} // Make sure a rule index ID is appended to the return URL if (strpos($referrer, "?id={$id}") === FALSE) { $referrer .= "?id={$id}"; } // If RETURN button clicked, exit to original calling page if ($_POST['cancel']) { header("Location: {$referrer}"); exit; } $if_real = get_real_interface($a_nat[$id]['interface']); $suricata_uuid = $a_nat[$id]['uuid']; /* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */ if ($a_nat[$id]['autoflowbitrules'] == 'on') { if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { $rules_map = suricata_load_rules_map("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } else { $savemsg = gettext("There are no flowbit-required rules necessary for the current enforcing rule set."); } } else { $input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!"); } if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) { $descr = suricata_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']); $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n"); if (empty($descr)) { $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; } else { $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n"; } if (!is_array($config['installedpackages']['suricata']['suppress'])) {
} $ruledir = "{$suricatadir}rules"; $rulefile = "{$ruledir}/{$currentruleset}"; if ($currentruleset != 'custom.rules') { // Read the current rules file into our rules map array. // If it is the auto-flowbits file, set the full path. if ($currentruleset == "Auto-Flowbit Rules") { $rulefile = "{$suricatacfgdir}/rules/" . FLOWBITS_FILENAME; } // Test for the special case of an IPS Policy file. if (substr($currentruleset, 0, 10) == "IPS Policy") { $rules_map = suricata_load_vrt_policy($a_rule[$id]['ips_policy']); } elseif (!file_exists($rulefile)) { $input_errors[] = gettext("{$currentruleset} seems to be missing!!! Please verify rules files have been downloaded, then go to the Categories tab and save the rule set again."); } else { $rules_map = suricata_load_rules_map($rulefile); } } /* Process the current category rules through any auto SID MGMT changes if enabled */ suricata_auto_sid_mgmt($rules_map, $a_rule[$id], FALSE); /* Load up our enablesid and disablesid arrays with manually enabled or disabled SIDs */ $enablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_on']); $disablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_off']); if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) { // Get the GID:SID tags embedded in the clicked rule icon. $gid = $_POST['gid']; $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, // and toggle it opposite state if present; otherwise, // add it to the appropriate modified SID list. if (isset($enablesid[$gid][$sid])) {
foreach (array_keys($rules_map) as $k1) { foreach (array_keys($rules_map[$k1]) as $k2) { $contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n"; $contents .= $rules_map[$k1][$k2]['rule'] . "\n"; } } } unset($rules_map); } elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) { // If flowbit rule, point to interface-specific file if ($file == "Auto-Flowbit Rules") { $rules_map = suricata_load_rules_map("{$suricatacfgdir}rules/" . FLOWBITS_FILENAME); } elseif ($file == "suricata.rules") { $rules_map = suricata_load_rules_map("{$suricatacfgdir}rules/suricata.rules"); } else { $rules_map = suricata_load_rules_map("{$suricatadir}rules/{$file}"); } $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule']; $wrap_flag = "soft"; } elseif ($file == "Auto-Flowbit Rules") { $contents = file_get_contents("{$suricatacfgdir}rules/{$flowbit_rules_file}"); } elseif (file_exists("{$suricatadir}rules/{$file}")) { $contents = file_get_contents("{$suricatadir}rules/{$file}"); } else { $input_errors[] = gettext("Unable to open file: {$displayfile}"); } $pgtitle = array(gettext("Suricata"), gettext("Rules File Viewer")); ?> <?php include "head.inc";