}
if (isset($_POST['substringLength']) && !empty($_POST['substringLength'])) {
$substringLength = $_POST['substringLength'];
}
if (isset($_POST['alertName']) && !empty($_POST['alertName'])) {
$alertName = $_POST['alertName'];
}
if (isset($_POST['snortFile']) && !empty($_POST['snortFile'])) {
$snortFile = $_POST['snortFile'];
if (!file_exists($snortFile)) {
//if the snort output file doesn't already exist, write out the header information
$header = "#\n#---------------------------\n# Data Loss Prevention rules\n#---------------------------\n";
writeToFile($snortFile, $header);
}
}
echo "<h2>Selected substring:</h2>";
$substring = selectSubstring($useRepository, $repositoryLocations, genHistogram($inputText), $inputText, $substringLength);
echo "\"{$substring}\"";
echo "<h2>Regex:</h2>";
echo createRegex($substring);
echo "<h2>Snort rule:</h2>";
$rule = createSnortRule(getNextsid($snortFile), $alertName, $substring);
echo "{$rule}<br><br>";
if ($snortFile != "") {
//if snortFile was passed, write the rule out to the snort file
writeToFile($snortFile, $rule);
echo "Snort rule written to {$snortFile}<br><br>";
}
?>
</body>
</html>
mysql_data_seek($result, $rowNum);
//goes to a specific result
$row = mysql_fetch_assoc($result);
// gets the specific result as a $row
$value = $row[$column];
//grabs the random number value
$value = sanitizeRegex($value);
//escapes any reserved regex char
$regex = $regex . $value . "|";
//builds the regex
}
$regex = substr($regex, 0, -1) . ")/i";
//completes the regex
mysql_close($conn);
//closes the db connection
$sid = getNextsid();
$rule = "alert tcp \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"Possible detection of: {$table} : {$column}\"; pcre:\"{$regex}\"; classtype:data-loss; sid:{$sid};)";
include "includes/dbconnect.php";
$query = "INSERT INTO rules (file_name, path, rule, regex, count, sid, type) VALUES ('{$table}', '{$column}', '{$rule}', '{$regex}', 1, {$sid}, 4)";
mysql_query($query);
include "includes/dbclose.php";
} else {
$noData = true;
}
}
} else {
if (!isset($_POST['server']) && !isset($_POST['server']) && !isset($_POST['table']) && !isset($_POST['db']) && !isset($_POST['port']) && !isset($_POST['user']) && !isset($_POST['pass'])) {
$incomplete = false;
} else {
$incomplete = true;
}
/**
* Process an individual filepath.
*
* Type = 1 for individual processed files, 2 for files processed from a folder crawl.
*
* @param $type - allows this function to use individual files (1) or files processed from a folder crawl (2)
* @param $path - the local mounted directory ("/mnt/share")
* @param $netPath - the actual network directory
* @param $scoringMethod - scoring technique used (i.e. histogram, random, etc.)
* @param $substringLength - from the config table
* @param $snortFile - from the config table
*/
function processFile($type, $path, $netPath, $scoringMethod, $substringLength, $snortFile)
{
if (!fileAlreadyProcessed($path)) {
$file = fopen($path, 'r') or die("processFile(): can't open {$path}");
$substring = "";
$inputText = fread($file, filesize($path));
fclose($file);
switch ($scoringMethod) {
case "histogram":
$substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, 0);
break;
case "modifiedhist":
//$substring = selectSubstringModifiedHistogram(genHistogram($inputText), $inputText, $substringLength);
break;
case "multipleRandSamples":
break;
case "random":
//$substring = selectSubstringRandom($inputText, $substringLength);
break;
default:
$substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, 0);
}
if ($substring == "") {
return;
//if no unique substring is found, skip this file
}
$sid = getNextsid();
$rule = createSnortRule($sid, $path, $substring);
if ($snortFile != "") {
//if snortFile was passed, write the rule out to the snort file
writeToFile($snortFile, $rule);
}
//writes file to the database
include "dbconnect.php";
$parts = explode("/", $path);
//get our path element parts
$fileName = array_pop($parts);
$path = implode("/", $parts);
//rebuild our path
$netPath = mysql_real_escape_string($netPath);
//path name to be stored in the database
$path = mysql_real_escape_string($path);
$fileName = mysql_real_escape_string($fileName);
$rule = mysql_real_escape_string($rule);
$regex = mysql_real_escape_string(createRegex($substring));
$query = "INSERT INTO rules (file_name, path, rule, regex, count, sid, type) VALUES ('{$fileName}', '{$netPath}', '{$rule}', '{$regex}', 1, {$sid}, {$type})";
mysql_query($query);
include "dbclose.php";
}
return;
}
