<?php
/*
** SnortCenter Copyright (C) 2001,2002,2003 Stefan Dens
**
** Author: Stefan Dens <hide@address.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
?>
<?php
include("config.php");
include_once("list.inc.php");
$db = NewACIDDBConnection($DBlib_path, $DBtype);
$db->acidConnect($DB_dbname, $DB_host, $DB_port, $DB_user, $DB_password);
if ($do == 'Deactivate') {
deactivate($rule, 'rules', $sensor_id, $db);
}
if ($do == 'Activate') {
activate($rule, 'rules', $sensor_id, $db);
}
if ($do == 'Delete') {
delete($rule, 'rules', $db);
}
// goto rule
if ($goto) {
$found = 0;
if ($find_what == 'sid') {
$result = $db->acidExecute("SELECT category FROM rules where sid='$goto'");
$message = $goto;
$goto_sid = $goto;
$myrow = $result->acidFetchRow();
$tmp_category = $myrow[0];
} else {
$result = $db->acidExecute("SELECT category, sid FROM rules where msg LIKE '%$goto%'");
$message = $goto;
$myrow = $result->acidFetchRow();
$tmp_category = $myrow[0];
$goto = $myrow[1];
$goto_sid = $goto;
}
//echo $tmp_category;
$result = $db->acidExecute("SELECT sid FROM rules where category='$tmp_category'");
$counter = 0;
while (($myrow = $result->acidFetchRow()) && ($found == 0)) {
$counter++;
if ($goto == $myrow[0]) {
$found = 1;
$category = $tmp_category;
}
}
if ($found == 0) {
$counter = 0;
$error_msg = "<FONT color='white'><BLINK><B>$lang[59] $message $lang[60]</B></BLINK></FONT>";
}
$counter = $counter / 25;
$counter = floor($counter);
//echo $counter;
$s_pos = $counter;
}
include('top.inc.php');
echo "<TABLE align=center><TR valign=top><TD width=33%>";
echo " $error_msg</TD><TD width=33%>";
echo " </TD><TD width=33%>";
display_goto($sensor_id);
echo "</TD></TR></TABLE>";
display_list_start($sensor_id, 1);
if ($hide_deactive == 'yes') {
$tel = 0;
foreach ($rule_act as $sid_select) {
$sid_select = trim($sid_select, '|');
if ($tel == 0) {
$where_active = "( sid='$sid_select'";
$tel++;
} else {
$where_active .= " OR sid='$sid_select'";
}
}
if ($where_active) $where_active .= ' )';
}
if ($hide_active == 'yes') {
$tel = 0;
foreach ($rule_act as $sid_select) {
$sid_select = trim($sid_select, '|');
if ($tel == 0) {
$where_active = " ! ( sid='$sid_select'";
$tel++;
} else {
$where_active .= " OR sid='$sid_select'";
}
}
if ($where_active) $where_active .= ' )';
}
if (($category) and ($category != 'All rules')) {
$where = " where (category='$category')";
if ($where_active) {
$where .= " AND ".$where_active;
}
}
elseif($where_active) {
$where = " where $where_active";
}
if ($s_pos == '' || $s_pos === '<<') {
$s_pos = 0;
}
$result = $db->acidExecute("SELECT COUNT(sid) FROM rules" . $where);
$myrow = $result->acidFetchRow();
$max = $myrow[0];
$tmp = ($max % 100);
if ($s_pos === '>>') {
$s_pos = round((($max / 25)), 0);
$r_pos = $max-25;
if ($tmp >= 50 && $tmp > 0) {
$end_pos = $s_pos +1;
$tmp_max = $max / 25;
$tmp_max = round($tmp_max, 0);
} else {
$end_pos = $s_pos;
$tmp_max = $max / 25;
$tmp_max = round($tmp_max, 0)-1;
}
} else {
$r_pos = $s_pos * 25;
if ($tmp >= 50 && $tmp > 0) {
$end_pos = $s_pos;
$tmp_max = $max / 25;
$tmp_max = round($tmp_max, 0);
} else {
$end_pos = $s_pos;
$tmp_max = $max / 25;
$tmp_max = ceil($tmp_max)-1;
}
}
if ($tmp_max == 0) $tmp_max = 1;
$max_page = $r_pos + 25;
