From f5db56193887749bc9998218f0aa3b91723f249d Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 20 Feb 2014 12:54:50 -0500 Subject: Fix custom rules clear bug and enable custom rule testing. --- config/suricata/suricata_rules.php | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'config/suricata/suricata_rules.php') diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index b848b4e8..94e43fc7 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -49,11 +49,8 @@ if (is_null($id)) { } if (isset($id) && $a_rule[$id]) { - $pconfig['enable'] = $a_rule[$id]['enable']; $pconfig['interface'] = $a_rule[$id]['interface']; $pconfig['rulesets'] = $a_rule[$id]['rulesets']; - if (!empty($a_rule[$id]['customrules'])) - $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); } function truncate($string, $length) { @@ -357,26 +354,29 @@ if ($_POST['clear']) { } if ($_POST['customrules']) { - $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); + if ($_POST['customrules']) + $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); + else + unset($a_rule[$id]['customrules']); write_config(); $rebuild_rules = true; suricata_generate_yaml($a_rule[$id]); $rebuild_rules = false; $output = ""; $retcode = ""; -// exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode); -// if (intval($retcode) != 0) { -// $error = ""; -// $start = count($output); -// $end = $start - 4; -// for($i = $start; $i > $end; $i--) -// $error .= $output[$i]; -// $input_errors[] = "Custom rules have errors:\n {$error}"; -// } -// else { -// header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); -// exit; -// } + exec("/usr/local/bin/suricata -T --init-errors-fatal -c {$suricatacfgdir}/suricata.yaml 2>&1", $output, $retcode); + if (intval($retcode) != 0) { + $error = ""; + $start = count($output); + $end = $start - 4; + for($i = $start; $i > $end; $i--) + $error .= $output[$i]; + $input_errors[] = "Custom rules have errors:\n {$error}"; + } + else { + header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); + exit; + } } else if ($_POST['apply']) { -- cgit v1.2.3 From de040922497c3ff0f1a77451063de25b3b579393 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sat, 22 Feb 2014 00:33:26 -0500 Subject: Continue change of $_GET to $_POST wherever possible. --- config/suricata/suricata_rules.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'config/suricata/suricata_rules.php') diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index 94e43fc7..428bc9be 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -40,7 +40,8 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); $a_rule = &$config['installedpackages']['suricata']['rule']; -$id = $_GET['id']; +if (is_numeric($_GET['id'])) + $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; if (is_null($id)) { @@ -108,7 +109,7 @@ $etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rul $categories = explode("||", $pconfig['rulesets']); if ($_GET['openruleset']) - $currentruleset = $_GET['openruleset']; + $currentruleset = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401); else if ($_POST['openruleset']) $currentruleset = $_POST['openruleset']; else -- cgit v1.2.3 From c1717f2d9752d19c54e86e1bcb6cb81f5b253710 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 24 Feb 2014 00:45:10 -0500 Subject: Bug fixes and replace $_GET with $_POST where possible. --- config/suricata/suricata_rules.php | 228 ++++++++++++++++--------------------- 1 file changed, 96 insertions(+), 132 deletions(-) (limited to 'config/suricata/suricata_rules.php') diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index 428bc9be..f6457f19 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -27,7 +27,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ - require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); @@ -35,23 +34,26 @@ global $g, $rebuild_rules; $suricatadir = SURICATADIR; $rules_map = array(); +$pconfig = array(); if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); $a_rule = &$config['installedpackages']['suricata']['rule']; -if (is_numeric($_GET['id'])) +log_error(print_r($_POST, true)); + +if ($_GET['id']) $id = $_GET['id']; -if (isset($_POST['id'])) +if ($_POST['id']) $id = $_POST['id']; if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; + $id = 0; } if (isset($id) && $a_rule[$id]) { $pconfig['interface'] = $a_rule[$id]['interface']; $pconfig['rulesets'] = $a_rule[$id]['rulesets']; + $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); } function truncate($string, $length) { @@ -110,7 +112,9 @@ $categories = explode("||", $pconfig['rulesets']); if ($_GET['openruleset']) $currentruleset = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401); -else if ($_POST['openruleset']) +elseif ($_POST['selectbox']) + $currentruleset = $_POST['selectbox']; +elseif ($_POST['openruleset']) $currentruleset = $_POST['openruleset']; else $currentruleset = $categories[0]; @@ -147,13 +151,11 @@ if ($currentruleset != 'custom.rules') { $enablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_on']); $disablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_off']); -if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { - - // Get the GID tag embedded in the clicked rule icon. - $gid = $_GET['gid']; +if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) { - // Get the SID tag embedded in the clicked rule icon. - $sid= $_GET['ids']; + // Get the GID:SID tags embedded in the clicked rule icon. + $gid = $_POST['gid']; + $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, // and toggle it back to default if present; otherwise, @@ -197,11 +199,9 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { /* Update the config.xml file. */ write_config(); - $_GET['openruleset'] = $currentruleset; $anchor = "rule_{$gid}_{$sid}"; } - -if ($_GET['act'] == "disable_all" && !empty($rules_map)) { +elseif ($_POST['disable_all'] && !empty($rules_map)) { // Mark all rules in the currently selected category "disabled". foreach (array_keys($rules_map) as $k1) { @@ -238,13 +238,8 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_GET['act'] == "enable_all" && !empty($rules_map)) { +elseif ($_POST['enable_all'] && !empty($rules_map)) { // Mark all rules in the currently selected category "enabled". foreach (array_keys($rules_map) as $k1) { @@ -280,13 +275,8 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { +elseif ($_POST['resetcategory'] && !empty($rules_map)) { // Reset any modified SIDs in the current rule category to their defaults. foreach (array_keys($rules_map) as $k1) { @@ -324,13 +314,8 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_GET['act'] == "resetall" && !empty($rules_map)) { +elseif ($_POST['resetall'] && !empty($rules_map)) { // Remove all modified SIDs from config.xml and save the changes. unset($a_rule[$id]['rule_sid_on']); @@ -338,23 +323,20 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) { /* Update the config.xml file. */ write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_POST['clear']) { +elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); write_config(); $rebuild_rules = true; suricata_generate_yaml($a_rule[$id]); $rebuild_rules = false; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + $pconfig['customrules'] = ''; } - -if ($_POST['customrules']) { +elseif ($_POST['cancel']) { + $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); +} +elseif ($_POST['save']) { + $pconfig['customrules'] = $_POST['customrules']; if ($_POST['customrules']) $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); else @@ -363,24 +345,21 @@ if ($_POST['customrules']) { $rebuild_rules = true; suricata_generate_yaml($a_rule[$id]); $rebuild_rules = false; - $output = ""; - $retcode = ""; - exec("/usr/local/bin/suricata -T --init-errors-fatal -c {$suricatacfgdir}/suricata.yaml 2>&1", $output, $retcode); - if (intval($retcode) != 0) { - $error = ""; - $start = count($output); - $end = $start - 4; - for($i = $start; $i > $end; $i--) - $error .= $output[$i]; - $input_errors[] = "Custom rules have errors:\n {$error}"; - } - else { - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; - } + /* Signal Suricata to "live reload" the rules */ + suricata_reload_config($a_rule[$id]); +// $output = ""; +// $retcode = ""; +// exec("/usr/local/bin/suricata -T --init-errors-fatal -c {$suricatacfgdir}/suricata.yaml 2>&1", $output, $retcode); +// if (intval($retcode) != 0) { +// $error = ""; +// $start = count($output); +// $end = $start - 4; +// for($i = $start; $i > $end; $i--) +// $error .= $output[$i]; +// $input_errors[] = "Custom rules have errors:\n {$error}"; +// } } - -else if ($_POST['apply']) { +elseif ($_POST['apply']) { /* Save new configuration */ write_config(); @@ -395,16 +374,6 @@ else if ($_POST['apply']) { /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); - - /* Return to this same page */ - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; -} -else if ($_POST['cancel']) { - - /* Return to this same page */ - header("Location: /suricata/suricata_rules.php?id={$id}"); - exit; } require_once("guiconfig.inc"); @@ -417,9 +386,7 @@ $pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset ' . $pgtitle . '

';} - -/* Display message */ +/* Display error or save messages if present */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } @@ -430,7 +397,11 @@ if ($savemsg) { ?> -
+ + + + + - - @@ -497,15 +468,13 @@ if ($savemsg) { @@ -518,43 +487,40 @@ if ($savemsg) {
     +    
- -
