From c35f5d138b4c1eba327517582c7de3b409e68e6b Mon Sep 17 00:00:00 2001 From: Ermal Date: Fri, 2 Sep 2011 11:14:40 +0000 Subject: Fix rule saving and modification for snort --- config/snort/snort_rules.php | 451 ++++++++++++++------------------------ config/snort/snort_rules_edit.php | 57 +++-- 2 files changed, 193 insertions(+), 315 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 75233529..c9112945 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -139,56 +139,18 @@ function get_middle($source, $beginning, $ending, $init_pos) { function write_rule_file($content_changed, $received_file) { - //read snort file with writing enabled - $filehandle = fopen($received_file, "w"); - - //delimiter for each new rule is a new line - $delimiter = "\n"; - - //implode the array back into a string for writing purposes - $fullfile = implode($delimiter, $content_changed); - - //write data to file - fwrite($filehandle, $fullfile); - - //close file handle - fclose($filehandle); - + @file_put_contents($received_file, implode("\n", $content_changed)); } function load_rule_file($incoming_file) { - - //read snort file - $filehandle = fopen($incoming_file, "r"); - //read file into string, and get filesize - $contents = fread($filehandle, filesize($incoming_file)); - - //close handler - fclose ($filehandle); - - - //string for populating category select - $currentruleset = basename($rulefile); - - //delimiter for each new rule is a new line - $delimiter = "\n"; + $contents = @file_get_contents($incoming_file); //split the contents of the string file into an array using the delimiter - $splitcontents = explode($delimiter, $contents); - - return $splitcontents; - + return explode("\n", $contents); } -/* -if ($_GET['openruleset'] != '' && $_GET['ids'] != '') { - header("Location: /snort/snort_rules.php?id=$id&openruleset={$_GET['openruleset']}&saved=yes"); - exit; -} -*/ - $ruledir = "/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/"; //$ruledir = "/usr/local/etc/snort/rules/"; $dh = opendir($ruledir); @@ -206,8 +168,6 @@ if ($_GET['openruleset']) else $rulefile = $ruledir.$files[0]; -//Load the rule file -$splitcontents = load_rule_file($rulefile); if ($_POST) { @@ -413,50 +373,26 @@ require_once("guiconfig.inc"); include_once("head.inc"); $pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; - ?> - - - -' . $pgtitle . '

';}?> - + ' . $pgtitle . '

';} + echo "{$snort_general_css}\n"; ?> +
+ -
- - - - -"; -?> - - - +
- -
-
- - - + + + + + +
- - - - - - - - - - + + - -
 SIDProtoSourcePortDestinationPortMessage
+
+ + + + + + + + + + + + + + + $value ) + { + $disabled = "False"; + $comments = "False"; + $findme = "# alert"; //find string for disabled alerts + $disabled_pos = strstr($value, $findme); - - - Category: "; - - //string for populating category select - $currentruleset = basename($rulefile); - - ?> - - - "; - $textse = ""; - $iconb = "icon_block_d.gif"; - } - else - { - $textss = $textse = ""; - $iconb = "icon_block.gif"; - } - - if ($disabled_pos !== false){ - $ischecked = ""; - }else{ - $ischecked = "checked"; - } - - $rule_content = explode(' ', $tempstring); - - $protocol = $rule_content[$counter2];//protocol location - $counter2++; - $source = $rule_content[$counter2];//source location - $counter2++; - $source_port = $rule_content[$counter2];//source port location - $counter2 = $counter2+2; - $destination = $rule_content[$counter2];//destination location - $counter2++; - $destination_port = $rule_content[$counter2];//destination port location - - if (strstr($tempstring, 'msg: "')) - $message = get_middle($tempstring, 'msg: "', '";', 0); - if (strstr($tempstring, 'msg:"')) - $message = get_middle($tempstring, 'msg:"', '";', 0); - - echo " - - - - - "; - ?> - + + + + + + "; - ?> - "; + ?> + -
"; - ?> - -
+
Category: + +
 SIDProtoSourcePortDestinationPortMessage
- $textss\n"; - ?> - - - - - - $textss - $sid - $textse - - $textss - $protocol"; - ?> - - - $textss - $source - $textse - - $textss - $source_port - $textse - - $textss - $destination - $textse - - $textss - $destination_port - $textse - "; + $textse = ""; + $iconb = "icon_block_d.gif"; + + $ischecked = ""; + } else { + $textss = $textse = ""; + $iconb = "icon_block.gif"; + + $ischecked = "checked"; + } + + $rule_content = explode(' ', $value); + + $protocol = $rule_content[$counter2];//protocol location + $counter2++; + $source = substr($rule_content[$counter2], 0, 20) . "...";//source location + $counter2++; + $source_port = $rule_content[$counter2];//source port location + $counter2 = $counter2+2; + $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location + $counter2++; + $destination_port = $rule_content[$counter2];//destination port location + + if (strstr($value, 'msg: "')) + $message = get_middle($value, 'msg: "', '";', 0); + else if (strstr($value, 'msg:"')) + $message = get_middle($value, 'msg:"', '";', 0); + + echo "
$textss\n"; + ?> + + + + + + $textss + $sid + $textse + + $textss + $protocol"; + echo "$textse + + $textss + $source + $textse + + $textss + $source_port + $textse + + $textss + $destination + $textse + + $textss + $destination_port + $textse + + $textss $message $textse - + - - + + - +
-
+ + +
+
+ There are {$counter} rules in this category.

"; ?> +
+ -
Rule Disabled
- + - -
+
-

- +

-
- - - - + + + + + - -
- - - - + + diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 666147dc..7c31b017 100644 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -70,45 +70,35 @@ if (isset($_POST['openruleset'])) $file = $_POST['openruleset']; //read file into string, and get filesize also chk for empty files -if (filesize($file) > 0 ) { - $contents2 = file_get_contents($file); -}else{ - $contents2 = ''; -} +$contents = ''; +if (filesize($file) > 0 ) + $contents = file_get_contents($file); //delimiter for each new rule is a new line $delimiter = "\n"; //split the contents of the string file into an array using the delimiter -$splitcontents = explode($delimiter, $contents2); - -if ($_POST) { +$splitcontents = explode($delimiter, $contents); +$findme = "# alert"; //find string for disabled alerts +$highlight = "yes"; +if (strstr($splitcontents[$lineid], $findme)) $highlight = "no"; - if($_POST['highlight'] == "yes") - $highlight = "yes"; - - if ($_POST['rows'] <> "") - $rows = $_POST['rows']; - else - $rows = 1; - - if ($_POST['cols'] <> "") - $cols = $_POST['cols']; - else - $cols = 66; +if ($highlight == "no") + $splitcontents[$lineid] = substr($splitcontents[$lineid], 2); +if ($_POST) { if ($_POST['save']) { - /* get the changes */ - $rule_content2 = $_POST['code']; - //copy string into file array for writing - $splitcontents[$lineid] = $rule_content2; + if ($_POST['highlight'] == "yes") + $splitcontents[$lineid] = $_POST['code']; + else + $splitcontents[$lineid] = "# " . $_POST['code']; //write the new .rules file @file_put_contents($file, implode($delimiter, $splitcontents)); - echo ""; + echo ""; exit; } } @@ -120,12 +110,12 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor")); +
+
- - @@ -144,13 +134,21 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor")); + + + @@ -158,6 +156,7 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor"));
+ + +
- + cols="66" name="code2">
+ -- cgit v1.2.3