From 556474c5b9db2afff94d288870b203bed3ff2cfb Mon Sep 17 00:00:00 2001 From: robiscool Date: Fri, 5 Aug 2011 18:19:02 -0700 Subject: orionids-dev, fix db save changes, fix foward slash error on chrom and ie9, add no cache php code --- config/orionids-dev/css/style_snort2.css | 100 +++--- config/orionids-dev/javascript/snort_globalsend.js | 1 + config/orionids-dev/snort_alerts.php | 7 + config/orionids-dev/snort_barnyard.php | 7 + config/orionids-dev/snort_blocked.php | 7 + config/orionids-dev/snort_define_servers.php | 7 + config/orionids-dev/snort_download_updates.php | 7 + config/orionids-dev/snort_help_info.php | 7 + config/orionids-dev/snort_interfaces.php | 7 + config/orionids-dev/snort_interfaces_edit.php | 7 + config/orionids-dev/snort_interfaces_global.php | 7 + config/orionids-dev/snort_interfaces_rules.php | 7 + .../orionids-dev/snort_interfaces_rules_edit.php | 7 + config/orionids-dev/snort_interfaces_suppress.php | 7 + .../snort_interfaces_suppress_edit.php | 7 + config/orionids-dev/snort_interfaces_whitelist.php | 7 + .../snort_interfaces_whitelist_edit.php | 7 + config/orionids-dev/snort_json_get.php | 7 +- config/orionids-dev/snort_json_post.php | 355 +++++++++++---------- config/orionids-dev/snort_new.inc | 12 +- config/orionids-dev/snort_preprocessors.php | 7 + config/orionids-dev/snort_rules.php | 93 +++--- config/orionids-dev/snort_rules_ips.php | 177 +++++++--- config/orionids-dev/snort_rulesets.php | 7 + config/orionids-dev/snort_rulesets_ips.php | 7 + 25 files changed, 560 insertions(+), 311 deletions(-) (limited to 'config') diff --git a/config/orionids-dev/css/style_snort2.css b/config/orionids-dev/css/style_snort2.css index bd5383f4..16b2e327 100644 --- a/config/orionids-dev/css/style_snort2.css +++ b/config/orionids-dev/css/style_snort2.css @@ -252,48 +252,48 @@ } .alert { -position:absolute; -top:10px; -left:-25px; -width:100%; -height:90%; -z-index:999; -background:#FCE9C0; -background-position: 15px; -border-top:2px solid #DBAC48; -border-bottom:2px solid #DBAC48; -padding: 15px 10px 85% 50px; + position:absolute; + top:10px; + left:-25px; + width:100%; + height:90%; + z-index:999; + background:#FCE9C0; + background-position: 15px; + border-top:2px solid #DBAC48; + border-bottom:2px solid #DBAC48; + padding: 15px 10px 85% 50px; } .formpre { -font-family:arial; -font-size: 1.1em; + font-family:arial; + font-size: 1.1em; } #download_rules { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center + font-family: arial; + font-size: 13px; + font-weight: bold; + text-align: center; } #download_rules_td { -font-family: arial; -font-size: 13px; -font-weight: bold; -text-align: center + font-family: arial; + font-size: 13px; + font-weight: bold; + text-align: center; } /* hack fix the hard coded fbegin link */ #header-left2 { -position: absolute; -background-position: center center; -height: 67px; -width: 147px; -top: -77px; -left: 8px; -float: left; -z-index:999; + position: absolute; + background-position: center center; + height: 67px; + width: 147px; + top: -77px; + left: 8px; + float: left; + z-index:999; } #header-left2 #status-link2 { position: relative; @@ -303,24 +303,24 @@ z-index:999; /* end of fbegin hack */ .body2 { -font-family:arial; -font-size:12px; + font-family:arial; + font-size:12px; } .tabcont { -background-color: #dddddd; -padding-right: 12px; -padding-left: 12px; -padding-top: 12px; -padding-bottom: 12px; + background-color: #dddddd; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; } .tabcont2 { -background-color: #eeeeee; -padding-right: 12px; -padding-left: 12px; -padding-top: 12px; -padding-bottom: 12px; + background-color: #eeeeee; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; } .vncell2 { @@ -332,15 +332,15 @@ padding-bottom: 12px; } .vncelltextbox { -background-color: #eeeeee; -padding-top: 8px; -padding-bottom: 8px; -padding-right: 8px; -padding-left: 8px; -border-bottom-width: 1px; -border-bottom-style: solid; -border-bottom-color: #999999; -font-size: 11px; + background-color: #eeeeee; + padding-top: 8px; + padding-bottom: 8px; + padding-right: 8px; + padding-left: 8px; + border-bottom-width: 1px; + border-bottom-style: solid; + border-bottom-color: #999999; + font-size: 11px; } /* global tab, white lil box */ diff --git a/config/orionids-dev/javascript/snort_globalsend.js b/config/orionids-dev/javascript/snort_globalsend.js index 07416a74..083c40ef 100644 --- a/config/orionids-dev/javascript/snort_globalsend.js +++ b/config/orionids-dev/javascript/snort_globalsend.js @@ -146,6 +146,7 @@ jQuery(document).ready(function() { }; + //--------------------------- START select all code --------------------------- jQuery('#select_all').live('click', function(){ diff --git a/config/orionids-dev/snort_alerts.php b/config/orionids-dev/snort_alerts.php index 79485350..3cb79c5c 100644 --- a/config/orionids-dev/snort_alerts.php +++ b/config/orionids-dev/snort_alerts.