$length) $string = substr($string, 0, ($length - 3)) . "..."; return $string; } /* convert fake interfaces to real */ $if_real = snort_get_real_interface($pconfig['interface']); $snort_uuid = $a_rule[$id]['uuid']; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats']; $categories = explode("||", $pconfig['rulesets']); if ($_GET['openruleset']) $currentruleset = $_GET['openruleset']; else if ($_POST['openruleset']) $currentruleset = $_POST['openruleset']; else $currentruleset = $categories[0]; if (empty($categories[0]) && ($currentruleset != "custom.rules")) { if (!empty($a_rule[$id]['ips_policy'])) $currentruleset = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); else $currentruleset = "custom.rules"; } $ruledir = "{$snortdir}/rules"; $rulefile = "{$ruledir}/{$currentruleset}"; if ($currentruleset != 'custom.rules') { // Read the current rules file into our rules map array. // Test for the special case of an IPS Policy file. if (substr($currentruleset, 0, 10) == "IPS Policy") $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); elseif (!file_exists($rulefile)) $input_errors[] = "{$currentruleset} seems to be missing!!! Please go to the Category tab and save again the rule to regenerate it."; else $rules_map = snort_load_rules_map($rulefile); } /* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ $enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on'], "enablesid"); $disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off'], "disablesid"); if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { // Get the SID tag embedded in the clicked rule icon. $sid= $_GET['ids']; // See if the target SID is in our list of modified SIDs, // and toggle it if present; otherwise, add it to the // appropriate list. if (isset($enablesid[$sid])) { unset($enablesid[$sid]); if (!isset($disablesid[$sid])) $disablesid[$sid] = "disablesid"; } elseif (isset($disablesid[$sid])) { unset($disablesid[$sid]); if (!isset($enablesid[$sid])) $enablesid[$sid] = "enablesid"; } else { if ($rules_map[1][$sid]['disabled'] == 1) $enablesid[$sid] = "enablesid"; else $disablesid[$sid] = "disablesid"; } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; foreach ($enablesid as $k => $v) { $tmp .= "||{$v} {$k}"; } if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); $tmp = ""; foreach ($disablesid as $k => $v) { $tmp .= "||{$v} {$k}"; } if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { // Reset any modified SIDs in the current rule category to their defaults. foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { if (isset($enablesid[$k2])) unset($enablesid[$k2]); if (isset($disablesid[$k2])) unset($disablesid[$k2]); } } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; foreach ($enablesid as $k => $v) { $tmp .= "||{$v} {$k}"; } if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); $tmp = ""; foreach ($disablesid as $k => $v) { $tmp .= "||{$v} {$k}"; } if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_GET['act'] == "resetall" && !empty($rules_map)) { // Remove all modified SIDs from config.xml and save the changes. unset($a_rule[$id]['rule_sid_on']); unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_POST['customrules']) { $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); write_config(); sync_snort_package_config(); $output = ""; $retcode = ""; exec("snort -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf -T 2>&1", $output, $retcode); if (intval($retcode) != 0) { $error = ""; $start = count($output); $end = $start - 4; for($i = $start; $i > $end; $i--) $error .= $output[$i]; $input_errors[] = "Custom rules have errors:\n {$error}"; } else { header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } } else if ($_POST) { unset($a_rule[$id]['customrules']); write_config(); header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = snort_get_friendly_interface($pconfig['interface']); $pgtitle = "Snort: {$if_friendly} Category: $currentruleset"; ?>
' . $pgtitle . '';} /* Display message */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { print_info_box($savemsg); } ?>