if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); } $a_rule =& $config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (is_null($id)) { header("Location: /snort/snort_interfaces.php"); exit; } if (isset($id) && $a_rule[$id]) { $pconfig['enable'] = $a_rule[$id]['enable']; $pconfig['interface'] = $a_rule[$id]['interface']; $pconfig['rulesets'] = $a_rule[$id]['rulesets']; } /* convert fake interfaces to real */ $if_real = snort_get_real_interface($pconfig['interface']); $snort_uuid = $a_rule[$id]['uuid']; $file = $_GET['openruleset']; //read file into string, and get filesize also chk for empty files $contents = ''; if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}")) { $contents = file_get_contents("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$file}"); } else { header("Location: /snort/snort_rules.php?id={$id}&openruleset={$file}"); exit; } //split the contents of the string file into an array using the delimiter $splitcontents = explode("\n", $contents); $pgtitle = array(gettext("Advanced"), gettext("File Editor")); ?>
exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}"); /* might have to add a sleep for 3sec for flash drives or old drives */ exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log"); } } } /* Start the proccess for every interface rule */ /* TODO: try to make the code smother */ if (is_array($config['installedpackages']['snortglobal']['rule'])) { foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { $result_lan = $value['interface']; $if_real = snort_get_real_interface($result_lan); $iface_uuid = $value['uuid']; /* make oinkmaster.conf for each interface rule */ oinkmaster_conf($id, $if_real, $iface_uuid); /* run oinkmaster for each interface rule */ oinkmaster_run($id, $if_real, $iface_uuid); } } ////////////// /* mark the time update finnished */ $config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A"); /* remove old $tmpfname files */ if (is_dir('/usr/local/etc/snort/tmp')) { update_status(gettext("Cleaning up...")); exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up"); sleep(2);
display_top_tabs($tab_array); ?> </td></tr> <tr> <td class="tabnavtbl"> <?php if ($a_nat[$id]['interface'] != '') { /* get the interface name */ $snortInterfaces = array(); /* -gtm */ $if_list = $config['installedpackages']['snortglobal']['rule'][$id]['interface']; $if_array = split(',', $if_list); if ($if_array) { foreach ($if_array as $iface2) { /* build a list of user specified interfaces -gtm */ $if2 = snort_get_real_interface($iface2); if ($if2) { array_push($snortInterfaces, $if2); } } if (count($snortInterfaces) < 1) { log_error("Snort will not start. You must select an interface for it to listen on."); } } } ?> </td> </tr> <tr> <td class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0">
} } } } } if ($changed == true) { @file_put_contents($file, implode("\n", $splitcontents)); } } } } if ($snortdownload == 'on' || $emergingthreats == 'on') { /* You are Not Up to date, always stop snort when updating rules for low end machines */ /* Start the proccess for every interface rule */ if (is_array($config['installedpackages']['snortglobal']['rule'])) { foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { $if_real = snort_get_real_interface($value['interface']); /* make oinkmaster.conf for each interface rule */ snort_apply_customizations($value, $if_real); } } exec("/bin/sh /usr/local/etc/rc.d/snort.sh restart"); sleep(10); if (!is_process_running("snort")) { exec("/bin/sh /usr/local/etc/rc.d/snort.sh start"); } update_output_window(gettext("Snort has restarted with your new set of rules...")); log_error("Snort has restarted with your new set of rules..."); } update_status(gettext("The Rules update finished...")); conf_mount_ro();
</tr> </table> </td> </tr> <?php $nnats = $i = 0; foreach ($a_nat as $natent) { ?> <tr valign="top" id="fr<?php echo $nnats; ?> "> <?php /* convert fake interfaces to real and check if iface is up */ /* There has to be a smarter way to do this */ $if_real = snort_get_real_interface($natent['interface']); $snort_uuid = $natent['uuid']; $tester2 = Running_Ck($snort_uuid, $if_real, $id); if ($tester2 == 'no') { $iconfn = 'pass'; $class_color_up = 'listbg'; } else { $class_color_up = 'listbg2'; $iconfn = 'block'; } ?> <td class="listt"> <a href="?act=toggle&id=<?php echo $i; ?> ">
} /* check if firewall widget variable is set */ if (!isset($nentries)) { $nentries = 5; } /* retrieve snort variables */ require_once "/usr/local/pkg/snort/snort.inc"; if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); } $a_instance =& $config['installedpackages']['snortglobal']['rule']; /* read log file(s) */ $counter = 0; foreach ($a_instance as $instanceid => $instance) { $snort_uuid = $a_instance[$instanceid]['uuid']; $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); /* make sure alert file exists */ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); if (file_exists("/tmp/alert_{$snort_uuid}")) { $tmpblocked = array_flip(snort_get_blocked_ips()); /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { if (count($fields) < 11) { continue; } $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface']; $snort_alerts[$counter]['timestamp'] = $fields[0]; $snort_alerts[$counter]['timeonly'] = substr($fields[0], 6, -8);
$natent['alertsystemlog'] = 'off'; } if ($_POST['configpassthru']) { $natent['configpassthru'] = base64_encode($_POST['configpassthru']); } else { unset($natent['configpassthru']); } if ($_POST['cksumcheck']) { $natent['cksumcheck'] = 'on'; } else { $natent['cksumcheck'] = 'off'; } $if_real = snort_get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = snort_get_real_interface($a_rule[$id]['interface']); snort_stop($a_rule[$id], $oif_real); exec("rm -r /var/log/snort_{$oif_real}" . $a_rule[$id]['uuid']); exec("mv -f {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$snortdir}/snort_" . $a_rule[$id]['uuid'] . "_{$if_real}"); } $a_rule[$id] = $natent; } else { $a_rule[] = $natent; } if ($natent['enable'] != 'on') { snort_stop($natent, $if_real); } write_config(); sync_snort_package_config(); header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
require_once "guiconfig.inc"; require_once "/usr/local/pkg/snort/snort_gui.inc"; require_once "/usr/local/pkg/snort/snort.inc"; /* load only javascript that is needed */ $snort_load_sortabletable = 'yes'; $snort_load_mootools = 'yes'; $snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype']; if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); } $a_instance =& $config['installedpackages']['snortglobal']['rule']; $snort_uuid = $a_instance[0]['uuid']; $if_real = snort_get_real_interface($a_instance[0]['interface']); if ($_POST['instance']) { $snort_uuid = $a_instance[$_POST]['instance']['uuid']; $if_real = snort_get_real_interface($a_instance[$_POST]['instance']['interface']); } if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) { $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh']; $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber']; $anentries = $pconfig['alertnumber']; } else { $anentries = '250'; $pconfig['alertnumber'] = '250'; $pconfig['arefresh'] = 'off'; } if ($_POST['save']) { //unset($input_errors); //$pconfig = $_POST; /* input validation */ if ($_POST['save']) {