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + $generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1'); $alertnumber = $generalSettings['alertnumber']; diff --git a/config/orionids-dev/snort_barnyard.php b/config/orionids-dev/snort_barnyard.php index 5a40584b..1cd2113b 100644 --- a/config/orionids-dev/snort_barnyard.php +++ b/config/orionids-dev/snort_barnyard.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + // set page vars $uuid = $_GET['uuid']; diff --git a/config/orionids-dev/snort_blocked.php b/config/orionids-dev/snort_blocked.php index be2a3835..fdc12480 100644 --- a/config/orionids-dev/snort_blocked.php +++ b/config/orionids-dev/snort_blocked.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + $generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1'); diff --git a/config/orionids-dev/snort_define_servers.php b/config/orionids-dev/snort_define_servers.php index c35fd2c1..05e7709e 100644 --- a/config/orionids-dev/snort_define_servers.php +++ b/config/orionids-dev/snort_define_servers.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + // set page vars $uuid = $_GET['uuid']; diff --git a/config/orionids-dev/snort_download_updates.php b/config/orionids-dev/snort_download_updates.php index 3cb2716d..445671bd 100644 --- a/config/orionids-dev/snort_download_updates.php +++ b/config/orionids-dev/snort_download_updates.php @@ -48,6 +48,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); require_once("/usr/local/pkg/snort/snort_download_rules.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + // set page vars if (isset($_GET['updatenow'])) { $updatenow = $_GET['updatenow']; diff --git a/config/orionids-dev/snort_help_info.php b/config/orionids-dev/snort_help_info.php index e8408209..616133ae 100644 --- a/config/orionids-dev/snort_help_info.php +++ b/config/orionids-dev/snort_help_info.php @@ -44,6 +44,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + $pgtitle = 'Snort: Help and Info'; include("/usr/local/pkg/snort/snort_head.inc"); diff --git a/config/orionids-dev/snort_interfaces.php b/config/orionids-dev/snort_interfaces.php index c13a902b..beb50f83 100644 --- a/config/orionids-dev/snort_interfaces.php +++ b/config/orionids-dev/snort_interfaces.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + $new_ruleUUID = genAlphaNumMixFast(7, 8); $a_interfaces = snortSql_fetchAllInterfaceRules('SnortIfaces', 'snortDB'); diff --git a/config/orionids-dev/snort_interfaces_edit.php b/config/orionids-dev/snort_interfaces_edit.php index 86cd6857..ade5ade8 100644 --- a/config/orionids-dev/snort_interfaces_edit.php +++ b/config/orionids-dev/snort_interfaces_edit.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + // set page vars $uuid = $_GET['uuid']; diff --git a/config/orionids-dev/snort_interfaces_global.php b/config/orionids-dev/snort_interfaces_global.php index 9af74503..fd9d27d4 100644 --- a/config/orionids-dev/snort_interfaces_global.php +++ b/config/orionids-dev/snort_interfaces_global.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + // set page vars $generalSettings = snortSql_fetchAllSettings('snortDB', 'SnortSettings', 'id', '1'); diff --git a/config/orionids-dev/snort_interfaces_rules.php b/config/orionids-dev/snort_interfaces_rules.php index 6c8f5a60..0f4c8b5d 100644 --- a/config/orionids-dev/snort_interfaces_rules.php +++ b/config/orionids-dev/snort_interfaces_rules.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + $a_rules = array(); $a_rules = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'All', ''); diff --git a/config/orionids-dev/snort_interfaces_rules_edit.php b/config/orionids-dev/snort_interfaces_rules_edit.php index 8c1e7b5f..be6467bc 100644 --- a/config/orionids-dev/snort_interfaces_rules_edit.php +++ b/config/orionids-dev/snort_interfaces_rules_edit.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + if (isset($_GET['rdbuuid'])) { $rdbuuid = $_GET['rdbuuid']; }else{ diff --git a/config/orionids-dev/snort_interfaces_suppress.php b/config/orionids-dev/snort_interfaces_suppress.php index 4ee5ea8f..977dcf2d 100644 --- a/config/orionids-dev/snort_interfaces_suppress.php +++ b/config/orionids-dev/snort_interfaces_suppress.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + $a_suppress = snortSql_fetchAllWhitelistTypes('SnortSuppress', ''); diff --git a/config/orionids-dev/snort_interfaces_suppress_edit.php b/config/orionids-dev/snort_interfaces_suppress_edit.php index 15878d6a..e9f23254 100644 --- a/config/orionids-dev/snort_interfaces_suppress_edit.php +++ b/config/orionids-dev/snort_interfaces_suppress_edit.