From b6ea1ca75782c61f4729136b30a5459feb9ccb1c Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 16 Jul 2012 09:56:55 +0000 Subject: Allow looking at rule content but not editing them. Custom rules can be used for that --- config/snort/snort_rules.php | 6 +-- config/snort/snort_rules_edit.php | 102 ++++++++------------------------------ 2 files changed, 25 insertions(+), 83 deletions(-) (limited to 'config') diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 41e8e761..1bf774eb 100644 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -162,7 +162,7 @@ if ($_POST['customrules']) { header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } -} else if ($_POST) +} else if ($_POST) { unset($a_rule[$id]['customrules']); write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); @@ -368,8 +368,8 @@ function popup(url) diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php index 127bfe0c..809832ea 100644 --- a/config/snort/snort_rules_edit.php +++ b/config/snort/snort_rules_edit.php @@ -37,83 +37,41 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/snort/snort.inc"); +$snortdir = SNORTDIR; + if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); } -$a_nat = &$config['installedpackages']['snortglobal']['rule']; +$a_rule = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -$ids = $_GET['ids']; -if (isset($_POST['ids'])) - $ids = $_POST['ids']; - -if (isset($id) && $a_nat[$id]) { - $pconfig['enable'] = $a_nat[$id]['enable']; - $pconfig['interface'] = $a_nat[$id]['interface']; - $pconfig['rulesets'] = $a_nat[$id]['rulesets']; +if (is_null($id)) { + header("Location: /snort/snort_interfaces.php"); + exit; } -//get rule id -$lineid = $_GET['ids']; -if (isset($_POST['ids'])) - $lineid = $_POST['ids']; +if (isset($id) && $a_rule[$id]) { + $pconfig['enable'] = $a_rule[$id]['enable']; + $pconfig['interface'] = $a_rule[$id]['interface']; + $pconfig['rulesets'] = $a_rule[$id]['rulesets']; +} +/* convert fake interfaces to real */ +$if_real = snort_get_real_interface($pconfig['interface']); +$snort_uuid = $a_rule[$id]['uuid']; $file = $_GET['openruleset']; -if (isset($_POST['openruleset'])) - $file = $_POST['openruleset']; //read file into string, and get filesize also chk for empty files $contents = ''; -if (filesize($file) > 0 ) - $contents = file_get_contents($file); - -//delimiter for each new rule is a new line -$delimiter = "\n"; +if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}")) + $contents = file_get_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); +else { + header("Location: /snort/snort_rules.php?id={$id}&openruleset={$file}"); + exit; +} //split the contents of the string file into an array using the delimiter -$splitcontents = explode($delimiter, $contents); -$findme = "# alert"; //find string for disabled alerts -$highlight = "yes"; -if (strstr($splitcontents[$lineid], $findme)) - $highlight = "no"; -if ($highlight == "no") - $splitcontents[$lineid] = substr($splitcontents[$lineid], 2); - -if ($_POST) { - if ($_POST['save']) { - - //copy string into file array for writing - if ($_POST['highlight'] == "yes") - $splitcontents[$lineid] = $_POST['code']; - else - $splitcontents[$lineid] = "# " . $_POST['code']; - - //write disable/enable sid to config.xml - $sid = snort_get_rule_part($splitcontents[$lineid], 'sid:', ';', 0); - if (is_numeric($sid)) { - // rule_sid_on registers - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); - if (!empty($a_nat[$id]['rule_sid_on'])) - $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); - if ($_POST['highlight'] == "yes") - $a_nat[$id]['rule_sid_on'] = "||enablesid $sid" . $a_nat[$id]['rule_sid_on']; - else - $a_nat[$id]['rule_sid_off'] = "||disablesid $sid" . $a_nat[$id]['rule_sid_off']; - } - - //write the new .rules file - @file_put_contents($file, implode($delimiter, $splitcontents)); - - write_config(); - - echo ""; - exit; - } -} +$splitcontents = explode("\n", $contents); $pgtitle = array(gettext("Advanced"), gettext("File Editor")); @@ -126,35 +84,19 @@ $pgtitle = array(gettext("Advanced"), gettext("File Editor")); - - -
- - - -- cgit v1.2.3
- -
- Disable original rule :
- - /> - - /> -
- -
- +