$length) $string = substr($string, 0, ($length - 2)) . "..."; return $string; } function add_title_attribute($tag, $title) { /******************************** * This function adds a "title" * * attribute to the passed tag * * and sets the value to the * * value specified by "$title". * ********************************/ $result = ""; if (empty($tag)) { // If passed an empty element tag, then // just create a tag with title $result = ""; } else { // Find the ending ">" for the element tag $pos = strpos($tag, ">"); if ($pos !== false) { // We found the ">" delimter, so add "title" // attribute and close the element tag $result = substr($tag, 0, $pos) . " title=\"" . $title . "\">"; } else { // We did not find the ">" delimiter, so // something is wrong, just return the // tag "as-is" $result = $tag; } } return $result; } /* convert fake interfaces to real */ $if_real = suricata_get_real_interface($pconfig['interface']); $suricata_uuid = $a_rule[$id]['uuid']; $suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}"; $snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules']; $emergingdownload = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; $etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; $categories = explode("||", $pconfig['rulesets']); if ($_GET['openruleset']) $currentruleset = $_GET['openruleset']; else if ($_POST['openruleset']) $currentruleset = $_POST['openruleset']; else $currentruleset = $categories[0]; if (empty($categories[0]) && ($currentruleset != "custom.rules") && ($currentruleset != "Auto-Flowbit Rules")) { if (!empty($a_rule[$id]['ips_policy'])) $currentruleset = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']); else $currentruleset = "custom.rules"; } /* One last sanity check -- if the rules directory is empty, default to loading custom rules */ $tmp = glob("{$suricatadir}rules/*.rules"); if (empty($tmp)) $currentruleset = "custom.rules"; $ruledir = "{$suricatadir}rules"; $rulefile = "{$ruledir}/{$currentruleset}"; if ($currentruleset != 'custom.rules') { // Read the current rules file into our rules map array. // If it is the auto-flowbits file, set the full path. if ($currentruleset == "Auto-Flowbit Rules") $rulefile = "{$suricatacfgdir}/rules/" . FLOWBITS_FILENAME; // Test for the special case of an IPS Policy file. if (substr($currentruleset, 0, 10) == "IPS Policy") $rules_map = suricata_load_vrt_policy($a_rule[$id]['ips_policy']); elseif (!file_exists($rulefile)) $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again."); else $rules_map = suricata_load_rules_map($rulefile); } /* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ $enablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_on']); $disablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_off']); if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { // Get the GID tag embedded in the clicked rule icon. $gid = $_GET['gid']; // Get the SID tag embedded in the clicked rule icon. $sid= $_GET['ids']; // See if the target SID is in our list of modified SIDs, // and toggle it back to default if present; otherwise, // add it to the appropriate modified SID list. if (isset($enablesid[$gid][$sid])) unset($enablesid[$gid][$sid]); elseif (isset($disablesid[$gid][$sid])) unset($disablesid[$gid][$sid]); else { if ($rules_map[$gid][$sid]['disabled'] == 1) $enablesid[$gid][$sid] = "enablesid"; else $disablesid[$gid][$sid] = "disablesid"; } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; foreach (array_keys($enablesid) as $k1) { foreach (array_keys($enablesid[$k1]) as $k2) $tmp .= "{$k1}:{$k2}||"; } $tmp = rtrim($tmp, "||"); if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); $tmp = ""; foreach (array_keys($disablesid) as $k1) { foreach (array_keys($disablesid[$k1]) as $k2) $tmp .= "{$k1}:{$k2}||"; } $tmp = rtrim($tmp, "||"); if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ write_config(); $_GET['openruleset'] = $currentruleset; $anchor = "rule_{$gid}_{$sid}"; } if ($_GET['act'] == "disable_all" && !empty($rules_map)) { // Mark all rules in the currently selected category "disabled". foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { if (isset($enablesid[$k1][$k2])) unset($enablesid[$k1][$k2]); $disablesid[$k1][$k2] = "disablesid"; } } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; foreach (array_keys($enablesid) as $k1) { foreach (array_keys($enablesid[$k1]) as $k2) $tmp .