From 7757b8de6deea0db6a75cb60cd41745aecacba36 Mon Sep 17 00:00:00 2001
From: robiscool <robrob2626@yahoo.com>
Date: Tue, 9 Aug 2011 10:04:28 -0700
Subject: orionids-dev, finally finished sig ips db gui, start snortsam.conf
 work

---
 .../javascript/jquery.progressbar.min.js           | 38 +++++-----
 config/orionids-dev/javascript/snort_globalsend.js | 44 ++++++++++-
 config/orionids-dev/snort_build.inc                | 86 +++++++++++++++++++++-
 config/orionids-dev/snort_interfaces_rules.php     | 51 ++++++++++---
 config/orionids-dev/snort_json_post.php            | 47 +++++++++++-
 config/orionids-dev/snort_new.inc                  | 48 ++++++++++--
 config/orionids-dev/snort_rules_ips.php            | 43 ++++-------
 7 files changed, 283 insertions(+), 74 deletions(-)

diff --git a/config/orionids-dev/javascript/jquery.progressbar.min.js b/config/orionids-dev/javascript/jquery.progressbar.min.js
index 77d147f9..e85e1120 100644
--- a/config/orionids-dev/javascript/jquery.progressbar.min.js
+++ b/config/orionids-dev/javascript/jquery.progressbar.min.js
@@ -1,20 +1,20 @@
-
-(function($){$.extend({progressBar:new function(){this.defaults={steps:20,stepDuration:20,max:100,showText:true,textFormat:'percentage',width:120,height:12,callback:null,boxImage:'/snort/images/progressbar.gif',barImage:{0:'images/progressbg_red.gif',30:'images/progressbg_orange.gif',70:'images/progressbg_green.gif'},running_value:0,value:0,image:null};this.construct=function(arg1,arg2){var argvalue=null;var argconfig=null;if(arg1!=null){if(!isNaN(arg1)){argvalue=arg1;if(arg2!=null){argconfig=arg2;}}else{argconfig=arg1;}}
-return this.each(function(child){var pb=this;var config=this.config;if(argvalue!=null&&this.bar!=null&&this.config!=null){this.config.value=parseInt(argvalue)
-if(argconfig!=null)
-pb.config=$.extend(this.config,argconfig);config=pb.config;}else{var $this=$(this);var config=$.extend({},$.progressBar.defaults,argconfig);config.id=$this.attr('id')?$this.attr('id'):Math.ceil(Math.random()*100000);if(argvalue==null)
-argvalue=$this.html().replace("%","")
-config.value=parseInt(argvalue);config.running_value=0;config.image=getBarImage(config);var numeric=['steps','stepDuration','max','width','height','running_value','value'];for(var i=0;i<numeric.length;i++)
-config[numeric[i]]=parseInt(config[numeric[i]]);$this.html("");var bar=document.createElement('img');var text=document.createElement('span');var $bar=$(bar);var $text=$(text);pb.bar=$bar;$bar.attr('id',config.id+"_pbImage");$text.attr('id',config.id+"_pbText");$text.html(getText(config));$bar.attr('title',getText(config));$bar.attr('alt',getText(config));$bar.attr('src',config.boxImage);$bar.attr('width',config.width);$bar.css("width",config.width+"px");$bar.css("height",config.height+"px");$bar.css("background-image","url("+config.image+")");$bar.css("background-position",((config.width*-1))+'px 50%');$bar.css("padding","0");$bar.css("margin","0");$this.append($bar);$this.append($text);}
-function getPercentage(config){return config.running_value*100/config.max;}
-function getBarImage(config){var image=config.barImage;if(typeof(config.barImage)=='object'){for(var i in config.barImage){if(config.running_value>=parseInt(i)){image=config.barImage[i];}else{break;}}}
-return image;}
-function getText(config){if(config.showText){if(config.textFormat=='percentage'){return" "+Math.round(config.running_value)+"%";}else if(config.textFormat=='fraction'){return" "+config.running_value+'/'+config.max;}}}
-config.increment=Math.round((config.value-config.running_value)/config.steps);if(config.increment<0)
-config.increment*=-1;if(config.increment<1)
-config.increment=1;var t=setInterval(function(){var pixels=config.width/100;if(config.running_value>config.value){if(config.running_value-config.increment<config.value){config.running_value=config.value;}else{config.running_value-=config.increment;}}
-else if(config.running_value<config.value){if(config.running_value+config.increment>config.value){config.running_value=config.value;}else{config.running_value+=config.increment;}}
-if(config.running_value==config.value)
-clearInterval(t);var $bar=$("#"+config.id+"_pbImage");var $text=$("#"+config.id+"_pbText");var image=getBarImage(config);if(image!=config.image){$bar.css("background-image","url("+image+")");config.image=image;}
