$length) $string = substr($string, 0, ($length - 3)) . "..."; return $string; } /* convert fake interfaces to real */ $if_real = snort_get_real_interface($pconfig['interface']); $snort_uuid = $a_rule[$id]['uuid']; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; $categories = explode("||", $pconfig['rulesets']); if ($_GET['openruleset']) $currentruleset = $_GET['openruleset']; else if ($_POST['openruleset']) $currentruleset = $_POST['openruleset']; else $currentruleset = $categories[0]; if (empty($categories[0]) && ($currentruleset != "custom.rules")) { if (!empty($a_rule[$id]['ips_policy'])) $currentruleset = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); else $currentruleset = "custom.rules"; } /* One last sanity check -- if the rules directory is empty, default to loading custom rules */ $tmp = glob("{$snortdir}/rules/*.rules"); if (empty($tmp)) $currentruleset = "custom.rules"; $ruledir = "{$snortdir}/rules"; $rulefile = "{$ruledir}/{$currentruleset}"; if ($currentruleset != 'custom.rules') { // Read the current rules file into our rules map array. // Test for the special case of an IPS Policy file. if (substr($currentruleset, 0, 10) == "IPS Policy") $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); elseif (!file_exists($rulefile)) $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again."); else $rules_map = snort_load_rules_map($rulefile); } /* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ $enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on'], "enablesid"); $disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off'], "disablesid"); if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { // Get the SID tag embedded in the clicked rule icon. $sid= $_GET['ids']; // See if the target SID is in our list of modified SIDs, // and toggle it if present; otherwise, add it to the // appropriate list. if (isset($enablesid[$sid])) { unset($enablesid[$sid]); if (!isset($disablesid[$sid])) $disablesid[$sid] = "disablesid"; } elseif (isset($disablesid[$sid])) { unset($disablesid[$sid]); if (!isset($enablesid[$sid])) $enablesid[$sid] = "enablesid"; } else { if ($rules_map[1][$sid]['disabled'] == 1) $enablesid[$sid] = "enablesid"; else $disablesid[$sid] = "disablesid"; } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; foreach ($enablesid as $k => $v) { $tmp .= "||{$v} {$k}"; } if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); $tmp = ""; foreach ($disablesid as $k => $v) { $tmp .= "||{$v} {$k}"; } if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { // Reset any modified SIDs in the current rule category to their defaults. foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { if (isset($enablesid[$k2])) unset($enablesid[$k2]); if (isset($disablesid[$k2])) unset($disablesid[$k2]); } } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; foreach ($enablesid as $k => $v) { $tmp .= "||{$v} {$k}"; } if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); $tmp = ""; foreach ($disablesid as $k => $v) { $tmp .= "||{$v} {$k}"; } if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_GET['act'] == "resetall" && !empty($rules_map)) { // Remove all modified SIDs from config.xml and save the changes. unset($a_rule[$id]['rule_sid_on']); unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_POST['customrules']) { $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); write_config(); sync_snort_package_config(); $output = ""; $retcode = ""; exec("snort -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -T 2>&1", $output, $retcode); if (intval($retcode) != 0) { $error = ""; $start = count($output); $end = $start - 4; for($i = $start; $i > $end; $i--) $error .= $output[$i]; $input_errors[] = "Custom rules have errors:\n {$error}"; } else { header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } } else if ($_POST['apply']) { /* Save new configuration */ write_config(); /*************************************************/ /* Update the snort conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = "on"; snort_generate_conf($a_rule[$id]); $rebuild_rules = "off"; /* Return to this same page */ header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } else if($_POST) { unset($a_rule[$id]['customrules']); write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = snort_get_friendly_interface($pconfig['interface']); $pgtitle = "Snort: {$if_friendly} Category: $currentruleset"; ?> ' . $pgtitle . '

';} /* Display message */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { print_info_box($savemsg); } ?>
"; $textse = ""; $iconb = "icon_reject_d.gif"; } elseif (($rules_map[$k1][$k2]['disabled'] == 1) && (!isset($enablesid[$sid]))) { $textss = ""; $textse = ""; $iconb = "icon_block_d.gif"; } elseif (isset($enablesid[$sid])) { $textss = $textse = ""; $iconb = "icon_reject.gif"; } else { $textss = $textse = ""; $iconb = "icon_block.gif"; } // Pick off the first section of the rule (prior to the start of the MSG field), // and then use a REGX split to isolate the remaining fields into an array. $tmp = substr($rules_map[$k1][$k2]['rule'], 0, strpos($rules_map[$k1][$k2]['rule'], "(")); $tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp)); $rule_content = preg_split('/[\s]+/', $tmp); $protocol = truncate($rule_content[1], 5); //protocol location $source = truncate($rule_content[2], 13); //source location $source_port = truncate($rule_content[3], 11); //source port location $destination = truncate($rule_content[5], 13); //destination location $destination_port = truncate($rule_content[6], 11); //destination port location $message = snort_get_msg($rules_map[$k1][$k2]['rule']); echo ""; ?>
 
Category:
"?>  
"?>    
 
   
   
      title="" width="17" height="17" border="0">
   
$textss $textse $textss $sid $textse $textss $protocol $textse $textss $source $textse $textss $source_port $textse $textss $destination $textse $textss $destination_port $textse $textss $message $textse " width="17" height="17" border="0">