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + // set page vars $uuid = $_GET['uuid']; diff --git a/config/orionids-dev/snort_interfaces_whitelist.php b/config/orionids-dev/snort_interfaces_whitelist.php index 42f6e788..3167b65f 100644 --- a/config/orionids-dev/snort_interfaces_whitelist.php +++ b/config/orionids-dev/snort_interfaces_whitelist.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + $a_whitelist = snortSql_fetchAllWhitelistTypes('SnortWhitelist', 'SnortWhitelistips'); diff --git a/config/orionids-dev/snort_interfaces_whitelist_edit.php b/config/orionids-dev/snort_interfaces_whitelist_edit.php index 0055624f..dbdbb649 100644 --- a/config/orionids-dev/snort_interfaces_whitelist_edit.php +++ b/config/orionids-dev/snort_interfaces_whitelist_edit.php @@ -45,6 +45,13 @@ require_once('guiconfig.inc'); require_once('/usr/local/pkg/snort/snort_new.inc'); require_once('/usr/local/pkg/snort/snort_gui.inc'); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + //$GLOBALS['csrf']['rewrite-js'] = false; $uuid = $_GET['uuid']; diff --git a/config/orionids-dev/snort_json_get.php b/config/orionids-dev/snort_json_get.php index 701e75ae..92058a75 100644 --- a/config/orionids-dev/snort_json_get.php +++ b/config/orionids-dev/snort_json_get.php @@ -44,7 +44,12 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); -session_start(); // alwaya at the very top of a php page or "Cannot send session cache limiter - headers already sent" +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); // get json blocls sids if ($_GET['snortsamjson'] == 1) { diff --git a/config/orionids-dev/snort_json_post.php b/config/orionids-dev/snort_json_post.php index 2b63f9b6..ca279f92 100644 --- a/config/orionids-dev/snort_json_post.php +++ b/config/orionids-dev/snort_json_post.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_build.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + // unset crsf checks if(isset($_POST['__csrf_magic'])) { unset($_POST['__csrf_magic']); @@ -79,6 +86,17 @@ if ($_POST['snortSidRuleEdit'] == 1) { // row from db by uuid if ($_POST['snortSaveRuleSets'] == 1) { + if ($_POST['ifaceTab'] == 'snort_rules') { + function snortSaveRuleSetsRulesFunc() + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSigList()); + + } snortSaveRuleSetsRulesFunc(); + } if ($_POST['ifaceTab'] === 'snort_rules_ips') { function snortSamRulesSaveFunc() @@ -107,18 +125,7 @@ if ($_POST['snortSaveRuleSets'] == 1) { } snortSaveRuleSetsRulesetsFunc(); } - - if ($_POST['ifaceTab'] == 'snort_rules') { - function snortSaveRuleSetsRulesFunc() - { - // unset POSTs that are markers not in db - unset($_POST['snortSaveRuleSets']); - unset($_POST['ifaceTab']); - - snortJsonReturnCode(snortSql_updateRuleSigList()); - - } snortSaveRuleSetsRulesFunc(); - } + } // END of rulesSets @@ -144,9 +151,10 @@ if ($_POST['RMlistDelRow'] == 1) { // remove db tables vals snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSets', 'rdbuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RMlistUuid']); - snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RMlistUuid']); snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigs', 'rdbuuid', $_POST['RMlistUuid']); + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSigsIps', 'rdbuuid', $_POST['RMlistUuid']); + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleSetsIps', 'rdbuuid', $_POST['RMlistUuid']); + snortSql_updatelistDelete($_POST['RMlistDB'], 'SnortruleGenIps', 'rdbuuid', $_POST['RMlistUuid']); // remove dir $snortRuleDir = "/usr/local/etc/snort/snortDBrules/DB/{$_POST['RMlistUuid']}"; @@ -159,8 +167,7 @@ if ($_POST['RMlistDelRow'] == 1) { snortJsonReturnCode(snortSql_updatelistDelete($_POST['RMlistDB'], $_POST['RMlistTable'], 'uuid', $_POST['RMlistUuid'])); - } - RMlistDelRowFunc(); + } RMlistDelRowFunc(); } @@ -174,190 +181,196 @@ if ($_POST['snortSaveSettings'] == 1) { // Save ruleDB settings if ($_POST['dbTable'] == 'Snortrules') { - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); + function saveSnortrules() + { - if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) { + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); - // creat iface dir and ifcae rules dir - exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - - // create at least one file - if (!file_exists('/usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules')) { - - exec('touch /usr/local/etc/snort/snortDBrules/DB/' . $_POST['uuid'] . '/rules/local.rules'); + if (!is_dir("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules")) { - } - - // NOTE: code only works on php5 - $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); - $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); - $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); - - if (!empty($listSnortRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - } - if (!empty($listEmergingRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - } - if (!empty($listPfsenseRulesDir)) { - exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); - } - - - } //end of mkdir + // creat iface dir and ifcae rules dir + exec("/bin/mkdir -p /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + + // create at least one file + if (!file_exists("/usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules")) { + exec("/usr/bin/touch /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules/local.rules"); + } + + // NOTE: code only works on php5 + $listSnortRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/snort_rules/rules', '\.rules'); + $listEmergingRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/emerging_rules/rules', '\.rules'); + $listPfsenseRulesDir = snortScanDirFilter('/usr/local/etc/snort/snortDBrules/pfsense_rules/rules', '\.rules'); + + if (!empty($listSnortRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/snort_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + if (!empty($listEmergingRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/emerging_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + if (!empty($listPfsenseRulesDir)) { + exec("/bin/cp -R /usr/local/etc/snort/snortDBrules/pfsense_rules/rules/*.rules /usr/local/etc/snort/snortDBrules/DB/{$_POST['uuid']}/rules"); + } + + + } //end of mkdir + + } saveSnortrules(); snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); - } + } // END if Snortrules // Save general settings if ($_POST['dbTable'] == 'SnortSettings') { + + function saveSnortSettings() + { - if ($_POST['ifaceTab'] == 'snort_interfaces_global') { - // checkboxes when set to off never get included in POST thus this code - $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); - } - - if ($_POST['ifaceTab'] == 'snort_alerts') { - - if (!isset($_POST['arefresh'])) - $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); - - } - - if ($_POST['ifaceTab'] == 'snort_blocked') { - - if (!isset($_POST['brefresh'])) - $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); - - } + if ($_POST['ifaceTab'] == 'snort_interfaces_global') { + // checkboxes when set to off never get included in POST thus this code + $_POST['forcekeepsettings'] = ($_POST['forcekeepsettings'] == '' ? off : $_POST['forcekeepsettings']); + } + + if ($_POST['ifaceTab'] == 'snort_alerts') { + + if (!isset($_POST['arefresh'])) + $_POST['arefresh'] = ($_POST['arefresh'] == '' ? off : $_POST['arefresh']); + + } + + if ($_POST['ifaceTab'] == 'snort_blocked') { + + if (!isset($_POST['brefresh'])) + $_POST['brefresh'] = ($_POST['brefresh'] == '' ? off : $_POST['brefresh']); + + } - //if (empty($_POST['oinkmastercode'])) { - // $_POST['oinkmastercode'] = 'empty'; - //} + // unset POSTs that are markers not in db + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); - + } saveSnortSettings(); snortJsonReturnCode(snortSql_updateSettings('id', '1')); - } // end of dbTable SnortSettings + } // END IF SnortSettings // Save rule settings on the interface edit tab if ($_POST['dbTable'] == 'SnortIfaces') { + + function saveSnortIfaces() + { - // snort interface edit - if ($_POST['ifaceTab'] == 'snort_interfaces_edit') { + // snort interface edit + if ($_POST['ifaceTab'] == 'snort_interfaces_edit') { + + function SnortIfaces_Snort_Interfaces_edit() + { + if (!isset($_POST['enable'])) + $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); + + if (!isset($_POST['blockoffenders7'])) + $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']); - function SnortIfaces_Snort_Interfaces_edit() - { - if (!isset($_POST['enable'])) - $_POST['enable'] = ($_POST['enable'] == '' ? off : $_POST['enable']); - - if (!isset($_POST['blockoffenders7'])) - $_POST['blockoffenders7'] = ($_POST['blockoffenders7'] == '' ? off : $_POST['blockoffenders7']); - - if (!isset($_POST['alertsystemlog'])) - $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']); - - if (!isset($_POST['tcpdumplog'])) - $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']); - - if (!isset($_POST['snortunifiedlog'])) - $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']); + if (!isset($_POST['alertsystemlog'])) + $_POST['alertsystemlog'] = ($_POST['alertsystemlog'] == '' ? off : $_POST['alertsystemlog']); + + if (!isset($_POST['tcpdumplog'])) + $_POST['tcpdumplog'] = ($_POST['tcpdumplog'] == '' ? off : $_POST['tcpdumplog']); + + if (!isset($_POST['snortunifiedlog'])) + $_POST['snortunifiedlog'] = ($_POST['snortunifiedlog'] == '' ? off : $_POST['snortunifiedlog']); + + // convert textbox to base64 + $_POST['configpassthru'] = base64_encode($_POST['configpassthru']); - // convert textbox to base64 - $_POST['configpassthru'] = base64_encode($_POST['configpassthru']); - - /* - * make dir for the new iface, if iface exists or rule dir has changed redo soft link - * may need to move this as a func to new_snort.inc - */ - $newSnortDir = 'sn_' . $_POST['uuid']; - $pathToSnortDir = '/usr/local/etc/snort'; + /* + * make dir for the new iface, if iface exists or rule dir has changed redo soft link + * may need to move this as a func to new_snort.inc + */ + $newSnortDir = 'sn_' . $_POST['uuid']; + $pathToSnortDir = '/usr/local/etc/snort'; + + // creat iface dir and ifcae rules dir + if (!is_dir("{$pathToSnortDir}/{$newSnortDir}")) { + createNewIfaceDir($pathToSnortDir, $newSnortDir); + } //end of mkdir - // creat iface dir and ifcae rules dir - if (!is_dir("{$pathToSnortDir}/{$newSnortDir}")) { - createNewIfaceDir($pathToSnortDir, $newSnortDir); - } //end of mkdir + snortRulesCreateSoftlink(); + + } SnortIfaces_Snort_Interfaces_edit(); + + } // end of snort_interfaces_edit + + // snort preprocessor edit + if ($_POST['ifaceTab'] == 'snort_preprocessors') { - snortRulesCreateSoftlink(); + function SnortIfaces_Snort_PreprocessorsFunc() + { + if (!isset($_POST['dce_rpc_2'])) { + $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']); + } + + if (!isset($_POST['dns_preprocessor'])) { + $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']); + } + + if (!isset($_POST['ftp_preprocessor'])) { + $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']); + } + + if (!isset($_POST['http_inspect'])) { + $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']); + } + + if (!isset($_POST['other_preprocs'])) { + $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']); + } + + if (!isset($_POST['perform_stat'])) { + $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']); + } + + if (!isset($_POST['sf_portscan'])) { + $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']); + } + + if (!isset($_POST['smtp_preprocessor'])) { + $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']); + } + } SnortIfaces_Snort_PreprocessorsFunc(); + } - SnortIfaces_Snort_Interfaces_edit(); - - } // end of snort_interfaces_edit - - // snort preprocessor edit - if ($_POST['ifaceTab'] == 'snort_preprocessors') { - - function SnortIfaces_Snort_PreprocessorsFunc() - { - if (!isset($_POST['dce_rpc_2'])) { - $_POST['dce_rpc_2'] = ($_POST['dce_rpc_2'] == '' ? off : $_POST['dce_rpc_2']); - } - - if (!isset($_POST['dns_preprocessor'])) { - $_POST['dns_preprocessor'] = ($_POST['dns_preprocessor'] == '' ? off : $_POST['dns_preprocessor']); - } - - if (!isset($_POST['ftp_preprocessor'])) { - $_POST['ftp_preprocessor'] = ($_POST['ftp_preprocessor'] == '' ? off : $_POST['ftp_preprocessor']); - } - - if (!isset($_POST['http_inspect'])) { - $_POST['http_inspect'] = ($_POST['http_inspect'] == '' ? off : $_POST['http_inspect']); - } - - if (!isset($_POST['other_preprocs'])) { - $_POST['other_preprocs'] = ($_POST['other_preprocs'] == '' ? off : $_POST['other_preprocs']); - } - - if (!isset($_POST['perform_stat'])) { - $_POST['perform_stat'] = ($_POST['perform_stat'] == '' ? off : $_POST['perform_stat']); - } - - if (!isset($_POST['sf_portscan'])) { - $_POST['sf_portscan'] = ($_POST['sf_portscan'] == '' ? off : $_POST['sf_portscan']); - } - - if (!isset($_POST['smtp_preprocessor'])) { - $_POST['smtp_preprocessor'] = ($_POST['smtp_preprocessor'] == '' ? off : $_POST['smtp_preprocessor']); - } - - } - SnortIfaces_Snort_PreprocessorsFunc(); - } - - // snort barnyard edit - if ($_POST['ifaceTab'] == 'snort_barnyard') { - function SnortIfaces_Snort_Barnyard() - { - // make shure iface is lower case - $_POST['interface'] = strtolower($_POST['interface']); - - if (!isset($_POST['barnyard_enable'])) { - $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']); - } + + // snort barnyard edit + if ($_POST['ifaceTab'] == 'snort_barnyard') { + function SnortIfaces_Snort_Barnyard() + { + // make shure iface is lower case + $_POST['interface'] = strtolower($_POST['interface']); + + if (!isset($_POST['barnyard_enable'])) { + $_POST['barnyard_enable'] = ($_POST['barnyard_enable'] == '' ? off : $_POST['barnyard_enable']); + } + } SnortIfaces_Snort_Barnyard(); } - SnortIfaces_Snort_Barnyard(); - } - + + + // unset POSTs that are markers not in db + unset($_POST['snortSaveSettings']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); + build_snort_settings($_POST['uuid']); - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); - - snortJsonReturnCode(snortSql_updateSettings('uuid', $_POST['uuid'])); - build_snort_settings($_POST['uuid']); + } saveSnortIfaces(); - } // end