From 38d0c81e48b9eb6dcd353ecddbc2c4b8508bfe8d Mon Sep 17 00:00:00 2001 From: robiscool Date: Tue, 26 Jul 2011 20:58:52 -0700 Subject: snort-dev, add ips tab to rule db, add js ips table create --- config/snort-dev/css/style_snort2.css | 7 +- config/snort-dev/snort_download_rules.inc | 1 + config/snort-dev/snort_install.inc | 1 + config/snort-dev/snort_interfaces_rules.php | 1 + config/snort-dev/snort_json_get.php | 9 + config/snort-dev/snort_json_post.php | 13 ++ config/snort-dev/snort_ruleset_ips.php | 291 ++++++++++++++++++++++++++++ 7 files changed, 319 insertions(+), 4 deletions(-) create mode 100644 config/snort-dev/snort_ruleset_ips.php (limited to 'config') diff --git a/config/snort-dev/css/style_snort2.css b/config/snort-dev/css/style_snort2.css index 6b5995cd..56fcb833 100644 --- a/config/snort-dev/css/style_snort2.css +++ b/config/snort-dev/css/style_snort2.css @@ -4,17 +4,16 @@ a { font-size: 11px; } -*/ - +*/ #right { position: relative; top: -10px; left: 0px; - width: 770px; + width: 800px; margin-top: 0px; - margin-left: 5px; + margin-left: 0px; margin-right: 5px; padding-top: 20px; padding-left: 0px; diff --git a/config/snort-dev/snort_download_rules.inc b/config/snort-dev/snort_download_rules.inc index e6a22477..8953a65c 100644 --- a/config/snort-dev/snort_download_rules.inc +++ b/config/snort-dev/snort_download_rules.inc @@ -207,6 +207,7 @@ function reapplyRuleSettings_run($sidRule_array) // disable a sid // sed -i '' "s/^\(alert.*sid:1225;.*\)/# \1/" /usr/local/etc/snort/snortDBrules/DB/RAjFYOrC04D6/rules/snort_x11.rules // grep "^alert.*sid:.*;" rules/emerging-worm.rules | grep -oh "\w*sid:[0-9][^*;]\w*" | awk -F: '{print $2}' + // sed -n '/^320 || .*/{p;q;}' rules/ ../etc/sid-msg.map | awk -F '|' '{print $3}' | sed -e 's/^[ \t]*//' } diff --git a/config/snort-dev/snort_install.inc b/config/snort-dev/snort_install.inc index 1fb56780..c805d62c 100644 --- a/config/snort-dev/snort_install.inc +++ b/config/snort-dev/snort_install.inc @@ -252,6 +252,7 @@ function snort_postinstall() exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/close_9x9.gif'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/new_tab_menu.png'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progress_bar2.gif'); + exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/progressbar.gif'); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/images/top_modal_bar_lil.jpg'); chdir ("/usr/local/www/snort/javascript/"); exec('/usr/bin/fetch http://www.pfsense.com/packages/config/snort-dev/javascript/jquery-1.6.2.min.js'); diff --git a/config/snort-dev/snort_interfaces_rules.php b/config/snort-dev/snort_interfaces_rules.php index 2e2e7732..6c8f5a60 100644 --- a/config/snort-dev/snort_interfaces_rules.php +++ b/config/snort-dev/snort_interfaces_rules.php @@ -61,6 +61,7 @@ $a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); $listOnRules = array(); $listOnRules = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'All', ''); + $listUsedRules = array(); foreach ($listOnRules as $listOnRule) { diff --git a/config/snort-dev/snort_json_get.php b/config/snort-dev/snort_json_get.php index 84cc8ed7..965ac4de 100644 --- a/config/snort-dev/snort_json_get.php +++ b/config/snort-dev/snort_json_get.php @@ -46,6 +46,15 @@ require_once("/usr/local/pkg/snort/snort_new.inc"); session_start(); // alwaya at the very top of a php page or "Cannot send session cache limiter - headers already sent" +// get json blocls sids +if ($_GET['snortsamjson'] == 1) { + + exec('cat /usr/local/etc/snort/sn_6TPXv7a/rules/dbBlockSplit/splitSidblock' . $_GET['fileid'] . '.block', $output); + echo $output[0]; + +} + + // upload created log tar to user if ($_GET['snortGetUpdate'] == 1) { diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php index 359dd23a..ee9d9ead 100644 --- a/config/snort-dev/snort_json_post.php +++ b/config/snort-dev/snort_json_post.php @@ -62,6 +62,19 @@ function snortJsonReturnCode($returnStatus) } } +// snortsam save settings +if ($_POST['snortSamSaveSettings'] == 1) { + + unset($_POST['snortSamSaveSettings']); + + function snortSamSaveFunc() + { + print_r($_POST[snortsam][db]); + } + snortSamSaveFunc(); + +} + // row from db by uuid if ($_POST['snortSidRuleEdit'] == 1) { diff --git a/config/snort-dev/snort_ruleset_ips.php b/config/snort-dev/snort_ruleset_ips.php new file mode 100644 index 00000000..18c49b35 --- /dev/null +++ b/config/snort-dev/snort_ruleset_ips.php @@ -0,0 +1,291 @@ +. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars + +if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { + echo 'Error: more than one uuid'; + exit(0); +} + +// set page vars +if (isset($_GET['uuid'])) { + $uuid = $_GET['uuid']; +} + +if (isset($_GET['rdbuuid'])) { + $rdbuuid = $_GET['rdbuuid']; +}else{ + $ruledbname_pre1 = snortSql_fetchAllSettings('snortDB', 'SnortIfaces', 'uuid', $uuid); + $rdbuuid = $ruledbname_pre1['ruledbname']; +} + +//$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); + +// create dropdown list +function snortDropDownListJson($list, $setting) { + foreach ($list as $iday => $iday2) { + + echo "\n" . "'\' + "\n" +' . "\r"; + + } +} + + $countGetEnableSidArray = count($getEnableSid); + + $pgtitle = "Services: Snort: Ruleset Ips:"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + +
+


Please Wait...

+
+ + + +
+ + + +
+ +
+
+ +
+ + + + + + + + +
+ + + +
+ + +
+ + + + + + + + + + +
+ + + 1 + + 2 + + +
+ + + + + + + + + + + + + + + + + + +
   On   Sid   Source   Amount   DurationMessage
+
+ + + + +
+ + +
+ + + +
+
+ + + +
+ + + + + + + + + + -- cgit v1.2.3