aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-12-05 00:03:31 -0500
committerbmeeks8 <bmeeks8@bellsouth.net>2014-12-15 12:15:45 -0500
commit94aafa5bcef07d85b2fdc820457594ce047f425e (patch)
tree367af32d7766d94ef52e8873ac00bd952bb3315b
parentd7334cf34d4a7e2825137d96c06e5a8327f7520c (diff)
downloadpfsense-packages-94aafa5bcef07d85b2fdc820457594ce047f425e.tar.gz
pfsense-packages-94aafa5bcef07d85b2fdc820457594ce047f425e.tar.bz2
pfsense-packages-94aafa5bcef07d85b2fdc820457594ce047f425e.zip
Add support for IP REPUTATION to GUI code.
-rw-r--r--config/suricata/suricata.priv.inc4
-rw-r--r--config/suricata/suricata.xml20
-rw-r--r--config/suricata/suricata_alerts.php1
-rw-r--r--config/suricata/suricata_app_parsers.php2
-rw-r--r--config/suricata/suricata_barnyard.php2
-rw-r--r--config/suricata/suricata_blocked.php1
-rw-r--r--config/suricata/suricata_define_vars.php2
-rw-r--r--config/suricata/suricata_defs.inc2
-rw-r--r--config/suricata/suricata_download_updates.php1
-rw-r--r--config/suricata/suricata_etiqrisk_update.php144
-rw-r--r--config/suricata/suricata_flow_stream.php2
-rw-r--r--config/suricata/suricata_generate_yaml.php26
-rw-r--r--config/suricata/suricata_global.php1
-rw-r--r--config/suricata/suricata_interfaces.php1
-rw-r--r--config/suricata/suricata_interfaces_edit.php7
-rw-r--r--config/suricata/suricata_ip_list_mgmt.php387
-rw-r--r--config/suricata/suricata_ip_reputation.php472
-rw-r--r--config/suricata/suricata_iprep_list_browser.php99
-rw-r--r--config/suricata/suricata_logs_browser.php1
-rw-r--r--config/suricata/suricata_logs_mgmt.php1
-rw-r--r--config/suricata/suricata_migrate_config.php28
-rw-r--r--config/suricata/suricata_passlist.php1
-rw-r--r--config/suricata/suricata_passlist_edit.php1
-rw-r--r--config/suricata/suricata_post_install.php11
-rw-r--r--config/suricata/suricata_rules.php2
-rw-r--r--config/suricata/suricata_rulesets.php2
-rw-r--r--config/suricata/suricata_sid_mgmt.php1
-rw-r--r--config/suricata/suricata_suppress.php1
-rw-r--r--config/suricata/suricata_suppress_edit.php1
-rw-r--r--config/suricata/suricata_sync.xml5
-rw-r--r--config/suricata/suricata_uninstall.php1
-rw-r--r--config/suricata/suricata_yaml_template.inc14
32 files changed, 1233 insertions, 11 deletions
diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc
index d6edab9a..84ede368 100644
--- a/config/suricata/suricata.priv.inc
+++ b/config/suricata/suricata.priv.inc
@@ -36,12 +36,16 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules_flowb
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rulesets.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_os_policy_engine.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_global.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_ip_list_mgmt.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_ip_reputation.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_iprep_list_browser.php*";
$priv_list['page-services-suricata']['match'][] = "pkg_edit.php?xml=suricata/suricata.xml*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_check_cron_misc.inc*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_yaml_template.inc*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata.inc*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_defs.inc*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_geoipupdate.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_etiqrisk_update.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_uninstall.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_generate_yaml.php*";
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index 03355b25..d2ede036 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -118,6 +118,11 @@
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_etiqrisk_update.php</item>
+ <prefix>/usr/local/pkg/suricata/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
<item>https://packages.pfsense.org/packages/config/suricata/suricata_download_updates.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
@@ -233,6 +238,21 @@
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_ip_list_mgmt.php</item>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_ip_reputation.php</item>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_iprep_list_browser.php</item>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/widgets/javascript/</prefix>
<chmod>0644</chmod>
<item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.js</item>
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 595d96a9..f151e173 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -455,6 +455,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 51514ee5..cfa34a54 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -475,6 +475,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
@@ -487,6 +488,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), true, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index 24aa1653..5c05fa4c 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -259,6 +259,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -271,6 +272,7 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/suricata/suricata_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_blocked.php b/config/suricata/suricata_blocked.php