-$bar.css("background-position",(((config.width*-1))+(getPercentage(config)*pixels))+'px 50%');$bar.attr('title',getText(config));$text.html(getText(config));if(config.callback!=null&&typeof(config.callback)=='function')
+
+(function($){$.extend({progressBar:new function(){this.defaults={steps:20,stepDuration:20,max:100,showText:true,textFormat:'percentage',width:120,height:12,callback:null,boxImage:'/snort/images/progressbar.gif',barImage:{0:'images/progressbg_red.gif',30:'images/progressbg_orange.gif',70:'images/progressbg_green.gif'},running_value:0,value:0,image:null};this.construct=function(arg1,arg2){var argvalue=null;var argconfig=null;if(arg1!=null){if(!isNaN(arg1)){argvalue=arg1;if(arg2!=null){argconfig=arg2;}}else{argconfig=arg1;}}
+return this.each(function(child){var pb=this;var config=this.config;if(argvalue!=null&&this.bar!=null&&this.config!=null){this.config.value=parseInt(argvalue)
+if(argconfig!=null)
+pb.config=$.extend(this.config,argconfig);config=pb.config;}else{var $this=$(this);var config=$.extend({},$.progressBar.defaults,argconfig);config.id=$this.attr('id')?$this.attr('id'):Math.ceil(Math.random()*100000);if(argvalue==null)
+argvalue=$this.html().replace("%","")
+config.value=parseInt(argvalue);config.running_value=0;config.image=getBarImage(config);var numeric=['steps','stepDuration','max','width','height','running_value','value'];for(var i=0;i<numeric.length;i++)
+config[numeric[i]]=parseInt(config[numeric[i]]);$this.html("");var bar=document.createElement('img');var text=document.createElement('span');var $bar=$(bar);var $text=$(text);pb.bar=$bar;$bar.attr('id',config.id+"_pbImage");$text.attr('id',config.id+"_pbText");$text.html(getText(config));$bar.attr('title',getText(config));$bar.attr('alt',getText(config));$bar.attr('src',config.boxImage);$bar.attr('width',config.width);$bar.css("width",config.width+"px");$bar.css("height",config.height+"px");$bar.css("background-image","url("+config.image+")");$bar.css("background-position",((config.width*-1))+'px 50%');$bar.css("padding","0");$bar.css("margin","0");$this.append($bar);$this.append($text);}
+function getPercentage(config){return config.running_value*100/config.max;}
+function getBarImage(config){var image=config.barImage;if(typeof(config.barImage)=='object'){for(var i in config.barImage){if(config.running_value>=parseInt(i)){image=config.barImage[i];}else{break;}}}
+return image;}
+function getText(config){if(config.showText){if(config.textFormat=='percentage'){return" "+Math.round(config.running_value)+"%";}else if(config.textFormat=='fraction'){return" "+config.running_value+'/'+config.max;}}}
+config.increment=Math.round((config.value-config.running_value)/config.steps);if(config.increment<0)
+config.increment*=-1;if(config.increment<1)
+config.increment=1;var t=setInterval(function(){var pixels=config.width/100;if(config.running_value>config.value){if(config.running_value-config.increment<config.value){config.running_value=config.value;}else{config.running_value-=config.increment;}}
+else if(config.running_value<config.value){if(config.running_value+config.increment>config.value){config.running_value=config.value;}else{config.running_value+=config.increment;}}
+if(config.running_value==config.value)
+clearInterval(t);var $bar=$("#"+config.id+"_pbImage");var $text=$("#"+config.id+"_pbText");var image=getBarImage(config);if(image!=config.image){$bar.css("background-image","url("+image+")");config.image=image;}
+$bar.css("background-position",(((config.width*-1))+(getPercentage(config)*pixels))+'px 50%');$bar.attr('title',getText(config));$text.html(getText(config));if(config.callback!=null&&typeof(config.callback)=='function')
 config.callback(config);pb.config=config;},config.stepDuration);});};}});$.fn.extend({progressBar:$.progressBar.construct});})(jQuery);
\ No newline at end of file
diff --git a/config/orionids-dev/javascript/snort_globalsend.js b/config/orionids-dev/javascript/snort_globalsend.js
index 083c40ef..dc92efba 100644
--- a/config/orionids-dev/javascript/snort_globalsend.js
+++ b/config/orionids-dev/javascript/snort_globalsend.js
@@ -216,7 +216,8 @@ jQuery(document).ready(function() {
 
