foreach ($snort_ports as $key => $server) {
if ($_POST["def_{$key}"]) {
$natent["def_{$key}"] = $_POST["def_{$key}"];
} else {
unset($natent["def_{$key}"]);
}
}
$a_nat[$id] = $natent;
write_config("Snort pkg: modified settings for VARIABLES tab.");
/* Update the snort conf file for this interface. */
$rebuild_rules = false;
conf_mount_rw();
snort_generate_conf($a_nat[$id]);
conf_mount_ro();
/* Soft-restart Snort to live-load new variables. */
snort_reload_config($a_nat[$id]);
/* after click go to this page */
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header("Location: snort_define_servers.php?id={$id}");
exit;
} else {
$pconfig = $_POST;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} Variables - Servers and Ports");
include_once "head.inc";
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($natent);
conf_mount_ro();
$rebuild_rules = false;
/* If 'preproc_auto_rule_disable' is off, then clear log file */
if ($natent['preproc_auto_rule_disable'] == 'off') {
unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}");
}
/*******************************************************/
/* Signal Snort to reload Host Attribute Table if one */
/* is configured and saved. */
/*******************************************************/
if ($natent['host_attribute_table'] == "on" && !empty($natent['host_attribute_data'])) {
snort_reload_config($natent, "SIGURG");
}
/* Sync to configured CARP slaves if any are enabled */
snort_sync_on_changes();
// We have saved changes, so clear "dirty" flag
clear_subsystem_dirty('snort_preprocessors');
/* after click go to this page */
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header("Location: snort_preprocessors.php?id={$id}");
exit;
} else {
$pconfig = $_POST;
snort_sync_on_changes();
} else {
if ($_POST['apply']) {
/* Save new configuration */
write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($a_rule[$id]);
conf_mount_ro();
$rebuild_rules = false;
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_rule[$id]);
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('snort_rules');
// Sync to configured CARP slaves if any are enabled
snort_sync_on_changes();
if (snort_is_running($snort_uuid, $if_real)) {
$savemsg = gettext("Snort is 'live-reloading' the new rule set.");
}
}
}
}
include_once "head.inc";
$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}");
?>
function snort_add_supplist_entry($suppress)
{
/************************************************/
/* Adds the passed entry to the Suppress List */
/* for the active interface. If a Suppress */
/* List is defined for the interface, it is */
/* used. If no list is defined, a new default */
/* list is created using the interface name. */
/* */
/* On Entry: */
/* $suppress --> suppression entry text */
/* */
/* Returns: */
/* TRUE if successful or FALSE on failure */
/************************************************/
global $config, $a_instance, $instanceid;
if (!is_array($config['installedpackages']['snortglobal']['suppress'])) {
$config['installedpackages']['snortglobal']['suppress'] = array();
}
if (!is_array($config['installedpackages']['snortglobal']['suppress']['item'])) {
$config['installedpackages']['snortglobal']['suppress']['item'] = array();
}
$a_suppress =& $config['installedpackages']['snortglobal']['suppress']['item'];
$found_list = false;
/* If no Suppress List is set for the interface, then create one with the interface name */
if (empty($a_instance[$instanceid]['suppresslistname']) || $a_instance[$instanceid]['suppresslistname'] == 'default') {
$s_list = array();
$s_list['uuid'] = uniqid();
$s_list['name'] = $a_instance[$instanceid]['interface'] . "suppress" . "_" . $s_list['uuid'];
$s_list['descr'] = "Auto-generated list for Alert suppression";
$s_list['suppresspassthru'] = base64_encode($suppress);
$a_suppress[] = $s_list;
$a_instance[$instanceid]['suppresslistname'] = $s_list['name'];
$found_list = true;
$list_name = $s_list['name'];
} else {
/* If we get here, a Suppress List is defined for the interface so see if we can find it */
foreach ($a_suppress as $a_id => $alist) {
if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) {
$found_list = true;
$list_name = $alist['name'];
if (!empty($alist['suppresspassthru'])) {
$tmplist = base64_decode($alist['suppresspassthru']);
$tmplist .= "\n{$suppress}";
$alist['suppresspassthru'] = base64_encode($tmplist);
$a_suppress[$a_id] = $alist;
} else {
$alist['suppresspassthru'] = base64_encode($suppress);
$a_suppress[$a_id] = $alist;
}
}
}
}
/* If we created a new list or updated an existing one, save the change, */
/* tell Snort to load it, and return true; otherwise return false. */
if ($found_list) {
write_config("Snort pkg: modified Suppress List {$list_name}.");
sync_snort_package_config();
snort_reload_config($a_instance[$instanceid]);
return true;
} else {
return false;
}
}
/* Save configuration changes */
write_config("Snort pkg: modified interface configuration for {$natent['interface']}.");
/* Update snort.conf and snort.sh files for this interface */
sync_snort_package_config();
/* See if we need to restart Snort after an interface re-assignment */
if ($snort_start == true) {
snort_start($natent, $if_real);
}
/*******************************************************/
/* Signal Snort to reload configuration if we changed */
/* HOME_NET, EXTERNAL_NET or Suppress list values. */
/* The function only signals a running Snort instance */
/* to safely reload these parameters. */
/*******************************************************/
if ($snort_reload == true) {
snort_reload_config($natent, "SIGHUP");
}
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header("Location: /snort/snort_interfaces.php");
exit;
} else {
$pconfig = $_POST;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Edit Settings");
include_once "head.inc";
}
// Write the new configuration
write_config("Snort pkg: updated automatic SID management settings.");
$intf_msg = "";
// If any interfaces were marked for restart, then do it
if (is_array($_POST['torestart'])) {
foreach ($_POST['torestart'] as $k) {
// Update the snort.conf file and
// rebuild rules for this interface.
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($a_nat[$k]);
conf_mount_ro();
$rebuild_rules = false;
// Signal Snort to "live reload" the rules
snort_reload_config($a_nat[$k]);
$intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", ";
}
$savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Snort signaled to live-load the new rules.");
// Sync to configured CARP slaves if any are enabled
snort_sync_on_changes();
}
}
if (isset($_POST['sidlist_dnload']) && isset($_POST['sidlist_fname'])) {
$file = $sidmods_path . basename($_POST['sidlist_fname']);
if (file_exists($file)) {
ob_start();
//important or other posts will fail
if (isset($_SERVER['HTTPS'])) {
header('Pragma: ');
header('Cache-Control: ');
