//if find alert is false, then rule is disabled if ($disabled !== false) { //rule has been enabled //move counter up 1, so we do not retrieve the # in the rule_content array $tempstring = str_replace("# alert", "alert", $tempstring); } else { //has rule been disabled //move counter up 1, so we do not retrieve the # in the rule_content array $tempstring = str_replace("alert", "# alert", $tempstring); } //copy string into array for writing $splitcontents[$toggleid] = $tempstring; //write the new .rules file write_rule_file($splitcontents, $file); //once file has been written, reload file $splitcontents = load_rule_file($file); $stopMsg = true; //write disable/enable sid to config.xml if ($disabled == false) { $string_sid = strstr($tempstring, 'sid:'); $sid_pieces = explode(";", $string_sid); $sid_off_cut = $sid_pieces[0]; // sid being turned off $sid_off = str_replace("sid:", "", $sid_off_cut); // rule_sid_on registers $sid_on_pieces = $config['installedpackages']['snort']['rule_sid_on']; // if off sid is the same as on sid remove it $sid_on_old = str_replace("||enablesid {$sid_off}", "", "{$sid_on_pieces}"); // write the replace sid back as empty $config['installedpackages']['snort']['rule_sid_on'] = $sid_on_old; // rule sid off registers
// remove whitespaces $rmWhitespaces = preg_replace('/\\s\\s+/', ' ', $val); // filter none alerts if (preg_match($pattern, $rmWhitespaces)) { $splitcontents2[] = $val; } } unset($splitcontents); return $splitcontents2; } // Load the rule file // split the contents of the string file into an array using the delimiter // used by rule gui edit and table build code if (filesize($workingFile) > 0) { $splitcontents = split_rule_file($workingFile); $splitcontents2 = load_rule_file($workingFile, $splitcontents); $countSig = count($splitcontents2); if ($countSig > 0) { $newFilterRuleSigArray = newFilterRuleSig($splitcontents2); } } /* * SET GLOBAL ARRAY $_SESSION['snort'] * Use SESSION instead POST for security because were writing to files. */ $_SESSION['snort']['tmp']['snort_rules']['dbName'] = 'snortDBrules'; $_SESSION['snort']['tmp']['snort_rules']['dbTable'] = 'SnortruleSigs'; $_SESSION['snort']['tmp']['snort_rules']['rdbuuid'] = $rdbuuid; $_SESSION['snort']['tmp']['snort_rules']['rulefile'] = $rulefile; // find ./ -name test.txt | xargs grep "^disablesid 127 " $pgtitle = "Snort: Category: rule: {$rulefile}";