From bd664276c67a11b92c027ba569157460481d37e6 Mon Sep 17 00:00:00 2001 From: robiscool Date: Thu, 26 May 2011 07:20:27 -0700 Subject: snort-dev, add rules and rulesets tabs --- config/snort-dev/base_file.php | 132 ------ config/snort-dev/css/style_snort2.css | 53 ++- config/snort-dev/images/loading.gif | Bin 0 -> 404 bytes config/snort-dev/javascript/snort_globalsend.js | 156 ++++--- config/snort-dev/snortDBrules | Bin 12288 -> 14336 bytes config/snort-dev/snort_head.inc | 22 +- config/snort-dev/snort_headbase.inc | 26 +- config/snort-dev/snort_interfaces_edit.php | 2 +- config/snort-dev/snort_json_get.php | 10 + config/snort-dev/snort_json_post.php | 78 ++-- config/snort-dev/snort_new.inc | 249 +++++++++++- config/snort-dev/snort_rules.php | 517 ++++++++++++++++++++++++ config/snort-dev/snort_rulesets.php | 278 +++++++++++++ config/snort-dev/testing.php | 28 -- 14 files changed, 1243 insertions(+), 308 deletions(-) delete mode 100644 config/snort-dev/base_file.php create mode 100644 config/snort-dev/images/loading.gif create mode 100644 config/snort-dev/snort_rules.php create mode 100644 config/snort-dev/snort_rulesets.php delete mode 100644 config/snort-dev/testing.php (limited to 'config') diff --git a/config/snort-dev/base_file.php b/config/snort-dev/base_file.php deleted file mode 100644 index 168a39fb..00000000 --- a/config/snort-dev/base_file.php +++ /dev/null @@ -1,132 +0,0 @@ -. - Copyright (C) 2008-2009 Robert Zelaya. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/snort/snort_new.inc"); -require_once("/usr/local/pkg/snort/snort_gui.inc"); - -// set page vars - -$uuid = $_GET['uuid']; -if (isset($_POST['uuid'])) -$uuid = $_POST['uuid']; - -if ($uuid == '') { - echo 'error: no uuid'; - exit(0); -} - - -$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); - - - - - - $pgtitle = "Services: Snort: Interface Edit:"; - include("/usr/local/pkg/snort/snort_head.inc"); - -?> - - - -
-


Please Wait...

-
- - - -
- - - -
- -
-
- - - - - - - - -
- - - -
- - - - -
- - - - - - - - - - - - - - -
-
-
-
- - - - - - - - diff --git a/config/snort-dev/css/style_snort2.css b/config/snort-dev/css/style_snort2.css index 91e63e88..07d21de6 100644 --- a/config/snort-dev/css/style_snort2.css +++ b/config/snort-dev/css/style_snort2.css @@ -6,24 +6,44 @@ a { } */ + +#right { + + position: relative; + top: -10px; + left: 0px; + width: 770px; + margin-top: 0px; + margin-left: 5px; + margin-right: 5px; + padding-top: 20px; + padding-left: 0px; + padding-right: 0px; + padding-bottom: 90px; + min-height: 400px; + +} + .odd_ruleset2 { + text-align: center; background-color: #ffffff; border-left: 1px solid #999999; border-bottom: 1px solid #999999; font-size: 11px; - padding-right: 6px; - padding-left: 6px; + padding-right: 2px; + padding-left: 2px; padding-top: 4px; padding-bottom: 4px; } .even_ruleset2 { + text-align: center; background-color: #eeeeee; border-left: 1px solid #999999; border-bottom: 1px solid #999999; font-size: 11px; - padding-right: 6px; - padding-left: 6px; + padding-right: 2px; + padding-left: 2px; padding-top: 4px; padding-bottom: 4px; } @@ -67,7 +87,7 @@ a { visibility:hidden; } -#loadingWaiting { +#loadingWaiting, #loadingRuleEditGUI{ display:none; position:fixed; left:0; @@ -75,8 +95,21 @@ a { width:100%; height:100%; background-image:url("/snort/images/transparentbg.png"); - z-index: 9999; - color: fff; + z-index: 9998; + color: #ffffff; +} + +.loadingRuleEditGUIDiv { + + position: absolute; + top: 2%; + left: 5%; + right: 5%; + bottom: 50%; + color: #ffffff; + z-index: 9999; + text-align: center; + } .loadingWaitingMessage { @@ -84,7 +117,7 @@ a { position: absolute; top: 25%; left: 50%; - color: #fff; + color: #ffffff; z-index: 9999; text-align: center; @@ -92,8 +125,8 @@ a { .listhdrr2 { background-color: #BBBBBB; - padding-right: 9px; - padding-left: 6px; + padding-right: 1px; + padding-left: 1px; font-weight: bold; border-right: 1px solid #999999; border-bottom: 1px solid #999999; diff --git a/config/snort-dev/images/loading.gif b/config/snort-dev/images/loading.gif new file mode 100644 index 00000000..cbc00f09 Binary files /dev/null and b/config/snort-dev/images/loading.gif differ diff --git a/config/snort-dev/javascript/snort_globalsend.js b/config/snort-dev/javascript/snort_globalsend.js index b8fde968..9f721053 100644 --- a/config/snort-dev/javascript/snort_globalsend.js +++ b/config/snort-dev/javascript/snort_globalsend.js @@ -1,30 +1,22 @@ jQuery.noConflict(); //prepare the form when the DOM is ready -jQuery(document).ready(function() { - +jQuery(document).ready(function() { + jQuery(".icon_click").live('mouseover', function() { jQuery(this).css('cursor', 'pointer'); }); //-------------------START Misc------------------------------------------- - - /* - * Gives you even true or false on even numbers - */ - window.isEven = function(someNumber) { - - return (someNumber%2 == 0) ? true : false; - - }; /*! Needs to be watched not my code <- IMPORTANT * JavaScript UUID Generator, v0.0.1 * * Copyright (c) 2009 Massimo Lombardo. * Dual licensed under the MIT and the GNU GPL licenses. - */ + */ + function genUUID() { var uuid = (function () { var i, @@ -47,40 +39,94 @@ jQuery(document).ready(function() { } }; } + + //-------------------START Misc GLOBAL WINDOW------------------------------------------- + // NOTE: try not to add to manny of thses + + /* + * Gives you even true or false on even numbers + */ + window.isEven = function(someNumber) { + + return (someNumber%2 == 0) ? true : false; + + }; + + /* + * Loop through object with timeout. + * NOTE: IE9 still has issues. Example : deleted rules (6000+ sigs). + * Break up heavy javascript intensive processing into smaller parts. Used to stop "browser Stop responding" warnings. + */ + + /* + function processLoop( actionFunc, numTimes, numWait, doneFunc ) { + var i = 0; + var f = function () { + if (i < numTimes) { + actionFunc( i++ ); // closure on i + setTimeout( f, numWait ); + } + else if (doneFunc) { + doneFunc(); + } + }; + f(); + } + */ + + window.incrementallyProcess = function(workerCallback, data, chunkSize, timeout, completionCallback) { + var i = 0; + (function() { + var remainingDataLength = (data.length - i); + var currentChunkSize = (remainingDataLength >= chunkSize) ? chunkSize : remainingDataLength; + if(i < data.length) { + while(currentChunkSize--) { + workerCallback(i++); + } + setTimeout(arguments.callee, timeout); + } else if(completionCallback) { + completionCallback(); + } + })(); + }; + + // Please wait code + window.hideLoading = function(thisLocation){ + jQuery(thisLocation).hide(); + }; + + // Please wait code + window.showLoading = function(thisLocation){ + jQuery(thisLocation).show(); + }; + //--------------------------- START select all code --------------------------- - jQuery('#select_all').live('click', function() { + jQuery('#select_all').live('click', function(){ checkAll(jQuery('.domecheck')); }); - jQuery('#deselect_all').live('click', function() { + jQuery('#deselect_all').live('click', function(){ uncheckAll(jQuery('.domecheck')); }); - function