of dbTable SnortIfaces + } // END IF SnortIfaces - } - snortSaveSettingsFunc(); + } snortSaveSettingsFunc(); + } // STOP General Settings Save diff --git a/config/orionids-dev/snort_new.inc b/config/orionids-dev/snort_new.inc index 75535ab8..93de4a21 100644 --- a/config/orionids-dev/snort_new.inc +++ b/config/orionids-dev/snort_new.inc @@ -59,6 +59,7 @@ if (file_exists('/usr/local/pkg/snort/snortDBtemp')) { exec('/bin/cp /usr/local/pkg/snort/snortDBtemp /var/snort/snortDBtemp'); } + /* * make dir for the new iface, if iface exists or rule dir has changed redo soft link */ @@ -147,8 +148,9 @@ function createNewIfaceDir($pathToSnortDir, $newSnortDir) { function escapeJsonString($escapeString) { + // NOTE: foward slash has added spaces on each side ie and chrome were giving issues with $search = array('\\', '\n', '\r', '\u', '\t', '\f', '\b', '/', '"'); - $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', '\/', '\"'); + $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', ' \/ ', '\"'); $encoded_string = str_replace($search, $replace, $escapeString); return $encoded_string; @@ -412,7 +414,8 @@ function snortSql_updateRulesSigsIps() // if $listGenRules empty list defaults if (empty($listGenRules)) { - $listGenRules[0] = array( + $listGenRules[0] = array( + 'id' => 1, 'rdbuuid' => $_POST['rdbuuid'], 'enable' => 'on', 'who' => 'src', @@ -430,6 +433,7 @@ function snortSql_updateRulesSigsIps() $listGenRulesEnable = 'off'; } + // TODO: inprove this foreach so we only interact with db once foreach ($_POST['snortsam']['db'] as $singleSig) { @@ -461,9 +465,7 @@ function snortSql_updateRulesSigsIps() "); - } - - if ( !empty($chktable) ) { + }else{ $query_ck = sqlite_query($db, // @ supress warnings usonly in production "UPDATE {$_POST['dbTable']} SET date ='{$addDate}', enable = '{$singleSigEnable}', who = '{$singleSig['who']}', timeamount = '{$singleSig['timeamount']}', timetype = '{$singleSig['timetype']}' WHERE rdbuuid = '{$_POST['rdbuuid']}' and sigfilename = '{$singleSig['sigfilename']}'; diff --git a/config/orionids-dev/snort_preprocessors.php b/config/orionids-dev/snort_preprocessors.php index 78863b35..d99f7f75 100644 --- a/config/orionids-dev/snort_preprocessors.php +++ b/config/orionids-dev/snort_preprocessors.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + // set page vars $uuid = $_GET['uuid']; diff --git a/config/orionids-dev/snort_rules.php b/config/orionids-dev/snort_rules.php index 09490a37..fd102538 100644 --- a/config/orionids-dev/snort_rules.php +++ b/config/orionids-dev/snort_rules.php @@ -45,12 +45,20 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + +// set page vars + if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { echo 'Error: more than one uuid'; exit(0); } -// set page vars if (isset($_GET['uuid'])) { $uuid = $_GET['uuid']; } @@ -331,43 +339,40 @@ function load_rule_file($incoming_file, $splitcontents)
+ + +
+ + + -
Snort Signatures:
+ - - - - -
+ - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + +
OnSidProtoSrcPortDstPortMessage 
OnSidProtoSrcPortDstPortMessage 

@@ -379,8 +384,8 @@ function load_rule_file($incoming_file, $splitcontents)
-
+
@@ -453,11 +458,11 @@ jQuery(document).ready(function() { $i = 0; foreach ($newFilterRuleSigArray as $val3) { - - $i++; - if ( $i !== $countSigList ) - {// + $i++; + + // NOTE: escapeJsonString; foward slash has added spaces on each side, ie and chrome were giving issues with tablw widths + if( $i !== $countSigList ) { echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"},'; }else{ echo '{"sid":"' . $val3['sid'] . '","enable":"' . $val3['enable'] . '","proto":"' . $val3['proto'] . '","src":"' . $val3['src'] . '","srcport":"' . $val3['srcport'] . '","dst":"' . $val3['dst'] . '", "dstport":"' . $val3['dstport'] . '","msg":"' . escapeJsonString($val3['msg']) . '"}'; @@ -477,6 +482,17 @@ jQuery(document).ready(function() { ?> +if(typeof escapeHtmlEntities == 'undefined') { + escapeHtmlEntities = function (text) { + return text.replace(/[\u00A0-\u2666<>\&]/g, function(c) { return '&' + + escapeHtmlEntities.entityTable[c.charCodeAt(0)] || '#'+c.charCodeAt(0) + ';'; }); + }; + + // all HTML4 entities as defined here: http://www.w3.org/TR/html4/sgml/entities.html + // added: amp, lt, gt, quot and apos + escapeHtmlEntities.entityTable = { 34 : 'quot', 38 : 'amp', 39 : 'apos', 47 : 'slash', 60 : 'lt', 62 : 'gt', 160 : 'nbsp', 161 : 'iexcl', 162 : 'cent', 163 : 'pound', 164 : 'curren', 165 : 'yen', 166 : 'brvbar', 167 : 'sect', 168 : 'uml', 169 : 'copy', 170 : 'ordf', 171 : 'laquo', 172 : 'not', 173 : 'shy', 174 : 'reg', 175 : 'macr', 176 : 'deg', 177 : 'plusmn', 178 : 