index a091835d..4f4bf095 100644
--- a/config/suricata/suricata_blocked.php
+++ b/config/suricata/suricata_blocked.php
@@ -193,6 +193,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td>
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index 040244b0..b94292c3 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -187,6 +187,7 @@ if ($savemsg)
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -199,6 +200,7 @@ if ($savemsg)
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), true, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_defs.inc b/config/suricata/suricata_defs.inc
index ab1b5a58..0a34b391 100644
--- a/config/suricata/suricata_defs.inc
+++ b/config/suricata/suricata_defs.inc
@@ -95,6 +95,8 @@ if (!defined("ET_DNLD_FILENAME"))
define("ET_DNLD_FILENAME", "emerging.rules.tar.gz");
if (!defined("ETPRO_DNLD_FILENAME"))
define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
+if (!defined("ET_IQRISK_DNLD_URL"))
+ define("ET_IQRISK_DNLD_URL", "https://rules.emergingthreatspro.com/_xxx_/reputation/");
if (!defined("GPLV2_DNLD_FILENAME"))
define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
if (!defined("GPLV2_DNLD_URL"))
diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php
index 62898a2b..1abb32d6 100644
--- a/config/suricata/suricata_download_updates.php
+++ b/config/suricata/suricata_download_updates.php
@@ -192,6 +192,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_etiqrisk_update.php b/config/suricata/suricata_etiqrisk_update.php
new file mode 100644
index 00000000..f4a84403
--- /dev/null
+++ b/config/suricata/suricata_etiqrisk_update.php
@@ -0,0 +1,144 @@
+<?php
+/*
+ * suricata_etiqrisk_update.php
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("config.inc");
+require_once("functions.inc");
+require("/usr/local/pkg/suricata/suricata_defs.inc");
+
+/*************************************************************************
+ * Hack for backwards compatibility with older 2.1.x pfSense versions *
+ * that did not contain the new "download_file()" utility function *
+ * present in 2.2 and higher. *
+ *************************************************************************/
+if(!function_exists("download_file")) {
+ function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0) {
+ global $config, $g;
+
+ $fp = fopen($destination, "wb");
+
+ if (!$fp)
+ return false;
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl);
+ curl_setopt($ch, CURLOPT_FILE, $fp);
+ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout);
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
+ curl_setopt($ch, CURLOPT_HEADER, false);
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version")));
+
+ if (!empty($config['system']['proxyurl'])) {
+ curl_setopt($ch, CURLOPT_PROXY, $config['system']['proxyurl']);
+ if (!empty($config['system']['proxyport']))
+ curl_setopt($ch, CURLOPT_PROXYPORT, $config['system']['proxyport']);
+ if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) {
+ @curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_ANY | CURLAUTH_ANYSAFE);
+ curl_setopt($ch, CURLOPT_PROXYUSERPWD, "{$config['system']['proxyuser']}:{$config['system']['proxypass']}");
+ }
+ }
+
+ @curl_exec($ch);
+ $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+ fclose($fp);
+ curl_close($ch);
+ return ($http_code == 200) ? true : $http_code;
+ }
+}
+
+/**********************************************************************
+ * Start of main code *
+ **********************************************************************/
+global $g, $config;
+$iprep_path = SURICATA_IPREP_PATH;
+$iqRisk_tmppath = "{$g['tmp_path']}/IQRisk/";
+$success = FALSE;
+
+// If auto-updates of GeoIP are disabled, then exit
+if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == "off")
+ return(0);
+else
+ log_error(gettext("[Suricata] Updating the Emerging Threats IQRisk IP List..."));
+
+// Construct the download URL using the saved ET IQRisk Subscriber Code
+if (!empty($config['installedpackages']['suricata']['config'][0]['iqrisk_code'])) {
+ $et_iqrisk_url = str_replace("_xxx_", $config['installedpackages']['suricata']['config'][0]['iqrisk_code'], ET_IQRISK_DNLD_URL);
+}
+else {
+ log_error(gettext("[Suricata] No IQRisk subscriber code found! Aborting scheduled update of Emerging Threats IQRisk IP List."));
+ return(0);
+}
+
+// Download the IP List files to a temporary location
+safe_mkdir("$iqRisk_tmppath");
+if (download_file("{$et_iqrisk_url}categories.txt", "{$iqRisk_tmppath}categories.txt") != true)
+ log_error(gettext("[Suricata] An error occurred downloading the 'categories.txt' file for IQRisk."));
+if (download_file("{$et_iqrisk_url}iprepdata.txt.gz", "{$iqRisk_tmppath}iprepdata.txt.gz") != true)
+ log_error(gettext("[Suricata] An error occurred downloading the 'iprepdata.txt.gz' file for IQRisk."));
+
+// If the files downloaded successfully, unpack them and store
+// the list files in the SURICATA_IPREP_PATH directory.