checkAll(field) - { - for (i = 0; i < field.length; i++) - { + function checkAll(field){ + for (i = 0; i < field.length; i++){ field[i].checked = true; } } - function uncheckAll(field) - { - for (i = 0; i < field.length; i++) - { + function uncheckAll(field){ + for (i = 0; i < field.length; i++){ field[i].checked = false; } } - - //--------------------------- STOP select all code -------------------------- - // -------------------------- START cancel form code ------------------------------------------- //jQuery('#cancel').click(function() { - jQuery('#cancel').live('click', function() { + jQuery('#cancel').live('click', function(){ location.reload(); @@ -94,15 +140,13 @@ jQuery(document).ready(function() { var NewRow_UUID = genUUID(); var rowNumCount = jQuery("#address").length; - if (rowNumCount > 0) - { + if (rowNumCount > 0){ // stop empty var prevAddressAll_ck = jQuery('tr[id^=maintable_]'); var prevAddress_ck = prevAddressAll_ck[prevAddressAll_ck.length-1].id; var prevAddressEmpty_ck = jQuery.trim(jQuery('#' + prevAddress_ck + ' #address').val()); - if (prevAddressEmpty_ck === '') - { + if (prevAddressEmpty_ck === ''){ return false; } } @@ -127,12 +171,11 @@ jQuery(document).ready(function() { // ------------------------------- START remove row element --------------------------------------- - function removeRow() - { + function removeRow(){ jQuery("#maintable_" + window.RemoveRow_UUID).remove(); } - jQuery(".icon_x").live('click', function() { + jQuery(".icon_x").live('click', function(){ var elem = getBaseElement(this.id); // this.id gets id of .icon_x @@ -142,8 +185,8 @@ jQuery(document).ready(function() { window.RemoveRow_DB = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").pagedb; window.RemoveRow_POST = jQuery("#maintable_" + window.RemoveRow_UUID).data("options").DoPOST; - if (window.RemoveRow_POST === 'true') // snort_interfaces_whitelist - { + // snort_interfaces_whitelist + if (window.RemoveRow_POST === 'true'){ if(confirm('Do you really want to delete this list? (e.g. snort rules will fall back to the default list)!')) { jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); @@ -155,8 +198,7 @@ jQuery(document).ready(function() { } // remove element NO post - if (window.RemoveRow_POST === 'false') - { + if (window.RemoveRow_POST === 'false'){ jQuery("#maintable_" + window.RemoveRow_UUID).fadeOut("fast"); @@ -169,15 +211,15 @@ jQuery(document).ready(function() { }); - function RMlistDBDelCall() { + function RMlistDBDelCall(){ return RemoveRow_DB; } - function RMlistTableDelCall() { + function RMlistTableDelCall(){ return RemoveRow_Table; } - function RMlistUuidDelCall() { + function RMlistUuidDelCall(){ return RemoveRow_UUID; } @@ -193,14 +235,13 @@ jQuery(document).ready(function() { } // post-submit callback if snort_json_post.php returns true or false - function showResponseRMlist(data) { + function showResponseRMlist(data){ //alert('test'); } - function getBaseElement(elem) - { + function getBaseElement(elem){ elem = elem + ""; var len = elem.length; var lPos = elem.lastIndexOf("_") * 1; @@ -229,7 +270,7 @@ jQuery(document).ready(function() { /* general form */ //jQuery('#iform').submit(function() { - jQuery('#iform, #iform2, #iform3').live('submit', function() { + jQuery('#iform, #iform2, #iform3').live('submit', function(){ jQuery(this).ajaxSubmit(options); @@ -241,10 +282,6 @@ jQuery(document).ready(function() { var queryString = jQuery.param(formData); - // Please wait code - function showLoading() { - jQuery("#loadingWaiting").show(); - } // call to please wait showLoading(); @@ -254,13 +291,9 @@ jQuery(document).ready(function() { return true; } - function hideLoading() - { - jQuery("#loadingWaiting").hide(); - } + - function downloadsnortlogs(data) - { + function downloadsnortlogs(data){ jQuery('.hiddendownloadlink').append(''); var appendElem = jQuery('
