foreach ($snort_ports as $key => $server) { if ($_POST["def_{$key}"]) { $natent["def_{$key}"] = $_POST["def_{$key}"]; } else { unset($natent["def_{$key}"]); } } $a_nat[$id] = $natent; write_config("Snort pkg: modified settings for VARIABLES tab."); /* Update the snort conf file for this interface. */ $rebuild_rules = false; conf_mount_rw(); snort_generate_conf($a_nat[$id]); conf_mount_ro(); /* Soft-restart Snort to live-load new variables. */ snort_reload_config($a_nat[$id]); /* after click go to this page */ header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header("Location: snort_define_servers.php?id={$id}"); exit; } else { $pconfig = $_POST; } } $if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} Variables - Servers and Ports"); include_once "head.inc";
/*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($natent); conf_mount_ro(); $rebuild_rules = false; /* If 'preproc_auto_rule_disable' is off, then clear log file */ if ($natent['preproc_auto_rule_disable'] == 'off') { unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}"); } /*******************************************************/ /* Signal Snort to reload Host Attribute Table if one */ /* is configured and saved. */ /*******************************************************/ if ($natent['host_attribute_table'] == "on" && !empty($natent['host_attribute_data'])) { snort_reload_config($natent, "SIGURG"); } /* Sync to configured CARP slaves if any are enabled */ snort_sync_on_changes(); // We have saved changes, so clear "dirty" flag clear_subsystem_dirty('snort_preprocessors'); /* after click go to this page */ header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header("Location: snort_preprocessors.php?id={$id}"); exit; } else { $pconfig = $_POST;
snort_sync_on_changes(); } else { if ($_POST['apply']) { /* Save new configuration */ write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($a_rule[$id]); conf_mount_ro(); $rebuild_rules = false; /* Soft-restart Snort to live-load new rules */ snort_reload_config($a_rule[$id]); // We have saved changes and done a soft restart, so clear "dirty" flag clear_subsystem_dirty('snort_rules'); // Sync to configured CARP slaves if any are enabled snort_sync_on_changes(); if (snort_is_running($snort_uuid, $if_real)) { $savemsg = gettext("Snort is 'live-reloading' the new rule set."); } } } } include_once "head.inc"; $if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}"); ?>
function snort_add_supplist_entry($suppress) { /************************************************/ /* Adds the passed entry to the Suppress List */ /* for the active interface. If a Suppress */ /* List is defined for the interface, it is */ /* used. If no list is defined, a new default */ /* list is created using the interface name. */ /* */ /* On Entry: */ /* $suppress --> suppression entry text */ /* */ /* Returns: */ /* TRUE if successful or FALSE on failure */ /************************************************/ global $config, $a_instance, $instanceid; if (!is_array($config['installedpackages']['snortglobal']['suppress'])) { $config['installedpackages']['snortglobal']['suppress'] = array(); } if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) { $config['installedpackages']['snortglobal']['suppress']['item'] = array(); } $a_suppress =& $config['installedpackages']['snortglobal']['suppress']['item']; $found_list = false; /* If no Suppress List is set for the interface, then create one with the interface name */ if (empty($a_instance[$instanceid]['suppresslistname']) || $a_instance[$instanceid]['suppresslistname'] == 'default') { $s_list = array(); $s_list['uuid'] = uniqid(); $s_list['name'] = $a_instance[$instanceid]['interface'] . "suppress" . "_" . $s_list['uuid']; $s_list['descr'] = "Auto-generated list for Alert suppression"; $s_list['suppresspassthru'] = base64_encode($suppress); $a_suppress[] = $s_list; $a_instance[$instanceid]['suppresslistname'] = $s_list['name']; $found_list = true; $list_name = $s_list['name']; } else { /* If we get here, a Suppress List is defined for the interface so see if we can find it */ foreach ($a_suppress as $a_id => $alist) { if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) { $found_list = true; $list_name = $alist['name']; if (!empty($alist['suppresspassthru'])) { $tmplist = base64_decode($alist['suppresspassthru']); $tmplist .= "\n{$suppress}"; $alist['suppresspassthru'] = base64_encode($tmplist); $a_suppress[$a_id] = $alist; } else { $alist['suppresspassthru'] = base64_encode($suppress); $a_suppress[$a_id] = $alist; } } } } /* If we created a new list or updated an existing one, save the change, */ /* tell Snort to load it, and return true; otherwise return false. */ if ($found_list) { write_config("Snort pkg: modified Suppress List {$list_name}."); sync_snort_package_config(); snort_reload_config($a_instance[$instanceid]); return true; } else { return false; } }
/* Save configuration changes */ write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); /* Update snort.conf and snort.sh files for this interface */ sync_snort_package_config(); /* See if we need to restart Snort after an interface re-assignment */ if ($snort_start == true) { snort_start($natent, $if_real); } /*******************************************************/ /* Signal Snort to reload configuration if we changed */ /* HOME_NET, EXTERNAL_NET or Suppress list values. */ /* The function only signals a running Snort instance */ /* to safely reload these parameters. */ /*******************************************************/ if ($snort_reload == true) { snort_reload_config($natent, "SIGHUP"); } header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header("Location: /snort/snort_interfaces.php"); exit; } else { $pconfig = $_POST; } } $if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']); $pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings"); include_once "head.inc";
} // Write the new configuration write_config("Snort pkg: updated automatic SID management settings."); $intf_msg = ""; // If any interfaces were marked for restart, then do it if (is_array($_POST['torestart'])) { foreach ($_POST['torestart'] as $k) { // Update the snort.conf file and // rebuild rules for this interface. $rebuild_rules = true; conf_mount_rw(); snort_generate_conf($a_nat[$k]); conf_mount_ro(); $rebuild_rules = false; // Signal Snort to "live reload" the rules snort_reload_config($a_nat[$k]); $intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", "; } $savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Snort signaled to live-load the new rules."); // Sync to configured CARP slaves if any are enabled snort_sync_on_changes(); } } if (isset($_POST['sidlist_dnload']) && isset($_POST['sidlist_fname'])) { $file = $sidmods_path . basename($_POST['sidlist_fname']); if (file_exists($file)) { ob_start(); //important or other posts will fail if (isset($_SERVER['HTTPS'])) { header('Pragma: '); header('Cache-Control: ');