From 2e1eeca3568419e2deccdba857eeba9d3e7164e8 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 3 Jun 2013 21:15:32 -0400 Subject: Save and restore state of "$pkg_interface" variable on exit. --- config/snort/snort_check_for_rule_updates.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'config/snort') diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index f08ebc18..2b60b6ce 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -41,6 +41,8 @@ $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; +/* Save the state of $pkg_interface so we can restore it */ +$pkg_interface_orig = $pkg_interface; if ($snort_gui_include) $pkg_interface = ""; else @@ -740,4 +742,7 @@ log_error(gettext("[Snort] The Rules update has finished.")); error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $snort_rules_upd_log); conf_mount_ro(); +/* Restore the state of $pkg_interface */ +$pkg_interface = $pkg_interface_orig; + ?> -- cgit v1.2.3 From 7bf09620fc59e910d83f2691c6487a6cf0b615c2 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 3 Jun 2013 21:16:31 -0400 Subject: Add a rule counter for display at the bottom of page. --- config/snort/snort_rules.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'config/snort') diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 2ef529b9..3475577c 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -496,6 +496,7 @@ h += 96; $rulem) { foreach ($rulem as $k2 => $v) { $sid = snort_get_sid($v['rule']); @@ -576,6 +577,7 @@ h += 96; - +
+ + + -- cgit v1.2.3 From 920dcf88e757c1f133c4c8d53cef4b712c35e608 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 3 Jun 2013 21:19:06 -0400 Subject: Fix it so Select All also gets Snort GPLv2 Community Rules. --- config/snort/snort_rulesets.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index fce1616b..62200ba4 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -167,7 +167,7 @@ if ($_POST['selectall']) { $rulesets[] = basename($file); } if ($snortcommunitydownload == 'on') { - $files = glob("{$snortdir}/rules/sc_*.rules"); + $files = glob("{$snortdir}/rules/*_community.rules"); foreach ($files as $file) $rulesets[] = basename($file); } @@ -348,7 +348,7 @@ function enable_change() - + - +


@@ -389,7 +389,7 @@ function enable_change()


-- cgit v1.2.3 From 352495f6292bb10122dc4859919253695eea7648 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 3 Jun 2013 21:20:41 -0400 Subject: Fix PHP out-of-memory error with large rule sets and IPS Policy display --- config/snort/snort.inc | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index cf36ca86..0f0a24e4 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -39,6 +39,9 @@ require_once("pkg-utils.inc"); // Needed on 2.0 because of filter_get_vpns_list() require_once("filter.inc"); +// Snort GUI needs some extra PHP memory space to manipulate large rules arrays +ini_set("memory_limit", "192M"); + // Explicitly declare these as global so they work through function call includes global $snort_rules_file, $snort_version, $emerging_threats_version, $snort_rules_upd_log; global $all_rules, $flowbit_rules_file, $snort_enforcing_rules_file, $rebuild_rules, $is_postinstall; @@ -1529,20 +1532,21 @@ function snort_load_vrt_policy($policy, $load_rules_map=true) { $snortdir = SNORTDIR; $vrt_policy_rules = array(); - /* Create regular expression for searching. */ - $policy_pcre = "/policy\\s" . $policy . "/i"; - /* Refresh the map of all the rules if flag */ /* is set. */ - if ($load_rules_map == true) - $all_rules = snort_load_rules_map("{$snortdir}/rules/"); + if ($load_rules_map) { + /* Since only Snort VRT rules have IPS Policy metadata, */ + /* limit our search to just those files. */ + $snort_vrt_files = glob("{$snortdir}/rules/snort_*.rules"); + $all_rules = array(); + $all_rules = snort_load_rules_map($snort_vrt_files); + } - /* Now walk the rules list and find all those */ - /* that are defined as active for the chosen */ - /* security policy. */ + /* Now walk the rules list and find all those that are defined */ + /* defined as active for the chosen security policy. */ foreach ($all_rules as $k1 => $arulem) { foreach ($arulem as $k2 => $arulem2) { - if (preg_match($policy_pcre, $arulem2['rule'])) { + if (strripos($arulem2['rule'], "policy {$policy}-ips") !== false) { if (!preg_match('/flowbits\s*:\s*noalert/i', $arulem2['rule'])) { if (!is_array($vrt_policy_rules[$k1])) $vrt_policy_rules[$k1] = array(); @@ -1564,9 +1568,9 @@ function snort_load_vrt_policy($policy, $load_rules_map=true) { unset($arulem, $arulem2); /* If we loaded the ALL_RULES map, */ - /* then release the memory. */ + /* then release the global memory. */ if ($load_rules_map == true) - unset($all_rules); + unset($GLOBALS['all_rules']); /* Return all the rules that match the policy. */ return $vrt_policy_rules; @@ -2075,6 +2079,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { $no_rules_defined = false; /* Load up all the rules into a Rules Map array. */ + $all_rules = array(); $all_rules = snort_load_rules_map("{$snortdir}/rules/"); /* Create an array with the filenames of the enabled */ @@ -2160,7 +2165,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Just put an empty file to always have the file present */ snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); - unset($enabled_rules, $all_rules); + unset($GLOBALS['all_rules']); } else { snort_write_enforcing_rules_file(array(), "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}"); snort_write_flowbit_rules_file(array(), "{$snortcfgdir}/rules/{$flowbit_rules_file}"); -- cgit v1.2.3 From 8f4d4340ccd88e2fcb2e600c29fc4eabcd38d1e5 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 4 Jun 2013 20:12:14 -0400 Subject: Remove some extraneous pass-by-reference tags to stop "copy on write" --- config/snort/snort.inc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 0f0a24e4..44dd133e 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1288,7 +1288,7 @@ function snort_get_flowbits($rule) { return $flowbits; } -function snort_get_checked_flowbits(&$rules_map) { +function snort_get_checked_flowbits($rules_map) { /*************************************************************/ /* This function checks all the currently enabled rules to */ @@ -1331,7 +1331,7 @@ function snort_get_checked_flowbits(&$rules_map) { return $checked_flowbits; } -function snort_get_set_flowbits(&$rules_map) { +function snort_get_set_flowbits($rules_map) { /*********************************************************/ /* This function checks all the currently enabled rules */ @@ -1372,7 +1372,7 @@ function snort_get_set_flowbits(&$rules_map) { return $set_flowbits; } -function snort_find_flowbit_required_rules(&$all_rules, &$unchecked_flowbits) { +function snort_find_flowbit_required_rules($all_rules, $unchecked_flowbits) { /********************************************************/ /* This function finds all rules that must be enabled */ @@ -1420,7 +1420,7 @@ function snort_find_flowbit_required_rules(&$all_rules, &$unchecked_flowbits) { return $required_flowbits_rules; } -function snort_resolve_flowbits(&$active_rules) { +function snort_resolve_flowbits($active_rules) { /******************************************************/ /* This function auto-resolves flowbit requirements */ -- cgit v1.2.3 From 6a9022187263823f0adb20f83db9141522bf3e98 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 4 Jun 2013 20:13:15 -0400 Subject: Fix it so we return to selected category after page edits. --- config/snort/snort_rules.php | 60 +++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 28 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 3475577c..1ce1c0c2 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -192,6 +192,7 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { /* Update the config.xml file. */ write_config(); + $_GET['openruleset'] = $currentruleset; header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } @@ -227,6 +228,7 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); + $_GET['openruleset'] = $currentruleset; header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } @@ -240,6 +242,7 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) { /* Update the config.xml file. */ write_config(); + $_GET['openruleset'] = $currentruleset; header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } @@ -324,32 +327,6 @@ if ($savemsg) { ?> - -
@@ -435,8 +412,9 @@ h += 96; + title=""/> + + - - diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 4c921ca4..12981398 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -1143,7 +1143,7 @@ include_once("head.inc"); +
" class="formbtn" - title=""/> - + + -- cgit v1.2.3 From b3cbd705918a4a7f45eff9ddc330e2dab10c58db Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 4 Jun 2013 21:37:30 -0400 Subject: Fix HTML rendering issues found in cross-browser testing. --- config/snort/snort_barnyard.php | 8 ++++---- config/snort/snort_preprocessors.php | 2 +- config/snort/snort_rules.php | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index a7f04e39..2773fe95 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -192,8 +192,8 @@ function enable_change(enable_change) {