success...'); @@ -270,36 +303,31 @@ jQuery(document).ready(function() { // After Save Calls display var appendElem = jQuery('
success...'); - function finnish() - { + function finnish(){ hideLoading(); appendElem.remove(); updatestarted = 1; } - function showResponse(data, responseText, statusText, xhr, $form) - { + function showResponse(data, responseText, statusText, xhr, $form){ // START of fill call to user if (responseText === 'success') { // snort logs download success - if (data.downloadfilename !== '' && data.snortdownload === 'success') - { + if (data.downloadfilename !== '' && data.snortdownload === 'success'){ downloadsnortlogs(data); } // succsess display - if (data.snortgeneralsettings === 'success' || data.snortdelete === 'success' || data.snortreset === 'success') - { + if (data.snortgeneralsettings === 'success' || data.snortdelete === 'success' || data.snortreset === 'success'){ // sucsses msg appendElem.appendTo('.loadingWaitingMessage'); // Clean up Waiting code finnish(); - if (data.snortUnhideTabs === 'true') - { + if (data.snortUnhideTabs === 'true'){ jQuery('.hide_newtabmenu').show(); } diff --git a/config/snort-dev/snortDBrules b/config/snort-dev/snortDBrules index 7a0acc3f..cd5da7e0 100644 Binary files a/config/snort-dev/snortDBrules and b/config/snort-dev/snortDBrules differ diff --git a/config/snort-dev/snort_head.inc b/config/snort-dev/snort_head.inc index 8f9bf9b4..6addeaaa 100644 --- a/config/snort-dev/snort_head.inc +++ b/config/snort-dev/snort_head.inc @@ -34,14 +34,6 @@ $pagetitle = gentitle( $pgtitle ); - - - - - - - - "; ?> @@ -55,7 +47,16 @@ $pagetitle = gentitle( $pgtitle ); - \n"; ?> + \n"; ?> + + + echo "\n"; + include('/usr/local/pkg/snort/snort_headbase.inc'); + echo "\n"; + // +?> + \n"; @@ -85,7 +86,8 @@ $pagetitle = gentitle( $pgtitle ); closedir($dh); } } - + + if (!isset($closehead)) echo ""; diff --git a/config/snort-dev/snort_headbase.inc b/config/snort-dev/snort_headbase.inc index 38165213..4cf02489 100644 --- a/config/snort-dev/snort_headbase.inc +++ b/config/snort-dev/snort_headbase.inc @@ -1,27 +1,17 @@ -= 6): ?> - - - - - - - - -\n"; + -echo "\t\n"; - - -//echo "\t\n"; -//echo "\t\n"; + + -echo "\t\n"; + + + + + -?> -
+
  • Snort Interfaces
  • If Settings
  • diff --git a/config/snort-dev/snort_json_get.php b/config/snort-dev/snort_json_get.php index f991f10b..a8cdcd2d 100644 --- a/config/snort-dev/snort_json_get.php +++ b/config/snort-dev/snort_json_get.php @@ -18,7 +18,17 @@ if ($_GET['snortlogdownload'] == 1) } +// send Json sid string +if ($_GET['snortGetSidString'] == 1) +{ + + // unset + unset($_GET['snortGetSidString']); + + // get the SID string from file + sendSidStringRuleEditGUI(); +} diff --git a/config/snort-dev/snort_json_post.php b/config/snort-dev/snort_json_post.php index 2431beec..8cf72f67 100644 --- a/config/snort-dev/snort_json_post.php +++ b/config/snort-dev/snort_json_post.php @@ -11,55 +11,55 @@ if(isset($_POST['__csrf_magic'])) } // return codes -$snortJsonReturnCode_success = ' -{ -"snortgeneralsettings": "success" +$snortJsonReturnCode_success = '{"snortgeneralsettings":"success"}'; + +$snortJsonReturnCode_fail = '{"snortgeneralsettings":"fail"}'; + +function