From e2368b54a0d454f7521618ae97fc361318bc428d Mon Sep 17 00:00:00 2001 From: Bill Meeks Date: Sun, 20 Jan 2013 01:10:38 -0500 Subject: Add IPS policy select, auto-flowbit resolution and bug fixes. --- config/snort/snort_rulesets.php | 220 ++++++++++++++++++++++++++++++---------- 1 file changed, 166 insertions(+), 54 deletions(-) mode change 100644 => 100755 config/snort/snort_rulesets.php (limited to 'config/snort/snort_rulesets.php') diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php old mode 100644 new mode 100755 index cfaa7d18..b9aa2647 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -32,7 +32,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); -global $g; +global $g, $flowbit_rules_file; $snortdir = SNORTDIR; @@ -49,44 +49,13 @@ if (is_null($id)) { exit; } -function snort_remove_rules($files, $snortdir, $snort_uuid, $if_real) { - - if (empty($files)) - return; - - conf_mount_rw(); - foreach ($files as $file) { - @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); - if (substr($file, -9) == ".so.rules") { - $slib = substr($file, 6, -6); - @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/dynamicrules/{$slib}"); - } - } - conf_mount_ro(); -} - -function snort_copy_rules($files, $snortdir, $snort_uuid, $if_real) { - - if (empty($files)) - return; - - conf_mount_rw(); - foreach ($files as $file) { - if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}")) - @copy("{$snortdir}/rules/{$file}", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); - if (substr($file, -9) == ".so.rules") { - $slib = substr($enabled_item, 6, -6); - if (!file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/dynamicrules/{$slib}")) - @copy("/usr/local/lib/snort/dynamicrules/{$file}", "{$snortdir}/snort_{$snort_uuid}_{$if_real}/dynamicrules/{$slib}"); - } - } - conf_mount_ro(); -} - if (isset($id) && $a_nat[$id]) { $pconfig['enable'] = $a_nat[$id]['enable']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['rulesets'] = $a_nat[$id]['rulesets']; + $pconfig['autoflowbitrules'] = $a_nat[$id]['autoflowbitrules']; + $pconfig['ips_policy_enable'] = $a_nat[$id]['ips_policy_enable']; + $pconfig['ips_policy'] = $a_nat[$id]['ips_policy']; } $if_real = snort_get_real_interface($pconfig['interface']); @@ -94,20 +63,60 @@ $snort_uuid = $a_nat[$id]['uuid']; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; +if (($snortdownload == 'off') || ($a_nat[$id]['ips_policy_enable'] != 'on')) + $policy_select_disable = "disabled"; + +if ($a_nat[$id]['autoflowbitrules'] == 'on') { + if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) + $btn_view_flowb_rules = ""; + else + $btn_view_flowb_rules = " disabled"; +} +else + $btn_view_flowb_rules = " disabled"; + +// If a Snort VRT policy is enabled and selected, remove all Snort VRT +// rules from the configured rule sets to allow automatic selection. +if ($a_nat[$id]['ips_policy_enable'] == 'on') { + if (isset($a_nat[$id]['ips_policy'])) { + $disable_vrt_rules = "disabled"; + $enabled_sets = explode("||", $a_nat[$id]['rulesets']); + + foreach ($enabled_sets as $k => $v) { + if (substr($v, 0, 6) == "snort_") + unset($enabled_sets[$k]); + } + $a_nat[$id]['rulesets'] = implode("||", $enabled_sets); + } +} +else + $disable_vrt_rules = ""; + /* alert file */ if ($_POST["Submit"]) { + + if ($_POST['ips_policy_enable'] == "on") + $a_nat[$id]['ips_policy_enable'] = 'on'; + else + $a_nat[$id]['ips_policy_enable'] = 'off'; + + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + $enabled_items = ""; if (is_array($_POST['toenable'])) $enabled_items = implode("||", $_POST['toenable']); else $enabled_items = $_POST['toenable']; - $oenabled = explode("||", $a_nat[$id]['rulesets']); - $nenabled = explode("||", $enabled_items); - $tormv = array_diff($oenabled, $nenabled); - snort_remove_rules($tormv, $snortdir, $snort_uuid, $if_real); $a_nat[$id]['rulesets'] = $enabled_items; - snort_copy_rules(explode("||", $enabled_items), $snortdir, $snort_uuid, $if_real); + + if ($_POST['autoflowbits'] == "on") + $a_nat[$id]['autoflowbitrules'] = 'on'; + else { + $a_nat[$id]['autoflowbitrules'] = 'off'; + if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) + @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); + } write_config(); sync_snort_package_config(); @@ -117,9 +126,6 @@ if ($_POST["Submit"]) { } if ($_POST['unselectall']) { - if (!empty($pconfig['rulesets'])) - snort_remove_rules(explode("||", $pconfig['rulesets']), $snortdir, $snort_uuid, $if_real); - $a_nat[$id]['rulesets'] = ""; write_config(); @@ -141,7 +147,6 @@ if ($_POST['selectall']) { foreach ($files as $file) $rulesets[] = basename($file); } - snort_copy_rules($rulesets, $snortdir, $snort_uuid, $if_real); $a_nat[$id]['rulesets'] = implode("||", $rulesets); @@ -177,6 +182,33 @@ if ($savemsg) { ?> + +
@@ -205,7 +237,7 @@ if ($savemsg) { - + + + + + + + + + + + + + - - - + + + + - + @@ -302,7 +406,9 @@ if ($savemsg) { $file = $snortrules[$j]; echo "\n"; echo " - + + + + +

- +



+ + + + + + + + + + + + + + + + + +
/>
  +

/>
  +

+

+ + + + + + + + + + + + + + + + + +
+ onClick="enable_change()"/>
  +
+

+
  +

+













 
"; if(is_array($enabled_rulesets_array)) { - if(in_array($file, $enabled_rulesets_array)) + if (!empty($disable_vrt_rules)) + $CHECKED = $disable_vrt_rules; + elseif(in_array($file, $enabled_rulesets_array)) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; @@ -311,7 +417,7 @@ if ($savemsg) { echo " \n\n"; echo "\n"; - if (empty($CHECKED)) + if (empty($CHECKED) || $CHECKED == "disabled") echo $file; else echo "{$file}\n"; @@ -322,7 +428,9 @@ if ($savemsg) { $file = $snortsorules[$j]; echo ""; if(is_array($enabled_rulesets_array)) { - if(in_array($file, $enabled_rulesets_array)) + if (!empty($disable_vrt_rules)) + $CHECKED = $disable_vrt_rules; + elseif(in_array($file, $enabled_rulesets_array)) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; @@ -342,8 +450,12 @@ if ($savemsg) {
  

 

-- cgit v1.2.3