">
<?php
/* convert fake interfaces to real and check if iface is up */
$if_real = get_real_interface($natent['interface']);
$natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']);
$snort_uuid = $natent['uuid'];
if (!snort_is_running($snort_uuid, $if_real)) {
$iconfn = 'block';
$iconfn_msg1 = 'Snort is not running on ';
$iconfn_msg2 = '. Click to start.';
} else {
$iconfn = 'pass';
$iconfn_msg1 = 'Snort is running on ';
$iconfn_msg2 = '. Click to stop.';
}
if (!snort_is_running($snort_uuid, $if_real, 'barnyard2')) {
$biconfn = 'block';
$biconfn_msg1 = 'Barnyard2 is not running on ';
$biconfn_msg2 = '. Click to start.';
} else {
$biconfn = 'pass';
$biconfn_msg1 = 'Barnyard2 is running on ';
$biconfn_msg2 = '. Click to stop.';
}
/* See if interface has any rules defined and set boolean flag */
$no_rules = true;
if (isset($natent['customrules']) && !empty($natent['customrules'])) {
$no_rules = false;
}
if (isset($natent['rulesets']) && !empty($natent['rulesets'])) {
$no_rules = false;
/*************************************************/
/* Update the snort conf file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($a_rule[$id]);
conf_mount_ro();
$rebuild_rules = false;
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_rule[$id]);
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('snort_rules');
// Sync to configured CARP slaves if any are enabled
snort_sync_on_changes();
if (snort_is_running($snort_uuid, $if_real)) {
$savemsg = gettext("Snort is 'live-reloading' the new rule set.");
}
}
}
}
include_once "head.inc";
$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include "fbegin.inc";
/* Display message */
if ($input_errors) {
?>
<tr valign="top" id="fr<?php
echo $nnats;
?>
">
<?php
/* convert fake interfaces to real and check if iface is up */
/* There has to be a smarter way to do this */
$if_real = snort_get_real_interface($natent['interface']);
$snort_uuid = $natent['uuid'];
if (snort_is_running($snort_uuid, $if_real) == 'no') {
$iconfn = 'pass';
} else {
$iconfn = 'block';
}
if (snort_is_running($snort_uuid, $if_real, 'barnyard2') == 'no') {
$biconfn = 'pass';
} else {
$biconfn = 'block';
}
?>
<td class="listt">
<input type="checkbox" id="frc<?php
echo $nnats;
?>
" name="rule[]" value="<?php
echo $i;
?>
" onClick="fr_bgcolor('<?php
echo $nnats;
?>
unset($natent['barnconfigpassthru']);
}
$a_nat[$id] = $natent;
write_config("Snort pkg: modified Barnyard2 settings.");
// No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
sync_snort_package_config();
// If disabling Barnyard2 on the interface, stop any
// currently running instance. If an instance is
// running, signal it to reload the configuration.
// If Barnyard2 is enabled but not running, notify the
// user to restart Snort to enable Unified2 output.
if ($a_nat[$id]['barnyard_enable'] == "off") {
snort_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
} elseif ($a_nat[$id]['barnyard_enable'] == "on") {
if (snort_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) {
snort_barnyard_reload_config($a_nat[$id], "HUP");
} else {
// Notify user a Snort restart is required if enabling Barnyard2 for the first time
$savemsg = gettext("NOTE: you must restart Snort on this interface to activate unified2 logging for Barnyard2.");
}
}
$pconfig = $natent;
} else {
// We had errors, so save previous field data to prevent retyping
$pconfig = $_POST;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Barnyard2 Settings");
include_once "head.inc";
if ($_POST['fpm_search_optimize'] == "on") {
$natent['fpm_search_optimize'] = 'on';
} else {
$natent['fpm_search_optimize'] = 'off';
}
if ($_POST['fpm_no_stream_inserts'] == "on") {
$natent['fpm_no_stream_inserts'] = 'on';
} else {
$natent['fpm_no_stream_inserts'] = 'off';
}
$if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id] && $action == '') {
// See if moving an existing Snort instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
if (snort_is_running($a_rule[$id]['uuid'], $oif_real)) {
snort_stop($a_rule[$id], $oif_real);
$snort_start = true;
} else {
$snort_start = false;
}
exec("mv -f {$snortlogdir}/snort_{$oif_real}{$a_rule[$id]['uuid']} {$snortlogdir}/snort_{$if_real}{$a_rule[$id]['uuid']}");
conf_mount_rw();
exec("mv -f {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$oif_real} {$snortdir}/snort_{$a_rule[$id]['uuid']}_{$if_real}");
conf_mount_ro();
}
$a_rule[$id] = $natent;
} elseif (strcasecmp($action, 'dup') == 0) {
// Duplicating a new interface, so set flag to build new rules
$rebuild_rules = true;
// Add the new duplicated interface configuration to the [rule] array in config
