(ids) add ruleset to model and ui

834a23d0 · Ad Schellevis · 410493eb · 834a23d0 · 834a23d0 · 834a23d0
Commit 834a23d0 authored Jun 30, 2015 by Ad Schellevis
4 changed files
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
@@ -210,6 +210,69 @@ class SettingsController extends ApiControllerBase
        }
    }

+    /**
+     * list all installable rules including current status
+     * @return array|mixed
+     * @throws \Exception
+     */
+    public function listInstallableRulesetsAction()
+    {
+        $backend = new Backend();
+        $response = $backend->configdRun("ids list installablerulesets");
+        $data = json_decode($response, true);
+        if ($data != null && array_key_exists("items", $data)) {
+            $result = array("items"=>array());
+            foreach ($data['items'] as $filename => $fileinfo) {
+                $item = array();
+                $item['description'] = $fileinfo['description'];
+                $item['filename'] = $fileinfo['filename'];
+                // retrieve status from model
+                $item['enabled'] = (string)$this->getModel()->getFileNode($fileinfo['filename'])->enabled;
+                $result['rows'][] = $item;
+            }
+            $result['rowCount'] = count($result['rows']);
+            $result['total'] = count($result['rows']);
+            $result['current'] = 1;
+            return $result;
+        } else {
+            return array();
+        }
+    }
+
+    /**
+     * toggle usage of rule file or set enabled / disabled depending on parameters
+     * @param $filename (target) rule file name
+     * @param $enabled desired state enabled(1)/disabled(1), leave empty for toggle
+     * @return array status 0/1 or error
+     * @throws \Exception
+     * @throws \Phalcon\Validation\Exception
+     */
+    public function toggleInstalledRulesetAction($filename, $enabled = null)
+    {
+        $result = array("status" => "none");
+        if ($this->request->isPost()) {
+            $backend = new Backend();
+            $response = $backend->configdRun("ids list installablerulesets");
+            $data = json_decode($response, true);
+            if ($data != null && array_key_exists("items", $data) && array_key_exists($filename, $data['items'])) {
+                $node = $this->getModel()->getFileNode($filename);
+                if ($enabled == "0" || $enabled == "1") {
+                    $node->enabled = (string)$enabled;
+                } elseif ((string)$node->enabled == "1") {
+                    $node->enabled = "0";
+                } else {
+                    $node->enabled = "1";
+                }
+                $result['status'] = $node->enabled;
+                $this->getModel()->serializeToConfig();
+                Config::getInstance()->save();
+            } else {
+                $result['status'] = "error";
+            }
+        }
+        return $result;
+    }
+
    /**
     * toggle rule enable status
     * @param $sid
@@ -243,7 +306,7 @@ class SettingsController extends ApiControllerBase
        $settingsNodes = array('general');
        $result = array();
        if ($this->request->isGet()) {
-            $mdlIDS = new IDS();
+            $mdlIDS = $this->getModel();
            $result['ids'] = array();
            foreach ($settingsNodes as $key) {
                $result['ids'][$key] = $mdlIDS->$key->getNodes();
@@ -261,7 +324,7 @@ class SettingsController extends ApiControllerBase
        $result = array("result"=>"failed");
        if ($this->request->isPost()) {
            // load model and update with provided data
-            $mdlIDS = new IDS();
+            $mdlIDS = $this->getModel();
            $mdlIDS->setNodes($this->request->getPost("ids"));

            // perform validation

--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.php
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.php
@@ -32,8 +32,14 @@ use OPNsense\Base\BaseModel;

 class IDS extends BaseModel
 {
+    /**
+     * @var array internal list of all sid's in this object
+     */
    private $sid_list = array();

+    /**
+     * update internal cache of sid's
+     */
    private function updateSIDlist()
    {
        if (count($this->sid_list) == 0) {
@@ -111,4 +117,23 @@ class IDS extends BaseModel
        }

