From a24a4b892ab43748529285254566ad48b05aed3e Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Sat, 9 Dec 2006 19:26:58 +0000
Subject: Add Snort rule activation/deactivation/edit support.

Written and submitted by: Scott Dale <c_scott_dale_AT_yahoo.com
---
 packages/snort/snort.xml                |   6 +-
 packages/snort/snort_advanced.xml       |   6 +-
 packages/snort/snort_alerts.php         |   7 +-
 packages/snort/snort_blocked.php        |   5 +-
 packages/snort/snort_download_rules.php |   5 +-
 packages/snort/snort_rules.php          | 482 ++++++++++++++++++++++++++++++++
 packages/snort/snort_rules_edit.php     | 202 +++++++++++++
 packages/snort/snort_rulesets.php       |  11 +-
 packages/snort/snort_whitelist.xml      |   6 +-
 9 files changed, 715 insertions(+), 15 deletions(-)
 create mode 100644 packages/snort/snort_rules.php
 create mode 100644 packages/snort/snort_rules_edit.php

(limited to 'packages/snort')

diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml
index 01567332..6919d0cf 100644
--- a/packages/snort/snort.xml
+++ b/packages/snort/snort.xml
@@ -81,9 +81,13 @@
 			<url>/snort_download_rules.php</url>
 		</tab>
 		<tab>
-			<text>Snort Rulesets</text>
+			<text>Snort Categories</text>
 			<url>/snort_rulesets.php</url>
 		</tab>
+		<tab>
+			<text>Snort Rules</text>
+			<url>/snort_rules.php</url>
+		</tab>
 		<tab>
 			<text>Snort Blocked</text>
 			<url>/snort_blocked.php</url>
diff --git a/packages/snort/snort_advanced.xml b/packages/snort/snort_advanced.xml
index c11d40f3..cf29f93d 100644
--- a/packages/snort/snort_advanced.xml
+++ b/packages/snort/snort_advanced.xml
@@ -13,9 +13,13 @@
 			<url>/snort_download_rules.php</url>
 		</tab>
 		<tab>
-			<text>Snort Rulesets</text>
+			<text>Snort Categories</text>
 			<url>/snort_rulesets.php</url>
 		</tab>
+		<tab>
+			<text>Snort Rules</text>
+			<url>/snort_rules.php</url>
+		</tab>
 		<tab>
 			<text>Snort Blocked</text>
 			<url>/snort_blocked.php</url>
diff --git a/packages/snort/snort_alerts.php b/packages/snort/snort_alerts.php
index ca3c8bdd..6455966a 100644
--- a/packages/snort/snort_alerts.php
+++ b/packages/snort/snort_alerts.php
@@ -62,10 +62,11 @@ include("head.inc");
 <?php
 	$tab_array = array();
 	$tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
-	$tab_array[] = array(gettext("Snort Rules Update"), false, "/snort_download_rules.php");
-	$tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php");
+	$tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Snort Rules"), false, "/snort_rules.php");
 	$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
-	$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+	$tab_array[] = array(gettext("Snort Whitelist"),false, "/pkg.php?xml=snort_whitelist.xml");
 	$tab_array[] = array(gettext("Snort Alerts"), true, "/snort_alerts.php");
 	$tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
 	display_top_tabs($tab_array);
diff --git a/packages/snort/snort_blocked.php b/packages/snort/snort_blocked.php
index bab607ba..a2ebe171 100644
--- a/packages/snort/snort_blocked.php
+++ b/packages/snort/snort_blocked.php
@@ -58,8 +58,9 @@ include("head.inc");
 <?php
 	$tab_array = array();
 	$tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
-	$tab_array[] = array(gettext("Snort Rules Update"), false, "/snort_download_rules.php");
-	$tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php");
+	$tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Snort Rules"), false, "/snort_rules.php");
 	$tab_array[] = array(gettext("Snort Blocked"), true, "/snort_blocked.php");
 	$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
 	$tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php
index 16dcb57b..bb7b35b7 100644
--- a/packages/snort/snort_download_rules.php
+++ b/packages/snort/snort_download_rules.php
@@ -70,8 +70,9 @@ include("head.inc");
 <?php
 	$tab_array = array();
 	$tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
-	$tab_array[] = array(gettext("Snort Rules Update"), true, "/snort_download_rules.php");
-	$tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Update Snort Rules"), true, "/snort_download_rules.php");
+	$tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Snort Rules"), false, "/snort_rules.php");
 	$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