snortJsonReturnCode($returnStatus) +{ + if ($returnStatus == true) + { + echo '{"snortgeneralsettings":"success","snortUnhideTabs":"true"}'; + }else{ + echo '{"snortgeneralsettings":"fail"}'; + } } -'; -$snortJsonReturnCode_fail = ' +// row from db by uuid +if ($_POST['snortSidRuleEdit'] == 1) { -"snortgeneralsettings": "fail" + + unset($_POST['snortSidRuleEdit']); + + snortSidStringRuleEditGUI(); + } -'; - - function snortJsonReturnCode($returnStatus) - { - - if ($returnStatus == true) - { - echo ' - { - "snortgeneralsettings": "success", "snortUnhideTabs": "true" - } - '; - }else{ - echo ' - { - "snortgeneralsettings": "fail" - } - '; - } - - } - // row from db by uuid +// row from db by uuid if ($_POST['snortSaveRuleSets'] == 1) { - // unset POSTs that are markers not in db - unset($_POST['snortSaveSettings']); - unset($_POST['ifaceTab']); + if ($_POST['ifaceTab'] == 'snort_rulesets') + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSetList()); + + } + + + if ($_POST['ifaceTab'] == 'snort_rules') + { + // unset POSTs that are markers not in db + unset($_POST['snortSaveRuleSets']); + unset($_POST['ifaceTab']); + + snortJsonReturnCode(snortSql_updateRuleSigList()); + } - if(snortSql_updateRuleSetList($_POST['dbName'], $_POST['dbTable'], $_POST['filenamcheckbox'], $_POST['ifaceuuid'])) - { - echo $snortJsonReturnCode_success; - return true; - }else{ - echo $snortJsonReturnCode_fail; - return false; - } } // END of rulesSets diff --git a/config/snort-dev/snort_new.inc b/config/snort-dev/snort_new.inc index a437db09..9f318af0 100644 --- a/config/snort-dev/snort_new.inc +++ b/config/snort-dev/snort_new.inc @@ -6,8 +6,249 @@ if(isset($_POST['__csrf_magic'])) unset($_POST['__csrf_magic']); } +// Wites selected sig to file +function snortSidStringRuleEditGUI() +{ + + $workingFile = '/usr/local/etc/snort/sn_' . $_POST['snortSidRuleIface'] . '/rules/' . $_POST['snortSidRuleFile']; + + $splitcontents = split_rule_file($workingFile); + + if (!empty($splitcontents)) + { + $sidLinePosPre = exec('/usr/bin/sed -n /sid:' . $_POST['snortSidNum'] . '\;/= ' . $workingFile); + $sidLinePos = $sidLinePosPre - 1; + + $splitcontents[$sidLinePos] = $_POST['sidstring']; + + + write_rule_file($splitcontents, $workingFile); + + return true; + } + + return false; + +} + +function sendSidStringRuleEditGUI() +{ + + $sidCall = exec('sed -n "/alert.*sid:' . $_GET['sid'] . ';.*/p" /usr/local/etc/snort/sn_' . $_GET['snortIface'] . '/rules/' . $_GET['snortRuleFile']); + $sidCallJsonFilter = escapeJsonString($sidCall); + + echo '{"sidstring":' . '"' . $sidCallJsonFilter . '","sid":' . '"' . $_GET['sid'] . '"}'; + return true; +} + + +function escapeJsonString($escapeString) +{ + $search = array('\\', '\n', '\r', '\u', '\t', '\f', '\b', '/', '"'); + $replace = array('\\\\', '\\n', '\\r', '\\u', '\\t', '\\f', '\\b', '\/', '\"'); + $encoded_string = str_replace($search, $replace, $escapeString); + + return $encoded_string; + +} + +// limit the length of the given string to $MAX_LENGTH char +function trimLength($s) { + + + $MAX_LENGTH = 13; + $str_to_count = $s; + if (strlen($str_to_count) <= $MAX_LENGTH) { + return $s; + } + + $s2 = substr($str_to_count, 0, $MAX_LENGTH - 3); + $s2 .