"; if($pfsense_stable == 'yes'){echo '

' . $pgtitle . '

';} echo "\n \n \n \n \n \n \n
\n"; $tab_array = array(); $tab_array[] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php"); $tab_array[] = array(gettext("If Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); $tab_array[] = array(gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array(gettext("Rules"), true, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array(gettext("Servers"), false, "/snort/snort_define_servers.php?id={$id}"); $tab_array[] = array(gettext("Preprocessors"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array(gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); display_top_tabs($tab_array); echo "
\n
\n \n \n \n \n
\n # The rules directory is empty.\n
\n
\n
\n \n \n \n

\n\n"; echo "Please click on the Update Rules tab to install your selected rule sets."; include("fend.inc"); echo ""; echo ""; exit(0); } else { /* Make sure that we have the rules */ mwexec("/bin/cp {$snortdir}/rules/*.rules {$snortdir}/snort_{$iface_uuid}_{$if_real}/rules", true); } } function get_middle($source, $beginning, $ending, $init_pos) { $beginning_pos = strpos($source, $beginning, $init_pos); $middle_pos = $beginning_pos + strlen($beginning); $ending_pos = strpos($source, $ending, $beginning_pos); $middle = substr($source, $middle_pos, $ending_pos - $middle_pos); return $middle; } function write_rule_file($content_changed, $received_file) { @file_put_contents($received_file, implode("\n", $content_changed)); } function load_rule_file($incoming_file) { //read file into string, and get filesize $contents = @file_get_contents($incoming_file); //split the contents of the string file into an array using the delimiter return explode("\n", $contents); } $ruledir = "{$snortdir}/snort_{$iface_uuid}_{$if_real}/rules/"; $dh = opendir($ruledir); while (false !== ($filename = readdir($dh))) { //only populate this array if its a rule file $isrulefile = strstr($filename, ".rules"); if ($isrulefile !== false) $files[] = basename($filename); } sort($files); if ($_GET['openruleset']) $rulefile = $_GET['openruleset']; else $rulefile = $ruledir.$files[0]; //Load the rule file $splitcontents = load_rule_file($rulefile); if ($_GET['act'] == "toggle" && $_GET['ids']) { $lineid= $_GET['ids']; //copy rule contents from array into string $tempstring = $splitcontents[$lineid]; //explode rule contents into an array, (delimiter is space) $rule_content = explode(' ', $tempstring); $findme = "# alert"; //find string for disabled alerts $disabled = strstr($tempstring, $findme); //if find alert is false, then rule is disabled if ($disabled !== false) { //rule has been enabled $tempstring = substr($tempstring, 2); } else $tempstring = "# ". $tempstring; //copy string into array for writing $splitcontents[$lineid] = $tempstring; //write the new .rules file write_rule_file($splitcontents, $rulefile); //write disable/enable sid to config.xml $sid = get_middle($tempstring, 'sid:', ';', 0); if (is_numeric($sid)) { // rule_sid_on registers if (!empty($a_nat[$id]['rule_sid_on'])) $a_nat[$id]['rule_sid_on'] = str_replace("||enablesid $sid", "", $a_nat[$id]['rule_sid_on']); if (!empty($a_nat[$id]['rule_sid_on'])) $a_nat[$id]['rule_sid_off'] = str_replace("||disablesid $sid", "", $a_nat[$id]['rule_sid_off']); if ($disabled === false) $a_nat[$id]['rule_sid_off'] = "||disablesid $sid_off" . $a_nat[$id]['rule_sid_off']; else $a_nat[$id]['rule_sid_on'] = "||enablesid $sid_on" . $a_nat[$id]['rule_sid_on']; } write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$rulefile}"); exit; } $currentruleset = basename($rulefile); $ifname = strtoupper($pconfig['interface']); require_once("guiconfig.inc"); include_once("head.inc"); $pgtitle = "Snort: $id $iface_uuid $if_real Category: $currentruleset"; ?> ' . $pgtitle . '

';} ?>
$value ) { $disabled = "False"; $comments = "False"; $findme = "# alert"; //find string for disabled alerts $disabled_pos = strstr($value, $findme); $counter2 = 1; $sid = get_middle($value, 'sid:', ';', 0); //check to see if the sid is numberical if (!is_numeric($sid)) continue; //if find alert is false, then rule is disabled if ($disabled_pos !== false){ $counter2 = $counter2+1; $textss = ""; $textse = ""; $iconb = "icon_block_d.gif"; $ischecked = ""; } else { $textss = $textse = ""; $iconb = "icon_block.gif"; $ischecked = "checked"; } $rule_content = explode(' ', $value); $protocol = $rule_content[$counter2];//protocol location $counter2++; $source = substr($rule_content[$counter2], 0, 20) . "...";//source location $counter2++; $source_port = $rule_content[$counter2];//source port location $counter2 = $counter2+2; $destination = substr($rule_content[$counter2], 0, 20) . "...";//destination location $counter2++; $destination_port = $rule_content[$counter2];//destination port location if (strstr($value, 'msg: "')) $message = get_middle($value, 'msg: "', '";', 0); else if (strstr($value, 'msg:"')) $message = get_middle($value, 'msg:"', '";', 0); echo ""; ?>
 
Category:
 
  SID Proto Source Port Destination Port Message  
$textss $textse $textss $sid $textse $textss $protocol $textse $textss $source $textse $textss $source_port $textse $textss $destination $textse $textss $destination_port $textse $textss $message $textse
There are {$counter} rules in this category.

"; ?>
Rule Enabled
Rule Disabled