 	$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
 	$tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
diff --git a/packages/snort/snort_rules.php b/packages/snort/snort_rules.php
new file mode 100644
index 00000000..ecce7936
--- /dev/null
+++ b/packages/snort/snort_rules.php
@@ -0,0 +1,482 @@
+<?php
+/* $Id$ */
+/*
+    edit_snortrule.php
+    Copyright (C) 2004, 2005 Scott Ullrich
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function get_middle($source, $beginning, $ending, $init_pos) {
+   $beginning_pos = strpos($source, $beginning, $init_pos);
+   $middle_pos = $beginning_pos + strlen($beginning);
+   $ending_pos = strpos($source, $ending, $beginning_pos);
+   $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+   return $middle;
+}
+
+function write_rule_file($content_changed, $received_file)
+{
+	//read snort file with writing enabled
+	$filehandle = fopen($received_file, "r+");
+
+	//delimiter for each new rule is a new line
+	$delimiter = "\n";
+
+	//implode the array back into a string for writing purposes
+	$fullfile = implode($delimiter, $content_changed);
+
+	//write data to file
+	fwrite($filehandle, $fullfile);
+
+	//close file handle
+	fclose($filehandle);
+
+}
+
+function load_rule_file($incoming_file)
+{
+
+	//read snort file
+	$filehandle = fopen($incoming_file, "r");
+
+	//read file into string, and get filesize
+	$contents = fread($filehandle, filesize($incoming_file));
+
+	//close handler
+	fclose ($filehandle);
+
+	//string for populating category select
+	$currentruleset = substr($file, 27);
+
+	//delimiter for each new rule is a new line
+	$delimiter = "\n";
+
+	//split the contents of the string file into an array using the delimiter
+	$splitcontents = explode($delimiter, $contents);
+
+	return $splitcontents;
+
+}
+
+$ruledir = "/usr/local/etc/snort/rules/";
+$dh  = opendir($ruledir);
+while (false !== ($filename = readdir($dh)))
+{
+	//only populate this array if its a rule file
+	$isrulefile = strstr($filename, ".rules");
+	if ($isrulefile !== false)
+	{
+		$files[] = $filename;
+	}
+}
+
+sort($files);
+
+if ($_GET['openruleset'])
+{
+	$file = $_GET['openruleset'];
+}
+else
+{
+	$file = $ruledir.$files[0];
+
+}
+
+//Load the rule file
+$splitcontents = load_rule_file($file);
+
+
+if ($_POST)
+{
+	//retrieve POST data
+	$post_lineid = $_POST['lineid'];
+	$post_enabled = $_POST['enabled'];
+	$post_src = $_POST['src'];
+	$post_srcport = $_POST['srcport'];
+	$post_dest = $_POST['dest'];
+	$post_destport = $_POST['destport'];
+
+	//copy rule contents from array into string
+	$tempstring = $splitcontents[$post_lineid];
+
+	//explode rule contents into an array, (delimiter is space)
+	$rule_content = explode(' ', $tempstring);
+
+	//search string
+	$findme = "# alert"; //find string for disabled alerts
+
+	//find if alert is disabled
+	$disabled = strstr($tempstring, $findme);
+
+	//if find alert is false, then rule is disabled
+	if ($disabled !== false)
+	{
+		//has rule been enabled
+		if ($post_enabled == "yes")
+		{
+			//move counter up 1, so we do not retrieve the # in the rule_content array
+			$tempstring = str_replace("# alert", "alert", $tempstring);
+			$counter2 = 1;
+		}
+		else
+		{
+			//rule is staying disabled
+			$counter2 = 2;
+
+		}
+		//if enabled box was not changed, default
+		$counter2 = 2;
+	}
+	else
+	{
+		//has rule been disabled
+		if ($post_enabled != "yes")
+		{
+			//move counter up 1, so we do not retrieve the # in the rule_content array
+			$tempstring = str_replace("alert", "# alert", $tempstring);
+			$counter2 = 2;
+		}
+		else
+		{
+			//rule is staying enabled
+			$counter2 = 1;
+		}
+		//if enabled box was not changed, default
+		$counter2 = 1;
+	}
+
+	$counter2++;
+	$source = $rule_content[$counter2];//source location
+	$counter2++;
+	$source_port = $rule_content[$counter2];//source port location
+	$counter2 = $counter2+2;
+	$destination = $rule_content[$counter2];//destination location
+	$counter2++;
+	$destination_port = $rule_content[$counter2];//destination port location
+
+	//insert new values into their respective places
+	$tempstring = str_replace($source, $post_src, $tempstring);
+	$tempstring = str_replace($source_port, $post_srcport, $tempstring);
+	$tempstring = str_replace($destination, $post_dest, $tempstring);