= "..."; + return $s2; +} + + +// builds base array with sid etc.... +function newFilterRuleSig($baseruleArray) +{ + + function get_middle($source, $beginning, $ending, $init_pos) + { + $beginning_pos = strpos($source, $beginning, $init_pos); + $middle_pos = $beginning_pos + strlen($beginning); + $ending_pos = strpos($source, $ending, $beginning_pos); + $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); + return $middle; + } + + + $i = 0; + $newSigArray[] = array(); + foreach ( $baseruleArray as $value ) + { + + // add sid + $newSigArray[$i]['sid'] = get_middle($value, 'sid:', ';', 0); + + // remove whitespaces + $rmWhitespaces = preg_replace('/\s\s+/', ' ', $value); + // remove whitespace betwin # aerrt + $rmAlertWhitespace = preg_replace('/^# alert/', '#alert', $rmWhitespaces); + $splitcontents = explode(' ', $rmAlertWhitespace); + + // enable or disable + if ($splitcontents[0] === '#alert') + { + $newSigArray[$i]['enable'] = 'off'; + }else{ + $newSigArray[$i]['enable'] = 'on'; + } + + // proto + $newSigArray[$i]['proto'] = $splitcontents[1]; + + // source + $newSigArray[$i]['src'] = trimLength($splitcontents[2]); + + // source port + $newSigArray[$i]['srcport'] = trimLength($splitcontents[3]); + + // Destination + $newSigArray[$i]['dst'] = trimLength($splitcontents[5]); + + // Destination port + $newSigArray[$i]['dstport'] = trimLength($splitcontents[6]); + + // sig message + $newSigArray[$i]['msg'] = get_middle($value, 'msg:"', '";', 0); + + $i++; + } + + return $newSigArray; +} + + +function split_rule_file($workingFile) +{ + $filehandle = fopen($workingFile, "r"); + $contents = fread($filehandle, filesize($workingFile)); + + fclose ($filehandle); + + $delimiter = "\n"; + + $splitcontents = explode($delimiter, $contents); + + return $splitcontents; +} + + +// write rule file to disk +function write_rule_file($content_changed, $received_file) +{ + //read snort file with writing enabled + $filehandle = fopen($received_file, "w"); + + //delimiter for each new rule is a new line + $delimiter = "\n"; + + //implode the array back into a string for writing purposes + $fullfile = implode($delimiter, $content_changed); + + //write data to file + fwrite($filehandle, $fullfile); + + //close file handle + fclose($filehandle); + +} +// Save ruleSets settings +function snortSql_updateRuleSigList() +{ + + $snortDir = '/usr/local/etc/snort/sn_' . $_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] . '_' . $_SESSION['snort']['tmp']['snort_rules']['ifaceselected']; + + // selected snort rule file + $workingFile = $snortDir . '/rules/' . $_SESSION['snort']['tmp']['snort_rules']['rulefile']; + + $splitcontents = split_rule_file($workingFile); + + // open rule file and change enable/disable sids + function read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray) + { + + foreach ($splitcontents as $sigLine) + { + $replaceChars = array('/sid:/', '/;/'); + preg_match('/sid:[0-9]*;/', $sigLine, $matches); + $sidLine = preg_replace($replaceChars, '', $matches[0]); + + + if ($sidLine == '') + { + $tempstring[] = $sigLine; + }else{ + + if (in_array($sidLine, $enableSigsArray)) + { + $tempstring[] = str_replace("# alert", "alert", $sigLine); + } + + if (in_array($sidLine, $disableSigsArray)) + { + $tempstring[] = str_replace("alert", "# alert", $sigLine); + } + + if (!in_array($sidLine, $enableSigsArray) && !in_array($sidLine, $disableSigsArray)) + { + $tempstring[] = $sigLine; + } + } + } + + return $tempstring; + } + + // build user selected enbled and disabled arrays + $enableSigsArray = array(); + $disableSigsArray = array(); + + if (!isset($_POST['filenamcheckbox2'])) + { + $_POST['filenamcheckbox2'] = array(); + } + + $newFilterRuleSigArray = newFilterRuleSig($splitcontents); + + foreach ($newFilterRuleSigArray as $sigArray) + { + // enable sig + if(in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'off') + { + $enableSigsArray[] = $sigArray['sid']; + } + + // disable sig + if(!in_array($sigArray['sid'], $_POST['filenamcheckbox2']) && $sigArray['enable'] == 'on') + { + $disableSigsArray[] = $sigArray['sid']; + } + } + + // read rule file change disable/enable then write to file if arrays are not empty + if (!empty($enableSigsArray) || !empty($disableSigsArray)) + { + write_rule_file(read_rule_file($splitcontents, $enableSigsArray, $disableSigsArray), $workingFile); + } + + return true; + + +} // END Save ruleSets settings + // Save ruleSets settings function snortSql_updateRuleSetList($dbname, $table, $ruleSetfilenames, $ifaceuuid) { @@ -798,14 +1039,10 @@ function snortScanDirFilter($path, $filtername) { $filterDirList[] = $val; } - } - unset($listDir); - + unset($listDir); } - - return $filterDirList; - + return $filterDirList; } ?> diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php new file mode 100644 index 00000000..e030173d --- /dev/null +++ b/config/snort-dev/snort_rules.php @@ -0,0 +1,517 @@ +. + All rights reserved. + + Pfsense snort GUI + Copyright (C) 2008-2011 Robert Zelaya. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars + +$uuid = $_GET['uuid']; +if (isset($_POST['uuid'])) +$uuid = $_POST['uuid']; + +if ($uuid == '') { + echo 'error: no uuid'; + exit(0); +} + +// unset Session tmp on page load +unset($_SESSION['snort']['tmp']); + +// list rules in the default dir +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); + +$snortRuleDir = '/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface']; + + // list rules in the default dir + $filterDirList = array(); + $filterDirList = snortScanDirFilter($snortRuleDir . '/rules', '.rules'); + + // START read rule file + if ($_GET['openruleset']) + { + $rulefile = $_GET['openruleset']; + }else{ + $rulefile = $filterDirList[0]; + } + + $workingFile = $snortRuleDir . '/rules/' . $rulefile; + + //split the contents of the string file into an array using the delimiter + // used by rule gui edit and table build code + $splitcontents = split_rule_file($workingFile); + +function load_rule_file($incoming_file, $splitcontents) +{ + + //read snort file + $filehandle = fopen($incoming_file, "r"); + + //read file into string, and get filesize + $contents = fread($filehandle, filesize($incoming_file)); + + //close handler + fclose ($filehandle); + + + $pattern = '/(^alert |^# alert )/'; + foreach ( $splitcontents as $val ) + { + // remove whitespaces + $rmWhitespaces = preg_replace('/\s\s+/', ' ', $val); + + // filter none alerts + if (preg_match($pattern, $rmWhitespaces)) + { + $splitcontents2[] = $val; + } + + } + unset($splitcontents); + + return $splitcontents2; + +} + + //Load the rule file + $splitcontents2 = load_rule_file($workingFile, $splitcontents); + + $countSig = count($splitcontents2); + + if ($countSig > 0) + { + $newFilterRuleSigArray = newFilterRuleSig($splitcontents2); + } + + /* + * SET GLOBAL ARRAY $_SESSION['snort'] + */ + $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules'; + $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs'; + $_SESSION['snort']['tmp']['snort_rules']['ifaceuuid'] = $uuid; + $_SESSION['snort']['tmp']['snort_rules']['ifaceselected'] = $a_list['interface']; + $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile; + + +// find ./ -name test.txt | xargs grep "^disablesid 127 " + + $pgtitle = "Snort: Category: rule: $rulefile"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + + + + +
    +


    Please Wait...