+if (file_exists("{$iqRisk_tmppath}categories.txt")) {
+ @rename("{$iqRisk_tmppath}categories.txt", "{$iprep_path}categories.txt");
+ $success = TRUE;
+}
+if (file_exists("{$iqRisk_tmppath}iprepdata.txt.gz")) {
+ mwexec("/usr/bin/gunzip -f {$iqRisk_tmppath}iprepdata.txt.gz");
+ @rename("{$iqRisk_tmppath}iprepdata.txt", "{$iprep_path}iprepdata.txt");
+ $success = TRUE;
+}
+
+// Cleanup the tmp directory path
+rmdir_recursive("$iqRisk_tmppath");
+
+log_error(gettext("[Suricata] Emerging Threats IQRisk IP List update finished."));
+
+// If successful, signal any running Suricata process to live reload the rules and IP lists
+if ($success == TRUE && is_process_running("suricata")) {
+ foreach ($config['installedpackages']['suricata']['rule'] as $value) {
+ if ($value['enable_iprep'] == "on") {
+ suricata_reload_config($value);
+ sleep(2);
+ }
+ }
+}
+
+?>
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index 53c4e010..9467ea7c 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -467,6 +467,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
@@ -479,6 +480,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php
index 704caa76..1ace4044 100644
--- a/config/suricata/suricata_generate_yaml.php
+++ b/config/suricata/suricata_generate_yaml.php
@@ -702,6 +702,32 @@ else
/* Configure the IP REP section */
$iprep_path = rtrim(SURICATA_IPREP_PATH, '/');
+$iprep_config = "# IP Reputation\n";
+if ($suricatacfg['enable_iprep'] == "on") {
+ $iprep_config .= "default-reputation-path: {$iprep_path}\n";
+ $iprep_config .= "reputation-categories-file: {$iprep_path}/{$suricatacfg['iprep_catlist']}\n";
+ $iprep_config .= "reputation-files:";
+
+ if (!is_array($suricatacfg['iplist_files']['item']))
+ $suricatacfg['iplist_files']['item'] = array();
+
+ foreach ($suricatacfg['iplist_files']['item'] as $f)
+ $iprep_config .= "\n - $f";
+}
+
+/* Configure Host Table settings */
+if (!empty($suricatacfg['host_memcap']))
+ $host_memcap = $suricatacfg['host_memcap'];
+else
+ $host_memcap = "16777216";
+if (!empty($suricatacfg['host_hash_size']))
+ $host_hash_size = $suricatacfg['host_hash_size'];
+else
+ $host_hash_size = "4096";
+if (!empty($suricatacfg['host_prealloc']))
+ $host_prealloc = $suricatacfg['host_prealloc'];
+else
+ $host_prealloc = "1000";
// Create the rules files and save in the interface directory
suricata_prepare_rule_files($suricatacfg, $suricatacfgdir);
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index b462a7c8..eb657465 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -216,6 +216,7 @@ if ($input_errors)
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 3c2e1d6a..e996a24f 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -182,6 +182,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td>
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index d523a8b5..13526031 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -394,6 +394,11 @@ if ($_POST["save"] && !$input_errors) {
$natent['smb_parser'] = "yes";
$natent['msn_parser'] = "detection-only";
+ $natent['enable_iprep'] = "off";
+ $natent['host_memcap'] = "16777216";
+ $natent['host_hash_size'] = "4096";
+ $natent['host_prealloc'] = "1000";
+
$default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd" );
if (!is_array($natent['host_os_policy']['item']))
$natent['host_os_policy']['item'] = array();
@@ -477,6 +482,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -489,6 +495,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_ip_list_mgmt.php b/config/suricata/suricata_ip_list_mgmt.php
new file mode 100644
index 00000000..b63d3e77
--- /dev/null
+++ b/config/suricata/suricata_ip_list_mgmt.php
@@ -0,0 +1,387 @@
+<?php
+/*
+ * suricata_ip_list_mgmt.php
+ *
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+global $config;
+
+if (!is_array($config['installedpackages']['suricata']['rule']))
+ $config['installedpackages']['suricata']['rule'] = array();
+
+// Hard-code the path where IP Lists are stored
+// and disregard any user-supplied path element.
+$iprep_path = SURICATA_IPREP_PATH;
+
+// Set default to not show IP List editor controls
+$iplist_edit_style = "display: none;";
+
+function suricata_is_iplist_active($iplist) {
+
+ /***************************************************
+ * This function checks all configured Suricata *
+ * interfaces to see if the passed IP List is used *
+ * as a whitelist or blacklist by an interface. *
+ * *
+ * Returns: TRUE if IP List is in use *
+ * FALSE if IP List is not in use *
+ ***************************************************/
+
+ global $g, $config;
+
+ if (!is_array($config['installedpackages']['suricata']['rule']))
+ return FALSE;
+
+ foreach ($config['installedpackages']['suricata']['rule'] as $rule) {
+ if (is_array($rule['iplist_files']['item'])) {
+ foreach ($rule['iplist_files']['item'] as $file) {
+ if ($file == $iplist)
+ return TRUE;