+	$tempstring = str_replace($destination_port, $post_destport, $tempstring);
+
+
+	//copy string into array for writing
+	$splitcontents[$post_lineid] = $tempstring;
+
+	//write the new .rules file
+	write_rule_file($splitcontents, $file);
+
+	//once file has been written, reload file
+	$splitcontents = load_rule_file($file);
+
+}
+else if ($_GET['act'] == "toggle")
+{
+	$toggleid = $_GET['id'];
+
+	//copy rule contents from array into string
+	$tempstring = $splitcontents[$toggleid];
+
+	//explode rule contents into an array, (delimiter is space)
+	$rule_content = explode(' ', $tempstring);
+
+	//search string
+	$findme = "# alert"; //find string for disabled alerts
+
+	//find if alert is disabled
+	$disabled = strstr($tempstring, $findme);
+
+	//if find alert is false, then rule is disabled
+	if ($disabled !== false)
+	{
+		//rule has been enabled
+		//move counter up 1, so we do not retrieve the # in the rule_content array
+		$tempstring = str_replace("# alert", "alert", $tempstring);
+
+	}
+	else
+	{
+		//has rule been disabled
+		//move counter up 1, so we do not retrieve the # in the rule_content array
+		$tempstring = str_replace("alert", "# alert", $tempstring);
+
+	}
+
+	//copy string into array for writing
+	$splitcontents[$toggleid] = $tempstring;
+
+	//write the new .rules file
+	write_rule_file($splitcontents, $file);
+
+	//once file has been written, reload file
+	$splitcontents = load_rule_file($file);
+
+}
+
+
+
+$pgtitle = "Snort: Rules";
+require("guiconfig.inc");
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+
+<script type="text/javascript" language="javascript" src="row_toggle.js">
+	<script src="/javascript/sorttable.js" type="text/javascript">
+</script>
+
+<script language="javascript" type="text/javascript">
+<!--
+function go()
+{
+	box = document.forms[0].selectbox;
+	destination = box.options[box.selectedIndex].value;
+	if (destination) location.href = destination;
+}
+
+// -->
+</script>
+
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+  <tr>
+  	<td>
+<?php
+	$tab_array = array();
+	$tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+	$tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php");
+	$tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Snort Rules"), true, "/snort_rules.php");
+	$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
+	$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+	$tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
+	$tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+	display_top_tabs($tab_array);
+?>
+  	</td>
+  </tr>
+  <tr>
+    <td>
+		<div id="mainarea">
+			<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+				<tr>
+					<td>
+						<table id="ruletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+                			<tr id="frheader">
+          		      			<td width="3%" class="list">&nbsp;</td>
+          		      			<td width="5%" class="listhdr">SID</td>
+          		      			<td width="6%" class="listhdrr">Proto</td>
+          		      			<td width="15%" class="listhdrr">Source</td>
+          		      			<td width="10%" class="listhdrr">Port</td>
+          		      			<td width="15%" class="listhdrr">Destination</td>
+          		      			<td width="10%" class="listhdrr">Port</td>
+		  						<td width="32%" class="listhdrr">Message</td>
+
+          					</tr>
+							<tr>
+							<?php
+
+								echo "<br>Category: ";
+
+								//string for populating category select
+								$currentruleset = substr($file, 27);
+								?>
+								<form name="forms">
+									<select name="selectbox" class="formfld" onChange="go()">
+										<?php
+										$i=0;
+										foreach ($files as $value)
+										{
+											$selectedruleset = "";
+											if ($files[$i] === $currentruleset)
+												$selectedruleset = "selected";
+											?>
+											<option value="?&openruleset=<?=$ruledir;?><?=$files[$i];?>" <?=$selectedruleset;?>><?=$files[$i];?></option>"
+											<?php
+											$i++;
+
+										}
+										?>
+									</select>
+								</form>
+							</tr>
+							<?php
+
+							$counter = 0;
+							$printcounter = 0;
+
+							foreach ( $splitcontents as $value )
+							{
+
+								$counter++;
+								$disabled = "False";
+								$comments = "False";
+
+								$tempstring = $splitcontents[$counter];