    +
    + +
    + +
    +
    + + + + + + + + + + + + + + +
    + + +
    + +
    + +
    + + + + +
    + + +
    +
    +
    + + +
    + + + +
    +
    + + + + + + + + +
    + + + +
    +
    + + + + + + + + + +
    + Category: + + There are rules in this category. + + + + +
    +
    + + + + + + +
    + + +
    + +
    + + + + + + +
    Snort Signatures:
    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    OnSidProtoSrcPortDstPortMessage 
    +
    + + + + +
    + + +
    +
    +
    + + + + +
    +
    + +
    + + + +
    + +
    +
    + + + + + + + +
       
    + Note:
    + This is the Snort Rule Signature Viewer. + Please make sure not to add a whitespace before alert or #alert. +
    +
    + Warning: +
    + New settings will not take effect until interface restart. +

    +
    +
    +
    + + + + + + + + + + + + + diff --git a/config/snort-dev/snort_rulesets.php b/config/snort-dev/snort_rulesets.php new file mode 100644 index 00000000..9d41eb0b --- /dev/null +++ b/config/snort-dev/snort_rulesets.php @@ -0,0 +1,278 @@ +. + Copyright (C) 2008-2009 Robert Zelaya. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort_new.inc"); +require_once("/usr/local/pkg/snort/snort_gui.inc"); + +// set page vars + +$uuid = $_GET['uuid']; +if (isset($_POST['uuid'])) +$uuid = $_POST['uuid']; + +if ($uuid == '') { + echo 'error: no uuid'; + exit(0); +} + +$a_list = snortSql_fetchAllSettings('snortDBrules', 'Snortrules', 'uuid', $uuid); + + // list rules in the default dir + $filterDirList = array(); + $filterDirList = snortScanDirFilter('/usr/local/etc/snort/sn_' . $uuid . '_' . $a_list['interface'] . '/rules', '.rules'); + + // list rules in db that are on in a array + $listOnRules = array(); + $listOnRules = snortSql_fetchAllSettings('snortDBrules', 'SnortRuleSets', 'ifaceuuid', $uuid); + + if (!empty($listOnRules)) + { + foreach ( $listOnRules as $val2 ) + { + if ($val2['enable'] == 'on') + { + $rulesetOn[] = $val2['rulesetname']; + } + } + unset($listOnRules); + } + + $pgtitle = "Snort: Interface Rule Categories"; + include("/usr/local/pkg/snort/snort_head.inc"); + +?> + + + + + + + + + + + +
    +


    Please Wait...

    +
    + + + +
    +
    transgif
    + + + + + + +
    + + + +
    + + + + + + + + + +
    + + + + + +
    + + + + +
    + + + +
    + +
    +
    + + + + + + + + + + + +
    EnabledRuleset: Rules that end with "so.rules" are shared object rules.
    + + + + + +
    + + + + +
    Check the rulesets that you would like Snort to load at startup.
    +
    + + +
    + Note: + Please save your settings before you click start. +
    + + + + +
    + + + + + + +
    + + + + + + + + diff --git a/config/snort-dev/testing.php b/config/snort-dev/testing.php deleted file mode 100644 index f36a9edd..00000000 --- a/config/snort-dev/testing.php +++ /dev/null @@ -1,28 +0,0 @@ -' . "\n\n"; - - print_r($a_suppresst); - - //foreach ($a_whitelist as $value) - //{ - //echo $value['filename'] . "\n"; - //} - - echo "\n" . ''; - -?> - - - - -- cgit v1.2.3