From 5e7d09815eee1c6cc3f32fea57d65eb6950c7525 Mon Sep 17 00:00:00 2001 From: robiscool Date: Wed, 13 Jun 2012 16:53:11 -0700 Subject: snort-dev, move snort-dev2 code to snort-dev --- .../snortsam-package-code/snort_json_post.php | 568 +++++++++++++++++++++ 1 file changed, 568 insertions(+) create mode 100644 config/snort-dev/snortsam-package-code/snort_json_post.php (limited to 'config/snort-dev/snortsam-package-code/snort_json_post.php') diff --git a/config/snort-dev/snortsam-package-code/snort_json_post.php b/config/snort-dev/snortsam-package-code/snort_json_post.php new file mode 100644 index 00000000..418a90be --- /dev/null +++ b/config/snort-dev/snortsam-package-code/snort_json_post.php @@ -0,0 +1,568 @@ +. + All rights reserved. + + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_build.inc"); + +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + +// unset crsf checks +if(isset($_POST['__csrf_magic'])) { + unset($_POST['__csrf_magic']); +} + + +function snortJsonReturnCode($returnStatus) +{ + if ($returnStatus == true) { + echo '{"snortgeneralsettings":"success","snortMiscTabCall":"true"}'; + return true; + }else{ + echo '{"snortgeneralsettings":"fail"}'; + return false; + } +} + +// row from db by uuid +if ($_POST['snortSidRuleEdit'] == 1) { + + function snortSidRuleEditFunc() + { + + unset($_POST['snortSidRuleEdit']); + snortSidStringRuleEditGUI(); + + } snortSidRuleEditFunc(); + +} + + +// row from db by uuid +if ($_POST['snortSaveRuleSets'] == 1) { + + if ($_POST['ifaceTab'] == 'snort_rules') { + function snortSaveRuleSetsRulesFunc() + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSigList()); + + } snortSaveRuleSetsRulesFunc(); + } + + if ($_POST['ifaceTab'] === 'snort_rules_ips') { + function snortSamRulesSaveFunc() + { + snortJsonReturnCode(snortSql_updateRulesSigsIps()); + buildSnortSamSidBlockMap($_POST['rdbuuid']); // + + } snortSamRulesSaveFunc(); + } + + + if ($_POST['ifaceTab'] == 'snort_rulesets' || $_POST['ifaceTab'] == 'snort_rulesets_ips') { + + function snortSaveRuleSetsRulesetsFunc() + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + // save to database + snortJsonReturnCode(snortSql_updateRuleSetList()); + + if (!empty($_POST['rdbuuid'])) { + buildSnortSamSidBlockMap($_POST['rdbuuid']); // + } + + // only build if uuid is valid + if (!empty($_POST['uuid'])) { + build_snort_settings($_POST['uuid']); + } + + } snortSaveRuleSetsRulesetsFunc(); + } + + +} // END of rulesSets + +// row from db by uuid +if ( $_POST['RMlistDelRow'] == 1 || $_POST['RSTlistRow'] == 1 ) { + + + function RMlistDelRowFunc() + { + + $rm_row_list = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']); + + // list rules in the default dir + if ($_POST['RMlistTable'] == 'SnortIfaces') { + + $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid']; + + exec('/bin/rm -r ' . $snortRuleDir); + } + + // rm ruledb and files + if ($_POST['RMlistTable'] == 'Snortrules') { + + // remove db tables vals + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RMlistUuid']); + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RMlistUuid']); + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RMlistUuid']); + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RMlistUuid']); + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RMlistUuid']); + + // remove dir + $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}"; + exec('/bin/rm -r ' . $snortRuleDir); + } + + if ($_POST['RMlistTable'] == 'SnortWhitelist') { + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortWhitelistips', 'filename', $rm_row_list['filename']); + } + + snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); + + } if ( $_POST['RMlistDelRow'] == 1 ) { RMlistDelRowFunc(); } + + function RSTlistDelRowFunc() + { + + // rm ruledb and files + if ($_POST['RSTlistTable'] == 'Snortrules') { + + // remove dir + $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}"; + exec('/bin/rm -r ' . $snortRuleDir . '/rules/*.rules'); + + // remove db tables vals + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RSTlistUuid']); + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RSTlistUuid']); + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RSTlistUuid']); + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RSTlistUuid']); + snortSql_updatelistDelete($_POST['RSTlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RSTlistUuid']); + + // NOTE: code only works on php5 + $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); + $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); + $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); + + if (!empty($listSnortRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules"); + } + if (!empty($listEmergingRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules"); + } + if (!empty($listPfsenseRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['RSTlistUuid']}/rules"); + } + + + } + + } if ( $_POST['RSTlistRow'] == 1 ) { RSTlistDelRowFunc(); } + + +} + + +// general settings save +if ($_POST['snortSaveSettings'] == 1) { + + function snortSaveSettingsFunc() + { + + // Save ruleDB settings + if ($_POST['dbTable'] == 'Snortrules') { + + function saveSnortrules() + { + + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) { + + // creat iface dir and ifcae rules dir + exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + + // create at least one file + if (!file_exists("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules")) { + exec("/usr/bin/touch /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules"); + } + + // NOTE: code only works on php5 + $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); + $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); + $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); + + if (!empty($listSnortRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + if (!empty($listEmergingRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + if (!empty($listPfsenseRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + + + } //end of mkdir + + } saveSnortrules(); + + snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); + + } // END if Snortrules + + // Save general settings + if ($_POST['dbTable'] == 'SnortSettings') { + + function saveSnortSettings() + { + + if ($_POST['ifaceTab'] == 'snort_interfaces_global') { + // checkboxes when set to off never get included in POST thus this code + $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); + } + + if ($_POST['ifaceTab'] == 'snort_alerts') { + + if (!isset($_POST['arefresh'])) + $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); + + } + + if ($_POST['ifaceTab'] == 'snort_blocked') { + + if (!isset($_POST['brefresh'])) + $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); + + } + + // unset POSTs that are markers not in db + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + } saveSnortSettings(); + + snortJsonReturnCode(snortSql_updateSettings('id', '1')); + + } // END IF SnortSettings + + // Save rule settings on the interface edit tab + if ($_POST['dbTable'] == 'SnortIfaces') { + + function saveSnortIfaces() + { + + // snort interface edit + if ($_POST['ifaceTab'] == 'snort_interfaces_edit') { + + function SnortIfaces_Snort_Interfaces_edit() + { + if (!isset($_POST['enable'])) + $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); + + if (!isset($_POST['blockoffenders7'])) + $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']); + + if (!isset($_POST['alertsystemlog'])) + $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']); + + if (!isset($_POST['tcpdumplog'])) + $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']); + + if (!isset($_POST['snortunifiedlog'])) + $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']); + + // convert textbox to base64 + $_POST['configpassthru'] = base64_encode($_POST['configpassthru']); + + /* + * make dir for the new iface, if iface exists or rule dir has changed redo soft link + * may need to move this as a func to new_snort.inc + */ + $newSnortDir = 'sn_' . $_POST['uuid']; + $pathToSnortDir = '/usr/local/etc/snort'; + + // creat iface dir and ifcae rules dir + if (!is_dir("{$pathToSnortDir}/{$newSnortDir}")) { + createNewIfaceDir($pathToSnortDir, $newSnortDir); + } //end of mkdir + + snortRulesCreateSoftlink(); + + } SnortIfaces_Snort_Interfaces_edit(); + + } // end of snort_interfaces_edit + + // snort preprocessor edit + if ($_POST['ifaceTab'] == 'snort_preprocessors') { + + function SnortIfaces_Snort_PreprocessorsFunc() + { + if (!isset($_POST['dce_rpc_2'])) { + $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']); + } + + if (!isset($_POST['dns_preprocessor'])) { + $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']); + } + + if (!isset($_POST['ftp_preprocessor'])) { + $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']); + } + + if (!isset($_POST['http_inspect'])) { + $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']); + } + + if (!isset($_POST['other_preprocs'])) { + $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']); + } + + if (!isset($_POST['perform_stat'])) { + $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']); + } + + if (!isset($_POST['sf_portscan'])) { + $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']); + } + + if (!isset($_POST['smtp_preprocessor'])) { + $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']); + } + + } SnortIfaces_Snort_PreprocessorsFunc(); + + } + + // snort barnyard edit + if ($_POST['ifaceTab'] == 'snort_barnyard') { + function SnortIfaces_Snort_Barnyard() + { + // make shure iface is lower case + $_POST['interface'] = strtolower($_POST['interface']); + + if (!isset($_POST['barnyard_enable'])) { + $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']); + } + } SnortIfaces_Snort_Barnyard(); + } + + + // unset POSTs that are markers not in db + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); + build_snort_settings($_POST['uuid']); + + } saveSnortIfaces(); + + } // END IF SnortIfaces + + } snortSaveSettingsFunc(); + + +} // STOP General Settings Save + +// Suppress settings save +if ($_POST['snortSaveSuppresslist'] == 1) { + + function snortSaveSuppresslistFunc() + { + + // post for supress_edit + if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') { + + // make sure filename is valid + if (!is_validFileName($_POST['filename'])) { + echo 'Error: FileName'; + return false; + } + + // unset POSTs that are markers not in db + unset($_POST['snortSaveSuppresslist']); + unset($_POST['ifaceTab']); + + // convert textbox to base64 + $_POST['suppresspassthru'] = base64_encode($_POST['suppresspassthru']); + + // Write to database + snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); + + } + + } + snortSaveSuppresslistFunc(); + +} + +// Whitelist settings save +if ($_POST['snortSaveWhitelist'] == 1) { + + function snortSaveWhitelistFunc() + { + + if ($_POST['ifaceTab'] == 'snort_interfaces_whitelist_edit') { + + if (!is_validFileName($_POST['filename'])) { + echo 'Error: FileName'; + return false; + } + + $_POST['wanips'] = ($_POST['wanips'] == '' ? off : $_POST['wanips']); + $_POST['wangateips'] = ($_POST['wangateips'] == '' ? off : $_POST['wangateips']); + $_POST['wandnsips'] = ($_POST['wandnsips'] == '' ? off : $_POST['wandnsips']); + $_POST['vips'] = ($_POST['vips'] == '' ? off : $_POST['vips']); + $_POST['vpnips'] = ($_POST['vpnips'] == '' ? off : $_POST['vpnips']); + + } + + // unset POSTs that are markers not in db + unset($_POST['snortSaveWhitelist']); + unset($_POST['ifaceTab']); + + // Split the POST for 2 arraus + $whitelistIPs = $_POST['list']; + unset($_POST['list']); + + + if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) { + snortJsonReturnCode(true); + }else{ + snortJsonReturnCode(false); + } + + } + snortSaveWhitelistFunc(); + +} + +// download code for alerts page +if ($_POST['snortlogsdownload'] == 1) { + + function snortlogsdownloadFunc() + { + conf_mount_rw(); + snort_downloadAllLogs(); + conf_mount_ro(); + } + snortlogsdownloadFunc(); + +} + +// download code for alerts page +if ($_POST['snortblockedlogsdownload'] == 1) { + + function snortblockedlogsdownloadFunc() + { + conf_mount_rw(); + snort_downloadBlockedIPs(); + conf_mount_ro(); + } + snortblockedlogsdownloadFunc(); + +} + + +// code neeed to be worked on when finnished rules code +if ($_POST['snortlogsdelete'] == 1) { + + function snortlogsdeleteFunc() + { + conf_mount_rw(); + snortDeleteLogs(); + conf_mount_ro(); + } + snortlogsdeleteFunc(); +} + +// flushes snort2c table +if ($_POST['snortflushpftable'] == 1) { + + function snortflushpftableFunc() + { + conf_mount_rw(); + snortRemoveBlockedIPs(); + conf_mount_ro(); + } + snortflushpftableFunc(); +} + +// reset db reset_snortgeneralsettings +if ($_POST['reset_snortgeneralsettings'] == 1) { + + function reset_snortgeneralsettingsFunc() + { + conf_mount_rw(); + reset_snortgeneralsettings(); + conf_mount_ro(); + } + reset_snortgeneralsettingsFunc(); + +} + + +?> + + + + + + + + + + -- cgit v1.2.3