function processDirectory($startingDirectory) { /* * Create a histogram for every file in the specified directory * and insert the histogram into the global histogram in the database. */ if ($dObj = dir($startingDirectory)) { while ($thisEntry = $dObj->read()) { if ($thisEntry != "." && $thisEntry != "..") { $path = "{$startingDirectory}/{$thisEntry}"; $file = fopen($path, 'r'); $inputText = fread($file, filesize($path)); //Generate a histogram for the file and insert it into the database $histogram = genHistogram($inputText); insertHistogramInDatabase($histogram); // If the entry is a directory, recursively call our function on it if ($thisEntry != 0 && is_dir($startingDirectory / $thisEntry)) { processDirectory("{$startingDirectory}/{$thisEntry}"); } } else { //ignore "." and ".." to prevent an infinite loop } } } return False; }
} if (isset($_POST['substringLength']) && !empty($_POST['substringLength'])) { $substringLength = $_POST['substringLength']; } if (isset($_POST['alertName']) && !empty($_POST['alertName'])) { $alertName = $_POST['alertName']; } if (isset($_POST['snortFile']) && !empty($_POST['snortFile'])) { $snortFile = $_POST['snortFile']; if (!file_exists($snortFile)) { //if the snort output file doesn't already exist, write out the header information $header = "#\n#---------------------------\n# Data Loss Prevention rules\n#---------------------------\n"; writeToFile($snortFile, $header); } } echo "<h2>Selected substring:</h2>"; $substring = selectSubstring($useRepository, $repositoryLocations, genHistogram($inputText), $inputText, $substringLength); echo "\"{$substring}\""; echo "<h2>Regex:</h2>"; echo createRegex($substring); echo "<h2>Snort rule:</h2>"; $rule = createSnortRule(getNextsid($snortFile), $alertName, $substring); echo "{$rule}<br><br>"; if ($snortFile != "") { //if snortFile was passed, write the rule out to the snort file writeToFile($snortFile, $rule); echo "Snort rule written to {$snortFile}<br><br>"; } ?> </body> </html>
//based on sampling method chosen, select the identifiable substring switch ($scoringMethod) { case "histogram": $substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, 0); break; case "modifiedhist": $substring = selectSubstringModifiedHistogram(genHistogram($inputText), $inputText, $substringLength); break; case "multipleRandSamples": $substring = ""; break; case "random": $substring = selectSubstringRandom($inputText, $substringLength); break; default: $substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, 0); } echo "\"{$substring}\""; ?> </div> </div> <div class="post"> <h2 class="title">Regular Expression</a></h2> <div class="entry"> <?php $regex = createRegex($substring); echo $regex . "<br><br>"; ?> </div> </div>
/** * Process an individual filepath. * * Type = 1 for individual processed files, 2 for files processed from a folder crawl. * * @param $type - allows this function to use individual files (1) or files processed from a folder crawl (2) * @param $path - the local mounted directory ("/mnt/share") * @param $netPath - the actual network directory * @param $scoringMethod - scoring technique used (i.e. histogram, random, etc.) * @param $substringLength - from the config table * @param $snortFile - from the config table */ function processFile($type, $path, $netPath, $scoringMethod, $substringLength, $snortFile) { if (!fileAlreadyProcessed($path)) { $file = fopen($path, 'r') or die("processFile(): can't open {$path}"); $substring = ""; $inputText = fread($file, filesize($path)); fclose($file); switch ($scoringMethod) { case "histogram": $substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, 0); break; case "modifiedhist": //$substring = selectSubstringModifiedHistogram(genHistogram($inputText), $inputText, $substringLength); break; case "multipleRandSamples": break; case "random": //$substring = selectSubstringRandom($inputText, $substringLength); break; default: $substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, 0); } if ($substring == "") { return; //if no unique substring is found, skip this file } $sid = getNextsid(); $rule = createSnortRule($sid, $path, $substring); if ($snortFile != "") { //if snortFile was passed, write the rule out to the snort file writeToFile($snortFile, $rule); } //writes file to the database include "dbconnect.php"; $parts = explode("/", $path); //get our path element parts $fileName = array_pop($parts); $path = implode("/", $parts); //rebuild our path $netPath = mysql_real_escape_string($netPath); //path name to be stored in the database $path = mysql_real_escape_string($path); $fileName = mysql_real_escape_string($fileName); $rule = mysql_real_escape_string($rule); $regex = mysql_real_escape_string(createRegex($substring)); $query = "INSERT INTO rules (file_name, path, rule, regex, count, sid, type) VALUES ('{$fileName}', '{$netPath}', '{$rule}', '{$regex}', 1, {$sid}, {$type})"; mysql_query($query); include "dbclose.php"; } return; }