'sup2', 179 : 'sup3', 180 : 'acute', 181 : 'micro', 182 : 'para', 183 : 'middot', 184 : 'cedil', 185 : 'sup1', 186 : 'ordm', 187 : 'raquo', 188 : 'frac14', 189 : 'frac12', 190 : 'frac34', 191 : 'iquest', 192 : 'Agrave', 193 : 'Aacute', 194 : 'Acirc', 195 : 'Atilde', 196 : 'Auml', 197 : 'Aring', 198 : 'AElig', 199 : 'Ccedil', 200 : 'Egrave', 201 : 'Eacute', 202 : 'Ecirc', 203 : 'Euml', 204 : 'Igrave', 205 : 'Iacute', 206 : 'Icirc', 207 : 'Iuml', 208 : 'ETH', 209 : 'Ntilde', 210 : 'Ograve', 211 : 'Oacute', 212 : 'Ocirc', 213 : 'Otilde', 214 : 'Ouml', 215 : 'times', 216 : 'Oslash', 217 : 'Ugrave', 218 : 'Uacute', 219 : 'Ucirc', 220 : 'Uuml', 221 : 'Yacute', 222 : 'THORN', 223 : 'szlig', 224 : 'agrave', 225 : 'aacute', 226 : 'acirc', 227 : 'atilde', 228 : 'auml', 229 : 'aring', 230 : 'aelig', 231 : 'ccedil', 232 : 'egrave', 233 : 'eacute', 234 : 'ecirc', 235 : 'euml', 236 : 'igrave', 237 : 'iacute', 238 : 'icirc', 239 : 'iuml', 240 : 'eth', 241 : 'ntilde', 242 : 'ograve', 243 : 'oacute', 244 : 'ocirc', 245 : 'otilde', 246 : 'ouml', 247 : 'divide', 248 : 'oslash', 249 : 'ugrave', 250 : 'uacute', 251 : 'ucirc', 252 : 'uuml', 253 : 'yacute', 254 : 'thorn', 255 : 'yuml', 402 : 'fnof', 913 : 'Alpha', 914 : 'Beta', 915 : 'Gamma', 916 : 'Delta', 917 : 'Epsilon', 918 : 'Zeta', 919 : 'Eta', 920 : 'Theta', 921 : 'Iota', 922 : 'Kappa', 923 : 'Lambda', 924 : 'Mu', 925 : 'Nu', 926 : 'Xi', 927 : 'Omicron', 928 : 'Pi', 929 : 'Rho', 931 : 'Sigma', 932 : 'Tau', 933 : 'Upsilon', 934 : 'Phi', 935 : 'Chi', 936 : 'Psi', 937 : 'Omega', 945 : 'alpha', 946 : 'beta', 947 : 'gamma', 948 : 'delta', 949 : 'epsilon', 950 : 'zeta', 951 : 'eta', 952 : 'theta', 953 : 'iota', 954 : 'kappa', 955 : 'lambda', 956 : 'mu', 957 : 'nu', 958 : 'xi', 959 : 'omicron', 960 : 'pi', 961 : 'rho', 962 : 'sigmaf', 963 : 'sigma', 964 : 'tau', 965 : 'upsilon', 966 : 'phi', 967 : 'chi', 968 : 'psi', 969 : 'omega', 977 : 'thetasym', 978 : 'upsih', 982 : 'piv', 8226 : 'bull', 8230 : 'hellip', 8242 : 'prime', 8243 : 'Prime', 8254 : 'oline', 8260 : 'frasl', 8472 : 'weierp', 8465 : 'image', 8476 : 'real', 8482 : 'trade', 8501 : 'alefsym', 8592 : 'larr', 8593 : 'uarr', 8594 : 'rarr', 8595 : 'darr', 8596 : 'harr', 8629 : 'crarr', 8656 : 'lArr', 8657 : 'uArr', 8658 : 'rArr', 8659 : 'dArr', 8660 : 'hArr', 8704 : 'forall', 8706 : 'part', 8707 : 'exist', 8709 : 'empty', 8711 : 'nabla', 8712 : 'isin', 8713 : 'notin', 8715 : 'ni', 8719 : 'prod', 8721 : 'sum', 8722 : 'minus', 8727 : 'lowast', 8730 : 'radic', 8733 : 'prop', 8734 : 'infin', 8736 : 'ang', 8743 : 'and', 8744 : 'or', 8745 : 'cap', 8746 : 'cup', 8747 : 'int', 8756 : 'there4', 8764 : 'sim', 8773 : 'cong', 8776 : 'asymp', 8800 : 'ne', 8801 : 'equiv', 8804 : 'le', 8805 : 'ge', 8834 : 'sub', 8835 : 'sup', 8836 : 'nsub', 8838 : 'sube', 8839 : 'supe', 8853 : 'oplus', 8855 : 'otimes', 8869 : 'perp', 8901 : 'sdot', 8968 : 'lceil', 8969 : 'rceil', 8970 : 'lfloor', 8971 : 'rfloor', 9001 : 'lang', 9002 : 'rang', 9674 : 'loz', 9824 : 'spades', 9827 : 'clubs', 9829 : 'hearts', 9830 : 'diams', 34 : 'quot', 38 : 'amp', 60 : 'lt', 62 : 'gt', 338 : 'OElig', 339 : 'oelig', 352 : 'Scaron', 353 : 'scaron', 376 : 'Yuml', 710 : 'circ', 732 : 'tilde', 8194 : 'ensp', 8195 : 'emsp', 8201 : 'thinsp', 8204 : 'zwnj', 8205 : 'zwj', 8206 : 'lrm', 8207 : 'rlm', 8211 : 'ndash', 8212 : 'mdash', 8216 : 'lsquo', 8217 : 'rsquo', 8218 : 'sbquo', 8220 : 'ldquo', 8221 : 'rdquo', 8222 : 'bdquo', 8224 : 'dagger', 8225 : 'Dagger', 8240 : 'permil', 8249 : 'lsaquo', 8250 : 'rsaquo', 8364 : 'euro' }; +} + // if rowcount is not empty do this if (countRowAppend > 0){ @@ -517,7 +533,7 @@ jQuery(document).ready(function() { '' + snortObjlist[i].srcport + '' + "\n" + '' + snortObjlist[i].dst + '' + "\n" + '' + snortObjlist[i].dstport + '' + "\n" + - '' + snortObjlist[i].msg + '' + "\n" + + '' + escapeHtmlEntities(snortObjlist[i].msg) + '' + "\n" + '' + "\n" + '' + "\n" + '' + "\n" + @@ -542,6 +558,7 @@ jQuery(document).ready(function() { }); } // end of if stopRowAppend + // On click show rule edit GUI jQuery('.showeditrulegui').live('click', function(){ diff --git a/config/orionids-dev/snort_rules_ips.php b/config/orionids-dev/snort_rules_ips.php index b1bd8b08..618a684a 100644 --- a/config/orionids-dev/snort_rules_ips.php +++ b/config/orionids-dev/snort_rules_ips.php @@ -1,13 +1,19 @@ . - Copyright (C) 2008-2009 Robert Zelaya. All rights reserved. + Pfsense Old snort GUI + Copyright (C) 2006 Scott Ullrich. + + Pfsense snort GUI + Copyright (C) 2008-2012 Robert Zelaya. