} // Make sure a rule index ID is appended to the return URL if (strpos($referrer, "?id={$id}") === FALSE) { $referrer .= "?id={$id}"; } // If RETURN button clicked, exit to original calling page if ($_POST['cancel']) { header("Location: {$referrer}"); exit; } $if_real = get_real_interface($a_nat[$id]['interface']); $snort_uuid = $a_nat[$id]['uuid']; /* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */ if ($a_nat[$id]['autoflowbitrules'] == 'on') { if (file_exists("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && filesize("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { $rules_map = snort_load_rules_map("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } else { $savemsg = gettext("There are no flowbit-required rules necessary for the current enforcing rule set."); } } else { $input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!"); } if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) { $descr = snort_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']); $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n"); if (empty($descr)) { $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; } else { $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; } if (!is_array($config['installedpackages']['snortglobal']['suppress'])) {
$tmp = glob("{$snortdir}/rules/*.rules"); if (empty($tmp)) { $currentruleset = "custom.rules"; } $rulefile = "{$snortdir}/rules/{$currentruleset}"; if ($currentruleset != 'custom.rules') { // Read the current rules file into our rules map array. // If it is the auto-flowbits file, set the full path. if ($currentruleset == "Auto-Flowbit Rules") { $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME); } elseif (substr($currentruleset, 0, 10) == "IPS Policy") { $rules_map = snort_load_vrt_policy($a_rule[$id]['ips_policy']); } elseif (file_exists("{$snortdir}/preproc_rules/{$currentruleset}")) { $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$currentruleset}"); } elseif (file_exists($rulefile)) { $rules_map = snort_load_rules_map($rulefile); } else { $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again."); } } /* Process the current category rules through any auto SID MGMT changes if enabled */ snort_auto_sid_mgmt($rules_map, $a_rule[$id], FALSE); /* Load up our enablesid and disablesid arrays with enabled or disabled SIDs */ $enablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_on']); $disablesid = snort_load_sid_mods($a_rule[$id]['rule_sid_off']); if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) { // Get the GID:SID tags embedded in the clicked rule icon. $gid = $_POST['gid']; $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, // and toggle if present; otherwise, add it to the
foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { $contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n"; $contents .= $rules_map[$k1][$k2]['rule'] . "\n"; } } } unset($rules_map); } elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { // If flowbit rule, point to interface-specific file if ($file == "Auto-Flowbit Rules") { $rules_map = snort_load_rules_map("{$snortcfgdir}/rules/" . FLOWBITS_FILENAME); } elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) { $rules_map = snort_load_rules_map("{$snortdir}/preproc_rules/{$file}"); } else { $rules_map = snort_load_rules_map("{$snortdir}/rules/{$file}"); } $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; $wrap_flag = "soft"; } elseif ($file == "Auto-Flowbit Rules") { $contents = file_get_contents("{$snortcfgdir}/rules/{$flowbit_rules_file}"); } elseif (file_exists("{$snortdir}/rules/{$file}")) { $contents = file_get_contents("{$snortdir}/rules/{$file}"); } elseif (file_exists("{$snortdir}/preproc_rules/{$file}")) { $contents = file_get_contents("{$snortdir}/preproc_rules/{$file}"); } elseif (file_exists("{$snortlogdir}/{$file}")) { $contents = file_get_contents("{$snortlogdir}/{$file}"); } else { $contents = gettext("Unable to open file: {$displayfile}"); } $pgtitle = array(gettext("Snort"), gettext("File Viewer"));