From ea47308a8e56e633928f9d296dd0c6d4960436f8 Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 2 Aug 2011 10:59:38 -0700 Subject: Change snort-dev to orion --- config/orionids-dev/snort_rules.php | 578 ++++++++++++++++++++++++++++++++++++ 1 file changed, 578 insertions(+) create mode 100644 config/orionids-dev/snort_rules.php (limited to 'config/orionids-dev/snort_rules.php') diff --git a/config/orionids-dev/snort_rules.php b/config/orionids-dev/snort_rules.php new file mode 100644 index 00000000..78134d52 --- /dev/null +++ b/config/orionids-dev/snort_rules.php @@ -0,0 +1,578 @@ +. + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { + echo 'Error: more than one uuid'; + exit(0); +} + +// set page vars +if (isset($_GET['uuid'])) { + $uuid = $_GET['uuid']; +} + +if (isset($_GET['rdbuuid'])) { + $rdbuuid = $_GET['rdbuuid']; +}else{ + $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); + $rdbuuid = $ruledbname_pre1['ruledbname']; +} + +// unset Session tmp on page load +unset($_SESSION['snort']['tmp']); + +// list rules in the default dir +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid); + +$snortRuleDir = '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid; + + // list rules in the default dir + $filterDirList = array(); + $filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '\.rules'); + + // START read rule file + if ($_GET['openruleset']) { + $rulefile = $_GET['openruleset']; + }else{ + $rulefile = $filterDirList[0]; + } + + // path of rule file + $workingFile = $snortRuleDir . '/rules/' . $rulefile; + +function load_rule_file($incoming_file, $splitcontents) +{ + $pattern = '/(^alert |^# alert )/'; + foreach ( $splitcontents as $val ) + { + // remove whitespaces + $rmWhitespaces = preg_replace('/\s\s+/', ' ', $val); + + // filter none alerts + if (preg_match($pattern, $rmWhitespaces)) + { + $splitcontents2[] = $val; + } + + } + unset($splitcontents); + + return $splitcontents2; + +} + + // Load the rule file + // split the contents of the string file into an array using the delimiter + // used by rule gui edit and table build code + if (filesize($workingFile) > 0) { + $splitcontents = split_rule_file($workingFile); + + $splitcontents2 = load_rule_file($workingFile, $splitcontents); + + $countSig = count($splitcontents2); + + if ($countSig > 0) { + $newFilterRuleSigArray = newFilterRuleSig($splitcontents2); + } + } + + /* + * SET GLOBAL ARRAY $_SESSION['snort'] + * Use SESSION instead POST for security because were writing to files. + */ + + $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules'; + $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs'; + $_SESSION['snort']['tmp']['snort_rules']['rdbuuid'] = $rdbuuid; + $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile; + + +// find ./ -name test.txt | xargs grep "^disablesid 127 " + + $pgtitle = "Snort: Category: rule: $rulefile"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + + + + +
+
+
+ +
+
+



Please Wait...

+
+
+

+
+
+
+ + +
+ +
+
+ + + + + + + + + + + + + + +
+ + +
+ +
+ +
+ + + + +
+ + +
+
+
+ + +
+ + + +
+
+ + + + + + '; + }else{ + echo ' + + + + + + + '; + } + ?> + + + +
+
+ +
+
+
+ +
+
+
+ +
+
+
+ + + + + + + + + +
+ Category: + + There are rules in this category. + + + + +
+
+ + + + + + +
+ + +
+ +
+ + + + + + +
Snort Signatures:
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
OnSidProtoSrcPortDstPortMessage 
+
+ + + + +
+ + +
+
+
+ + + + +
+
+ +
+ + + +
+ +
+
+ + + + + + + +
   
+ Note:
+ This is the Snort Rule Signature Viewer. + Please make sure not to add a whitespace before alert or #alert. +
+
+ Warning: +
+ New settings will not take effect until interface restart. +

+
+
+
+ + + + + + + + + + + + + -- cgit v1.2.3