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -18,6 +24,10 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + 3. Neither the name of the pfSense nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -28,12 +38,20 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + +*/ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + // set page vars if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { @@ -65,6 +83,34 @@ if (isset($_GET['rulefilename'])) { exit; } + +function snortSearchArray($array, $key, $value) +{ + $results = array(); + + if (is_array($array)) + { + foreach ($array as $subarray) + { + if ($subarray[$key] == $value) { + $results = $subarray; + } + + } + + } + + return $results; +} + +// get default settings +$listGenRules = array(); +$listGenRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleGenIps', 'rdbuuid', $rdbuuid); + +// get sigs in db +$listSigRules = array(); +$listSigRules = snortSql_fetchAllSettings('snortDBrules', 'SnortruleSigsIps', 'rdbuuid', $rdbuuid); + $pgtitle = "Services: Snort: Ruleset Ips:"; include("/usr/local/pkg/snort/snort_head.inc"); @@ -87,8 +133,6 @@ if (isset($_GET['rulefilename'])) {
-
-
- - -
- - - - - - - - - - - - - - - - - - - - -
   On   Sid   Source   Amount   DurationMessage
-
- - - - -
- - -
- + + + + + + + +
+ + + +
+ +
+ + + + + + + + + + + + + +
Rule File Ips Settings
+ + + + + + + + + + + +
   On   Sid   Source   Amount   DurationMessage
+
+ + + + +
+ + +
+
+ +
@@ -226,6 +288,7 @@ jQuery(document).ready(function() { function getSidBlockJsonArray($getEnableSid) { + global $listGenRules, $listSigRules; if (!empty($getEnableSid)) { @@ -235,16 +298,38 @@ jQuery(document).ready(function() { foreach ($getEnableSid as $val3) { + //$listGenRules $listSigRules + $snortSigIpsExists = snortSearchArray($listSigRules, 'siguuid', trim($val3['0'])); + + // if sig is in db use its settings else use default settings + if(!empty($snortSigIpsExists['siguuid'])) { + + $getSid = $snortSigIpsExists['siguuid']; + $getEnable = $snortSigIpsExists['enable']; + $getWho = $snortSigIpsExists['who']; + $getTimeamount = $snortSigIpsExists['timeamount']; + $getTimetype = $snortSigIpsExists['timetype']; + + }else{ + + $getSid = escapeJsonString(trim($val3['0'])); + $getEnable = $listGenRules[0]['enable']; + $getWho = $listGenRules[0]['who']; + $getTimeamount = $listGenRules[0]['timeamount']; + $getTimetype = $listGenRules[0]['timetype']; + + } + $i++; - + if ($i == 1) { $main .= '['; } if ( $i == $countSigList ) { - $main .= '{"sid":"' . escapeJsonString($val3['0']) . '","enable":"' . 'on' . '","who":"' . 'src' . '","timeamount":"' . '15' . '","timetype":"' . 'minutes' . '","msg":"' . escapeJsonString($val3['1']) . '"}'; + $main .= '{"sid":"' . $getSid . '","enable":"' . $getEnable . '","who":"' . $getWho . '","timeamount":"' . $getTimeamount . '","timetype":"' . $getTimetype . '","msg":"' . escapeJsonString($val3['1']) . '"}'; }else{ - $main .= '{"sid":"' . escapeJsonString($val3['0']) . '","enable":"' . 'on' . '","who":"' . 'src' . '","timeamount":"' . '15' . '","timetype":"' . 'minutes' . '","msg":"' . escapeJsonString($val3['1']) . '"},'; + $main .= '{"sid":"' . $getSid . '","enable":"' . $getEnable . '","who":"' . $getWho . '","timeamount":"' . $getTimeamount . '","timetype":"' . $getTimetype . '","msg":"' . escapeJsonString($val3['1']) . '"},'; } if ($i == $countSigList) { @@ -321,8 +406,8 @@ function makeLargeSidTables(snortObjlist) { var rowIsEvenOdd = 'even_ruleset2'; } - if (snortObjlist[i].enable === 'on'){ - var rulesetChecked = 'checked'; + if (snortObjlist[i].enable == 'on'){ + var rulesetChecked = 'checked="checked"'; }else{ var rulesetChecked = ''; } @@ -330,7 +415,7 @@ function makeLargeSidTables(snortObjlist) { jQuery('.rulesetloopblock').append( "\n" + '' + "\n" + '' + "\n" + - '' + "\n" + + '' + "\n" + '' + "\n" + '' + snortObjlist[i].sid + '' + "\n" + '' + "\n" + diff --git a/config/orionids-dev/snort_rulesets.php b/config/orionids-dev/snort_rulesets.php index 5182b803..a2e4f7f3 100644 --- a/config/orionids-dev/snort_rulesets.php +++ b/config/orionids-dev/snort_rulesets.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { echo 'Error: more than one uuid'; exit(0); diff --git a/config/orionids-dev/snort_rulesets_ips.php b/config/orionids-dev/snort_rulesets_ips.php index dd3e943e..abac2b6b 100644 --- a/config/orionids-dev/snort_rulesets_ips.php +++ b/config/orionids-dev/snort_rulesets_ips.php @@ -45,6 +45,13 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort_new.inc"); require_once("/usr/local/pkg/snort/snort_gui.inc"); +//Set no caching +header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); +header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate"); +header("Cache-Control: post-check=0, pre-check=0", false); +header("Pragma: no-cache"); + if (isset($_GET['uuid']) && isset($_GET['rdbuuid'])) { echo 'Error: more than one uuid'; exit(0); -- cgit v1.2.3