+								$findme = "# alert"; //find string for disabled alerts
+
+								//find alert
+								$disabled_pos = strstr($tempstring, $findme);
+
+
+									//do soemthing, this rule is enabled
+									$counter2 = 1;
+
+									//retrieve sid value
+									$sid = get_middle($tempstring, 'sid:', ';', 0);
+
+									//check to see if the sid is numberical
+									$is_sid_num = is_numeric($sid);
+
+									//if SID is numerical, proceed
+									if ($is_sid_num)
+									{
+
+										//if find alert is false, then rule is disabled
+										if ($disabled_pos !== false){
+											$counter2 = $counter2+1;
+											$textss = "<span class=\"gray\">";
+											$textse = "</span>";
+											$iconb = "icon_block_d.gif";
+										}
+										else
+										{
+											$textss = $textse = "";
+											$iconb = "icon_block.gif";
+										}
+
+										$rule_content = explode(' ', $tempstring);
+
+										$protocol = $rule_content[$counter2];//protocol location
+										$counter2++;
+										$source = $rule_content[$counter2];//source location
+										$counter2++;
+										$source_port = $rule_content[$counter2];//source port location
+										$counter2 = $counter2+2;
+										$destination = $rule_content[$counter2];//destination location
+										$counter2++;
+										$destination_port = $rule_content[$counter2];//destination port location
+
+										$message = get_middle($tempstring, 'msg:"', '";', 0);
+
+										echo "<tr>";
+										echo "<td class=\"listt\">";
+										echo $textss;
+										?>
+										<a href="?&openruleset=<?=$file;?>&act=toggle&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
+										<?php
+										echo $textse;
+										echo "</td>";
+
+
+										echo "<td class=\"listlr\">";
+										echo $textss;
+										echo $sid;
+										echo $textse;
+										echo "</td>";
+
+										echo "<td class=\"listlr\">";
+										echo $textss;
+										echo $protocol;
+										$printcounter++;
+										echo $textse;
+										echo "</td>";
+										echo "<td class=\"listlr\">";
+										echo $textss;
+										echo $source;
+										echo $textse;
+										echo "</td>";
+										echo "<td class=\"listlr\">";
+										echo $textss;
+										echo $source_port;
+										echo $textse;
+										echo "</td>";
+										echo "<td class=\"listlr\">";
+										echo $textss;
+										echo $destination;
+										echo $textse;
+										echo "</td>";
+										echo "<td class=\"listlr\">";
+										echo $textss;
+										echo $destination_port;
+										echo $textse;
+										echo "</td>";
+										?>
+										<td class="listbg"><font color="white">
+										<?php
+										echo $textss;
+										echo $message;
+										echo $textse;
+										echo "</td>";
+										?>
+               						   <td valign="middle" nowrap class="list">
+										    <table border="0" cellspacing="0" cellpadding="1">
+												<tr>
+												  <td><a href="snort_rules_edit.php?openruleset=<?=$file;?>&id=<?=$counter;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
+												</tr>
+											</table>
+										</td>
+										<?php
+									}
+							}
+							echo "   ";
+							echo "There are ";
+							echo $printcounter;
+							echo " rules in this category. <br><br>";
+							?>
+			 			</table>
+					</td>
+				</tr>
+                <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
+				                <tr>
+				                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
+				                  <td>Rule Enabled</td>
+				                </tr>
+				                <tr>
+				                  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
+				                  <td nowrap>Rule Disabled</td>
+
+
+                				</tr>
+						<tr>
+						  <td colspan="10">
+				  <p>
+				  <!--<strong><span class="red">Warning:<br>
+				  </span></strong>Editing these r</p>-->
+						 </td>
+					        </tr>
+              </table>
+			</table>
+
+    </td>
+  </tr>
+</table>
+
+
+<?php include("fend.inc"); ?>
+</div></body>
+</html>
diff --git a/packages/snort/snort_rules_edit.php b/packages/snort/snort_rules_edit.php
new file mode 100644
index 00000000..69c5dfa1