    }
+
+    /**
+     * retrieve (rule) file entry from config or add a new one
+     * @param string $filename list of filename to merge into config
+     * @return BaseField number of appended items
+     */
+    public function getFileNode($filename)
+    {
+        foreach ($this->files->file->__items as $NodeKey => $NodeValue) {
+            if ($filename == $NodeValue->filename) {
+                return $NodeValue;
+            }
+        }
+        // add a new node
+        $node = $this->files->file->Add();
+        $node->filename = $filename;
+
+        return $node ;
+    }
 }
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@@ -16,6 +16,18 @@
                </enabled>
            </rule>
        </rules>
+        <files>
+            <file type="ArrayField">
+                <filename type="TextField">
+                    <Required>Y</Required>
+                    <Mask>/^(.){1,255}$/</Mask>
+                </filename>
+                <enabled type="BooleanField">
+                    <default>0</default>
+                    <Required>Y</Required>
+                </enabled>
+            </file>
+        </files>
        <general>
            <enabled type="BooleanField">
                <default>0</default>

--- a/src/opnsense/mvc/app/views/OPNsense/IDS/index.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/IDS/index.volt
@@ -97,6 +97,9 @@ POSSIBILITY OF SUCH DAMAGE.
            return request;
        }

+        /**
+         * grid installed rules
+         */
        $("#grid-installedrules").UIBootgrid(
                {   search:'/api/ids/settings/searchinstalledrules',
                    get:'/api/ids/settings/getRuleInfo/',
@@ -120,6 +123,9 @@ POSSIBILITY OF SUCH DAMAGE.
                }
        );

+        /**
+         * grid query alerts
+         */
        $("#grid-alerts").UIBootgrid(
                {   search:'/api/ids/service/queryAlerts',
                    get:'/api/ids/service/getAlertInfo/',
@@ -135,6 +141,29 @@ POSSIBILITY OF SUCH DAMAGE.
                    }
                });

+        /**
+         * grid for installable rule files
+         */
+        $("#grid-rule-files").UIBootgrid(
+                {   search:'/api/ids/settings/listInstallableRulesets',
+                    toggle:'/api/ids/settings/toggleInstalledRuleset/',
+                    options:{
+                        multiSelect:false,
+                        selection:false,
+                        navigation:0,
+                        formatters:{
+                            rowtoggle: function (column, row) {
+                                if (parseInt(row[column.id], 2) == 1) {
+                                    var toggle = "<span style=\"cursor: pointer;\" class=\"fa fa-check-square-o command-toggle\" data-value=\"1\" data-row-id=\"" + row.filename + "\"></span>";
+                                } else {
+                                    var toggle = "<span style=\"cursor: pointer;\" class=\"fa fa-square-o command-toggle\" data-value=\"0\" data-row-id=\"" + row.filename + "\"></span>";
+                                }
+                                return toggle;
+                            }
+                        }
+                    }
+                });
+
        /*************************************************************************************************************
         * Commands
         *************************************************************************************************************/
@@ -174,6 +203,34 @@ POSSIBILITY OF SUCH DAMAGE.
 <div class="tab-content content-box tab-content">
    <div id="settings" class="tab-pane fade in active">
        {{ partial("layout_partials/base_form",['fields':formGeneralSettings,'id':'frm_GeneralSettings'])}}
+        <!-- add installable rule files -->
+        <table class="table table-striped table-condensed table-responsive">
+            <colgroup>
+                <col class="col-md-3"/>
+                <col class="col-md-9"/>
+            </colgroup>
+            <tbody>
+            <tr>
+                <td><div class="control-label">
+                    <i class="fa fa-info-circle text-muted"></i>
+                    <b>rulesets</b>
+                    </div>
+                </td>
+                <td>
+                <table id="grid-rule-files" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogRule">
+                    <thead>
+                    <tr>
+                        <th data-column-id="enabled" data-formatter="rowtoggle" data-sortable="false"  data-width="10em">enabled</th>
+                        <th data-column-id="filename" data-type="string" data-visible="true" data-identifier="true">filename</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    </tbody>
+                </table>
+                </td>
+            </tr>
+            </tbody>
+        </table>
    </div>
    <div id="rules" class="tab-pane fade in">
        <div class="bootgrid-header container-fluid">