From b09f9b80567607884f88c28f694cdefe744ded1e Mon Sep 17 00:00:00 2001 From: robiscool Date: Thu, 16 Jun 2011 13:10:29 -0700 Subject: snort-dev, redo the way users interact with the rules, update database names --- config/snort-dev/snortDB | Bin 16384 -> 20480 bytes config/snort-dev/snortDBrules | Bin 17408 -> 17408 bytes config/snort-dev/snortDBtemp | Bin 7168 -> 9216 bytes config/snort-dev/snort_alerts.php | 3 +- config/snort-dev/snort_barnyard.php | 8 +- config/snort-dev/snort_blocked.php | 1 - config/snort-dev/snort_define_servers.php | 8 +- config/snort-dev/snort_download_rules.inc | 2 - config/snort-dev/snort_download_updates.php | 2 - config/snort-dev/snort_headbase.inc | 8 +- config/snort-dev/snort_interfaces.php | 4 +- config/snort-dev/snort_interfaces_edit.php | 74 +++++-- config/snort-dev/snort_interfaces_global.php | 1 - config/snort-dev/snort_interfaces_rules.php | 180 ++++++++++++++++ config/snort-dev/snort_interfaces_rules_edit.php | 204 ++++++++++++++++++ .../snort-dev/snort_interfaces_whitelist_edit.php | 3 +- config/snort-dev/snort_json_get.php | 20 +- config/snort-dev/snort_json_post.php | 161 +++++++-------- config/snort-dev/snort_new.inc | 228 +++++++++++---------- config/snort-dev/snort_preprocessors.php | 8 +- config/snort-dev/snort_rules.php | 114 ++++++++--- config/snort-dev/snort_rulesets.php | 107 ++++++---- 22 files changed, 820 insertions(+), 316 deletions(-) create mode 100644 config/snort-dev/snort_interfaces_rules.php create mode 100644 config/snort-dev/snort_interfaces_rules_edit.php (limited to 'config/snort-dev') diff --git a/config/snort-dev/snortDB b/config/snort-dev/snortDB index bb2f5c7b..beacf5d4 100644 Binary files a/config/snort-dev/snortDB and b/config/snort-dev/snortDB differ diff --git a/config/snort-dev/snortDBrules b/config/snort-dev/snortDBrules index 306d6774..07b899e3 100644 Binary files a/config/snort-dev/snortDBrules and b/config/snort-dev/snortDBrules differ diff --git a/config/snort-dev/snortDBtemp b/config/snort-dev/snortDBtemp index cbb6e2ef..46375e2f 100644 Binary files a/config/snort-dev/snortDBtemp and b/config/snort-dev/snortDBtemp differ diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index dc385e6d..0b7d7d06 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -76,8 +76,7 @@ $arefresh_on = ($generalSettings['arefresh'] == 'on' ? 'checked' : '');
  • Blocked
  • Whitelists
  • Suppress
  • -
  • Help
  • - +
  • Help
  • diff --git a/config/snort-dev/snort_barnyard.php b/config/snort-dev/snort_barnyard.php index aea0d93d..8dde1cd3 100644 --- a/config/snort-dev/snort_barnyard.php +++ b/config/snort-dev/snort_barnyard.php @@ -46,7 +46,7 @@ if ($uuid == '') { } -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); if (!is_array($a_list)) { @@ -169,9 +169,10 @@ jQuery(document).ready(function() {
    - - + + + @@ -224,7 +225,6 @@ jQuery(document).ready(function() { - diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php index 5e835c80..4f81bc6c 100644 --- a/config/snort-dev/snort_blocked.php +++ b/config/snort-dev/snort_blocked.php @@ -78,7 +78,6 @@ $brefresh_on = ($generalSettings['brefresh'] == 'on' ? 'checked' : '');
  • Whitelists
  • Suppress
  • Help
  • - diff --git a/config/snort-dev/snort_define_servers.php b/config/snort-dev/snort_define_servers.php index b6b83b56..abb9bcdd 100644 --- a/config/snort-dev/snort_define_servers.php +++ b/config/snort-dev/snort_define_servers.php @@ -46,7 +46,7 @@ if ($uuid == '') { } -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); $pgtitle = "Snort: Interface Define Servers:"; @@ -99,9 +99,10 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid) - - + + +   @@ -382,7 +383,6 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid) - diff --git a/config/snort-dev/snort_download_rules.inc b/config/snort-dev/snort_download_rules.inc index cf40ad89..b8d18397 100644 --- a/config/snort-dev/snort_download_rules.inc +++ b/config/snort-dev/snort_download_rules.inc @@ -6,8 +6,6 @@ * */ -//require_once("/usr/local/pkg/snort/snort_new.inc"); - // fetch db Settings NONE Json function snortSql_fetchAllSettings($dbname, $table, $type, $id_uuid) { diff --git a/config/snort-dev/snort_download_updates.php b/config/snort-dev/snort_download_updates.php index 4f99cda8..6e1a0b0d 100644 --- a/config/snort-dev/snort_download_updates.php +++ b/config/snort-dev/snort_download_updates.php @@ -125,7 +125,6 @@ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  • Whitelists