- " title=" "/>   - " title=""/>   + " title=" "/>   + " title=""/>   " onclick="return confirm('')" title=""/>
- - - - - - @@ -579,7 +544,6 @@ if ($savemsg) {
" class="formbtn" - title=""/> - -

+ title=""/>

" . gettext("Suricata must be restarted to activate any SID enable/disable changes made on this tab."); ?>		 - "?> + title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?>   
- "?> + title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?>   
- "?> + title='" . gettext("Click to disable all rules in the selected category") . "'/>"?>   
- "?> + title='" . gettext("Click to enable all rules in the selected category") . "'/>"?>   
@@ -564,7 +530,6 @@ if ($savemsg) { title="" width="17" height="17" border="0">   
 
- @@ -587,7 +551,7 @@ if ($savemsg) { - + @@ -668,11 +632,11 @@ if ($savemsg) { $message = suricata_get_msg($v['rule']); $sid_tooltip = gettext("View the raw text for this rule"); - echo "
{$textss} - - {$textse} + echo "
{$textss} + {$textse} {$textss}{$gid}{$textse} @@ -753,15 +717,14 @@ if ($savemsg) {
- - + + -- cgit v1.2.3 From af5566164c9b0b412962c26b831e78c499f53281 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 28 Feb 2014 20:41:37 -0500 Subject: Bug fixes and enhancements for v0.2-BETA in Suricata pkg. --- config/suricata/suricata_rules.php | 61 ++++++++++---------------------------- 1 file changed, 15 insertions(+), 46 deletions(-) (limited to 'config/suricata/suricata_rules.php') diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index f6457f19..1a0c54b5 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -40,8 +40,6 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); $a_rule = &$config['installedpackages']['suricata']['rule']; -log_error(print_r($_POST, true)); - if ($_GET['id']) $id = $_GET['id']; if ($_POST['id']) @@ -56,19 +54,6 @@ if (isset($id) && $a_rule[$id]) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); } -function truncate($string, $length) { - - /******************************** - * This function truncates the * - * passed string to the length * - * specified adding ellipsis if * - * truncation was necessary. * - ********************************/ - if (strlen($string) > $length) - $string = substr($string, 0, ($length - 2)) . "..."; - return $string; -} - function add_title_attribute($tag, $title) { /******************************** @@ -347,17 +332,6 @@ elseif ($_POST['save']) { $rebuild_rules = false; /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); -// $output = ""; -// $retcode = ""; -// exec("/usr/local/bin/suricata -T --init-errors-fatal -c {$suricatacfgdir}/suricata.yaml 2>&1", $output, $retcode); -// if (intval($retcode) != 0) { -// $error = ""; -// $start = count($output); -// $end = $start - 4; -// for($i = $start; $i > $end; $i--) -// $error .= $output[$i]; -// $input_errors[] = "Custom rules have errors:\n {$error}"; -// } } elseif ($_POST['apply']) { @@ -411,7 +385,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); display_top_tabs($tab_array); echo ''; echo ''; @@ -554,7 +528,6 @@ if ($savemsg) { - @@ -567,7 +540,6 @@ if ($savemsg) {   - @@ -618,17 +590,17 @@ if ($savemsg) { $tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp)); $rule_content = preg_split('/[\s]+/', $tmp); - // Create custom tags for the fields we truncate so we can + // Create custom tags for some of the fields so we can // have a "title" attribute for tooltips to show the full string. $srcspan = add_title_attribute($textss, $rule_content[2]); $srcprtspan = add_title_attribute($textss, $rule_content[3]); $dstspan = add_title_attribute($textss, $rule_content[5]); $dstprtspan = add_title_attribute($textss, $rule_content[6]); $protocol = $rule_content[1]; //protocol field - $source = truncate($rule_content[2], 14); //source field - $source_port = truncate($rule_content[3], 10); //source port field - $destination = truncate($rule_content[5], 14); //destination field - $destination_port = truncate($rule_content[6], 10); //destination port field + $source = $rule_content[2]; //source field + $source_port = $rule_content[3]; //source port field + $destination = $rule_content[5]; //destination field + $destination_port = $rule_content[6]; //destination port field $message = suricata_get_msg($v['rule']); $sid_tooltip = gettext("View the raw text for this rule"); @@ -638,33 +610,30 @@ if ($savemsg) { src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\" title='{$title}' name=\"toggle[]\"/>{$textse} - + {$textss}{$gid}{$textse} - + {$textss}{$sid}{$textse} - - {$textss}{$v['action']}{$textse} - - + {$textss}{$protocol}{$textse} - + {$srcspan}{$source} - + {$srcprtspan}{$source_port} - + {$dstspan}{$destination} - + {$dstprtspan}{$destination_port} - + {$textss}{$message}{$textse} "; -- cgit v1.2.3