@@ -206,8 +206,8 @@ function enable_change(enable_change) {
+
  -
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 1ce1c0c2..ca63dae9 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -411,7 +411,7 @@ if ($savemsg) {
- -- cgit v1.2.3 From 8e910fa46269ae3c933ad068ef2843b9dd9dda4e Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 5 Jun 2013 17:07:55 -0400 Subject: Fix SELECT ALL to not add all Snort rules when IPS Policy is set. --- config/snort/snort_rulesets.php | 125 ++++++++++++++++++++++------------------ 1 file changed, 69 insertions(+), 56 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 62200ba4..fa3efc1b 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -112,12 +112,14 @@ else /* alert file */ if ($_POST["Submit"]) { - if ($_POST['ips_policy_enable'] == "on") + if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; - else + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { $a_nat[$id]['ips_policy_enable'] = 'off'; - - $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + unset($a_nat[$id]['ips_policy']); + } $enabled_items = ""; if (is_array($_POST['toenable'])) @@ -152,6 +154,15 @@ if ($_POST["Submit"]) { if ($_POST['unselectall']) { $a_nat[$id]['rulesets'] = ""; + if ($_POST['ips_policy_enable'] == "on") { + $a_nat[$id]['ips_policy_enable'] = 'on'; + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { + $a_nat[$id]['ips_policy_enable'] = 'off'; + unset($a_nat[$id]['ips_policy']); + } + write_config(); sync_snort_package_config(); @@ -161,6 +172,16 @@ if ($_POST['unselectall']) { if ($_POST['selectall']) { $rulesets = array(); + + if ($_POST['ips_policy_enable'] == "on") { + $a_nat[$id]['ips_policy_enable'] = 'on'; + $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; + } + else { + $a_nat[$id]['ips_policy_enable'] = 'off'; + unset($a_nat[$id]['ips_policy']); + } + if ($emergingdownload == 'on') { $files = glob("{$snortdir}/rules/emerging*.rules"); foreach ($files as $file) @@ -171,7 +192,9 @@ if ($_POST['selectall']) { foreach ($files as $file) $rulesets[] = basename($file); } - if ($snortdownload == 'on') { + + /* Include the Snort VRT rules only if enabled and no IPS policy is set */ + if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') { $files = glob("{$snortdir}/rules/snort*.rules"); foreach ($files as $file) $rulesets[] = basename($file); @@ -210,49 +233,6 @@ if ($savemsg) { ?> - -
" class="formbtn" + " class="formbtn" title=""/>
@@ -271,14 +251,14 @@ function enable_change() echo ''; echo ' @@ -570,5 +550,38 @@ function enable_change() + + + -- cgit v1.2.3
'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); - $tab_array = array(); - $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); - $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + $tab_array = array(); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); + display_top_tabs($tab_array); ?>