--- /dev/null
+++ b/packages/snort/snort_rules_edit.php
@@ -0,0 +1,202 @@
+<?php
+/* $Id$ */
+/*
+    snort_rules_edit.php
+    Copyright (C) 2004, 2005 Scott Ullrich
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function get_middle($source, $beginning, $ending, $init_pos) {
+   $beginning_pos = strpos($source, $beginning, $init_pos);
+   $middle_pos = $beginning_pos + strlen($beginning);
+   $ending_pos = strpos($source, $ending, $beginning_pos);
+   $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+   return $middle;
+}
+
+
+$file = $_GET['openruleset'];
+
+//read snort file
+$filehandle = fopen($file, "r");
+
+//get rule id
+$lineid = $_GET['id'];
+
+//read file into string, and get filesize
+$contents = fread($filehandle, filesize($file));
+
+//close handler
+fclose ($filehandle);
+
+//delimiter for each new rule is a new line
+$delimiter = "\n";
+
+//split the contents of the string file into an array using the delimiter
+$splitcontents = explode($delimiter, $contents);
+
+//copy rule contents from array into string
+$tempstring = $splitcontents[$lineid];
+
+//explode rule contents into an array, (delimiter is space)
+$rule_content = explode(' ', $tempstring);
+
+//search string
+$findme = "# alert"; //find string for disabled alerts
+
+//find if alert is disabled
+$disabled = strstr($tempstring, $findme);
+
+//get sid
+$sid = get_middle($tempstring, 'sid:', ';', 0);
+
+
+//if find alert is false, then rule is disabled
+if ($disabled !== false)
+{
+	//move counter up 1, so we do not retrieve the # in the rule_content array
+	$counter2 = 2;
+}
+else
+{
+	$counter2 = 1;
+}
+
+
+$protocol = $rule_content[$counter2];//protocol location
+$counter2++;
+$source = $rule_content[$counter2];//source location
+$counter2++;
+$source_port = $rule_content[$counter2];//source port location
+$counter2++;
+$direction = $rule_content[$counter2];
+$counter2++;
+$destination = $rule_content[$counter2];//destination location
+$counter2++;
+$destination_port = $rule_content[$counter2];//destination port location
+$message = get_middle($tempstring, 'msg:"', '";', 0);
+
+$content = get_middle($tempstring, 'content:"', '";', 0);
+$classtype = get_middle($tempstring, 'classtype:', ';', 0);
+$revision = get_middle($tempstring, 'rev:', ';',0);
+
+$pgtitle = "Snort: Edit Rule";
+require("guiconfig.inc");
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+<table width="99%" border="0" cellpadding="0" cellspacing="0">
+  <tr>
+  	<td>
+<?php
+	$tab_array = array();
+	$tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
+	$tab_array[] = array(gettext("Snort Update Rules"), false, "/snort_download_rules.php");
+	$tab_array[] = array(gettext("Snort Categories"), false, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Snort Rules"), true, "/snort_rules.php?openruleset=/usr/local/etc/snort/rules/attack-responses.rules");
+	$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
+	$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
+	$tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
+	$tab_array[] = array(gettext("Snort Advanced"), false, "/pkg_edit.php?xml=snort_advanced.xml&id=0");
+	display_top_tabs($tab_array);
+?>
+  	</td>
+  </tr>
+  <tr>
+    <td>
+		<div id="mainarea">
+			<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+				<tr>
+					<td>
+						<form action="snort_rules.php?openruleset=<?=$file;?>&id=<?=$lineid;?>" target="" method="post" name="editform" id="editform">
+							<table id="edittable" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+								<tr>
+										<td class="listhdr" width="10%">Enabled: </td>
+										<td class="listlr" width="30%"><input name="enabled" type="checkbox" id="enabled" value="yes" <?php if ($disabled === false) echo "checked";?>></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">SID: </td>
+										<td class="listlr" width="30%"><?php echo $sid; ?></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Protocol: </td>
+										<td class="listlr" width="30%"><?php echo $protocol; ?></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Source: </td>
+										<td class="listlr" width="30%"><input name="src" type="text" id="src" size="20" value="<?php echo $source;?>"></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Source Port: </td>