if ($max_page > $max) $max_page = $max;
$limit = $r_pos;
#$limit = " LIMIT $r_pos,25";
$r_pos = $r_pos+1;
echo "<TR><TD width=33%><FONT color='#FFFFFF'><B> $lang[61] </B></FONT><BR> <SELECT name=category onchange='this.form.submit();'><OPTION>All rules</OPTION>";
$result = $db->acidExecute("SELECT distinct(category) from rules ORDER BY category ASC");
while ($myrow = $result->acidFetchRow()) {
echo "<OPTION ";
if ($category == $myrow[0]) echo 'selected';
echo ">$myrow[0]</OPTION>";
}
$result->acidFreeRows();
echo '</SELECT></TD>';
echo "<INPUT TYPE=HIDDEN NAME=hide_active VALUE=$hide_active><INPUT TYPE=HIDDEN NAME=hide_deactive VALUE=$hide_deactive>";
# -- Make limit selection table --
if ($max > 25) {
echo "<TD width=33% align=center><FONT color='#FFFFFF'><B>$lang[62] [$r_pos - $max_page] $lang[63] $max</B><BR>";
if ($s_pos -5 > 0) {
echo ("<INPUT TYPE=SUBMIT name=s_pos value ='<<'> ");
}
for ($i = $s_pos - 5; $i < $end_pos; $i++) {
if ($i >= 0) {
echo ("<INPUT TYPE=SUBMIT name=s_pos value ='$i'> ");
}
else $to_low++;
}
echo ("$end_pos ");
for ($i = $end_pos + 1; $i <= $end_pos + $to_low + 5 and $i <= $tmp_max; $i++) {
echo ("<INPUT TYPE=SUBMIT name=s_pos value ='$i'> ");
$c++;
}
if ($end_pos < ($tmp_max-$c)) {
echo ("<INPUT TYPE=SUBMIT name=s_pos value ='>>'> ");
}
echo("</TD></FONT>");
}
# END-- Make limit selection table --
echo '<TD width=33%> </TD></TR><TR><TD> </TD></TR></TABLE>
<table style="font-size:10px; font-family: Times;" border=0 cellpadding=2 cellspacing=0 width=100%>';
$result = $db->acidExecute("SELECT action, proto ,src_ip, src_port, operator, dst_ip, dst_port, msg, ttl, tos, id, ipoption, ip_proto, fragbits, dsize, flags, window, seq, ack, itype, icode, icmp_id, icmp_seq, content_list, session, rpc, resp, react, classtype, priority, tag, sameip, stateless, sid, rev, activates, activates_by, count, logto, flow, fragoffset, pcre, flowbits, threshold, snortsam, multiple_rest, rule_mark FROM rules" . $where ." ORDER BY category ASC ", $limit, 25);
$count = 0;
while ($myrow = $result->acidFetchRow()) {
list($action, $proto , $src_ip, $src_port, $operator, $dst_ip, $dst_port, $msg, $ttl, $tos, $id, $ipoption, $ip_proto, $fragbits, $dsize, $flags, $window, $seq, $ack, $itype, $icode, $icmp_id, $icmp_seq, $content_list, $session, $rpc, $resp, $react, $classtype, $priority, $tag, $sameip, $stateless, $sid, $rev, $activates, $activates_by, $count, $logto, $flow, $fragoffset, $pcre, $flowbits, $threshold, $snortsam, $multiple_rest, $rule_mark) = $myrow;
$content = '';
$uricontent = '';
$reference = '';
$result_content = $db->acidExecute("SELECT content, off_set, depth, nocase, regex, rawbytes, distance, within, byte_jump, byte_test, asn1, isdataat FROM content WHERE sid='$sid' ORDER BY sequence");
while ($myrow_content = $result_content->acidFetchRow()) {
list($content_tmp, $off_set, $depth, $nocase, $regex, $rawbytes, $distance, $within, $byte_jump, $byte_test, $asn1, $isdataat ) = $myrow_content;
if ($content_tmp) {
$content .= " content: $content_tmp;";
}
if ($off_set >= '0') {
$content .= " offset: $off_set;";
}
if ($depth >= '0') {
$content .= " depth: $depth;";
}
if ($distance >= '0') {
$content .= " distance: $distance;";
}
if ($within >= '0') {
$content .= " within: $within;";
