unset($natent["def_{$key}"]);
}
}
foreach ($snort_ports as $key => $server) {
if ($_POST["def_{$key}"]) {
$natent["def_{$key}"] = $_POST["def_{$key}"];
} else {
unset($natent["def_{$key}"]);
}
}
$a_nat[$id] = $natent;
write_config("Snort pkg: modified settings for VARIABLES tab.");
/* Update the snort conf file for this interface. */
$rebuild_rules = false;
conf_mount_rw();
snort_generate_conf($a_nat[$id]);
conf_mount_ro();
/* Soft-restart Snort to live-load new variables. */
snort_reload_config($a_nat[$id]);
/* after click go to this page */
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header("Location: snort_define_servers.php?id={$id}");
exit;
} else {
$pconfig = $_POST;
}
}
$natent['stream5_track_tcp'] = $_POST['stream5_track_tcp'] ? 'on' : 'off';
$natent['stream5_track_udp'] = $_POST['stream5_track_udp'] ? 'on' : 'off';
$natent['stream5_track_icmp'] = $_POST['stream5_track_icmp'] ? 'on' : 'off';
$natent['appid_preproc'] = $_POST['appid_preproc'] ? 'on' : 'off';
$natent['sf_appid_statslog'] = $_POST['sf_appid_statslog'] ? 'on' : 'off';
if (isset($id) && isset($a_nat[$id])) {
$a_nat[$id] = $natent;
write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}.");
}
/*************************************************/
/* Update the snort.conf file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($natent);
conf_mount_ro();
$rebuild_rules = false;
/* If 'preproc_auto_rule_disable' is off, then clear log file */
if ($natent['preproc_auto_rule_disable'] == 'off') {
unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}");
}
/*******************************************************/
/* Signal Snort to reload Host Attribute Table if one */
/* is configured and saved. */
/*******************************************************/
if ($natent['host_attribute_table'] == "on" && !empty($natent['host_attribute_data'])) {
snort_reload_config($natent, "SIGURG");
}
/* Sync to configured CARP slaves if any are enabled */
snort_sync_on_changes();
$savemsg = gettext("Custom rules validated successfully and any active Snort process on this interface has been signalled to live-load the new rules.");
}
clear_subsystem_dirty('snort_rules');
// Sync to configured CARP slaves if any are enabled
snort_sync_on_changes();
} else {
if ($_POST['apply']) {
/* Save new configuration */
write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($a_rule[$id]);
conf_mount_ro();
$rebuild_rules = false;
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_rule[$id]);
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('snort_rules');
// Sync to configured CARP slaves if any are enabled
snort_sync_on_changes();
if (snort_is_running($snort_uuid, $if_real)) {
$savemsg = gettext("Snort is 'live-reloading' the new rule set.");
}
}
}
}
include_once "head.inc";
}
$tmp = rtrim($tmp, "||");
if (!empty($tmp)) {
$a_instance[$instanceid]['rule_sid_off'] = $tmp;
} else {
unset($a_instance[$instanceid]['rule_sid_off']);
}
/* Update the config.xml file. */
write_config("Snort pkg: modified state for rule {$gid}:{$sid}");
/*************************************************/
/* Update the snort.conf file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($a_instance[$instanceid]);
conf_mount_ro();
$rebuild_rules = false;
/* Soft-restart Snort to live-load the new rules */
snort_reload_config($a_instance[$instanceid]);
/* Give Snort a couple seconds to reload the configuration */
sleep(2);
$savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Snort is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules.");
}
if ($_POST['delete']) {
snort_post_delete_logs($snort_uuid);
file_put_contents("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/alert", "");
/* XXX: This is needed if snort is run as snort user */
mwexec("/bin/chmod 660 {$snortlogdir}/*", true);
if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
unset($a_nat[$k]['modify_sid_file']);
continue;
}
$a_nat[$k]['modify_sid_file'] = $v;
}
// Write the new configuration
write_config("Snort pkg: updated automatic SID management settings.");
$intf_msg = "";
// If any interfaces were marked for restart, then do it
if (is_array($_POST['torestart'])) {
foreach ($_POST['torestart'] as $k) {
// Update the snort.conf file and
// rebuild rules for this interface.
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($a_nat[$k]);
conf_mount_ro();
$rebuild_rules = false;
// Signal Snort to "live reload" the rules
snort_reload_config($a_nat[$k]);
$intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", ";
}
$savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Snort signaled to live-load the new rules.");
// Sync to configured CARP slaves if any are enabled
snort_sync_on_changes();
}
}
if (isset($_POST['sidlist_dnload']) && isset($_POST['sidlist_fname'])) {
$file = $sidmods_path . basename($_POST['sidlist_fname']);
if (file_exists($file)) {
ob_start();
include '/usr/local/pkg/snort/snort_migrate_config.php';
update_output_window(gettext("Please wait... rebuilding installation with saved settings..."));
log_error(gettext("[Snort] Downloading and updating configured rule types..."));
update_output_window(gettext("Please wait... downloading and updating configured rule types..."));
if ($pkg_interface != "console") {
$snort_gui_include = true;
}
include '/usr/local/pkg/snort/snort_check_for_rule_updates.php';
update_status(gettext("Generating snort.conf configuration file from saved settings..."));
$rebuild_rules = true;
/* Create the snort.conf files for each enabled interface */
$snortconf = $config['installedpackages']['snortglobal']['rule'];
foreach ($snortconf as $value) {
$if_real = get_real_interface($value['interface']);
/* create a snort.conf file for interface */
snort_generate_conf($value);
/* create barnyard2.conf file for interface */
if ($value['barnyard_enable'] == 'on') {
snort_generate_barnyard2_conf($value, $if_real);
}
}
/* create snort bootup file snort.sh */
snort_create_rc();
/* Set Log Limit, Block Hosts Time and Rules Update Time */
snort_snortloglimit_install_cron(true);
snort_rm_blocked_install_cron($config['installedpackages']['snortglobal']['rm_blocked'] != "never_b" ? true : false);
snort_rules_up_install_cron($config['installedpackages']['snortglobal']['autorulesupdate7'] != "never_up" ? true : false);
/* Add the recurring jobs created above to crontab */
configure_cron();
/* Restore the last Snort Dashboard Widget setting if none is set */
if (!empty($config['installedpackages']['snortglobal']['dashboard_widget']) && stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) {