 // ------------------------------- START remove row element ---------------------------------------
   
-
+  
+  	// removes row and deletes db entries
 	function removeRow(){
 		jQuery("#maintable_" + window.RemoveRow_UUID).remove();
 	}
@@ -255,6 +256,35 @@ jQuery(document).ready(function() {
         }
         
     });
+    
+  	// resets db entries
+	function removeRow(){
+		jQuery("#maintable_" + window.RemoveRow_UUID).remove();
+	}
+	
+    jQuery(".icon_r").live('click', function(){
+        
+        var elem = getBaseElement(this.id); // this.id gets id of .icon_x
+
+        // window.RemoveRow_UUID = jQuery("#rowlist_" + elem.index).data("options").rowuuid;
+        window.RemoveRow_UUID = elem.index;        
+        window.RemoveRow_Table = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagetable;
+        window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb;
+        window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST;       
+        
+        // snort_interfaces_whitelist
+        if (window.RemoveRow_POST === 'true'){
+          if(confirm('Do you really want to reset this list ? (e.g. DB will reset, all saved settings will be lost!)')) {
+
+            jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast");
+            jQuery("#maintable_" + window.RemoveRow_UUID).fadeIn("fast");
+
+            jQuery(this).ajaxSubmit(optionsRSTlist); // call POST     
+            return false;
+          }
+        }
+        
+    });    
 
     
 	function RMlistDBDelCall(){
@@ -303,7 +333,17 @@ jQuery(document).ready(function() {
             type:          'POST',
             data:          { RMlistDelRow: '1', RMlistDB: RMlistDBDelCall, RMlistTable: RMlistTableDelCall, RMlistUuid: RMlistUuidDelCall },
             url:           './snort_json_post.php'
-        }; 
+        };
+  
+  // declare variable for DB reset
+  var optionsRSTlist = {
+            beforeSubmit:  showRequestRMlist,
+            dataType:      'json', 
+            success:       showResponseRMlist,
+            type:          'POST',
+            data:          { RSTlistRow: '1', RSTlistDB: RMlistDBDelCall, RSTlistTable: RMlistTableDelCall, RSTlistUuid: RMlistUuidDelCall },
+            url:           './snort_json_post.php'
+        };  
 
 
   // STOP remove row element
diff --git a/config/orionids-dev/snort_build.inc b/config/orionids-dev/snort_build.inc
index edc9583a..2c18d3d3 100644
--- a/config/orionids-dev/snort_build.inc
+++ b/config/orionids-dev/snort_build.inc
@@ -43,6 +43,86 @@ if(isset($_POST['__csrf_magic'])) {
   unset($_POST['__csrf_magic']);
 }
 
