PHP snort_get_rule_part Examples

Programming Language: PHP

Method/Function: snort_get_rule_part

Examples at hotexamples.com: 2

PHP snort_get_rule_part - 2 examples found. These are the top rated real world PHP examples of snort_get_rule_part extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: snort_check_for_rule_updates.php Project: netceler/pfsense-packages

function snort_apply_customizations($snortcfg, $if_real)
{
    global $config, $g, $snortdir;
    if (empty($snortcfg['rulesets'])) {
        return;
    } else {
        update_status(gettext("Your set of configured rules are being copied..."));
        log_error("Your set of configured rules are being copied...");
        $enabled_rulesets_array = explode("||", $snortcfg['rulesets']);
        foreach ($enabled_rulesets_array as $enabled_item) {
            @copy("{$snortdir}/rules/{$enabled_item}", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/rules/{$enabled_item}");
            if (substr($enabled_item, 0, 5) == "snort" && substr($enabled_item, -9) == ".so.rules") {
                $slib = substr($enabled_item, 6, -6);
                if (file_exists("/usr/local/lib/snort/dynamicrules/{$slib}")) {
                    @copy("/usr/local/lib/snort/dynamicrules/{$slib}", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/dynamicrules/{$slib}");
                }
            }
        }
        @copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config");
        @copy("{$snortdir}/gen-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/gen-msg.map");
        if (is_dir("{$snortdir}/generators")) {
            exec("/bin/cp -r {$snortdir}/generators {$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}");
        }
        @copy("{$snortdir}/reference.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/reference.config");
        @copy("{$snortdir}/sid", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/sid");
        @copy("{$snortdir}/sid-msg.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/sid-msg.map");
        @copy("{$snortdir}/unicode.map", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/unicode.map");
    }
    if (!empty($snortcfg['rule_sid_on']) || !empty($snortcfg['rule_sid_off'])) {
        if (!empty($snortcfg['rule_sid_on'])) {
            $enabled_sid_on_array = explode("||", trim($snortcfg['rule_sid_on']));
            $enabled_sids = array_flip($enabled_sid_on_array);
        }
        if (!empty($snortcfg['rule_sid_off'])) {
            $enabled_sid_off_array = explode("||", trim($snortcfg['rule_sid_off']));
            $disabled_sids = array_flip($enabled_sid_off_array);
        }
        $files = glob("{$snortdir}/snort_{$snortcfg}_{$if_real}/rules/*.rules");
        foreach ($files as $file) {
            $splitcontents = file($file);
            $changed = false;
            foreach ($splitcontents as $counter => $value) {
                $sid = snort_get_rule_part($value, 'sid:', ';', 0);
                if (!is_numeric($sid)) {
                    continue;
                }
                if (isset($enabled_sids["enablesid {$sid}"])) {
                    if (substr($value, 0, 5) == "alert") {
                        /* Rule is already enabled */
                        continue;
                    }
                    if (substr($value, 0, 7) == "# alert") {
                        /* Rule is disabled, change */
                        $splitcontents[$counter] = substr($value, 2);
                        $changed = true;
                    } else {
                        if (substr($splitcontents[$counter - 1], 0, 5) == "alert") {
                            /* Rule is already enabled */
                            continue;
                        } else {
                            if (substr($splitcontents[$counter - 1], 0, 7) == "# alert") {
                                /* Rule is disabled, change */
                                $splitcontents[$counter - 1] = substr($value, 2);
                                $changed = true;
                            }
                        }
                    }
                } else {
                    if (isset($disabled_sids["disablesid {$sid}"])) {
                        if (substr($value, 0, 7) == "# alert") {
                            /* Rule is already disabled */
                            continue;
                        }
                        if (substr($value, 0, 5) == "alert") {
                            /* Rule is enabled, change */
                            $splitcontents[$counter] = "# {$value}";
                            $changed = true;
                        } else {
                            if (substr($splitcontents[$counter - 1], 0, 7) == "# alert") {
                                /* Rule is already disabled */
                                continue;
                            } else {
                                if (substr($splitcontents[$counter - 1], 0, 5) == "alert") {
                                    /* Rule is enabled, change */
                                    $splitcontents[$counter - 1] = "# {$value}";
                                    $changed = true;
                                }
                            }
                        }
                    }
                }
            }
            if ($changed == true) {
                @file_put_contents($file, implode("\n", $splitcontents));
            }
        }
    }
}

Example #2

Show file

File: snort_rules.php Project: netceler/pfsense-packages

        $source = substr($rule_content[$counter2], 0, 20) . "...";
        //source location
        $counter2++;
        $source_port = $rule_content[$counter2];
        //source port location
        $counter2 = $counter2 + 2;
        $destination = substr($rule_content[$counter2], 0, 20) . "...";
        //destination location
        $counter2++;
        $destination_port = $rule_content[$counter2];
        //destination port location
        if (strstr($value, 'msg: "')) {
            $message = snort_get_rule_part($value, 'msg: "', '";', 0);
        } else {
            if (strstr($value, 'msg:"')) {
                $message = snort_get_rule_part($value, 'msg:"', '";', 0);
            }
        }
        echo "<tr><td width='3%' class='listt'> {$textss}\n\t\t\t<a href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$counter}'>\n\t\t\t<img src='../themes/{$g['theme']}/images/icons/{$iconb}'\n\t\t\twidth='10' height='10' border='0'\n\t\t\ttitle='" . gettext("click to toggle enabled/disabled status") . "'></a>\n\t\t\t{$textse}\n\t\t       </td>\n\t\t       <td width='7%' class=\"listlr\">\n\t\t\t\t{$textss} {$sid} {$textse}\n\t\t       </td>\n\t\t       <td width='4%' class=\"listlr\">\n\t\t\t\t{$textss} {$protocol} {$textse}\n\t\t       </td>\n\t\t       <td width='15%' class=\"listlr\">\n\t\t\t\t{$textss} {$source} {$textse}\n\t\t       </td>\n\t\t       <td width='10%' class=\"listlr\">\n\t\t\t\t{$textss} {$source_port} {$textse}\n\t\t       </td>\n\t\t       <td width='15%' class=\"listlr\">\n\t\t\t\t{$textss} {$destination} {$textse}\n\t\t       </td>\n\t\t       <td width='10%' class=\"listlr\">\n\t\t\t       {$textss} {$destination_port} {$textse}\n\t\t       </td>\n\t\t\t<td width='30%' class=\"listbg\"><font color=\"white\"> \n\t\t\t\t{$textss} {$message} {$textse}\n\t\t       </td>";
        ?>
			<td width='5%' valign="middle" nowrap class="list">
			<table border="0" cellspacing="0" cellpadding="1">
			<tr>
				<td><a href="javascript: void(0)"
					onclick="popup('snort_rules_edit.php?id=<?php 
        echo $id;
        ?>
&openruleset=<?php 
        echo $currentruleset;
        ?>
')"><img