} else { $currentruleset = $categories[key($categories)]; } /* One last sanity check -- if the rules directory is empty, default to loading custom rules */ $tmp = glob("{$snortdir}/rules/*.rules"); if (empty($tmp)) { $currentruleset = "custom.rules"; } $rulefile = "{$snortdir}/rules/{$currentruleset}"; if ($currentruleset != 'custom.rules') { // Read the current rules file into our rules map array. // If it is the auto-flowbits file, set the full path. if ($currentruleset == "Auto-Flowbit Rules") { $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME); } elseif (substr($currentruleset, 0, 10) == "IPS Policy") { $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); } elseif (file_exists("{$snortdir}/preproc_rules/{$currentruleset}")) { $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$currentruleset}"); } elseif (file_exists($rulefile)) { $rules_map = snort_load_rules_map($rulefile); } else { $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again."); } } /* Process the current category rules through any auto SID MGMT changes if enabled */ snort_auto_sid_mgmt($rules_map, $a_rule[$id], FALSE); /* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ $enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']); $disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']); if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) { // Get the GID:SID tags embedded in the clicked rule icon.
$snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}/"; $file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401); $contents = ''; $wrap_flag = "off"; // Correct displayed file title if necessary if ($file == "Auto-Flowbit Rules") { $displayfile = FLOWBITS_FILENAME; } else { $displayfile = $file; } // Read the contents of the argument passed to us. // It may be an IPS policy string, an individual SID, // a standard rules file, or a complete file name. // Test for the special case of an IPS Policy file. if (substr($file, 0, 10) == "IPS Policy") { $rules_map = snort_load_vrt_policy(strtolower(trim(substr($file, strpos($file, "-") + 1)))); if (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; $wrap_flag = "soft"; } else { $contents = "# Snort IPS Policy - " . ucfirst(trim(substr($file, strpos($file, "-") + 1))) . "\n\n"; foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { $contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n"; $contents .= $rules_map[$k1][$k2]['rule'] . "\n"; } } } unset($rules_map); } elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { // If flowbit rule, point to interface-specific file