  • Suppress
  • Help
  • - @@ -140,7 +139,6 @@ header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  • Upload Custom Rules
  • Gui Update
  • - diff --git a/config/snort-dev/snort_headbase.inc b/config/snort-dev/snort_headbase.inc index 6a2492ad..d21fedc7 100644 --- a/config/snort-dev/snort_headbase.inc +++ b/config/snort-dev/snort_headbase.inc @@ -5,10 +5,10 @@ - - - - + + + + diff --git a/config/snort-dev/snort_interfaces.php b/config/snort-dev/snort_interfaces.php index f8f4c859..59ff381d 100644 --- a/config/snort-dev/snort_interfaces.php +++ b/config/snort-dev/snort_interfaces.php @@ -38,7 +38,7 @@ require_once("/usr/local/pkg/snort/snort_gui.inc"); $new_ruleUUID = genAlphaNumMixFast(7, 8); -$a_interfaces = snortSql_fetchAllInterfaceRules('Snortrules', 'snortDBrules'); +$a_interfaces = snortSql_fetchAllInterfaceRules('SnortIfaces', 'snortDB'); $pgtitle = "Services: Snort 2.9.0.5 pkg v. 2.0"; @@ -166,7 +166,7 @@ $a_interfaces = snortSql_fetchAllInterfaceRules('Snortrules', 'snortDBrules'); echo " -
    +
    "; echo ' diff --git a/config/snort-dev/snort_interfaces_edit.php b/config/snort-dev/snort_interfaces_edit.php index 2eca2b80..169b0dba 100644 --- a/config/snort-dev/snort_interfaces_edit.php +++ b/config/snort-dev/snort_interfaces_edit.php @@ -47,24 +47,23 @@ if ($uuid == '') { -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); - if (!is_array($a_list)) - { - $a_list = array(); - } +$a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); + +if (!is_array($a_list)) { + $a_list = array(); +} $a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips'); - if (!is_array($a_whitelist)) - { - $a_whitelist = array(); - } +if (!is_array($a_whitelist)) { + $a_whitelist = array(); +} $a_suppresslist = snortSql_fetchAllWhitelistTypes('SnortSuppress', ''); -if (!is_array($a_suppresslist)) -{ +if (!is_array($a_suppresslist)) { $a_suppresslist = array(); } @@ -97,16 +96,14 @@ jQuery(document).ready(function() { ); - if (endis) - { + if (endis) { for (var i = 0; i < disableInputs.length; i++) { jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true'); @@ -126,8 +122,7 @@ jQuery(document).ready(function() { endis = !(jQuery('input[name=enable]:checked').val()); - if (endis) - { + if (endis) { for (var i = 0; i < disableInputs.length; i++) { jQuery('[name=' + disableInputs[i] + ']').attr('disabled', 'true'); @@ -192,9 +187,10 @@ jQuery(document).ready(function() { - - + + +
    @@ -279,6 +275,41 @@ jQuery(document).ready(function() {
    + + + + + + + + + @@ -420,7 +451,6 @@ jQuery(document).ready(function() { - diff --git a/config/snort-dev/snort_interfaces_global.php b/config/snort-dev/snort_interfaces_global.php index c391f10c..64f81643 100644 --- a/config/snort-dev/snort_interfaces_global.php +++ b/config/snort-dev/snort_interfaces_global.php @@ -167,7 +167,6 @@ jQuery(document).ready(function(){
  • Whitelists
  • Suppress
  • Help
  • - diff --git a/config/snort-dev/snort_interfaces_rules.php b/config/snort-dev/snort_interfaces_rules.php new file mode 100644 index 00000000..8f1631a2 --- /dev/null +++ b/config/snort-dev/snort_interfaces_rules.php @@ -0,0 +1,180 @@ +. + All rights reserved. + + Modified for the Snaort Package By + Copyright (C) 2008-2011 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +$a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); + + if (!is_array($a_rules)) { + $a_rules = array(); + } + + if ($a_rules == 'Error') { + echo 'Error'; + exit(0); + } + + $pgtitle = "Services: Snort: Rules"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + + +
    +


    Please Wait...

