//find if alert is disabled $disabled = strstr($tempstring, $findme); //if find alert is false, then rule is disabled if ($disabled !== false) { //rule has been enabled //move counter up 1, so we do not retrieve the # in the rule_content array $tempstring = str_replace("# alert", "alert", $tempstring); } else { //has rule been disabled //move counter up 1, so we do not retrieve the # in the rule_content array $tempstring = str_replace("alert", "# alert", $tempstring); } //copy string into array for writing $splitcontents[$toggleid] = $tempstring; //write the new .rules file write_rule_file($splitcontents, $file); //once file has been written, reload file $splitcontents = load_rule_file($file); $stopMsg = true; //write disable/enable sid to config.xml if ($disabled == false) { $string_sid = strstr($tempstring, 'sid:'); $sid_pieces = explode(";", $string_sid); $sid_off_cut = $sid_pieces[0]; // sid being turned off $sid_off = str_replace("sid:", "", $sid_off_cut); // rule_sid_on registers $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; // if off sid is the same as on sid remove it $sid_on_old = str_replace("||enablesid {$sid_off}", "", "{$sid_on_pieces}"); // write the replace sid back as empty
// Count Groups $result = $xml->xpath("//myns:Group"); $count = count($result); echo "Groups: {$count}\n"; // Count rules $result = $xml->xpath("//myns:Rule"); $rule_count = count($result); echo "Rules: {$rule_count}\n"; // Count titles (found in Group and rule nodes) $result = $xml->xpath("//myns:title"); $count = count($result); echo "titles: {$count}\n"; echo "\n"; // Clear $content var and output file $content = ""; write_rule_file(FILE_PATH . FILE_SEP . FILE_OUTPUT, ""); // Loop through rules and generate output files foreach ($xml->xpath("//myns:Rule") as $Rule) { $cnt += 1; if ($cnt <= $offset) { continue; } if ($cnt > $limit + $offset) { break; } echo "{$cnt} " . $Rule->title . "\n"; echo " id: " . xml_attribute($Rule, "id") . "\n"; $severity = xml_attribute($Rule, "severity"); echo " ident: " . $Rule->ident . "\n"; // get parent node, which is a Group $Group = $Rule->xpath("./..");