+
+/*
+ * Builds sid-block.map for snortsam
+ * May have to break this down into smaller funcs so that there is no namespace conflick
+ */
+function buildSnortSamSidBlockMap($rdbuuid)
+{
+	
+	
+	function buildSidMap($rdbuuid)
+	{
+		// list rules in the default dir
+		$filterDirList = array();
+		$filterDirList = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules', '\.rules');
+		
+		// list rules in db that are on in a array
+		$listOnRules = array();
+		$listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSetsIps', 'rdbuuid', $rdbuuid);
+		
+		// list rules in db that are on in a array
+		$listGenRules = array();
+		$listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid);
+		
+		// get sigs in db
+		$listSigRules = array();
+		$listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid);	
+	
+		// clear tmp db
+		exec('rm /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/*.rules');	
+		
+		foreach ($listOnRules as $listRule)
+		{
+			if ( $listRule['enable'] === 'on' ) {
+				exec('cp /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/rules/' . $listRule['rulesetname'] . ' /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/' . $listRule['rulesetname']);
+			}
+		}
+		
+		// get list of sids
+		exec('perl /usr/local/bin/make_snortsam_map.pl /usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/dbBlockSplit/', $getEnableSidArray);
+		
+		// make sidMapFile lines 1023: src, 15 min
+		// remember to chech is Gen enable is on
+		foreach ( getCurrentIpsRuleArray($getEnableSidArray) as $sidLineMap )
+		{
+			
+			$snortSigIpsExists = snortSearchArray($listSigRules, 'siguuid', $sidLineMap[0]);
+			
+			// if sig is in db use its settings else use default settings
+			if(!empty($snortSigIpsExists['siguuid'])) {
+		
+				$getSid = $snortSigIpsExists['siguuid'];
+				$getEnable = $snortSigIpsExists['enable'];
+				$getWho = $snortSigIpsExists['who'];
+				$getTimeamount = $snortSigIpsExists['timeamount'];
+				$getTimetype = $snortSigIpsExists['timetype'];
+				
+			}else{
+				
+				$getSid = $sidLineMap[0];
+				$getEnable = $listGenRules[0]['enable'];
+				$getWho = $listGenRules[0]['who'];
+				$getTimeamount = $listGenRules[0]['timeamount'];
+				$getTimetype = $listGenRules[0]['timetype'];									
+				
+			}
+			
+			
+			if ( $getEnable === 'on' ) {
+				$newMapFileLine[] = $getSid . ': ' . $getWho . ', ' . $getTimeamount . ' ' . $getTimetype . "\n"; 
+			}
+			
+		} // END forech
+		
+		return $newMapFileLine;	
+	} // END  buildSidMap Func
+	
+	write_rule_file(buildSidMap($rdbuuid), '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid . '/sid-block.map');
+	
+} // END Func buildSnortSidBlockMap
+
 // -------------------------- START snort.conf -------------------------
 
 /* func builds custom whitelests */
@@ -264,7 +344,7 @@ function generate_snort_conf($uuid)
 	// define snortsam
 	$snortsam_info_chk = $ifaceSettingsArray['blockoffenders7'];
 	if ($snortsam_info_chk === 'on') {
-		$snortsam_type = "output alert_fwsam: 127.0.0.1:898/addpasshere";
+		$snortsam_type = "output alert_fwsam: 127.0.0.1:786/snortsam1234";
 	}else{
 		$snortsam_type = '';
 	}
@@ -834,14 +914,14 @@ EOD;
 	if (empty($def_max_queued_bytes_info_chk)) {
 		$def_max_queued_bytes_type = '';
 	}else{
-		$def_max_queued_bytes_type = ' max_queued_bytes ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_bytes'] . ',';
+		$def_max_queued_bytes_type = ' max_queued_bytes ' . $ifaceSettingsArray['max_queued_bytes'] . ',';
 	}
 
 	$def_max_queued_segs_info_chk = $ifaceSettingsArray['max_queued_segs'];
 	if (empty($def_max_queued_segs_info_chk)) {
 		$def_max_queued_segs_type = '';
 	}else{
-		$def_max_queued_segs_type = ' max_queued_segs ' . $config['installedpackages']['snortglobal']['rule'][$id]['max_queued_segs'] . ',';
+		$def_max_queued_segs_type = ' max_queued_segs ' . $ifaceSettingsArray['max_queued_segs'] . ',';
 	}
 
 
diff --git a/config/orionids-dev/snort_interfaces_rules.php b/config/orionids-dev/snort_interfaces_rules.php
index 0f4c8b5d..12f9cec0 100644
--- a/config/orionids-dev/snort_interfaces_rules.php
+++ b/config/orionids-dev/snort_interfaces_rules.php
@@ -139,10 +139,10 @@ $a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', '');
 		<table width="100%" border="0px" cellpadding="0px" cellspacing="0px">
 		<!-- START MAIN AREA -->
 		