    +
    + + + +
    + + + +
    + +
    +
    + +
    Choose the rule DB snort should use.
    Rule DB + +
    + Choose the home net you will like this rule to use.  Note: Default homenet adds only local networks. +
    + Hint: Most users add a list offriendly ips that the firewall cant see.
    +
    Choose the networks snort should inspect and whitelist.
    + + + + + + + +
    + + + +
    + + + + + + +
    + + + + + + + + + + + + + + + + + + + + +
    File NameDescription
    +   + + + + + + +
    + + + + +
    +
    + + + + + +
     
    +
    +
    +
    + + + + + +
    +
    + + +
    + + Note: +

    + Here you can create event filtering and suppression for your snort package rules.
    + Please note that you must restart a running rule so that changes can take effect.
    +

    +
    +
    + +
    + + + + + + + + diff --git a/config/snort-dev/snort_interfaces_rules_edit.php b/config/snort-dev/snort_interfaces_rules_edit.php new file mode 100644 index 00000000..7db725af --- /dev/null +++ b/config/snort-dev/snort_interfaces_rules_edit.php @@ -0,0 +1,204 @@ +. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars +if (isset($_GET['uuid'])) { + $uuid = $_GET['uuid']; +} + +if (isset($_GET['rdbuuid'])) { + $rdbuuid = $_GET['rdbuuid']; +}else{ + $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); + $rdbuuid = $ruledbname_pre1['ruledbname']; +} + +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid); + + +// $a_list returns empty use defaults +if ($a_list == '') +{ + + $a_list = array( + 'id' => '', + 'date' => date(U), + 'uuid' => $rdbuuid, + 'ruledbnamename' => '', + 'description' => '' + + ); + +} + + + + + $pgtitle = 'Services: Snort: Rules: Edit: ' . $rdbuuid; + include('/usr/local/pkg/snort/snort_head.inc'); + +?> + + + + +
    +


    Please Wait...

    +
    + + + +
    + + + +
    + +
    +
    + + + + + + + + + + + + +
    + +
    + +
    + + + + + + + + +
    + + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + + + +
    Add the name and description of the rule DB
    RuleDB +   + "> +   Enable or Disable +
    Name +
    + The list name may only consist of the characters a-z, A-Z and 0-9. Note: No Spaces. +
    Description +
    + You may enter a description here for your reference (not parsed). +
    + Examples: +
    + NOTE: Rule DB will not be active until snort sensor restart.
