From 03ac95899a4c7f4e883fbddd29296c442787ac47 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 27 Jan 2014 20:24:52 -0500 Subject: Add enable/disable for decoder & preproc rules --- config/snort/snort_rules_edit.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'config/snort/snort_rules_edit.php') diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index c0087464..28deccd5 100755 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -4,6 +4,7 @@ * * Copyright (C) 2004, 2005 Scott Ullrich * Copyright (C) 2011 Ermal Luci + * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Adapted for FreeNAS by Volker Theile (votdev@gmx.de) @@ -97,18 +98,22 @@ elseif (isset($_GET['ids'])) { // If flowbit rule, point to interface-specific file if ($file == "Auto-Flowbit Rules") $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME); + elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) + $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$file}"); else $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}"); $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule']; $wrap_flag = "soft"; } - // Is it our special flowbit rules file? elseif ($file == "Auto-Flowbit Rules") $contents = file_get_contents("{$snortcfgdir}/rules/{$flowbit_rules_file}"); // Is it a rules file in the ../rules/ directory? elseif (file_exists("{$snortdir}/rules/{$file}")) $contents = file_get_contents("{$snortdir}/rules/{$file}"); +// Is it a rules file in the ../preproc_rules/ directory? +elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) + $contents = file_get_contents("{$snortdir}/preproc_rules/{$file}"); // Is it a fully qualified path and file? elseif (file_exists($file)) $contents = file_get_contents($file); -- cgit v1.2.3 From c613223747934c62488bb55fb72138bec353ff61 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 28 Jan 2014 16:01:01 -0500 Subject: Fix snort_rules_edit.php to address http://seclist.org/fulldisclosure/2014/Jan/187 --- config/snort/snort_rules_edit.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'config/snort/snort_rules_edit.php') diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 28deccd5..61a9574a 100755 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -115,8 +115,12 @@ elseif (file_exists("{$snortdir}/rules/{$file}")) elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) $contents = file_get_contents("{$snortdir}/preproc_rules/{$file}"); // Is it a fully qualified path and file? -elseif (file_exists($file)) - $contents = file_get_contents($file); +elseif (file_exists($file)) { + if (substr(realpath($file), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR) + $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!"); + else + $contents = file_get_contents($file); +} // It is not something we can display, so exit. else $input_errors[] = gettext("Unable to open file: {$displayfile}"); -- cgit v1.2.3