= "{$k1}:{$k2}||"; } $tmp = rtrim($tmp, "||"); if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); $tmp = ""; foreach (array_keys($disablesid) as $k1) { foreach (array_keys($disablesid[$k1]) as $k2) $tmp .= "{$k1}:{$k2}||"; } $tmp = rtrim($tmp, "||"); if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); write_config(); $_GET['openruleset'] = $currentruleset; header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_GET['act'] == "enable_all" && !empty($rules_map)) { // Mark all rules in the currently selected category "enabled". foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { if (isset($disablesid[$k1][$k2])) unset($disablesid[$k1][$k2]); $enablesid[$k1][$k2] = "enablesid"; } } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; foreach (array_keys($enablesid) as $k1) { foreach (array_keys($enablesid[$k1]) as $k2) $tmp .= "{$k1}:{$k2}||"; } $tmp = rtrim($tmp, "||"); if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); $tmp = ""; foreach (array_keys($disablesid) as $k1) { foreach (array_keys($disablesid[$k1]) as $k2) $tmp .= "{$k1}:{$k2}||"; } $tmp = rtrim($tmp, "||"); if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); write_config(); $_GET['openruleset'] = $currentruleset; header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { // Reset any modified SIDs in the current rule category to their defaults. foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { if (isset($enablesid[$k1][$k2])) unset($enablesid[$k1][$k2]); if (isset($disablesid[$k1][$k2])) unset($disablesid[$k1][$k2]); } } // Write the updated enablesid and disablesid values to the config file. $tmp = ""; foreach (array_keys($enablesid) as $k1) { foreach (array_keys($enablesid[$k1]) as $k2) $tmp .= "{$k1}:{$k2}||"; } $tmp = rtrim($tmp, "||"); if (!empty($tmp)) $a_rule[$id]['rule_sid_on'] = $tmp; else unset($a_rule[$id]['rule_sid_on']); $tmp = ""; foreach (array_keys($disablesid) as $k1) { foreach (array_keys($disablesid[$k1]) as $k2) $tmp .= "{$k1}:{$k2}||"; } $tmp = rtrim($tmp, "||"); if (!empty($tmp)) $a_rule[$id]['rule_sid_off'] = $tmp; else unset($a_rule[$id]['rule_sid_off']); write_config(); $_GET['openruleset'] = $currentruleset; header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_GET['act'] == "resetall" && !empty($rules_map)) { // Remove all modified SIDs from config.xml and save the changes. unset($a_rule[$id]['rule_sid_on']); unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ write_config(); $_GET['openruleset'] = $currentruleset; header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_POST['clear']) { unset($a_rule[$id]['customrules']); write_config(); $rebuild_rules = true; suricata_generate_yaml($a_rule[$id]); $rebuild_rules = false; header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } if ($_POST['customrules']) { $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); write_config(); $rebuild_rules = true; suricata_generate_yaml($a_rule[$id]); $rebuild_rules = false; $output = ""; $retcode = ""; // exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode); // if (intval($retcode) != 0) { // $error = ""; // $start = count($output); // $end = $start - 4; // for($i = $start; $i > $end; $i--) // $error .= $output[$i]; // $input_errors[] = "Custom rules have errors:\n {$error}"; // } // else { // header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}"); // exit; // } } else if ($_POST['apply']) { /* Save new configuration */ write_config(); /*************************************************/ /* Update the suricata.yaml file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; suricata_generate_yaml($a_rule[$id]); $rebuild_rules = false; /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); /* Return to this same page */ header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); exit; } else if ($_POST['cancel']) { /* Return to this same page */ header("Location: /suricata/suricata_rules.php?id={$id}"); exit; } require_once("guiconfig.inc"); include_once("head.inc"); $if_friendly = suricata_get_friendly_interface($pconfig['interface']); $pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset}"); ?> ' . $pgtitle . '
';} /* Display message */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } if ($savemsg) { print_info_box($savemsg); } ?>