+ }
+ }
+ }
+ return FALSE;
+}
+
+// If doing a postback, used typed values, else load from stored config
+if (!empty($_POST)) {
+ $pconfig = $_POST;
+}
+else {
+ $pconfig['et_iqrisk_enable'] = $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'];
+ $pconfig['iqrisk_code'] = $config['installedpackages']['suricata']['config'][0]['iqrisk_code'];
+}
+
+// Validate IQRisk settings if enabled and saving them
+if ($_POST['save']) {
+ if ($pconfig['et_iqrisk_enable'] == 'on' && empty($pconfig['iqrisk_code']))
+ $input_errors[] = gettext("You must provide a valid IQRisk subscription code when IQRisk downloads are enabled!");
+
+ if (!$input_errors) {
+ $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = $_POST['et_iqrisk_enable'] ? 'on' : 'off';
+ $config['installedpackages']['suricata']['config'][0]['iqrisk_code'] = $_POST['iqrisk_code'];
+ write_config("Suricata pkg: modified IP Lists settings.");
+
+ /* Toggle cron task for ET IQRisk updates if setting was changed */
+ if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) {
+ include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php");
+ install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root");
+ }
+ elseif ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php"))
+ install_cron_job("/usr/local/pkg/suricata/suricata_etiqrisk_update.php", FALSE);
+ }
+}
+
+if (isset($_POST['upload'])) {
+ if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) {
+ $tmp_name = $_FILES["iprep_fileup"]["tmp_name"];
+ $name = $_FILES["iprep_fileup"]["name"];
+ move_uploaded_file($tmp_name, "{$iprep_path}{$name}");
+ }
+ else
+ $input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}");
+}
+
+if (isset($_POST['iplist_delete']) && isset($_POST['iplist_fname'])) {
+ if (!suricata_is_iplist_active($_POST['iplist_fname']))
+ unlink_if_exists("{$iprep_path}{$_POST['iplist_fname']}");
+ else
+ $input_errors[] = gettext("This IP List is currently assigned to an interface and cannot be deleted until it is removed from the configured interface.");
+}
+
+if (isset($_POST['iplist_edit']) && isset($_POST['iplist_fname'])) {
+ $file = $iprep_path . basename($_POST['iplist_fname']);
+ $data = file_get_contents($file);
+ if ($data !== FALSE) {
+ $iplist_data = htmlspecialchars($data);
+ $iplist_edit_style = "display: table-row-group;";
+ $iplist_name = basename($_POST['iplist_fname']);
+ unset($data);
+ }
+ else {
+ $input_errors[] = gettext("An error occurred reading the file.");
+ }
+}
+
+if (isset($_POST['iplist_edit_save']) && isset($_POST['iplist_data'])) {
+ if (strlen(basename($_POST['iplist_name'])) > 0) {
+ $file = $iprep_path . basename($_POST['iplist_name']);
+ $data = str_replace("\r\n", "\n", $_POST['iplist_data']);
+ file_put_contents($file, $data);
+ unset($data);
+ }
+ else {
+ $input_errors[] = gettext("You must provide a valid filename for the IP List.");
+ $iplist_edit_style = "display: table-row-group;";
+ }
+}
+
+// Get all files in the IP Lists sub-directory as an array
+// Leave this as the last thing before spewing the page HTML
+// so we can pick up any changes made to files in code above.
+$ipfiles = return_dir_as_array($iprep_path);
+
+$pgtitle = gettext("Suricata: IP Reputation Lists");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+
+if ($savemsg)
+ print_info_box($savemsg);
+?>
+
+<form action="/suricata/suricata_ip_list_mgmt.php" enctype="multipart/form-data" method="post" name="iform" id="iform">
+<input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
+<input type="hidden" name="iplist_fname" id="iplist_fname" value=""/>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tbody>
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
+ $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), true, "/suricata/suricata_ip_list_mgmt.php");
+ display_top_tabs($tab_array, true);
+?>
+</td>
+</tr>
+<tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tbody>
+ <tr>
+ <td colspan="2" class="listtopic"><?php echo gettext("Emerging Threats IQRisk Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"><?php echo gettext("Enable"); ?></td>
+ <td width="78%">
+ <input id="et_iqrisk_enable" name="et_iqrisk_enable" type="checkbox" value="on" <?php if ($pconfig['et_iqrisk_enable'] == "on") echo "checked"; ?> onclick="IQRisk_enablechange();"/>
+ <?php echo gettext("Checking this box enables auto-download of IQRisk List updates with a valid subscription code."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%"></td>
+ <td width="78%">
+ <table id="iqrisk_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0">
+ <tbody>
+ <tr>
+ <td colspan="2" class="vexpl"><?=gettext("IQRisk IP lists will auto-update nightly at midnight. Visit ") .
+ "<a href='http://emergingthreats.net/products/iqrisk-rep-list/' target='_blank'>" . gettext("http://emergingthreats.net/products/iqrisk-rep-list/") . "</a>" .
