From 844fbe052e814a4662dedcf3a09fbfcdb814801a Mon Sep 17 00:00:00 2001 From: robiscool Date: Wed, 31 Mar 2010 19:02:32 -0700 Subject: snort-dev to snort, snort to snort-old, Release --- config/snort/snort_rules.php | 331 +++++++++++++++++++++++++------------------ 1 file changed, 196 insertions(+), 135 deletions(-) (limited to 'config/snort/snort_rules.php') diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 94c99f0e..c95d76ca 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -2,7 +2,8 @@ /* $Id$ */ /* edit_snortrule.php - Copyright (C) 2004, 2005 Scott Ullrich and Rober Zelaya + Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2008, 2009 Robert Zelaya All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,22 +27,45 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -require("guiconfig.inc"); -require("config.inc"); -if(!is_dir("/usr/local/etc/snort/rules")) { - conf_mount_rw(); - exec('mkdir /usr/local/etc/snort/rules/'); - conf_mount_ro(); + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +if (!is_array($config['installedpackages']['snortglobal']['rule'])) { + $config['installedpackages']['snortglobal']['rule'] = array(); +} + +//nat_rules_sort(); +$a_nat = &$config['installedpackages']['snortglobal']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_nat[$id]) { + + $pconfig['enable'] = $a_nat[$id]['enable']; + $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['rulesets'] = $a_nat[$id]['rulesets']; } +/* convert fake interfaces to real */ +$if_real = convert_friendly_interface_to_real_interface_name($pconfig['interface']); + +$iface_uuid = $a_nat[$id]['uuid']; + +// if(!is_dir("/usr/local/etc/snort/rules")) +// exec('mkdir /usr/local/etc/snort/rules/'); + /* Check if the rules dir is empy if so warn the user */ /* TODO give the user the option to delete the installed rules rules */ -$isrulesfolderempty = exec('ls -A /usr/local/etc/snort/rules/*.rules'); +$isrulesfolderempty = exec("ls -A /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.rules"); if ($isrulesfolderempty == "") { include("head.inc"); -include("fbegin.inc"); +include("./snort_fbegin.inc"); echo ""; @@ -51,18 +75,15 @@ echo "\n \n \n"; - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); - $tab_array[] = array(gettext("Update Rules"), false, "/snort_download_rules.php"); - $tab_array[] = array(gettext("Categories"), false, "/snort_rulesets.php"); - $tab_array[] = array(gettext("Rules"), true, "/snort_rules.php"); - $tab_array[] = array(gettext("Servers"), false, "/pkg_edit.php?xml=snort_define_servers.xml&id=0"); - $tab_array[] = array(gettext("Blocked"), false, "/snort_blocked.php"); - $tab_array[] = array(gettext("Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); - $tab_array[] = array(gettext("Threshold"), false, "/pkg.php?xml=snort_threshold.xml"); - $tab_array[] = array(gettext("Alerts"), false, "/snort_alerts.php"); - $tab_array[] = array(gettext("Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array("Snort Interfaces", false, "/snort/snort_interfaces.php"); + $tab_array[] = array("If Settings", false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array("Categories", false, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array("Rules", true, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array("Servers", false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array("Preprocessors", false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array("Barnyard2", false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); echo "\n \n @@ -105,8 +126,6 @@ function get_middle($source, $beginning, $ending, $init_pos) { function write_rule_file($content_changed, $received_file) { - conf_mount_rw(); - //read snort file with writing enabled $filehandle = fopen($received_file, "w"); @@ -122,7 +141,6 @@ function write_rule_file($content_changed, $received_file) //close file handle fclose($filehandle); - conf_mount_rw(); } function load_rule_file($incoming_file) @@ -137,8 +155,9 @@ function load_rule_file($incoming_file) //close handler fclose ($filehandle); + //string for populating category select - $currentruleset = substr($file, 27); + $currentruleset = basename($rulefile); //delimiter for each new rule is a new line $delimiter = "\n"; @@ -150,10 +169,13 @@ function load_rule_file($incoming_file) } -$ruledir = "/usr/local/etc/snort/rules/"; +$ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; $dh = opendir($ruledir); -$message_reload = "The Snort rule configuration has been changed.
You must apply the changes in order for them to take effect."; +if ($_GET['openruleset'] != '' && $_GET['ids'] != '') +{ + header("Location: /snort/snort_rules.php?id=$id&openruleset={$_GET['openruleset']}&saved=yes"); +} while (false !== ($filename = readdir($dh))) { @@ -169,19 +191,22 @@ sort($files); if ($_GET['openruleset']) { - $file = $_GET['openruleset']; + $rulefile = $_GET['openruleset']; } else { - $file = $ruledir.$files[0]; + $rulefile = $ruledir.$files[0]; } //Load the rule file -$splitcontents = load_rule_file($file); +$splitcontents = load_rule_file($rulefile); if ($_POST) { + + conf_mount_rw(); + if (!$_POST['apply']) { //retrieve POST data $post_lineid = $_POST['lineid']; @@ -258,26 +283,20 @@ if ($_POST) $splitcontents[$post_lineid] = $tempstring; //write the new .rules file - write_rule_file($splitcontents, $file); + write_rule_file($splitcontents, $rulefile); //once file has been written, reload file - $splitcontents = load_rule_file($file); + $splitcontents = load_rule_file($rulefile); $stopMsg = true; } - - if ($_POST['apply']) { -// stop_service("snort"); -// sleep(2); -// start_service("snort"); - $savemsg = "The snort rules selections have been saved. Please restart snort by clicking save on the settings tab."; - $stopMsg = false; - } - } else if ($_GET['act'] == "toggle") { - $toggleid = $_GET['id']; + + conf_mount_rw(); + + $toggleid = $_GET['ids']; //copy rule contents from array into string $tempstring = $splitcontents[$toggleid]; @@ -311,10 +330,10 @@ else if ($_GET['act'] == "toggle") $splitcontents[$toggleid] = $tempstring; //write the new .rules file - write_rule_file($splitcontents, $file); + write_rule_file($splitcontents, $rulefile); //once file has been written, reload file - $splitcontents = load_rule_file($file); + $splitcontents = load_rule_file($rulefile); $stopMsg = true; @@ -326,20 +345,22 @@ else if ($_GET['act'] == "toggle") // sid being turned off $sid_off = str_replace("sid:", "", $sid_off_cut); // rule_sid_on registers - $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; + $sid_on_pieces = $a_nat[$id]['rule_sid_on']; // if off sid is the same as on sid remove it $sid_on_old = str_replace("||enablesid $sid_off", "", "$sid_on_pieces"); // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old; + $a_nat[$id]['rule_sid_on'] = $sid_on_old; // rule sid off registers - $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off']; + $sid_off_pieces = $a_nat[$id]['rule_sid_off']; // if off sid is the same as off sid remove it $sid_off_old = str_replace("||disablesid $sid_off", "", "$sid_off_pieces"); // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old; + $a_nat[$id]['rule_sid_off'] = $sid_off_old; // add sid off registers to new off sid - $config['installedpackages']['snort']['rule_sid_off'] = "||disablesid $sid_off" . $config['installedpackages']['snort']['rule_sid_off']; + $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; write_config(); + conf_mount_rw(); + } else { @@ -349,39 +370,55 @@ else if ($_GET['act'] == "toggle") // sid being turned off $sid_on = str_replace("sid:", "", $sid_on_cut); // rule_sid_off registers - $sid_off_pieces = $config['installedpackages']['snort']['rule_sid_off']; + $sid_off_pieces = $a_nat[$id]['rule_sid_off']; // if off sid is the same as on sid remove it $sid_off_old = str_replace("||disablesid $sid_on", "", "$sid_off_pieces"); // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_off'] = $sid_off_old; + $a_nat[$id]['rule_sid_off'] = $sid_off_old; // rule sid on registers - $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; + $sid_on_pieces = $a_nat[$id]['rule_sid_on']; // if on sid is the same as on sid remove it $sid_on_old = str_replace("||enablesid $sid_on", "", "$sid_on_pieces"); // write the replace sid back as empty - $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old; + $a_nat[$id]['rule_sid_on'] = $sid_on_old; // add sid on registers to new on sid - $config['installedpackages']['snort']['rule_sid_on'] = "||enablesid $sid_on" . $config['installedpackages']['snort']['rule_sid_on']; + $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; write_config(); + conf_mount_rw(); } } +if ($_GET['saved'] == 'yes') +{ + $message = "The Snort rule configuration has been changed.
You must restart this snort interface in order for the changes to take effect."; + +// stop_service("snort"); +// sleep(2); +// start_service("snort"); +// $savemsg = ""; +// $stopMsg = false; +} + +$currentruleset = basename($rulefile); + +$ifname = strtoupper($pconfig['interface']); -$pgtitle = "Snort: Rules"; require("guiconfig.inc"); include("head.inc"); + +$pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; + ?> - + +

