You must apply the changes in order for them to take effect."; while (false !== ($filename = readdir($dh))) { //only populate this array if its a rule file $isrulefile = strstr($filename, ".rules"); if ($isrulefile !== false) { $files[] = $filename; } } sort($files); if ($_GET['openruleset']) { $file = $_GET['openruleset']; } else { $file = $ruledir.$files[0]; } //Load the rule file $splitcontents = load_rule_file($file); if ($_POST) { if (!$_POST['apply']) { //retrieve POST data $post_lineid = $_POST['lineid']; $post_enabled = $_POST['enabled']; $post_src = $_POST['src']; $post_srcport = $_POST['srcport']; $post_dest = $_POST['dest']; $post_destport = $_POST['destport']; //clean up any white spaces insert by accident $post_src = str_replace(" ", "", $post_src); $post_srcport = str_replace(" ", "", $post_srcport); $post_dest = str_replace(" ", "", $post_dest); $post_destport = str_replace(" ", "", $post_destport); //copy rule contents from array into string $tempstring = $splitcontents[$post_lineid]; //search string $findme = "# alert"; //find string for disabled alerts //find if alert is disabled $disabled = strstr($tempstring, $findme); //if find alert is false, then rule is disabled if ($disabled !== false) { //has rule been enabled if ($post_enabled == "yes") { //move counter up 1, so we do not retrieve the # in the rule_content array $tempstring = str_replace("# alert", "alert", $tempstring); $counter2 = 1; } else { //rule is staying disabled $counter2 = 2; } } else { //has rule been disabled if ($post_enabled != "yes") { //move counter up 1, so we do not retrieve the # in the rule_content array $tempstring = str_replace("alert", "# alert", $tempstring); $counter2 = 2; } else { //rule is staying enabled $counter2 = 1; } } //explode rule contents into an array, (delimiter is space) $rule_content = explode(' ', $tempstring); //insert new values $counter2++; $rule_content[$counter2] = $post_src;//source location $counter2++; $rule_content[$counter2] = $post_srcport;//source port location $counter2 = $counter2+2; $rule_content[$counter2] = $post_dest;//destination location $counter2++; $rule_content[$counter2] = $post_destport;//destination port location //implode the array back into string $tempstring = implode(' ', $rule_content); //copy string into file array for writing $splitcontents[$post_lineid] = $tempstring; //write the new .rules file write_rule_file($splitcontents, $file); //once file has been written, reload file $splitcontents = load_rule_file($file); $stopMsg = true; } if ($_POST['apply']) { stop_service("snort"); sleep(2); start_service("snort"); $savemsg = "The snort rules selections have been saved. Restarting Snort."; $stopMsg = false; } } else if ($_GET['act'] == "toggle") { $toggleid = $_GET['id']; //copy rule contents from array into string $tempstring = $splitcontents[$toggleid]; //explode rule contents into an array, (delimiter is space) $rule_content = explode(' ', $tempstring); //search string $findme = "# alert"; //find string for disabled alerts //find if alert is disabled $disabled = strstr($tempstring, $findme); //if find alert is false, then rule is disabled if ($disabled !== false) { //rule has been enabled //move counter up 1, so we do not retrieve the # in the rule_content array $tempstring = str_replace("# alert", "alert", $tempstring); } else { //has rule been disabled //move counter up 1, so we do not retrieve the # in the rule_content array $tempstring = str_replace("alert", "# alert", $tempstring); } //copy string into array for writing $splitcontents[$toggleid] = $tempstring; //write the new .rules file write_rule_file($splitcontents, $file); //once file has been written, reload file $splitcontents = load_rule_file($file); $stopMsg = true; } $pgtitle = "Snort: Rules"; require("guiconfig.inc"); include("head.inc"); ?>


Category: "; //string for populating category select $currentruleset = substr($file, 27); ?> "; $textse = ""; $iconb = "icon_block_d.gif"; } else { $textss = $textse = ""; $iconb = "icon_block.gif"; } $rule_content = explode(' ', $tempstring); $protocol = $rule_content[$counter2];//protocol location $counter2++; $source = $rule_content[$counter2];//source location $counter2++; $source_port = $rule_content[$counter2];//source port location $counter2 = $counter2+2; $destination = $rule_content[$counter2];//destination location $counter2++; $destination_port = $rule_content[$counter2];//destination port location $message = get_middle($tempstring, 'msg:"', '";', 0); echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; ?>
"; ?>
  SID Proto Source Port Destination Port Message
"; echo $textss; ?> "; echo ""; echo $textss; echo $sid; echo $textse; echo ""; echo $textss; echo $protocol; $printcounter++; echo $textse; echo ""; echo $textss; echo $source; echo $textse; echo ""; echo $textss; echo $source_port; echo $textse; echo ""; echo $textss; echo $destination; echo $textse; echo ""; echo $textss; echo $destination_port; echo $textse; echo " "; ?>
Rule Enabled
Rule Disabled