-		<table width="94%">				
+		<table width="100%">				
 			<tr > <!-- db to lookup -->
-				<td width="32%" class="listhdrr">File Name</td>
-				<td width="68%" class="listhdr">Description</td>
+				<td width="25%" class="listhdrr">File Name</td>
+				<td width="60%" class="listhdr">Description</td>
 			</tr>
 		</table>
 		
@@ -154,49 +154,78 @@ $a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', '');
 
 
 		<tr id="maintable_default" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' >
-			<td class="listlr" width="32%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">Default</td>
-			<td class="listbg" width="68%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">
+			<td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">Default</td>
+			<td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=default'">
 			<font color="#FFFFFF">Default rule database&nbsp;</font>
 			</td>
 			
 			<td valign="middle" nowrap class="list">
-			<table border="0" cellspacing="0" cellpadding="1">
+			<table border="0" cellspacing="0" cellpadding="2">			
+			<?php
+			/*
+			 * TODO: Must add snort process id to the rest disable block
+			 * Example: only disable reset when snort is running and database is selected
+			 */
+			if (in_array('default', $listUsedRules)) {
+				$resetObjectDf = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >';
+			}else{
+				$resetObjectDf = '<img id="icon_r_default" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >';
+			}		
+			
+			?>			
 				<tr>
 					<td valign="middle">
 					<a href="snort_interfaces_rules_edit.php?rdbuuid=default"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a>
 					</td>
 					<td>
+					<?=$resetObjectDf; ?>
+					</td>
+					<td>
 					<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" >
-					</td>					
+					</td>
+					</td>										
 				</tr>
 			</table>
 			</td>			
 		</tr>
-
 		
 		<?php foreach ($a_rules as $list): ?>
 		
 		<?php
+		/*
+		 * TODO: Must add snort process id to the rest disable block
+		 * Example: only disable reset when snort is running and database is selected
+		 */	
 		if (in_array($list['uuid'], $listUsedRules)) {
 			$deleteObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_x_d.gif" width="17" height="17" border="0" title="delete database" >';
 		}else{
 			$deleteObject = '<img id="icon_x_' . $list['uuid'] . '" class="icon_click icon_x" src="/themes/' . $g['theme'] . '/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete database" >';
 		}
+		
+		if (in_array($list['uuid'], $listUsedRules)) {
+			$resetObject = '<img src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall_d.gif" width="17" height="17" border="0" title="reset database" >';
+		}else{
+			$resetObject = '<img id="icon_r_' . $list['uuid'] . '" class="icon_click icon_r" src="/themes/' . $g['theme'] . '/images/icons/icon_reinstall.gif" width="17" height="17" border="0" title="reset database" >';
+		}		
+		
 		?>
 		
 		<tr id="maintable_<?=$list['uuid']?>" data-options='{"pagetable":"Snortrules", "pagedb":"snortDBrules", "DoPOST":"true"}' >
-			<td class="listlr" width="32%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"><?=$list['ruledbname'];?></td>
-			<td class="listbg" width="68%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'">
+			<td class="listlr" width="30%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'"><?=$list['ruledbname'];?></td>
+			<td class="listbg" width="63%" ondblclick="document.location='snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>'">
 			<font color="#FFFFFF"> <?=htmlspecialchars($list['description']);?>&nbsp;</font>
 			</td>
 			
 			<td valign="middle" nowrap class="list">
-			<table border="0" cellspacing="0" cellpadding="1">
+			<table border="0" cellspacing="0" cellpadding="2">
 				<tr>
 					<td valign="middle">
 					<a href="snort_interfaces_rules_edit.php?rdbuuid=<?=$list['uuid'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"width="17" height="17" border="0" title="edit database"></a>
 					</td>
 					<td>
+					<?=$resetObject; ?>
+					</td>					
+					<td>
 					<?=$deleteObject; ?>
 					</td>
 				</tr>
diff --git a/config/orionids-dev/snort_json_post.php b/config/orionids-dev/snort_json_post.php
index ca279f92..418a90be 100644
--- a/config/orionids-dev/snort_json_post.php
+++ b/config/orionids-dev/snort_json_post.php
@@ -102,6 +102,7 @@ if ($_POST['snortSaveRuleSets'] == 1) {
 		function snortSamRulesSaveFunc() 
 		{	
 			snortJsonReturnCode(snortSql_updateRulesSigsIps());
+			buildSnortSamSidBlockMap($_POST['rdbuuid']); //
 			
