0) { $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; } else $btn_view_flowb_rules = " disabled"; } else $btn_view_flowb_rules = " disabled"; // If a Snort VRT policy is enabled and selected, remove all Snort VRT // rules from the configured rule sets to allow automatic selection. if ($a_nat[$id]['ips_policy_enable'] == 'on') { if (isset($a_nat[$id]['ips_policy'])) { $disable_vrt_rules = "disabled"; $enabled_sets = explode("||", $a_nat[$id]['rulesets']); foreach ($enabled_sets as $k => $v) { if (substr($v, 0, 6) == "snort_") unset($enabled_sets[$k]); } $a_nat[$id]['rulesets'] = implode("||", $enabled_sets); } } else $disable_vrt_rules = ""; if (!empty($a_nat[$id]['rulesets'])) $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); else $enabled_rulesets_array = array(); if ($_POST["save"]) { if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; } else { $a_nat[$id]['ips_policy_enable'] = 'off'; unset($a_nat[$id]['ips_policy']); } $enabled_items = ""; if (is_array($_POST['toenable'])) $enabled_items = implode("||", $_POST['toenable']); else $enabled_items = $_POST['toenable']; $a_nat[$id]['rulesets'] = $enabled_items; if ($_POST['autoflowbits'] == "on") $a_nat[$id]['autoflowbitrules'] = 'on'; else { $a_nat[$id]['autoflowbitrules'] = 'off'; if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($a_nat[$id]); conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_nat[$id]); $pconfig = $_POST; $enabled_rulesets_array = explode("||", $enabled_items); if (snort_is_running($snort_uuid, $if_real)) $savemsg = gettext("Snort is 'live-reloading' the new rule set."); // Sync to configured CARP slaves if any are enabled snort_sync_on_changes(); } if ($_POST['unselectall']) { $a_nat[$id]['rulesets'] = ""; if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; } else { $a_nat[$id]['ips_policy_enable'] = 'off'; unset($a_nat[$id]['ips_policy']); } $pconfig['autoflowbits'] = $_POST['autoflowbits']; $pconfig['ips_policy_enable'] = $_POST['ips_policy_enable']; $pconfig['ips_policy'] = $_POST['ips_policy']; $enabled_rulesets_array = array(); $savemsg = gettext("All rule categories have been de-selected. "); if ($a_nat[$id]['ips_policy_enable'] = 'on') $savemsg .= gettext("Only the rules included in the selected IPS Policy will be used."); else $savemsg .= gettext("There currently are no inspection rules enabled for this Snort instance!"); } if ($_POST['selectall']) { $enabled_rulesets_array = array(); if ($emergingdownload == 'on') { $files = glob("{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "*.rules"); foreach ($files as $file) $enabled_rulesets_array[] = basename($file); } elseif ($etpro == 'on') { $files = glob("{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "*.rules"); foreach ($files as $file) $enabled_rulesets_array[] = basename($file); } if ($snortcommunitydownload == 'on') { $files = glob("{$snortdir}/rules/" . GPL_FILE_PREFIX . "community.rules"); foreach ($files as $file) $enabled_rulesets_array[] = basename($file); } /* Include the Snort VRT rules only if enabled and no IPS policy is set */ if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') { $files = glob("{$snortdir}/rules/" . VRT_FILE_PREFIX . "*.rules"); foreach ($files as $file) $enabled_rulesets_array[] = basename($file); } } // Get any automatic rule category enable/disable modifications // if auto-SID Mgmt is enabled. $cat_mods = snort_sid_mgmt_auto_categories($a_nat[$id], FALSE); $if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Categories"); include_once("head.inc"); ?>