}
if ($byte_jump) {
$content .= " byte_jump: $byte_jump;";
}
if ($byte_test) {
$content .= " byte_test: $byte_test;";
}
if ($asn1) {
$content .= " asn1: $asn1;";
}
if ($isdataat) {
$content .= " isdataat: $isdataat;";
}
if ($nocase) {
$content .= " nocase;";
}
if ($regex) {
$content .= " regex;";
}
if ($rawbytes) {
$content .= " rawbytes;";
}
}
$result_uricontent = $db->acidExecute("SELECT uricontent, off_set, depth, nocase, regex, distance, within, byte_jump, byte_test, asn1 FROM uricontent WHERE sid='$sid'");
while ($myrow_uricontent = $result_uricontent->acidFetchRow()) {
list($uricontent_tmp, $off_set, $depth, $nocase, $regex, $distance, $within, $byte_jump, $byte_test, $asn1) = $myrow_uricontent;
$uricontent .= " uricontent: $uricontent_tmp;";
if ($off_set >= '0') {
$uricontent .= " offset: $off_set;";
}
if ($depth >= '0') {
$uricontent .= " depth: $depth;";
}
if ($distance >= '0') {
$uricontent .= " distance: $distance;";
}
if ($within >= '0') {
$uricontent .= " within: $within;";
}
if ($byte_jump) {
$uricontent .= " byte_jump: $byte_jump;";
}
if ($byte_test) {
$uricontent .= " byte_test: $byte_test;";
}
if ($asn1) {
$uricontent .= " asn1: $asn1;";
}
if ($nocase) {
$uricontent .= " nocase;";
}
if ($regex) {
$uricontent .= " regex;";
}
}
$result_reference = $db->acidExecute("SELECT reference FROM reference WHERE sid='$sid'");
while ($myrow_reference = $result_reference->acidFetchRow()) {
list($reference_tmp) = $myrow_reference;
$reference_array = explode(',', $reference_tmp, 2);
if (trim($reference_array[0]) == "bugtraq") {
$reference .= "<A href='$reference_url[bugtraq]$reference_array[1]' target='NEW'> reference: $reference_tmp;</A>";
}
elseif(trim($reference_array[0]) == "cve") {
$reference .= "<A href='$reference_url[cve]$reference_array[1]' target='NEW'> reference: $reference_tmp;</A>";
}
elseif((trim($reference_array[0]) == "arachNIDS") || (trim($reference_array[0]) == "arachnids")) {
$reference .= "<A href='$reference_url[arachNIDS]$reference_array[1]' target='NEW'> reference: $reference_tmp;</A>";
}
elseif(trim($reference_array[0]) == "url") {
$reference .= "<A href='http://$reference_array[1]' target='NEW'> reference: $reference_tmp;</A>";
}
elseif(trim($reference_array[0]) == "nessus") {
$reference .= "<A href='$reference_url[nessus]$reference_array[1]' target='NEW'> reference: $reference_tmp;</A>";
}
elseif((trim($reference_array[0]) == "McAfee") || (trim($reference_array[0]) == "mcafee") || (trim($reference_array[0]) == "MCAFEE")) {
$reference .= "<A href='$reference_url[McAfee]$reference_array[1].htm' target='NEW'> reference: $reference_tmp;</A>";
} else {
$reference .= " reference: $reference_tmp;";
}
}
if ($color != "white") {
$color = "white";
} else {
$color = "#DDDDDD";
}
if ($goto_sid == $sid) $color = "yellow";
echo "<TR border=1 style='border : $color;' bgcolor=$color><TD width=25 rowspan=2>";
if ($sid > 1000000 || $rule_mark == 'del' || $category == 'Unknown-Catagory.rules') {
echo "<INPUT style=\"background-color: $color;\" TYPE=checkbox name=rule[$count] value=\"$sid\">";
}
else {
echo ' ';
}
echo "</TD><TD width=25 rowspan=2><A href=\"edit_rule.php?sid=$sid&rev=$rev&sensor_id=$sensor_id&category=$category&s_pos=$s_pos\"><img alt='Edit' border=0 height=15 src='./images/edit_button.png'></A> </TD>
