"> <?php /* convert fake interfaces to real and check if iface is up */ $if_real = get_real_interface($natent['interface']); $natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']); $snort_uuid = $natent['uuid']; if (!snort_is_running($snort_uuid, $if_real)) { $iconfn = 'block'; $iconfn_msg1 = 'Snort is not running on '; $iconfn_msg2 = '. Click to start.'; } else { $iconfn = 'pass'; $iconfn_msg1 = 'Snort is running on '; $iconfn_msg2 = '. Click to stop.'; } if (!snort_is_running($snort_uuid, $if_real, 'barnyard2')) { $biconfn = 'block'; $biconfn_msg1 = 'Barnyard2 is not running on '; $biconfn_msg2 = '. Click to start.'; } else { $biconfn = 'pass'; $biconfn_msg1 = 'Barnyard2 is running on '; $biconfn_msg2 = '. Click to stop.'; } /* See if interface has any rules defined and set boolean flag */ $no_rules = true; if (isset($natent['customrules']) && !empty($natent['customrules'])) { $no_rules = false; } if (isset($natent['rulesets']) && !empty($natent['rulesets'])) { $no_rules = false;
/*************************************************/ /* Update the snort conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($a_rule[$id]); conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); // We have saved changes and done a soft restart, so clear "dirty" flag clear_subsystem_dirty('snort_rules'); // Sync to configured CARP slaves if any are enabled snort_sync_on_changes(); if (snort_is_running($snort_uuid, $if_real)) { $savemsg = gettext("Snort is 'live-reloading' the new rule set."); } } } } include_once "head.inc"; $if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include "fbegin.inc"; /* Display message */ if ($input_errors) {
?> <tr valign="top" id="fr<?php echo $nnats; ?> "> <?php /* convert fake interfaces to real and check if iface is up */ /* There has to be a smarter way to do this */ $if_real = snort_get_real_interface($natent['interface']); $snort_uuid = $natent['uuid']; if (snort_is_running($snort_uuid, $if_real) == 'no') { $iconfn = 'pass'; } else { $iconfn = 'block'; } if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no') { $biconfn = 'pass'; } else { $biconfn = 'block'; } ?> <td class="listt"> <input type="checkbox" id="frc<?php echo $nnats; ?> " name="rule[]" value="<?php echo $i; ?> " onClick="fr_bgcolor('<?php echo $nnats; ?>
unset($natent['barnconfigpassthru']); } $a_nat[$id] = $natent; write_config("Snort pkg: modified Barnyard2 settings."); // No need to rebuild rules for Barnyard2 changes $rebuild_rules = false; sync_snort_package_config(); // If disabling Barnyard2 on the interface, stop any // currently running instance. If an instance is // running, signal it to reload the configuration. // If Barnyard2 is enabled but not running, notify the // user to restart Snort to enable Unified2 output. if ($a_nat[$id]['barnyard_enable'] == "off") { snort_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); } elseif ($a_nat[$id]['barnyard_enable'] == "on") { if (snort_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) { snort_barnyard_reload_config($a_nat[$id], "HUP"); } else { // Notify user a Snort restart is required if enabling Barnyard2 for the first time $savemsg = gettext("NOTE: you must restart Snort on this interface to activate unified2 logging for Barnyard2."); } } $pconfig = $natent; } else { // We had errors, so save previous field data to prevent retyping $pconfig = $_POST; } } $if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Barnyard2 Settings"); include_once "head.inc";
if ($_POST['fpm_search_optimize'] == "on") { $natent['fpm_search_optimize'] = 'on'; } else { $natent['fpm_search_optimize'] = 'off'; } if ($_POST['fpm_no_stream_inserts'] == "on") { $natent['fpm_no_stream_inserts'] = 'on'; } else { $natent['fpm_no_stream_inserts'] = 'off'; } $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id] && $action == '') { // See if moving an existing Snort instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) { snort_stop($a_rule[$id], $oif_real); $snort_start = true; } else { $snort_start = false; } exec("mv -f {$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']} {$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}"); conf_mount_rw(); exec("mv -f {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real} {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}"); conf_mount_ro(); } $a_rule[$id] = $natent; } elseif (strcasecmp($action, 'dup') == 0) { // Duplicating a new interface, so set flag to build new rules $rebuild_rules = true; // Add the new duplicated interface configuration to the [rule] array in config