+ gettext(" for more information or to purchase a subscription.");?><br/><br/></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("IQRisk Subscription Configuration"); ?></span></b></td>
+ </tr>
+ <tr>
+ <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
+ <td><input name="iqrisk_code" type="text" class="formfld unknown" id="iqrisk_code" size="52"
+ value="<?=htmlspecialchars($pconfig['iqrisk_code']);?>"/><br/>
+ <?php echo gettext("Obtain an Emerging Threats IQRisk List subscription code and paste it here."); ?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" align="center"><input name="save" id="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save IQRisk settings");?>"/></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="vtable"></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="listtopic"><?=gettext("IP Reputation List Files Management");?>
+ </td>
+ </tr>
+ <tbody id="uploader" style="display: none;">
+ <tr>
+ <td colspan="2" class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list"><input type="file" name="iprep_fileup" id="iprep_fileup" class="formfld file" size="50" />
+ &nbsp;&nbsp;<input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>"
+ title="<?=gettext("Upload selected IP list to firewall");?>"/>&nbsp;&nbsp;<input type="button"
+ value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /></td>
+ </tr>
+ </tbody>
+ <tr>
+ <td colspan="2">
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <colgroup>
+ <col style="width: 50%;">
+ <col style="width: 25%;">
+ <col style="width: 15%;">
+ <col style="width: 10%;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("IP List File Name"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Last Modified Time"); ?></th>
+ <th class="listhdrr"><?php echo gettext("File Size"); ?></th>
+ <th class="list" align="left"><img style="cursor:pointer;" name="iplist_new" id="iplist_new"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Create a new IP List');?>"
+ onClick="document.getElementById('iplist_data').value=''; document.getElementById('iplist_name').value=''; document.getElementById('iplist_editor').style.display='table-row-group'; document.getElementById('iplist_name').focus();" />
+ <img style="cursor:pointer;" name="iplist_import" id="iplist_import"
+ onClick="document.getElementById('uploader').style.display='table-row-group';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Import/Upload an IP List');?>"/></th>
+ </tr>
+ </thead>
+ <?php foreach ($ipfiles as $file): ?>
+ <tr>
+ <td class="listr"><?php echo gettext($file); ?></td>
+ <td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td>
+ <td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td>
+ <td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]"
+ onClick="document.getElementById('iplist_fname').value='<?=$file;?>';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/>
+ <input type="image" name="iplist_delete[]" id="iplist_delete[]"
+ onClick="document.getElementById('iplist_fname').value='<?=$file;?>';
+ return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file? Click OK to continue or CANCEL to quit.");?>');"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td>
+ </tr>
+ <?php endforeach; ?>
+ <tbody id="iplist_editor" style="<?=$iplist_edit_style;?>">
+ <tr>
+ <td colspan="4">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="4"><strong><?=gettext("File Name: ");?></strong><input type="text" size="45" class="formfld file" id="iplist_name" name="iplist_name" value="<?=$iplist_name;?>" />
+ &nbsp;&nbsp;<input type="submit" id="iplist_edit_save" name="iplist_edit_save" value="<?=gettext(" Save ");?>" title="<?=gettext("Save changes and close editor");?>" />
+ &nbsp;&nbsp;<input type="button" id="cancel" name="cancel" value="<?=gettext("Cancel");?>" onClick="document.getElementById('iplist_editor').style.display='none';"
+ title="<?=gettext("Abandon changes and quit editor");?>" /></td>
+ </tr>
+ <tr>
+ <td colspan="4">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="4"><textarea wrap="off" cols="80" rows="20" name="iplist_data" id="iplist_data"
+ style="width:95%; height:100%;"><?=$iplist_data;?></textarea>
+ </td>
+ </tr>
+ </tbody>
+ <tbody>
+ <tr>
+ <td colspan="3" class="vexpl"><br/><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span>
+ <br/><?php echo gettext("1. A Categories file is required and contains CSV fields for Category Number, Short Name " .
+ "and Description per line."); ?></td>
+ <td class="list"></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl"><?php echo gettext("2. IP Lists are CSV format text files " .
+ "with an IP address, category code and reputation score per line."); ?></td>
+ <td class="list"></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl"><?php echo gettext("3. IP Lists are stored as local files " .
+ "on the firewall and their contents are not saved as part of the firewall configuration file."); ?></td>
+ <td class="list"></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl"><?php echo gettext("4. Visit ") .
+ "<a href='https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationFormat' target='_blank'>" .
+ gettext("https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationFormat") . "</a>" .
+ gettext(" for IP Reputation file formats."); ?><br/></td>