+										<td class="listlr" width="30%"><input name="srcport" type="text" id="srcport" size="20" value="<?php echo $source_port;?>"></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Direction:</td>
+										<td class="listlr" width="30%"><?php echo $direction;?></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Destination:</td>
+										<td class="listlr" width="30%"><input name="dest" type="text" id="dest" size="20" value="<?php echo $destination;?>"></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Destination Port: </td>
+										<td class="listlr" width="30%"><input name="destport" type="text" id="destport" size="20" value="<?php echo $destination_port;?>"></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Message: </td>
+										<td class="listlr" width="30%"><?php echo $message; ?></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Content: </td>
+										<td class="listlr" width="30%"><?php echo $content; ?></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Classtype: </td>
+										<td class="listlr" width="30%"><?php echo $classtype; ?></td>
+								</tr>
+								<tr>
+										<td class="listhdr" width="10%">Revision: </td>
+										<td class="listlr" width="30%"><?php echo $revision; ?></td>
+								</tr>
+								<tr><td>&nbsp</td></tr>
+								<tr>
+										<td><input name="lineid" type="hidden" value="<?=$lineid;?>"></td>
+										<td><input class="formbtn" value="Save" type="submit" name="editsave" id="editsave">&nbsp&nbsp&nbsp<input type="button" class="formbtn" value="Cancel" onclick="history.back()"></td>
+								</tr>
+							</table>
+						</form>
+					</td>
+				</tr>
+			</table>
+	</td>
+</tr>
+</table>
+
+<?php include("fend.inc"); ?>
+</div></body>
+</html>
\ No newline at end of file
diff --git a/packages/snort/snort_rulesets.php b/packages/snort/snort_rulesets.php
index 3d14dce6..885f2a61 100644
--- a/packages/snort/snort_rulesets.php
+++ b/packages/snort/snort_rulesets.php
@@ -56,7 +56,7 @@ $enabled_rulesets = $config['installedpackages']['snort']['rulesets'];
 if($enabled_rulesets)
 	$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
 
-$pgtitle = "Snort: Snort Rulesets";
+$pgtitle = "Snort: Categories";
 include("head.inc");
 
 ?>
@@ -76,8 +76,9 @@ include("head.inc");
 <?php
 	$tab_array = array();
 	$tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0");
-	$tab_array[] = array(gettext("Snort Rules Update"), false, "/snort_download_rules.php");
-	$tab_array[] = array(gettext("Snort Rulesets"), true, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Update Snort Rules"), false, "/snort_download_rules.php");
+	$tab_array[] = array(gettext("Snort Categories"), true, "/snort_rulesets.php");
+	$tab_array[] = array(gettext("Snort Rules"), false, "/snort_rules.php");
 	$tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php");
 	$tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml");
 	$tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php");
@@ -121,7 +122,7 @@ include("head.inc");
 		echo "	<input type='checkbox' name='toenable[]' value='$file' {$CHECKED} />";
 		echo "</td>";
 		echo "<td>";
-		echo "<a target='_new' href='edit.php?submit=Load&savetopath=" . urlencode("/usr/local/etc/snort/rules/") . urlencode($file) . "'>{$file}</a>";
+		echo "<a href='snort_rules.php?openruleset=/usr/local/etc/snort/rules/" . urlencode($file) . "'>{$file}</a>";
 		echo "</td>";
 		//echo "<td>";
 		//echo "description";
@@ -144,7 +145,7 @@ include("head.inc");
 
 </form>
 
-<p><b>NOTE:</b> You can click on a ruleset name to load the file in the pfSense text editor in a new window/tab.
+<p><b>NOTE:</b> You can click on a ruleset name to edit the ruleset.
 
 <?php include("fend.inc"); ?>
 
diff --git a/packages/snort/snort_whitelist.xml b/packages/snort/snort_whitelist.xml
index 1a85c9c8..6845f0cf 100644
--- a/packages/snort/snort_whitelist.xml
+++ b/packages/snort/snort_whitelist.xml
@@ -15,9 +15,13 @@
 			<url>/snort_download_rules.php</url>
 		</tab>
 		<tab>
-			<text>Snort Rulesets</text>
+			<text>Snort Categories</text>
 			<url>/snort_rulesets.php</url>
 		</tab>
+		<tab>
+			<text>Snort Rules</text>
+			<url>/snort_rules.php</url>
+		</tab>
 		<tab>
 			<text>Snort Blocked</text>
 			<url>/snort_blocked.php</url>
-- 
cgit v1.2.3