From 23d161f332c9cbd65feb9dda8937d324625a9bc7 Mon Sep 17 00:00:00 2001
From: Christophe Vandeplas <christophe@vandeplas.com>
Date: Wed, 21 Mar 2012 21:44:18 +0100
Subject: [PATCH] minor micro changes

---
 app/Controller/EventsController.php | 44 ++++++++++++++---------------
 app/LICENSE                         |  7 +++--
 app/View/Signatures/add.ctp         |  6 ++--
 3 files changed, 30 insertions(+), 27 deletions(-)

diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 7de542efe..f410fbe61 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -577,28 +577,28 @@ class EventsController extends AppController {
 	                            '$HOME_NET',                    // src_ip
 	                            'any',                          // src_port
 	                            '->',                           // direction
-	                    $signature['value'],            // dst_ip
+	                            $signature['value'],            // dst_ip
 	                            'any',                          // dst_port
-	                            'Outgoing To Bad IP',          // msg
+	                            'Outgoing To Bad IP',           // msg
 	                            '',                             // rule_content
 	                            '',                             // tag
-	                    $sid,                           // sid
-	                    1                               // rev
+        	                    $sid,                           // sid
+        	                    1                               // rev
 	                    );
 	                    break;
 	                case 'ip-src':
 	                    $rules[] = sprintf($rule_format,
 	                            'ip',                           // proto
-	                    $signature['value'],            // src_ip
+	                            $signature['value'],            // src_ip
 	                            'any',                          // src_port
 	                            '->',                           // direction
 	                            '$HOME_NET',                    // dst_ip
 	                            'any',                          // dst_port
-	                            'Incoming From Bad IP',        // msg
+	                            'Incoming From Bad IP',         // msg
 	                            '',                             // rule_content
 	                            '',                             // tag
-	                    $sid,                           // sid
-	                    1                               // rev
+        	                    $sid,                           // sid
+        	                    1                               // rev
 	                    );
 	                    break;
 	                case 'email-src':
@@ -612,8 +612,8 @@ class EventsController extends AppController {
 	                            'Bad Source Email Address',     // msg
 	                            'flow:established,to_server; content:"MAIL FROM|3a|"; nocase; content:"'.$signature['value'].'"; nocase;',  // rule_content
 	                            'tag:session,600,seconds;',     // tag
-	                    $sid,                           // sid
-	                    1                               // rev
+        	                    $sid,                           // sid
+        	                    1                               // rev
 	                    );
 	                    break;
 	                case 'email-dst':
@@ -627,8 +627,8 @@ class EventsController extends AppController {
 	                            'Bad Destination Email Address',// msg
 	                            'flow:established,to_server; content:"RCPT TO|3a|"; nocase; content:"'.$signature['value'].'"; nocase;',  // rule_content
 	                        	'tag:session,600,seconds;',     // tag
-	                    $sid,                           // sid
-	                    1                               // rev
+        	                    $sid,                           // sid
+        	                    1                               // rev
 	                    );
 	                    break;
 	                case 'email-subject':
@@ -643,8 +643,8 @@ class EventsController extends AppController {
 	                            'Bad Email Subject',            // msg
 	                            'flow:established,to_server; content:"Subject|3a|"; nocase; content:"'.$signature['value'].'"; nocase;',  // rule_content
 	                    		'tag:session,600,seconds;',     // tag
-	                    $sid,                           // sid
-	                    1                               // rev
+        	                    $sid,                           // sid
+        	                    1                               // rev
 	                    );
 	                    break;
 	                case 'email-attachment':
@@ -659,8 +659,8 @@ class EventsController extends AppController {
 	                            'Bad Email Attachment',         // msg
 	                            'flow:established,to_server; content:"Content-Disposition: attachment|3b| filename=|22|"; content:"'.$signature['value'].'|22|";',  // rule_content   // LATER test and finetune this snort rule https://secure.wikimedia.org/wikipedia/en/wiki/MIME#Content-Disposition
 	                    		'tag:session,600,seconds;',     // tag
-	                    $sid,                           // sid
-	                    1                               // rev
+        	                    $sid,                           // sid
+        	                    1                               // rev
 	                    );
 	                    break;
 	                case 'domain':
@@ -674,8 +674,8 @@ class EventsController extends AppController {
 	                            'Lookup Of Bad Domain',         // msg
 	                            'content:"'.$this->_dnsNameToRawFormat($signature['value']).'"; nocase;',  // rule_content
 	                        	'',                             // tag
-	                    $sid,                           // sid
-	                    1                               // rev
+        	                    $sid,                           // sid
+        	                    1                               // rev
 	                    );
 	                    $sid++;
 	                    $rules[] = sprintf($rule_format,
@@ -688,8 +688,8 @@ class EventsController extends AppController {
 	                            'Lookup Of Bad Domain',         // msg
 	                            'content:"'.$this->_dnsNameToRawFormat($signature['value']).'"; nocase;',  // rule_content
 	                        	'',                             // tag
-	                    $sid,                           // sid
-	                    1                               // rev
+        	                    $sid,                           // sid
+        	                    1                               // rev
 	                    );
 	                    $sid++;
 	                    //break; // domain should also detect the domain name in a url
@@ -704,8 +704,8 @@ class EventsController extends AppController {
 	                            'Outgoing Bad HTTP URL',        // msg
 	                            'flow:to_server,established; uricontent:"'.$signature['value'].'"; nocase;',  // rule_content
 	                        	'tag:session,600,seconds;',     // tag
-	                    $sid,                           // sid
-	                    1                               // rev
+        	                    $sid,                           // sid
+        	                    1                               // rev
 	                    );
 	                    break;
 	                case 'user-agent':
diff --git a/app/LICENSE b/app/LICENSE
index e4ece5ce5..4ef6be853 100644
--- a/app/LICENSE
+++ b/app/LICENSE
@@ -1,10 +1,13 @@
 Copyright Belgian Defence
 
-Authors:
+Founder: 
 	Christophe Vandeplas <christophe@vandeplas.com>
 	
+Developers:
+	Christophe Vandeplas <christophe@vandeplas.com>
+	Andrzej Dereszowski <deresz@gmail.com>
 	
 This code should not be distributed without prior approval from the copyright holders.
 
 Please send us bug-fixes, improvements and new features so we can add it to the main code tree.
-  
\ No newline at end of file
+
diff --git a/app/View/Signatures/add.ctp b/app/View/Signatures/add.ctp
index c75507a63..e943e0525 100755
--- a/app/View/Signatures/add.ctp
+++ b/app/View/Signatures/add.ctp
@@ -7,14 +7,14 @@
 		echo $this->Form->input('type');
 		echo $this->Form->input('to_ids', array(
 		    		'checked' => true,
-		    		'after' => ' <i>Is this attribute specific enough to be exported to IDS systems?</i>',
+		    		'after' => ' <i>Can we make an IDS signature based on this attribute ?</i>',
 		));
 		echo $this->Form->input('value', array(
 					'error' => array('escape' => false),
 		));
 		echo $this->Form->input('batch_import', array(
-						    'type' => 'checkbox',
-							'after' => ' <i>When selected each line in the value field will be an attribute.</i>',
+				    'type' => 'checkbox',
+					'after' => ' <i>When selected each line in the value field will be an attribute.</i>',
 		));
 	?>
 	</fieldset>