}
if (isset($_POST['substringLength']) && !empty($_POST['substringLength'])) {
$substringLength = $_POST['substringLength'];
}
if (isset($_POST['alertName']) && !empty($_POST['alertName'])) {
$alertName = $_POST['alertName'];
}
if (isset($_POST['snortFile']) && !empty($_POST['snortFile'])) {
$snortFile = $_POST['snortFile'];
if (!file_exists($snortFile)) {
//if the snort output file doesn't already exist, write out the header information
$header = "#\n#---------------------------\n# Data Loss Prevention rules\n#---------------------------\n";
writeToFile($snortFile, $header);
}
}
echo "<h2>Selected substring:</h2>";
$substring = selectSubstring($useRepository, $repositoryLocations, genHistogram($inputText), $inputText, $substringLength);
echo "\"{$substring}\"";
echo "<h2>Regex:</h2>";
echo createRegex($substring);
echo "<h2>Snort rule:</h2>";
$rule = createSnortRule(getNextsid($snortFile), $alertName, $substring);
echo "{$rule}<br><br>";
if ($snortFile != "") {
//if snortFile was passed, write the rule out to the snort file
writeToFile($snortFile, $rule);
echo "Snort rule written to {$snortFile}<br><br>";
}
?>
</body>
</html>
switch ($scoringMethod) {
case "histogram":
$substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, $count + 1);
break;
case "modifiedhist":
//$substring = selectSubstringModifiedHistogram(genHistogram($inputText), $inputText, $substringLength);
break;
case "multipleRandSamples":
break;
case "random":
//$substring = selectSubstringRandom($inputText, $substringLength);
break;
default:
$substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, $count + 1);
}
$rule = createSnortRule($sid, $row['path'] . "/" . $row['file_name'], $substring);
$regex = createRegex($substring);
if ($snortFile != "") {
writeToFile($snortFile, $rule);
//echo "Snort rule written to $snortFile<br><br>";
}
//update the rule, regex and count for the rule
include "dbconnect.php";
$rule = mysql_real_escape_string($rule);
$regex = mysql_real_escape_string($regex);
$query = "UPDATE rules SET rule='{$rule}', regex='{$regex}', count=" . ($count + 1) . " WHERE rule_id={$id}";
mysql_query($query);
include "dbclose.php";
//rewrites the rules file with all the rules currently in the db
rewriteRulesFile();
if (isset($_SERVER['HTTP_REFERER'])) {
/**
* Process an individual filepath.
*
* Type = 1 for individual processed files, 2 for files processed from a folder crawl.
*
* @param $type - allows this function to use individual files (1) or files processed from a folder crawl (2)
* @param $path - the local mounted directory ("/mnt/share")
* @param $netPath - the actual network directory
* @param $scoringMethod - scoring technique used (i.e. histogram, random, etc.)
* @param $substringLength - from the config table
* @param $snortFile - from the config table
*/
function processFile($type, $path, $netPath, $scoringMethod, $substringLength, $snortFile)
{
if (!fileAlreadyProcessed($path)) {
$file = fopen($path, 'r') or die("processFile(): can't open {$path}");
$substring = "";
$inputText = fread($file, filesize($path));
fclose($file);
switch ($scoringMethod) {
case "histogram":
$substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, 0);
break;
case "modifiedhist":
//$substring = selectSubstringModifiedHistogram(genHistogram($inputText), $inputText, $substringLength);
break;
case "multipleRandSamples":
break;
case "random":
//$substring = selectSubstringRandom($inputText, $substringLength);
break;
default:
$substring = selectSubstringHistogram(genHistogram($inputText), $inputText, $substringLength, 0);
}
if ($substring == "") {
return;
//if no unique substring is found, skip this file
}
$sid = getNextsid();
$rule = createSnortRule($sid, $path, $substring);
if ($snortFile != "") {
//if snortFile was passed, write the rule out to the snort file
writeToFile($snortFile, $rule);
}
//writes file to the database
include "dbconnect.php";
$parts = explode("/", $path);
//get our path element parts
$fileName = array_pop($parts);
$path = implode("/", $parts);
//rebuild our path
$netPath = mysql_real_escape_string($netPath);
//path name to be stored in the database
$path = mysql_real_escape_string($path);
$fileName = mysql_real_escape_string($fileName);
$rule = mysql_real_escape_string($rule);
$regex = mysql_real_escape_string(createRegex($substring));
$query = "INSERT INTO rules (file_name, path, rule, regex, count, sid, type) VALUES ('{$fileName}', '{$netPath}', '{$rule}', '{$regex}', 1, {$sid}, {$type})";
mysql_query($query);
include "dbclose.php";
}
return;
}
if (isset($_POST['alertName']) && !empty($_POST['alertName']) && isset($_POST['inputText']) && !empty($_POST['inputText'])) {
$alert = $_POST['alertName'];
$input = $_POST['inputText'];
$config = getConfig();
$snortFile = $config['snortFile'];
$substringLength = $config['substringLength'];
/*
* gets scoring method
*/
if (isset($_POST['scoringMethod']) && !empty($_POST['scoringMethod'])) {
$scoringMethod = $_POST['scoringMethod'];
}
$sid = getNextSid($snortFile);
$regex = createRegex($input);
if ($regex !== "/()/is") {
$rule = createSnortRule($sid, $alert, $input);
writeToFile($snortFile, $rule);
include "includes/dbconnect.php";
$sid = mysql_real_escape_string($sid);
$regex = mysql_real_escape_string($regex);
$rule = mysql_real_escape_string($rule);
$query = "INSERT INTO rules (rule, regex, count, sid, type) VALUES ('{$rule}', '{$regex}', 1, {$sid}, 3)";
mysql_query($query);
include "includes/dbclose.php";
}
} else {
if ((!isset($_POST['alertName']) || empty($_POST['alertName'])) && (isset($_POST['inputText']) && !empty($_POST['inputText']))) {
$noAlert = true;
$input = $_POST['inputText'];
} else {
if (isset($_POST['alertName']) && !empty($_POST['alertName']) && (!isset($_POST['inputText']) || empty($_POST['inputText']))) {
