snortSamRulesetSaveFunc(); } if ($_POST['ifaceTab'] === 'snort_rules_ips') { - function snortSamSaveFunc() + function snortSamRulesSaveFunc() { - print_r($_POST); + snortSql_updateRulesSigsIps(); } - snortSamSaveFunc(); + snortSamRulesSaveFunc(); } } diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc index 510185b4..ed58d42e 100644 --- a/config/snort-dev/snort_new.inc +++ b/config/snort-dev/snort_new.inc @@ -396,6 +396,74 @@ function snortSql_updateRuleSigList() } // END Save ruleSets settings + +// Save rulessigs settings for snort_rules_ips +function snortSql_updateRulesSigsIps() +{ + + // get default settings + $listGenRules = array(); + $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $_POST['rdbuuid']); + + + $addDate = date(U); + + // dont let user pick the DB path + $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); + + // checkbox off catch + $listGenRulesEnable = $listGenRules[0]['enable']; + if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) { + + $listGenRulesEnable = 'off'; + } + + foreach ($_POST['snortsam']['db'] as $singleSig) + { + + $resultid = sqlite_query($db, + "SELECT id FROM {$_POST['dbTable']} WHERE signatureid = '{$singleSig['sig']}' and rdbuuid = '{$_POST['rdbuuid']}'; + "); + + $chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC); + + // checkbox off catch + $singleSigEnable = $singleSig['enable']; + if ( empty($singleSig['enable']) ) { + + $singleSigEnable = 'off'; + } + + // only do this if something change from defauts settings + $somthingChanged = FALSE; + if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] !== $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) { + $somthingChanged = TRUE; + } + + if ( empty($chktable) && $somthingChanged ) { + + $rulesetUuid = genAlphaNumMixFast(11, 14); + + $query_ck = sqlite_query($db, // @ supress warnings usonly in production + "INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}'); + "); + + } + + if ( !empty($chktable) && $somthingChanged ) { + + echo $singleSig['sig']; + + } + + } // END foreach + + sqlite_close($db); + +} + + + // Save ruleSets settings function snortSql_updateRuleSetList() { @@ -481,6 +549,12 @@ function snortSql_updateRuleSetList() $table = 'SnortruleGenIps'; $rulesetUuid = genAlphaNumMixFast(11, 14); $addDate = date(U); + + // if enable is empty then set to off + if (empty($_POST['snortsam']['db']['gensettings']['enable'])) { + + $_POST['snortsam']['db']['gensettings']['enable'] = 'off'; + } // dont let user pick the DB path $db = sqlite_open("/usr/local/pkg/snort/{$_POST['dbName']}"); @@ -494,13 +568,13 @@ function snortSql_updateRuleSetList() if (!empty($chktable)) { $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "UPDATE {$table} SET who = '{$_POST['snortsam']['db']['gensettings']['who']}', timeamount = '{$_POST['snortsam']['db']['gensettings']['timeamount']}', timetype = '{$_POST['snortsam']['db']['gensettings']['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}'; + "UPDATE {$table} SET enable = '{$_POST['snortsam']['db']['gensettings']['enable']}', who = '{$_POST['snortsam']['db']['gensettings']['who']}', timeamount = '{$_POST['snortsam']['db']['gensettings']['timeamount']}', timetype = '{$_POST['snortsam']['db']['gensettings']['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}'; "); }else{ $query_ck = sqlite_query($db, // @ supress warnings usonly in production - "INSERT INTO {$table} (date, uuid, rdbuuid, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$_POST['snortsam']['db']['gensettings']['who']}', '{$_POST['snortsam']['db']['gensettings']['timeamount']}', '{$_POST['snortsam']['db']['gensettings']['timetype']}'); + "INSERT INTO {$table} (date, uuid, rdbuuid, enable, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$_POST['snortsam']['db']['gensettings']['enable']}', '{$_POST['snortsam']['db']['gensettings']['who']}', '{$_POST['snortsam']['db']['gensettings']['timeamount']}', '{$_POST['snortsam']['db']['gensettings']['timetype']}'); "); } diff --git a/config/snort-dev/snort_rules_ips.php b/config/snort-dev/snort_rules_ips.php index ce14bf30..3e39501d 100644 --- a/config/snort-dev/snort_rules_ips.php +++ b/config/snort-dev/snort_rules_ips.php @@ -156,7 +156,9 @@ if (isset($_GET['rulefilename'])) { - + + +    On @@ -292,7 +294,7 @@ function createDropdownOptionList(list, opselected) { selectedOptionON = 'selected="selected"'; } - strOut = strOut + '' + "\n"; + strOut = strOut + '' + "\n"; selectedOptionON = ''; } return strOut; @@ -328,24 +330,25 @@ function makeLargeSidTables(snortObjlist) { jQuery('.rulesetloopblock').append( "\n" + '' + "\n" + '' + "\n" + - '' + "\n" + + '' + "\n" + '' + "\n" + '' + snortObjlist[i].sid + '' + "\n" + '' + "\n" + - '' + "\n" + createDropdownOptionList(timeValuePerfList, snortObjlist[i].who) + '' + "\n" + '' + "\n" + '' + "\n" + - '' + "\n" + + '' + "\n" + '' + "\n" + '' + "\n" + - '' + "\n" + createDropdownOptionList(timeTypePerfList, snortObjlist[i].timetype) + '' + "\n" + '' + "\n" + '' + snortObjlist[i].msg + '' + "\n" + - '' + "\n" + '' + "\n" + + '' + "\n" ); }, diff --git a/config/snort-dev/snort_rulesets_ips.php b/config/snort-dev/snort_rulesets_ips.php index b5c18523..459f2868 100644 --- a/config/snort-dev/snort_rulesets_ips.php +++ b/config/snort-dev/snort_rulesets_ips.php @@ -295,9 +295,27 @@ jQuery(document).ready(function() { - + + + + + + + + + + +
   On   Source   Amount   Duration
Default settings for all block rules + + type="checkbox"> +