    +
    +
    + + +
    +
    + + + +
    + + + + + + + + diff --git a/config/snort-dev/snort_interfaces_whitelist_edit.php b/config/snort-dev/snort_interfaces_whitelist_edit.php index 0e426159..689fb719 100644 --- a/config/snort-dev/snort_interfaces_whitelist_edit.php +++ b/config/snort-dev/snort_interfaces_whitelist_edit.php @@ -127,8 +127,7 @@ $vpnips_on = ($vpnips_chk == 'on' ? 'checked' : '');
  • Blocked
  • Whitelists
  • Suppress
  • -
  • Help
  • - +
  • Help
  • diff --git a/config/snort-dev/snort_json_get.php b/config/snort-dev/snort_json_get.php index 1fdcc1e7..ecab3a13 100644 --- a/config/snort-dev/snort_json_get.php +++ b/config/snort-dev/snort_json_get.php @@ -2,13 +2,11 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_download_rules.inc"); session_start(); // alwaya at the very top of a php page or "Cannot send session cache limiter - headers already sent" // upload created log tar to user -if ($_GET['snortGetUpdate'] == 1) -{ +if ($_GET['snortGetUpdate'] == 1) { $tmpfname = "/usr/local/etc/snort/snort_download"; $snort_filename = "snortrules-snapshot-2905.tar.gz"; @@ -16,11 +14,9 @@ if ($_GET['snortGetUpdate'] == 1) $snortSessionPath = $_SESSION['tmp']['snort']['snort_download_updates']; - if (!file_exists("{$tmpfname}/{$snort_filename}")) - { + if (!file_exists("{$tmpfname}/{$snort_filename}")) { - if ($snortSessionPath['download']['working'] != '1') - { + if ($snortSessionPath['download']['working'] != '1') { unset($_SESSION['tmp']); $snortSessionPath['download']['working'] = '1'; sendUpdateSnortLogDownload(); @@ -29,7 +25,9 @@ if ($_GET['snortGetUpdate'] == 1) } $time = time(); - while((time() - $time) < 30) { + while((time() - $time) < 30) + { + // query memcache, database, etc. for new data $data = $datasource->getLatest(); @@ -49,8 +47,7 @@ if ($_GET['snortGetUpdate'] == 1) // upload created log tar to user -if ($_GET['snortlogdownload'] == 1) -{ +if ($_GET['snortlogdownload'] == 1) { sendFileSnortLogDownload(); @@ -58,8 +55,7 @@ if ($_GET['snortlogdownload'] == 1) // send Json sid string -if ($_GET['snortGetSidString'] == 1) -{ +if ($_GET['snortGetSidString'] == 1) { // unset unset($_GET['snortGetSidString']); diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php index 8e09964e..37950f91 100644 --- a/config/snort-dev/snort_json_post.php +++ b/config/snort-dev/snort_json_post.php @@ -5,16 +5,14 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); // unset crsf checks -if(isset($_POST['__csrf_magic'])) -{ +if(isset($_POST['__csrf_magic'])) { unset($_POST['__csrf_magic']); } function snortJsonReturnCode($returnStatus) { - if ($returnStatus == true) - { + if ($returnStatus == true) { echo '{"snortgeneralsettings":"success","snortUnhideTabs":"true"}'; }else{ echo '{"snortgeneralsettings":"fail"}'; @@ -22,8 +20,7 @@ function snortJsonReturnCode($returnStatus) } // row from db by uuid -if ($_POST['snortSidRuleEdit'] == 1) -{ +if ($_POST['snortSidRuleEdit'] == 1) { unset($_POST['snortSidRuleEdit']); @@ -33,11 +30,9 @@ if ($_POST['snortSidRuleEdit'] == 1) // row from db by uuid -if ($_POST['snortSaveRuleSets'] == 1) -{ +if ($_POST['snortSaveRuleSets'] == 1) { - if ($_POST['ifaceTab'] == 'snort_rulesets') - { + if ($_POST['ifaceTab'] == 'snort_rulesets') { // unset POSTs that are markers not in db unset($_POST['snortSaveRuleSets']); unset($_POST['ifaceTab']); @@ -47,8 +42,7 @@ if ($_POST['snortSaveRuleSets'] == 1) } - if ($_POST['ifaceTab'] == 'snort_rules') - { + if ($_POST['ifaceTab'] == 'snort_rules') { // unset POSTs that are markers not in db unset($_POST['snortSaveRuleSets']); unset($_POST['ifaceTab']); @@ -60,70 +54,90 @@ if ($_POST['snortSaveRuleSets'] == 1) } // END of rulesSets // row from db by uuid -if ($_POST['RMlistDelRow'] == 1) -{ +if ($_POST['RMlistDelRow'] == 1) { - if ($_POST['RMlistTable'] == 'Snortrules' || $_POST['RMlistTable'] == 'SnortSuppress') - { + $rm_row_list = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']); - // list rules in the default dir - $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $_POST['RMlistUuid']); - $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid'] . '_' . $a_list['interface']; + // list rules in the default dir + if ($_POST['RMlistTable'] == 'SnortIfaces') { + + $snortRuleDir = '/usr/local/etc/snort/sn_' . $_POST['RMlistUuid'] . '_' . $rm_row_list['interface']; exec('/bin/rm -r ' . $snortRuleDir); - - snortSql_updatelistDelete('SnortruleSets', 'ifaceuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete('SnortruleSigs', 'ifaceuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete('Snortrules', 'uuid', $_POST['RMlistUuid']); - - snortJsonReturnCode(true); - } - if ($_POST['RMlistTable'] == 'SnortSuppress') - { - snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); + // rm ruledb and files + if ($_POST['RMlistTable'] == 'Snortrules') { + + $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}"; + + exec('/bin/rm -r ' . $snortRuleDir); } - - - - if ($_POST['RMlistTable'] == 'SnortWhitelist') - { - $fetchExtraWhitelistEntries = snortSql_fetchAllSettings($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid']); - snortJsonReturnCode(snortSql_updatelistDelete('SnortWhitelistips', 'filename', $fetchExtraWhitelistEntries['filename'])); - snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); - - } + if ($_POST['RMlistTable'] == 'SnortWhitelist') { + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortWhitelistips', 'filename', $rm_row_list['filename']); + } + + snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); } // general settings save -if ($_POST['snortSaveSettings'] == 1) -{ +if ($_POST['snortSaveSettings'] == 1) { + + + // Save ruleDB settings + if ($_POST['dbTable'] == 'Snortrules') { + + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) { + + // creat iface dir and ifcae rules dir + exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + + + // NOTE: code only works on php5 + $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); + $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); + $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); + + if (!empty($listSnortRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + if (!empty($listEmergingRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + if (!empty($listPfsenseRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/* /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + + + } //end of mkdir + + snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); + + } // Save general settings - if ($_POST['dbTable'] == 'SnortSettings') - { + if ($_POST['dbTable'] == 'SnortSettings') { - if ($_POST['ifaceTab'] == 'snort_interfaces_global') - { + if ($_POST['ifaceTab'] == 'snort_interfaces_global') { // checkboxes when set to off never get included in POST thus this code $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); } - if ($_POST['ifaceTab'] == 'snort_alerts') - { + if ($_POST['ifaceTab'] == 'snort_alerts') { if (!isset($_POST['arefresh'])) $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); } - if ($_POST['ifaceTab'] == 'snort_blocked') - { + if ($_POST['ifaceTab'] == 'snort_blocked') { if (!isset($_POST['brefresh'])) $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); @@ -140,12 +154,10 @@ if ($_POST['snortSaveSettings'] == 1) } // end of dbTable SnortSettings // Save rule settings on the interface edit tab - if ($_POST['dbTable'] == 'Snortrules') - { + if ($_POST['dbTable'] == 'SnortIfaces') { // snort interface edit - if ($_POST['ifaceTab'] == 'snort_interfaces_edit') - { + if ($_POST['ifaceTab'] == 'snort_interfaces_edit') { if (!isset($_POST['enable'])) $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); @@ -175,8 +187,9 @@ if ($_POST['snortSaveSettings'] == 1) if (!is_dir("/usr/local/etc/snort/{$newSnortDir}")) { // creat iface dir and ifcae rules dir - exec("/bin/mkdir -p /usr/local/etc/snort/{$newSnortDir}/rules"); + exec("/bin/mkdir -p /usr/local/etc/snort/{$newSnortDir}"); + /* // NOTE: code only works on php5 $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snort_rules/rules', '\.rules'); $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/emerging_rules/rules', '\.rules'); @@ -191,6 +204,7 @@ if ($_POST['snortSaveSettings'] == 1) if (!empty($listPfsenseRulesDir)) { exec("/bin/cp -R /usr/local/etc/snort/pfsense_rules/rules/* /usr/local/etc/snort/{$newSnortDir}/rules"); } + */ } //end of mkdir @@ -198,8 +212,7 @@ if ($_POST['snortSaveSettings'] == 1) } // end of snort_interfaces_edit // snort preprocessor edit - if ($_POST['ifaceTab'] == 'snort_preprocessors') - { + if ($_POST['ifaceTab'] == 'snort_preprocessors') { if (!isset($_POST['dce_rpc_2'])) $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']); @@ -228,8 +241,7 @@ if ($_POST['snortSaveSettings'] == 1) } // snort barnyard edit - if ($_POST['ifaceTab'] == 'snort_barnyard') - { + if ($_POST['ifaceTab'] == 'snort_barnyard') { // make shure iface is lower case $_POST['interface'] = strtolower($_POST['interface']); @@ -250,16 +262,13 @@ if ($_POST['snortSaveSettings'] == 1) } // STOP General Settings Save // Suppress settings save -if ($_POST['snortSaveSuppresslist'] == 1) -{ +if ($_POST['snortSaveSuppresslist'] == 1) { // post for supress_edit - if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') - { + if ($_POST['ifaceTab'] == 'snort_interfaces_suppress_edit') { // make sure filename is valid - if (!is_validFileName($_POST['filename'])) - { + if (!is_validFileName($_POST['filename'])) { echo 'Error: FileName'; return false; } @@ -279,13 +288,11 @@ if ($_POST['snortSaveSuppresslist'] == 1) } // Whitelist settings save -if ($_POST['snortSaveWhitelist'] == 1) -{ +if ($_POST['snortSaveWhitelist'] == 1) { if ($_POST['ifaceTab'] == 'snort_interfaces_whitelist_edit') { - if (!is_validFileName($_POST['filename'])) - { + if (!is_validFileName($_POST['filename'])) { echo 'Error: FileName'; return false; } @@ -307,8 +314,7 @@ if ($_POST['snortSaveWhitelist'] == 1) unset($_POST['list']); - if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) - { + if (snortSql_updateSettings('uuid', $_POST['uuid']) && snortSql_updateWhitelistIps($whitelistIPs)) { snortJsonReturnCode(true); }else{ snortJsonReturnCode(false); @@ -318,8 +324,7 @@ if ($_POST['snortSaveWhitelist'] == 1) } // download code for alerts page -if ($_POST['snortlogsdownload'] == 1) -{ +if ($_POST['snortlogsdownload'] == 1) { conf_mount_rw(); snort_downloadAllLogs(); conf_mount_ro(); @@ -327,8 +332,7 @@ if ($_POST['snortlogsdownload'] == 1) } // download code for alerts page -if ($_POST['snortblockedlogsdownload'] == 1) -{ +if ($_POST['snortblockedlogsdownload'] == 1) { conf_mount_rw(); snort_downloadBlockedIPs(); conf_mount_ro(); @@ -337,8 +341,7 @@ if ($_POST['snortblockedlogsdownload'] == 1) // code neeed to be worked on when finnished rules code -if ($_POST['snortlogsdelete'] == 1) -{ +if ($_POST['snortlogsdelete'] == 1) { conf_mount_rw(); snortDeleteLogs(); @@ -346,8 +349,7 @@ if ($_POST['snortlogsdelete'] == 1) } // flushes snort2c table -if ($_POST['snortflushpftable'] == 1) -{ +if ($_POST['snortflushpftable'] == 1) { conf_mount_rw(); snortRemoveBlockedIPs(); @@ -355,8 +357,7 @@ if ($_POST['snortflushpftable'] == 1) } // reset db reset_snortgeneralsettings -if ($_POST['reset_snortgeneralsettings'] == 1) -{ +if ($_POST['reset_snortgeneralsettings'] == 1) { conf_mount_rw(); reset_snortgeneralsettings(); diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc index efd546d8..1f2c807b 100644 --- a/config/snort-dev/snort_new.inc +++ b/config/snort-dev/snort_new.inc @@ -1,8 +1,7 @@ 0; "); - } - - if ($type == 'id') - { - $result = sqlite_query($db, - "SELECT * FROM {$table} where id = '{$id_uuid}'; - "); - } - - if ($type == 'uuid') - { - $result = sqlite_query($db, - "SELECT * FROM {$table} where uuid = '{$id_uuid}'; - "); - } - - if ($type == 'ifaceuuid') - { + + }else{ + $result = sqlite_query($db, - "SELECT * FROM {$table} where ifaceuuid = '{$id_uuid}'; + "SELECT * FROM {$table} where {$type} = '{$id_uuid}'; "); - } + + } - if ($type == 'id' || $type == 'uuid') - { + if ($type == 'id' || $type == 'uuid') { $chktable = sqlite_fetch_array($result, SQLITE_ASSOC); } - if ($type == 'All' || $type == 'ifaceuuid') - { + if ($type == 'All' || $type == 'ifaceuuid' || $type == 'ruledbname' || $type == 'rdbuuid') { $chktable = sqlite_fetch_all($result, SQLITE_ASSOC); } @@ -733,12 +750,11 @@ function snortSql_updateWhitelistIps($newPostListips) } // end of func // RMlist Delete -function snortSql_updatelistDelete($table, $type, $uuid_filename) +function snortSql_updatelistDelete($databse, $table, $type, $uuid_filename) { - - $usrDB = $_POST['RMlistDB']; - $db = "/usr/local/pkg/snort/$usrDB"; + $db = "/usr/local/pkg/snort/{$databse}"; + $mydb = sqlite_open("$db"); if ($type == 'uuid') diff --git a/config/snort-dev/snort_preprocessors.php b/config/snort-dev/snort_preprocessors.php index bca52a65..e0c334ba 100644 --- a/config/snort-dev/snort_preprocessors.php +++ b/config/snort-dev/snort_preprocessors.php @@ -46,7 +46,7 @@ if ($uuid == '') { } -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); $pgtitle = "Snort: Interface Preprocessors and Flow"; include("/usr/local/pkg/snort/snort_head.inc"); @@ -98,9 +98,10 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid)
    - - + + + @@ -272,7 +273,6 @@ $a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid) - diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php index 5eb70549..1edc31e2 100644 --- a/config/snort-dev/snort_rules.php +++ b/config/snort-dev/snort_rules.php @@ -36,24 +36,30 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); -// set page vars +if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { + echo 'Error: more than one uuid'; + exit(0); +} -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; +// set page vars +if (isset($_GET['uuid'])) { + $uuid = $_GET['uuid']; +} -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); +if (isset($_GET['rdbuuid'])) { + $rdbuuid = $_GET['rdbuuid']; +}else{ + $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); + $rdbuuid = $ruledbname_pre1['ruledbname']; } // unset Session tmp on page load unset($_SESSION['snort']['tmp']); // list rules in the default dir -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $rdbuuid); -$snortRuleDir = '/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface']; +$snortRuleDir = '/usr/local/etc/snort/snortDBrules/DB/' . $rdbuuid; // list rules in the default dir $filterDirList = array(); @@ -117,11 +123,12 @@ function load_rule_file($incoming_file, $splitcontents) /* * SET GLOBAL ARRAY $_SESSION['snort'] + * Use SESSION instead POST for security because were writing to files. */ + $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules'; $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs'; - $_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] = $uuid; - $_SESSION['snort']['tmp']['snort_rules']['ifaceselected'] = $a_list['interface']; + $_SESSION['snort']['tmp']['snort_rules']['rdbuuid'] = $rdbuuid; $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile; @@ -141,12 +148,13 @@ function load_rule_file($incoming_file, $splitcontents)


    Please Wait...

    +
    - + @@ -200,23 +208,58 @@ function load_rule_file($incoming_file, $splitcontents)
    - - - + + + + '; + }else{ + echo ' + + + + + + + '; + } + ?> ' + "\n" + '' + "\n" + '' + "\n\n" ); @@ -163,9 +167,6 @@ jQuery(document).ready(function() { - - -


    Please Wait...

    @@ -176,23 +177,58 @@ jQuery(document).ready(function() {
    transgif
    - - - -
    + +
    + +
    + +
    @@ -230,16 +273,23 @@ function load_rule_file($incoming_file, $splitcontents) Category: ' + "\n" + '
    ' + "\n" + - ' ' + snortObjlist.ruleSets[i].rule + '' + "\n" + + ' ' + '">' + snortObjlist.ruleSets[i].rule + '' + "\n" + '
    - - + + '; + }else{ + echo ' + + - +
  • Global Settings
  • +
  • Updates
  • +
  • RulesDB
  • +
  • Alerts
  • +
  • Blocked
  • +
  • Whitelists
  • +
  • Suppress
  • +
  • Help
  • + + + + + + + + '; + } + ?>
    - -
    -
      + +
    + +
    + - -
    + +
    @@ -220,8 +256,7 @@ jQuery(document).ready(function() { - - +
    -- cgit v1.2.3