+

"; +echo " + - - - + + +

-

+

@@ -447,7 +496,8 @@ function go() echo "
Category: "; //string for populating category select - $currentruleset = substr($file, 27); + $currentruleset = basename($rulefile); + ?> + "; - - echo " + + "; - echo ""; - echo ""; - echo ""; + echo "$textse + + + + + "; ?> "; ?>
"; + echo " There are $printcounter rules in this category.

"; ?>

"; - echo $textss; + echo "

+ $textss\n"; ?> -

+

+ + "; - - - echo "

"; - echo $textss; - echo $sid; - echo $textse; - echo "

"; - echo $textss; - echo $protocol; + echo "$textse +

+ $textss + $sid + $textse +

+ $textss + $protocol"; + ?> + "; - echo "

"; - echo $textss; - echo $source; - echo $textse; - echo "

"; - echo $textss; - echo $source_port; - echo $textse; - echo "

"; - echo $textss; - echo $destination; - echo $textse; - echo "

"; - echo $textss; - echo $destination_port; - echo $textse; - echo "

+ $textss + $source + $textse +

+ $textss + $source_port + $textse +

+ $textss + $destination + $textse +

+ $textss + $destination_port + $textse +

"; + echo "$textss + $message + $textse +

- + +

- + - + - - + +

		Rule Enabled
		Rule Disabled

+ + + +

@@ -615,12 +677,11 @@ function go() - + - - \ No newline at end of file + -- cgit v1.2.3