<TD rowspan=2>";
echo "</TD><TD>$action $proto $src_ip $src_port $operator $dst_ip $dst_port</TD></TR>";
echo "<TR bgcolor=$color><TD colspan=7>(";
if ($sid) {
echo " sid: <B>".htmlspecialchars($sid).";</B>";
}
if ($rev) {
echo " rev: <B>".htmlspecialchars($rev).";</B>";
}
if ($msg) {
echo " msg: <B>".htmlspecialchars($msg).";</B>";
}
if ($flow) {
echo " flow: ".htmlspecialchars($flow).";";
}
if ($ttl || $ttl == '0') {
echo " ttl: ".htmlspecialchars($ttl).";";
}
if ($id || $id == '0') {
echo " id: ".htmlspecialchars($id).";";
}
if ($ipoption || $ipoption == '0') {
echo " ipopts: ".htmlspecialchars($ipoption).";";
}
if ($ip_proto || $ip_proto == '0') {
echo " ip_proto: ".htmlspecialchars($ip_proto).";";
}
if ($fragbits) {
echo " fragbits: ".htmlspecialchars($fragbits).";";
}
if ($fragoffset || $fragoffset == '0') {
echo " fragoffset: ".htmlspecialchars($fragoffset).";";
}
if ($dsize || $dsize == '0') {
echo " dsize: ".htmlspecialchars($dsize).";";
}
if ($flags || $flags == '0') {
echo " flags: ".htmlspecialchars($flags).";";
}
if ($window || $window == '0') {
echo " window: ".htmlspecialchars($window).";";
}
if ($seq || $seq == '0') {
echo " seq: ".htmlspecialchars($seq).";";
}
if ($ack || $ack == '0') {
echo " ack: ".htmlspecialchars($ack).";";
}
if ($itype || $itype == '0') {
echo " itype: ".htmlspecialchars($itype).";";
}
if ($icode || $icode == '0') {
echo " icode: ".htmlspecialchars($icode).";";
}
if ($icmp_id || $icmp_id == '0') {
echo " icmp_id: ".htmlspecialchars($icmp_id).";";
}
if ($icmp_seq || $icmp_seq == '0') {
echo " icmp_seq: ".htmlspecialchars($icmp_seq).";";
}
if ($content) {
echo htmlspecialchars($content);
}
if ($uricontent) {
echo htmlspecialchars($uricontent);
}
if ($content_list) {
echo " content_list: ".htmlspecialchars($content_list).";";
}
if ($session) {
echo " session: ".htmlspecialchars($session).";";
}
//Additional Vars added Here
if ($pcre) {
echo " pcre: ".htmlspecialchars($pcre).";";
}
if ($flowbits) {
echo " flowbits: ".htmlspecialchars($flowbits).";";
}
if ($threshold) {
echo " threshold: ".htmlspecialchars($threshold).";";
}
//End Additional Vars
if ($rpc) {
echo " rpc: ".htmlspecialchars($rpc).";";
}
if ($resp) {
echo " resp: ".htmlspecialchars($resp).";";
}
if ($react) {
echo " react: ".htmlspecialchars($react).";";
}
if ($reference) {
echo $reference;
}
if ($snortsam) {
echo " fwsam: ".htmlspecialchars($snortsam).";";
}
if ($classtype) {
echo " classtype: ".htmlspecialchars($classtype).";";
}
if ($priority || $priority == '0') {
echo " priority: ".htmlspecialchars($priority).";";
}
if ($tag) {
echo " tag: ".htmlspecialchars($tag).";";
}
if ($sameip) {
echo " sameip;";
}
if ($stateless) {
echo " stateless;";
}
if ($activates) {
echo " activates: ".htmlspecialchars($activates).";";
}
if ($activates_by) {
echo " activates_by: ".htmlspecialchars($activates_by).";";
}
if ($count || $count == '0') {
echo " count: ".htmlspecialchars($count).";";
}
if ($logto) {
echo " logto: ".htmlspecialchars($logto).";";
}
if ($multiple_rest) {
echo " ".htmlspecialchars($multiple_rest);
}
echo ")</TD></TR>";
# }
$count++;
}
display_list_end(2);
include('bottom.inc.php');
$result->acidFreeRows();
$db->acidClose();
?>