}
// Make sure a rule index ID is appended to the return URL
if (strpos($referrer, "?id={$id}") === FALSE) {
    $referrer .= "?id={$id}";
}
// If RETURN button clicked, exit to original calling page
if ($_POST['cancel']) {
    header("Location: {$referrer}");
    exit;
}
$if_real = get_real_interface($a_nat[$id]['interface']);
$snort_uuid = $a_nat[$id]['uuid'];
/* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */
if ($a_nat[$id]['autoflowbitrules'] == 'on') {
    if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && filesize("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) {
        $rules_map = snort_load_rules_map("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
    } else {
        $savemsg = gettext("There are no flowbit-required rules necessary for the current enforcing rule set.");
    }
} else {
    $input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!");
}
if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) {
    $descr = snort_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']);
    $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n");
    if (empty($descr)) {
        $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
    } else {
        $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
    }
    if (!is_array($config['installedpackages']['snortglobal']['suppress'])) {
Ejemplo n.º 2
0
$tmp = glob("{$snortdir}/rules/*.rules");
if (empty($tmp)) {
    $currentruleset = "custom.rules";
}
$rulefile = "{$snortdir}/rules/{$currentruleset}";
if ($currentruleset != 'custom.rules') {
    // Read the current rules file into our rules map array.
    // If it is the auto-flowbits file, set the full path.
    if ($currentruleset == "Auto-Flowbit Rules") {
        $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME);
    } elseif (substr($currentruleset, 0, 10) == "IPS Policy") {
        $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']);
    } elseif (file_exists("{$snortdir}/preproc_rules/{$currentruleset}")) {
        $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$currentruleset}");
    } elseif (file_exists($rulefile)) {
        $rules_map = snort_load_rules_map($rulefile);
    } else {
        $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again.");
    }
}
/* Process the current category rules through any auto SID MGMT changes if enabled */
snort_auto_sid_mgmt($rules_map, $a_rule[$id], FALSE);
/* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */
$enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']);
$disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']);
if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) {
    // Get the GID:SID tags embedded in the clicked rule icon.
    $gid = $_POST['gid'];
    $sid = $_POST['sid'];
    // See if the target SID is in our list of modified SIDs,
    // and toggle if present; otherwise, add it to the
        foreach (array_keys($rules_map) as $k1) {
            foreach (array_keys($rules_map[$k1]) as $k2) {
                $contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . "   SID: {$k2}\n";
                $contents .= $rules_map[$k1][$k2]['rule'] . "\n";
            }
        }
    }
    unset($rules_map);
} elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
    // If flowbit rule, point to interface-specific file
    if ($file == "Auto-Flowbit Rules") {
        $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME);
    } elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) {
        $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$file}");
    } else {
        $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}");
    }
    $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
    $wrap_flag = "soft";
} elseif ($file == "Auto-Flowbit Rules") {
    $contents = file_get_contents("{$snortcfgdir}/rules/{$flowbit_rules_file}");
} elseif (file_exists("{$snortdir}/rules/{$file}")) {
    $contents = file_get_contents("{$snortdir}/rules/{$file}");
} elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) {
    $contents = file_get_contents("{$snortdir}/preproc_rules/{$file}");
} elseif (file_exists("{$snortlogdir}/{$file}")) {
    $contents = file_get_contents("{$snortlogdir}/{$file}");
} else {
    $contents = gettext("Unable to open file: {$displayfile}");
}
$pgtitle = array(gettext("Snort"), gettext("File Viewer"));