+ <td class="list"></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl"><br/><strong><?php echo gettext("IP List Controls:"); ?></strong><br/><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the editor window to create a new IP List. You must provide a valid filename before saving.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the file upload control for uploading a new IP List from your local machine.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the IP List in a text edit control for viewing or editing its contents.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Deletes the IP List from the file system after confirmation.");?></td>
+ <td class="list"></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </td>
+</tr>
+</tbody>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+
+<script language="JavaScript">
+<!--
+
+function IQRisk_enablechange() {
+ var endis = !(document.iform.et_iqrisk_enable.checked);
+ if (endis)
+ document.getElementById("iqrisk_code_tbl").style.display = "none";
+ else
+ document.getElementById("iqrisk_code_tbl").style.display = "table";
+}
+
+// Initialize the form controls state based on saved settings
+IQRisk_enablechange();
+
+//-->
+</script>
+</body>
+</html>
diff --git a/config/suricata/suricata_ip_reputation.php b/config/suricata/suricata_ip_reputation.php
new file mode 100644
index 00000000..d1e67dad
--- /dev/null
+++ b/config/suricata/suricata_ip_reputation.php
@@ -0,0 +1,472 @@
+<?php
+/*
+ * suricata_ip_reputation.php
+ * part of pfSense
+ *
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+global $g, $rebuild_rules;
+
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+if (is_null($id)) {
+ header("Location: /suricata/suricata_interfaces.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['suricata']['rule'])) {
+ $config['installedpackages']['suricata']['rule'] = array();
+}
+if (!is_array($config['installedpackages']['suricata']['rule'][$id]['iplist_files']['item'])) {
+ $config['installedpackages']['suricata']['rule'][$id]['iplist_files']['item'] = array();
+}
+
+$a_nat = &$config['installedpackages']['suricata']['rule'];
+
+// If doing a postback, used typed values, else load from stored config
+if (!empty($_POST)) {
+ $pconfig = $_POST;
+}
+else {
+ $pconfig = $a_nat[$id];
+}
+
+$iprep_path = SURICATA_IPREP_PATH;
+$if_real = get_real_interface($a_nat[$id]['interface']);
+$suricata_uuid = $config['installedpackages']['suricata']['rule'][$id]['uuid'];
+
+if ($_POST['mode'] == 'iprep_catlist_add' && isset($_POST['iplist'])) {
+ $pconfig = $_POST;
+
+ // Test the supplied IP List file to see if it exists
+ if (file_exists($_POST['iplist'])) {
+ if (!$input_errors) {
+ $a_nat[$id]['iprep_catlist'] = basename($_POST['iplist']);
+ write_config("Suricata pkg: added new IP Rep Categories file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('suricata_iprep');
+ }
+ }
+ else
+ $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist'];
+ $pconfig['iplist_files'] = $a_nat[$id]['iplist_files'];
+}
+
+if ($_POST['mode'] == 'iplist_add' && isset($_POST['iplist'])) {
+ $pconfig = $_POST;
+
+ // Test the supplied IP List file to see if it exists
+ if (file_exists($_POST['iplist'])) {
+ // See if the file is already assigned to the interface
+ foreach ($a_nat[$id]['iplist_files']['item'] as $f) {
+ if ($f == basename($_POST['iplist'])) {
+ $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file.");
+ break;
+ }
+ }
+ if (!$input_errors) {
+ $a_nat[$id]['iplist_files']['item'][] = basename($_POST['iplist']);
+ write_config("Suricata pkg: added new whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('suricata_iprep');
+ }
+ }
+ else
+ $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found.");
+
+ $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist'];
+ $pconfig['iplist_files'] = $a_nat[$id]['iplist_files'];
+}
+
+if ($_POST['iprep_catlist_del']) {
+ $pconfig = $_POST;
+ unset($a_nat[$id]['iprep_catlist']);
+ write_config("Suricata pkg: deleted blacklist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('suricata_iprep');
+ $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist'];
+ $pconfig['iplist_files'] = $a_nat[$id]['iplist_files'];
+}
+
+if ($_POST['iplist_del'] && is_numericint($_POST['list_id'])) {
+ $pconfig = $_POST;
+ unset($a_nat[$id]['iplist_files']['item'][$_POST['list_id']]);
+ write_config("Suricata pkg: deleted whitelist file for IP REPUTATION preprocessor.");
+ mark_subsystem_dirty('suricata_iprep');
+ $pconfig['iplist_files'] = $a_nat[$id]['iplist_files'];
+ $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist'];
+}
+
+if ($_POST['save'] || $_POST['apply']) {
+
+ $pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist'];
+ $pconfig['iplist_files'] = $a_nat[$id]['iplist_files'];
+
+ // Validate HOST TABLE values
+ if ($_POST['host_memcap'] < 1000000 || !is_numericint($_POST['host_memcap']))
+ $input_errors[] = gettext("The value for 'Host Memcap' must be a numeric integer greater than 1MB (1,048,576!");
+ if ($_POST['host_hash_size'] < 1024 || !is_numericint($_POST['host_hash_size']))
+ $input_errors[] = gettext("The value for 'Host Hash Size' must be a numeric integer greater than 1024!");
+ if ($_POST['host_prealloc'] < 10 || !is_numericint($_POST['host_prealloc']))
+ $input_errors[] = gettext("The value for 'Host Memcap' must be a numeric integer greater than 10!");
+
+ // Validate CATEGORIES FILE
+ if ($_POST['enable_iprep'] == 'on') {
+ if (empty($a_nat[$id]['iprep_catlist']))
+ $input_errors[] = gettext("Assignment of a 'Categories File' is required when IP Reputation is enabled!");
+ }
+
+ // If no errors write to conf
+ if (!$input_errors) {
