if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
$config['installedpackages']['snortglobal']['rule'] = array();
}
$a_rule =& $config['installedpackages']['snortglobal']['rule'];
$id = $_GET['id'];
if (is_null($id)) {
header("Location: /snort/snort_interfaces.php");
exit;
}
if (isset($id) && $a_rule[$id]) {
$pconfig['enable'] = $a_rule[$id]['enable'];
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
}
/* convert fake interfaces to real */
$if_real = snort_get_real_interface($pconfig['interface']);
$snort_uuid = $a_rule[$id]['uuid'];
$file = $_GET['openruleset'];
//read file into string, and get filesize also chk for empty files
$contents = '';
if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}")) {
$contents = file_get_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}");
} else {
header("Location: /snort/snort_rules.php?id={$id}&openruleset={$file}");
exit;
}
//split the contents of the string file into an array using the delimiter
$splitcontents = explode("\n", $contents);
$pgtitle = array(gettext("Advanced"), gettext("File Editor"));
?>
exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
/* might have to add a sleep for 3sec for flash drives or old drives */
exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
}
}
}
/* Start the proccess for every interface rule */
/* TODO: try to make the code smother */
if (is_array($config['installedpackages']['snortglobal']['rule'])) {
foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
$result_lan = $value['interface'];
$if_real = snort_get_real_interface($result_lan);
$iface_uuid = $value['uuid'];
/* make oinkmaster.conf for each interface rule */
oinkmaster_conf($id, $if_real, $iface_uuid);
/* run oinkmaster for each interface rule */
oinkmaster_run($id, $if_real, $iface_uuid);
}
}
//////////////
/* mark the time update finnished */
$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
/* remove old $tmpfname files */
if (is_dir('/usr/local/etc/snort/tmp')) {
update_status(gettext("Cleaning up..."));
exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
sleep(2);
display_top_tabs($tab_array);
?>
</td></tr>
<tr>
<td class="tabnavtbl">
<?php
if ($a_nat[$id]['interface'] != '') {
/* get the interface name */
$snortInterfaces = array();
/* -gtm */
$if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface'];
$if_array = split(',', $if_list);
if ($if_array) {
foreach ($if_array as $iface2) {
/* build a list of user specified interfaces -gtm */
$if2 = snort_get_real_interface($iface2);
if ($if2) {
array_push($snortInterfaces, $if2);
}
}
if (count($snortInterfaces) < 1) {
log_error("Snort will not start. You must select an interface for it to listen on.");
}
}
}
?>
</td>
</tr>
<tr>
<td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
}
}
}
}
}
if ($changed == true) {
@file_put_contents($file, implode("\n", $splitcontents));
}
}
}
}
if ($snortdownload == 'on' || $emergingthreats == 'on') {
/* You are Not Up to date, always stop snort when updating rules for low end machines */
/* Start the proccess for every interface rule */
if (is_array($config['installedpackages']['snortglobal']['rule'])) {
foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
$if_real = snort_get_real_interface($value['interface']);
/* make oinkmaster.conf for each interface rule */
snort_apply_customizations($value, $if_real);
}
}
exec("/bin/sh /usr/local/etc/rc.d/snort.sh restart");
sleep(10);
if (!is_process_running("snort")) {
exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
}
update_output_window(gettext("Snort has restarted with your new set of rules..."));
log_error("Snort has restarted with your new set of rules...");
}
update_status(gettext("The Rules update finished..."));
conf_mount_ro();
</tr>
</table>
</td>
</tr>
<?php
$nnats = $i = 0;
foreach ($a_nat as $natent) {
?>
<tr valign="top" id="fr<?php
echo $nnats;
?>
">
<?php
/* convert fake interfaces to real and check if iface is up */
/* There has to be a smarter way to do this */
$if_real = snort_get_real_interface($natent['interface']);
$snort_uuid = $natent['uuid'];
$tester2 = Running_Ck($snort_uuid, $if_real, $id);
if ($tester2 == 'no') {
$iconfn = 'pass';
$class_color_up = 'listbg';
} else {
$class_color_up = 'listbg2';
$iconfn = 'block';
}
?>
<td class="listt">
<a href="?act=toggle&id=<?php
echo $i;
?>
">
}
/* check if firewall widget variable is set */
if (!isset($nentries)) {
$nentries = 5;
}
/* retrieve snort variables */
require_once "/usr/local/pkg/snort/snort.inc";
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
$config['installedpackages']['snortglobal']['rule'] = array();
}
$a_instance =& $config['installedpackages']['snortglobal']['rule'];
/* read log file(s) */
$counter = 0;
foreach ($a_instance as $instanceid => $instance) {
$snort_uuid = $a_instance[$instanceid]['uuid'];
$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
/* make sure alert file exists */
if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
if (file_exists("/tmp/alert_{$snort_uuid}")) {
$tmpblocked = array_flip(snort_get_blocked_ips());
/* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
/* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
$fd = fopen("/tmp/alert_{$snort_uuid}", "r");
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
if (count($fields) < 11) {
continue;
}
$snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface'];
$snort_alerts[$counter]['timestamp'] = $fields[0];
$snort_alerts[$counter]['timeonly'] = substr($fields[0], 6, -8);
$natent['alertsystemlog'] = 'off';
}
if ($_POST['configpassthru']) {
$natent['configpassthru'] = base64_encode($_POST['configpassthru']);
} else {
unset($natent['configpassthru']);
}
if ($_POST['cksumcheck']) {
$natent['cksumcheck'] = 'on';
} else {
$natent['cksumcheck'] = 'off';
}
$if_real = snort_get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id]) {
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = snort_get_real_interface($a_rule[$id]['interface']);
snort_stop($a_rule[$id], $oif_real);
exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']);
exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}");
}
$a_rule[$id] = $natent;
} else {
$a_rule[] = $natent;
}
if ($natent['enable'] != 'on') {
snort_stop($natent, $if_real);
}
write_config();
sync_snort_package_config();
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
require_once "guiconfig.inc";
require_once "/usr/local/pkg/snort/snort_gui.inc";
require_once "/usr/local/pkg/snort/snort.inc";
/* load only javascript that is needed */
$snort_load_sortabletable = 'yes';
$snort_load_mootools = 'yes';
$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
if (!is_array($config['installedpackages']['snortglobal']['rule'])) {
$config['installedpackages']['snortglobal']['rule'] = array();
}
$a_instance =& $config['installedpackages']['snortglobal']['rule'];
$snort_uuid = $a_instance[0]['uuid'];
$if_real = snort_get_real_interface($a_instance[0]['interface']);
if ($_POST['instance']) {
$snort_uuid = $a_instance[$_POST]['instance']['uuid'];
$if_real = snort_get_real_interface($a_instance[$_POST]['instance']['interface']);
}
if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
$pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
$anentries = $pconfig['alertnumber'];
} else {
$anentries = '250';
$pconfig['alertnumber'] = '250';
$pconfig['arefresh'] = 'off';
}
if ($_POST['save']) {
//unset($input_errors);
//$pconfig = $_POST;
/* input validation */
if ($_POST['save']) {
