sleep(3); // So the GUI reports correctly } /* start/stop snort */ if ($_POST['toggle'] && is_numericint($_POST['id'])) { $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']]; $if_real = get_real_interface($snortcfg['interface']); $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); if (snort_is_running($snortcfg['uuid'], $if_real)) { log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})..."); snort_stop($snortcfg, $if_real); } else { log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})..."); /* set flag to rebuild interface rules before starting Snort */ $rebuild_rules = true; sync_snort_package_config(); $rebuild_rules = false; snort_start($snortcfg, $if_real); } sleep(3); // So the GUI reports correctly } $pgtitle = "Services: {$snort_package_version}"; include_once "head.inc"; ?> <body link="#000000" vlink="#000000" alink="#000000"> <?php include_once "fbegin.inc"; /* Display Alert message */ if ($input_errors) {
function snort_add_supplist_entry($suppress) { /************************************************/ /* Adds the passed entry to the Suppress List */ /* for the active interface. If a Suppress */ /* List is defined for the interface, it is */ /* used. If no list is defined, a new default */ /* list is created using the interface name. */ /* */ /* On Entry: */ /* $suppress --> suppression entry text */ /* */ /* Returns: */ /* TRUE if successful or FALSE on failure */ /************************************************/ global $config, $a_instance, $instanceid; if (!is_array($config['installedpackages']['snortglobal']['suppress'])) { $config['installedpackages']['snortglobal']['suppress'] = array(); } if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { $config['installedpackages']['snortglobal']['suppress']['item'] = array(); } $a_suppress =& $config['installedpackages']['snortglobal']['suppress']['item']; $found_list = false; /* If no Suppress List is set for the interface, then create one with the interface name */ if (empty($a_instance[$instanceid]['suppresslistname']) || $a_instance[$instanceid]['suppresslistname'] == 'default') { $s_list = array(); $s_list['uuid'] = uniqid(); $s_list['name'] = $a_instance[$instanceid]['interface'] . "suppress" . "_" . $s_list['uuid']; $s_list['descr'] = "Auto-generated list for Alert suppression"; $s_list['suppresspassthru'] = base64_encode($suppress); $a_suppress[] = $s_list; $a_instance[$instanceid]['suppresslistname'] = $s_list['name']; $found_list = true; $list_name = $s_list['name']; } else { /* If we get here, a Suppress List is defined for the interface so see if we can find it */ foreach ($a_suppress as $a_id => $alist) { if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) { $found_list = true; $list_name = $alist['name']; if (!empty($alist['suppresspassthru'])) { $tmplist = base64_decode($alist['suppresspassthru']); $tmplist .= "\n{$suppress}"; $alist['suppresspassthru'] = base64_encode($tmplist); $a_suppress[$a_id] = $alist; } else { $alist['suppresspassthru'] = base64_encode($suppress); $a_suppress[$a_id] = $alist; } } } } /* If we created a new list or updated an existing one, save the change, */ /* tell Snort to load it, and return true; otherwise return false. */ if ($found_list) { write_config("Snort pkg: modified Suppress List {$list_name}."); sync_snort_package_config(); snort_reload_config($a_instance[$instanceid]); return true; } else { return false; } }