+
+ $a_nat[$id]['enable_iprep'] = $_POST['enable_iprep'] ? 'on' : 'off';
+ $a_nat[$id]['host_memcap'] = str_replace(",", "", $_POST['host_memcap']);
+ $a_nat[$id]['host_hash_size'] = str_replace(",", "", $_POST['host_hash_size']);
+ $a_nat[$id]['host_prealloc'] = str_replace(",", "", $_POST['host_prealloc']);
+
+ write_config("Suricata pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}.");
+
+ // Update the suricata conf file for this interface
+ $rebuild_rules = false;
+ conf_mount_rw();
+ suricata_generate_yaml($a_nat[$id]);
+ conf_mount_ro();
+
+ // Soft-restart Suricata to live-load new variables
+ suricata_reload_config($a_nat[$id]);
+
+ // We have saved changes and done a soft restart, so clear "dirty" flag
+ clear_subsystem_dirty('suricata_iprep');
+ }
+}
+
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
+$pgtitle = gettext("Suricata: Interface {$if_friendly} IP Reputation Preprocessor");
+include_once("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include("fbegin.inc");
+/* Display Alert message */
+if ($input_errors)
+ print_input_errors($input_errors);
+if ($savemsg)
+ print_info_box($savemsg);
+?>
+
+<form action="suricata_ip_reputation.php" method="post" name="iform" id="iform" >
+<input name="id" type="hidden" value="<?=$id;?>" />
+<input type="hidden" id="mode" name="mode" value="" />
+<input name="iplist" id="iplist" type="hidden" value="" />
+<input name="list_id" id="list_id" type="hidden" value="" />
+
+<?php if (is_subsystem_dirty('suricata_iprep') && !$input_errors): ?><p>
+<?php print_info_box_np(gettext("A change has been made to IP List file assignments.") . "<br/>" . gettext("You must apply the change in order for it to take effect."));?>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td>
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
+ $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
+ display_top_tabs($tab_array, true);
+ echo '</td></tr>';
+ echo '<tr><td class="tabnavtbl">';
+ $tab_array = array();
+ $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), true, "/suricata/suricata_ip_reputation.php?id={$id}");
+ display_top_tabs($tab_array, true);
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Reputation Configuration"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Enable"); ?>
+ </td>
+ <td width="78%" class="vtable"><input name="enable_iprep" type="checkbox" value="on" <?php if ($pconfig['enable_iprep'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Use IP Reputation Lists on this interface. Default is ") . "<strong>" . gettext("Not Checked.") . "</strong>"; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Host Memcap"); ?></td>
+ <td width="78%" class="vtable"><input name="host_memcap" type="text"
+ class="formfld unknown" id="host_memcap" size="8" value="<?=htmlspecialchars($pconfig['host_memcap']); ?>"/>&nbsp;
+ <?php echo gettext("Host table memory cap in bytes. Default is ") . "<strong>" .
+ gettext("16777216") . "</strong>" . gettext(" (16 MB). Min value is 1048576 (1 MB)."); ?><br/><br/><?php echo gettext("When using large IP Reputation Lists, this value may need to be increased " .
+ "to avoid exhausting Host Table memory.") ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Host Hash Size"); ?></td>
+ <td width="78%" class="vtable"><input name="host_hash_size" type="text"
+ class="formfld unknown" id="host_hash_size" size="8" value="<?=htmlspecialchars($pconfig['host_hash_size']); ?>"/>&nbsp;
+ <?php echo gettext("Host Hash Size in bytes. Default is ") . "<strong>" .
+ gettext("4096") . "</strong>" . gettext(". Min value is 1024."); ?><br/><br/><?php echo gettext("When using large IP Reputation Lists, this value may need to be increased."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Host Preallocations"); ?></td>
+ <td width="78%" class="vtable"><input name="host_prealloc" type="text"
+ class="formfld unknown" id="host_prealloc" size="8" value="<?=htmlspecialchars($pconfig['host_prealloc']); ?>"/>&nbsp;
+ <?php echo gettext("Number of Host Table entries to preallocate. Default is ") . "<strong>" .
+ gettext("1000") . "</strong>" . gettext(". Min value is 10."); ?><br/><br/><?php echo gettext("Increasing this value may slightly improve performance when using large IP Reputation Lists."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">&nbsp;</td>
+ <td width="78%" class="vtable">
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?=gettext("Save IP Reputation configuration");?>" />
+ &nbsp;&nbsp;<?=gettext("Click to save configuration settings and live-reload the running Suricata configuration.");?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Assign Categories File"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("Categories File"); ?>
+ </td>
+ <td width="78%" class="vtable">
+ <!-- iprep_catlist_chooser -->
+ <div id="iprep_catlistChooser" name="iprep_catlistChooser" style="display:none; border:1px dashed gray; width:98%;"></div>
+ <table width="95%" border="0" cellpadding="2" cellspacing="0">
+ <colgroup>
+ <col style="text-align:left;">
+ <col style="width: 30%; text-align:left;">
+ <col style="width: 17px;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("Categories Filename"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th>
+ <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="iprep_catlist_add" id="iprep_catlist_add"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Assign a Categories file');?>"/></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php if (!empty($pconfig['iprep_catlist'])) :
