function snort_apply_customizations($snortcfg, $if_real)
{
global $config, $g, $snortdir;
if (empty($snortcfg['rulesets'])) {
return;
} else {
update_status(gettext("Your set of configured rules are being copied..."));
log_error("Your set of configured rules are being copied...");
$enabled_rulesets_array = explode("||", $snortcfg['rulesets']);
foreach ($enabled_rulesets_array as $enabled_item) {
@copy("{$snortdir}/rules/{$enabled_item}", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$enabled_item}");
if (substr($enabled_item, 0, 5) == "snort" && substr($enabled_item, -9) == ".so.rules") {
$slib = substr($enabled_item, 6, -6);
if (file_exists("/usr/local/lib/snort/dynamicrules/{$slib}")) {
@copy("/usr/local/lib/snort/dynamicrules/{$slib}", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/dynamicrules/{$slib}");
}
}
}
@copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config");
@copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/gen-msg.map");
if (is_dir("{$snortdir}/generators")) {
exec("/bin/cp -r {$snortdir}/generators {$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}");
}
@copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/reference.config");
@copy("{$snortdir}/sid", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/sid");
@copy("{$snortdir}/sid-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/sid-msg.map");
@copy("{$snortdir}/unicode.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/unicode.map");
}
if (!empty($snortcfg['rule_sid_on']) || !empty($snortcfg['rule_sid_off'])) {
if (!empty($snortcfg['rule_sid_on'])) {
$enabled_sid_on_array = explode("||", trim($snortcfg['rule_sid_on']));
$enabled_sids = array_flip($enabled_sid_on_array);
}
if (!empty($snortcfg['rule_sid_off'])) {
$enabled_sid_off_array = explode("||", trim($snortcfg['rule_sid_off']));
$disabled_sids = array_flip($enabled_sid_off_array);
}
$files = glob("{$snortdir}/snort_{$snortcfg}_{$if_real}/rules/*.rules");
foreach ($files as $file) {
$splitcontents = file($file);
$changed = false;
foreach ($splitcontents as $counter => $value) {
$sid = snort_get_rule_part($value, 'sid:', ';', 0);
if (!is_numeric($sid)) {
continue;
}
if (isset($enabled_sids["enablesid {$sid}"])) {
if (substr($value, 0, 5) == "alert") {
/* Rule is already enabled */
continue;
}
if (substr($value, 0, 7) == "# alert") {
/* Rule is disabled, change */
$splitcontents[$counter] = substr($value, 2);
$changed = true;
} else {
if (substr($splitcontents[$counter - 1], 0, 5) == "alert") {
/* Rule is already enabled */
continue;
} else {
if (substr($splitcontents[$counter - 1], 0, 7) == "# alert") {
/* Rule is disabled, change */
$splitcontents[$counter - 1] = substr($value, 2);
$changed = true;
}
}
}
} else {
if (isset($disabled_sids["disablesid {$sid}"])) {
if (substr($value, 0, 7) == "# alert") {
/* Rule is already disabled */
continue;
}
if (substr($value, 0, 5) == "alert") {
/* Rule is enabled, change */
$splitcontents[$counter] = "# {$value}";
$changed = true;
} else {
if (substr($splitcontents[$counter - 1], 0, 7) == "# alert") {
/* Rule is already disabled */
continue;
} else {
if (substr($splitcontents[$counter - 1], 0, 5) == "alert") {
/* Rule is enabled, change */
$splitcontents[$counter - 1] = "# {$value}";
$changed = true;
}
}
}
}
}
}
if ($changed == true) {
@file_put_contents($file, implode("\n", $splitcontents));
}
}
}
}
$source = substr($rule_content[$counter2], 0, 20) . "...";
//source location
$counter2++;
$source_port = $rule_content[$counter2];
//source port location
$counter2 = $counter2 + 2;
$destination = substr($rule_content[$counter2], 0, 20) . "...";
//destination location
$counter2++;
$destination_port = $rule_content[$counter2];
//destination port location
if (strstr($value, 'msg: "')) {
$message = snort_get_rule_part($value, 'msg: "', '";', 0);
} else {
if (strstr($value, 'msg:"')) {
$message = snort_get_rule_part($value, 'msg:"', '";', 0);
}
}
echo "<tr><td width='3%' class='listt'> {$textss}\n\t\t\t<a href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$counter}'>\n\t\t\t<img src='../themes/{$g['theme']}/images/icons/{$iconb}'\n\t\t\twidth='10' height='10' border='0'\n\t\t\ttitle='" . gettext("click to toggle enabled/disabled status") . "'></a>\n\t\t\t{$textse}\n\t\t </td>\n\t\t <td width='7%' class=\"listlr\">\n\t\t\t\t{$textss} {$sid} {$textse}\n\t\t </td>\n\t\t <td width='4%' class=\"listlr\">\n\t\t\t\t{$textss} {$protocol} {$textse}\n\t\t </td>\n\t\t <td width='15%' class=\"listlr\">\n\t\t\t\t{$textss} {$source} {$textse}\n\t\t </td>\n\t\t <td width='10%' class=\"listlr\">\n\t\t\t\t{$textss} {$source_port} {$textse}\n\t\t </td>\n\t\t <td width='15%' class=\"listlr\">\n\t\t\t\t{$textss} {$destination} {$textse}\n\t\t </td>\n\t\t <td width='10%' class=\"listlr\">\n\t\t\t {$textss} {$destination_port} {$textse}\n\t\t </td>\n\t\t\t<td width='30%' class=\"listbg\"><font color=\"white\"> \n\t\t\t\t{$textss} {$message} {$textse}\n\t\t </td>";
?>
<td width='5%' valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
<td><a href="javascript: void(0)"
onclick="popup('snort_rules_edit.php?id=<?php
echo $id;
?>
&openruleset=<?php
echo $currentruleset;
?>
')"><img