 		} snortSamRulesSaveFunc();
 	}	
@@ -118,6 +119,10 @@ if ($_POST['snortSaveRuleSets'] == 1) {
 			// save to database
 			snortJsonReturnCode(snortSql_updateRuleSetList());
 			
+			if (!empty($_POST['rdbuuid'])) {
+				buildSnortSamSidBlockMap($_POST['rdbuuid']); //
+			}			
+			
 			// only build if uuid is valid
 			if (!empty($_POST['uuid'])) {
 				build_snort_settings($_POST['uuid']);
@@ -130,7 +135,7 @@ if ($_POST['snortSaveRuleSets'] == 1) {
 } // END of rulesSets	
 
 // row from db by uuid
-if ($_POST['RMlistDelRow'] == 1) {
+if ( $_POST['RMlistDelRow'] == 1 || $_POST['RSTlistRow'] == 1 ) {
 	
 	
 	function RMlistDelRowFunc() 
@@ -167,7 +172,45 @@ if ($_POST['RMlistDelRow'] == 1) {
 		
 		snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']));
 	
-	} RMlistDelRowFunc();
+	} if ( $_POST['RMlistDelRow'] == 1 ) { RMlistDelRowFunc(); }
+	
+	function RSTlistDelRowFunc() 
+	{
+		
+		// rm ruledb and files
+		if ($_POST['RSTlistTable'] == 'Snortrules') {
+			
+			// remove dir
+			$snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}";
+			exec('/bin/rm -r ' . $snortRuleDir . '/rules/*.rules');			
+			
+			// remove db tables vals
+			snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RSTlistUuid']);
+			snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RSTlistUuid']);
+			snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RSTlistUuid']);
+			snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RSTlistUuid']);
+			snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RSTlistUuid']);
+			
+			// NOTE: code only works on php5
+			$listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules');
+			$listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules');
+			$listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules');
+			
+			if (!empty($listSnortRulesDir)) {											
+				exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules");					
+			}
+			if (!empty($listEmergingRulesDir)) {											
+				exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules");					
+			}								
+			if (!empty($listPfsenseRulesDir)) {											
+				exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules");					
+			}			
+			
+			
+		}
+		
+	} if ( $_POST['RSTlistRow'] == 1 ) { RSTlistDelRowFunc(); }
+	
 	
 }
 
diff --git a/config/orionids-dev/snort_new.inc b/config/orionids-dev/snort_new.inc
index 93de4a21..b9fc2322 100644
--- a/config/orionids-dev/snort_new.inc
+++ b/config/orionids-dev/snort_new.inc
@@ -59,6 +59,38 @@ if (file_exists('/usr/local/pkg/snort/snortDBtemp')) {
 	exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp');
 }
 
+// used in snort_rules_ips.php and create sid block map
+function snortSearchArray($array, $key, $value)
+{
+	$results = array();
+	
+	if (is_array($array))
+	{
+		foreach ($array as $subarray)
+		{
+			if ($subarray[$key] == $value) {
+				$results = 	$subarray;				
+			}
+			
+		}
+	
+	}
+	
+	return $results;
+}
+
+// used in snort_rules_ips.php and create sid block map
+function getCurrentIpsRuleArray($output)
+{
+	
+	foreach (array_unique($output) as $line)
+	{
+		$newOutput = explode(' # ', $line);
+		$newLine[] = $newOutput;
+	}
+	
+	return $newLine;	
+}
 
 /*
 * make dir for the new iface, if iface exists or rule dir has changed redo soft link
@@ -255,6 +287,7 @@ function split_rule_file($workingFile)
 // write rule file to disk
 function write_rule_file($content_changed, $received_file)
 {
+	
 	//read snort file with writing enabled
 	$filehandle = fopen($received_file, "w");
 
@@ -431,7 +464,7 @@ function snortSql_updateRulesSigsIps()
 		if ( empty($listGenRules[0]['enable']) || $listGenRules[0]['enable'] === 'off' ) {
 			
