0) { $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; } else $btn_view_flowb_rules = " disabled"; } else $btn_view_flowb_rules = " disabled"; // If a Snort VRT policy is enabled and selected, remove all Snort VRT // rules from the configured rule sets to allow automatic selection. if ($a_nat[$id]['ips_policy_enable'] == 'on') { if (isset($a_nat[$id]['ips_policy'])) { $disable_vrt_rules = "disabled"; $enabled_sets = explode("||", $a_nat[$id]['rulesets']); foreach ($enabled_sets as $k => $v) { if (substr($v, 0, 6) == "snort_") unset($enabled_sets[$k]); } $a_nat[$id]['rulesets'] = implode("||", $enabled_sets); } } else $disable_vrt_rules = ""; if (!empty($a_nat[$id]['rulesets'])) $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); else $enabled_rulesets_array = array(); if ($_POST["save"]) { if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; } else { $a_nat[$id]['ips_policy_enable'] = 'off'; unset($a_nat[$id]['ips_policy']); } $enabled_items = ""; if (is_array($_POST['toenable'])) $enabled_items = implode("||", $_POST['toenable']); else $enabled_items = $_POST['toenable']; $a_nat[$id]['rulesets'] = $enabled_items; if ($_POST['autoflowbits'] == "on") $a_nat[$id]['autoflowbitrules'] = 'on'; else { $a_nat[$id]['autoflowbitrules'] = 'off'; if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($a_nat[$id]); conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_nat[$id]); $pconfig = $_POST; $enabled_rulesets_array = explode("||", $enabled_items); if (snort_is_running($snort_uuid, $if_real)) $savemsg = gettext("Snort is 'live-reloading' the new rule set."); // Sync to configured CARP slaves if any are enabled snort_sync_on_changes(); } if ($_POST['unselectall']) { $a_nat[$id]['rulesets'] = ""; if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; } else { $a_nat[$id]['ips_policy_enable'] = 'off'; unset($a_nat[$id]['ips_policy']); } $pconfig['autoflowbits'] = $_POST['autoflowbits']; $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable']; $pconfig['ips_policy'] = $_POST['ips_policy']; $enabled_rulesets_array = array(); $savemsg = gettext("All rule categories have been de-selected. "); if ($a_nat[$id]['ips_policy_enable'] = 'on') $savemsg .= gettext("Only the rules included in the selected IPS Policy will be used."); else $savemsg .= gettext("There currently are no inspection rules enabled for this Snort instance!"); } if ($_POST['selectall']) { $enabled_rulesets_array = array(); if ($emergingdownload == 'on') { $files = glob("{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "*.rules"); foreach ($files as $file) $enabled_rulesets_array[] = basename($file); } elseif ($etpro == 'on') { $files = glob("{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "*.rules"); foreach ($files as $file) $enabled_rulesets_array[] = basename($file); } if ($snortcommunitydownload == 'on') { $files = glob("{$snortdir}/rules/" . GPL_FILE_PREFIX . "community.rules"); foreach ($files as $file) $enabled_rulesets_array[] = basename($file); } /* Include the Snort VRT rules only if enabled and no IPS policy is set */ if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') { $files = glob("{$snortdir}/rules/" . VRT_FILE_PREFIX . "*.rules"); foreach ($files as $file) $enabled_rulesets_array[] = basename($file); } } // Get any automatic rule category enable/disable modifications // if auto-SID Mgmt is enabled. $cat_mods = snort_sid_mgmt_auto_categories($a_nat[$id], FALSE); $if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Categories"); include_once("head.inc"); ?>
'; echo '
'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); $tab_array = array(); $tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Categories"), true, "/snort/snort_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?>

',$snortdir,''); ?>

' . gettext("Updates") . '' . gettext(" tab to download the rules configured on the ") . '' . gettext("Global") . '' . gettext(" tab."); ?>
\n"; if (!empty($emergingrules[$j])) { $file = $emergingrules[$j]; echo "\n"; echo "\n"; } else echo "\n"; if (!empty($snortrules[$j])) { $file = $snortrules[$j]; echo "\n"; echo "\n"; } else echo "\n"; if (!empty($snortsorules[$j])) { $file = $snortsorules[$j]; echo "\n"; echo "\n"; } else echo "\n"; echo "\n"; } ?>

/>   
 
/>   
  " . gettext("Note: ") . "" . gettext("Auto-enabled rules generating unwanted alerts should have their GID:SID added to the Suppression List for the interface."); ?>

onClick="enable_change()"/>  
  " . gettext("Note: ") . "" . gettext("You must be using the Snort VRT rules to use this option."); ?>
  
 

"/> "/> "/>
   
" />
" />
/>
"; if(is_array($enabled_rulesets_array)) { if(in_array($file, $enabled_rulesets_array) && !isset($cat_mods[$file])) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; } else $CHECKED = ""; if (isset($cat_mods[$file])) { if (in_array($file, $enabled_rulesets_array)) echo "\n"; if ($cat_mods[$file] == 'enabled') { $CHECKED = "enabled"; echo " \n\n"; } else { echo " \n\n"; } } else { echo " \n\n"; } echo "\n"; if (empty($CHECKED)) echo $file; else echo "{$file}\n"; echo "
"; if(is_array($enabled_rulesets_array)) { if (!empty($disable_vrt_rules)) $CHECKED = $disable_vrt_rules; elseif(in_array($file, $enabled_rulesets_array) && !isset($cat_mods[$file])) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; } else $CHECKED = ""; if (isset($cat_mods[$file])) { if (in_array($file, $enabled_rulesets_array)) echo "\n"; if ($cat_mods[$file] == 'enabled') { $CHECKED = "enabled"; echo " \n\n"; } else { echo " \n\n"; } } else { echo " \n\n"; } echo "\n"; if (empty($CHECKED) || $CHECKED == "disabled") echo $file; else echo "{$file}\n"; echo "
"; if(is_array($enabled_rulesets_array)) { if (!empty($disable_vrt_rules)) $CHECKED = $disable_vrt_rules; elseif(in_array($file, $enabled_rulesets_array) && !isset($cat_mods[$file])) $CHECKED = " checked=\"checked\""; else $CHECKED = ""; } else $CHECKED = ""; if (isset($cat_mods[$file])) { if (in_array($file, $enabled_rulesets_array)) echo "\n"; if ($cat_mods[$file] == 'enabled') { $CHECKED = "enabled"; echo " \n\n"; } else { echo " \n\n"; } } else { echo " \n\n"; } echo "\n"; if (empty($CHECKED) || $CHECKED == "disabled") echo $file; else echo "{$file}\n"; echo "
 
"/>