 			$listGenRulesEnable = 'off';
-		}
+		}	
 		
 		// TODO: inprove this foreach so we only interact with db once
 		foreach ($_POST['snortsam']['db'] as $singleSig) 
@@ -441,20 +474,20 @@ function snortSql_updateRulesSigsIps()
 				"SELECT id FROM {$_POST['dbTable']} WHERE siguuid = '{$singleSig['siguuid']}' and rdbuuid = '{$_POST['rdbuuid']}';
 			");			
 		    
-			$chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);
+			$chktable = sqlite_fetch_all($resultid, SQLITE_ASSOC);				
 			
 			// checkbox off catch
 			$singleSigEnable = $singleSig['enable'];
 			if ( empty($singleSig['enable']) ) {
 				
 				$singleSigEnable = 'off';
-			}
+			}			
 			
 			// only do this if something change from defauts settings, note: timeamount Not equal
 			$somthingChanged = FALSE;
 			if ( $singleSigEnable !== $listGenRulesEnable || $singleSig['who'] !== $listGenRules[0]['who'] || $singleSig['timeamount'] != $listGenRules[0]['timeamount'] || $singleSig['timetype'] !== $listGenRules[0]['timetype'] ) {
 				$somthingChanged = TRUE;
-			}
+			}			
 			
 			if ( empty($chktable) && $somthingChanged ) {
 				
@@ -463,10 +496,11 @@ function snortSql_updateRulesSigsIps()
 				$query_ck = sqlite_query($db, // @ supress warnings usonly in production
 				"INSERT INTO {$_POST['dbTable']} (date, uuid, rdbuuid, enable, siguuid, sigfilename, who, timeamount, timetype) VALUES ('{$addDate}', '{$rulesetUuid}', '{$_POST['rdbuuid']}', '{$singleSigEnable}', '{$singleSig['siguuid']}', '{$singleSig['sigfilename']}', '{$singleSig['who']}', '{$singleSig['timeamount']}', '{$singleSig['timetype']}');
 				");
-	
 					
-			}else{
-	
+			}
+
+			if ( !empty($chktable) && $somthingChanged ) {			
+			
 				$query_ck = sqlite_query($db, // @ supress warnings usonly in production
 				"UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}'; 
 				");	
diff --git a/config/orionids-dev/snort_rules_ips.php b/config/orionids-dev/snort_rules_ips.php
index 618a684a..d026b566 100644
--- a/config/orionids-dev/snort_rules_ips.php
+++ b/config/orionids-dev/snort_rules_ips.php
@@ -84,24 +84,7 @@ if (isset($_GET['rulefilename'])) {
 }
 
 
-function snortSearchArray($array, $key, $value)
-{
-	$results = array();
-	
-	if (is_array($array))
-	{
-		foreach ($array as $subarray)
-		{
-			if ($subarray[$key] == $value) {
-				$results = 	$subarray;				
-			}
-			
-		}
-	
-	}
-	
-	return $results;
-}
+
 
 // get default settings
 $listGenRules = array();
@@ -111,6 +94,18 @@ $listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rd
 $listSigRules = array();
 $listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid);
 
+// if $listGenRules empty list defaults
+if (empty($listGenRules)) {
+	$listGenRules[0] = array(
+		'id' => 1,	
+		'rdbuuid' => $_POST['rdbuuid'],
+		'enable' => 'on',
+		'who' => 'src',
+		'timeamount' => 15,
+		'timetype' => 'minutes'			
+	);
+}
+
 	$pgtitle = "Services: Snort: Ruleset Ips:";
 	include("/usr/local/pkg/snort/snort_head.inc");
 
@@ -273,18 +268,6 @@ jQuery(document).ready(function() {
 	 */
 	function createSidTmpBlockSpit($rdbuuid, $rulefilename) 
 	{
-	
-		function getCurrentIpsRuleArray($output)
-		{
-			
-			foreach (array_unique($output) as $line)
-			{
-				$newOutput = explode(' # ', $line);
-				$newLine[] = $newOutput;
-			}
-			
-			return $newLine;	
-		}
 		
 		function getSidBlockJsonArray($getEnableSid)
 		{
-- 
cgit v1.2.3