+ $class = "listr";
+ if (!file_exists("{$iprep_path}{$pconfig['iprep_catlist']}")) {
+ $filedate = gettext("Unknown -- file missing");
+ $class .= " red";
+ }
+ else
+ $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$pconfig['iprep_catlist']}"));
+ ?>
+ <tr>
+ <td class="<?=$class;?>"><?=htmlspecialchars($pconfig['iprep_catlist']);?></td>
+ <td class="<?=$class;?>" align="center"><?=$filedate;?></td>
+ <td class="list"><input type="image" name="iprep_catlist_del[]" id="iprep_catlist_del[]" onClick="document.getElementById('list_id').value='0';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17"
+ border="0" title="<?php echo gettext('Remove this Categories file');?>"/></td>
+ </tr>
+ <?php endif; ?>
+ <tr>
+ <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span>
+ <?=gettext("change to Categories File assignment is immediately saved.");?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Assign IP Reputation Lists"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign='top' class='vncell'><?php echo gettext("IP Reputation Files"); ?>
+ </td>
+ <td width="78%" class="vtable">
+ <table width="95%" border="0" cellpadding="2" cellspacing="0">
+ <!-- iplist_chooser -->
+ <div id="iplistChooser" name="iplistChooser" style="display:none; border:1px dashed gray; width:98%;"></div>
+ <colgroup>
+ <col style="text-align:left;">
+ <col style="width: 30%; text-align:left;">
+ <col style="width: 17px;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("IP Reputation List Filename"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Modification Time"); ?></th>
+ <th class="list" align="left" valign="middle"><img style="cursor:pointer;" name="iplist_add" id="iplist_add"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17"
+ border="0" title="<?php echo gettext('Assign a whitelist file');?>"/></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php foreach($pconfig['iplist_files']['item'] as $k => $f):
+ $class = "listr";
+ if (!file_exists("{$iprep_path}{$f}")) {
+ $filedate = gettext("Unknown -- file missing");
+ $class .= " red";
+ }
+ else
+ $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$f}"));
+ ?>
+ <tr>
+ <td class="<?=$class;?>"><?=htmlspecialchars($f);?></td>
+ <td class="<?=$class;?>" align="center"><?=$filedate;?></td>
+ <td class="list"><input type="image" name="iplist_del[]" id="iplist_del[]" onClick="document.getElementById('list_id').value='<?=$k;?>';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17"
+ border="0" title="<?php echo gettext('Remove this whitelist file');?>"/></td>
+ </tr>
+ <?php endforeach; ?>
+ <tr>
+ <td colspan="2" class="vexpl"><span class="red"><strong><?=gettext("Note: ");?></strong></span>
+ <?=gettext("changes to IP Reputation List assignments are immediately saved.");?></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+
+<script type="text/javascript">
+Event.observe(
+ window, "load",
+ function() {
+ Event.observe(
+ "iprep_catlist_add", "click",
+ function() {
+ Effect.Appear("iprep_catlistChooser", { duration: 0.25 });
+ iprep_catlistChoose();
+ }
+ );
+
+ Event.observe(
+ "iplist_add", "click",
+ function() {
+ Effect.Appear("iplistChooser", { duration: 0.25 });
+ iplistChoose();
+ }
+ );
+ }
+);
+
+function iprep_catlistChoose() {
+ Effect.Appear("iprep_catlistChooser", { duration: 0.25 });
+ if($("fbCurrentDir"))
+ $("fbCurrentDir").innerHTML = "Loading ...";
+
+ new Ajax.Request(
+ "/suricata/suricata_iprep_list_browser.php?container=iprep_catlistChooser&target=iplist&val=" + new Date().getTime(),
+ { method: "get", onComplete: iprep_catlistComplete }
+ );
+}
+
+function iplistChoose() {
+ Effect.Appear("iplistChooser", { duration: 0.25 });
+ if($("fbCurrentDir"))
+ $("fbCurrentDir").innerHTML = "Loading ...";
+
+ new Ajax.Request(
+ "/suricata/suricata_iprep_list_browser.php?container=iplistChooser&target=iplist&val=" + new Date().getTime(),
+ { method: "get", onComplete: iplistComplete }
+ );
+}
+
+function iprep_catlistComplete(req) {
+ $("iprep_catlistChooser").innerHTML = req.responseText;
+
+ var actions = {
+ fbClose: function() { $("iprep_catlistChooser").hide(); },
+ fbFile: function() { $("iplist").value = this.id;
+ $("mode").value = 'iprep_catlist_add';
+ document.getElementById('iform').submit();
+ }
+ }
+
+ for(var type in actions) {
+ var elem = $("iprep_catlistChooser");
+ var list = elem.getElementsByClassName(type);
+ for (var i=0; i<list.length; i++) {
+ Event.observe(list[i], "click", actions[type]);
+ list[i].style.cursor = "pointer";
+ }
+ }
+}
+
+function iplistComplete(req) {
+ $("iplistChooser").innerHTML = req.responseText;
+
+ var actions = {
+ fbClose: function() { $("iplistChooser").hide(); },
+ fbFile: function() { $("iplist").value = this.id;
+ $("mode").value = 'iplist_add';
+ document.getElementById('iform').submit();
+ }
+ }
+
+ for(var type in actions) {
+ var elem = $("iplistChooser");
+ var list = elem.getElementsByClassName(type);
+ for (var i=0; i<list.length; i++) {
+ Event.observe(list[i], "click", actions[type]);
+ list[i].style.cursor = "pointer";
+ }
+ }
+}
+
+</script>
+
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/suricata/suricata_iprep_list_browser.php b/config/suricata/suricata_iprep_list_browser.php
new file mode 100644
index 00000000..9dd65311
--- /dev/null
+++ b/config/suricata/suricata_iprep_list_browser.php
@@ -0,0 +1,99 @@
+<?php
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+// Fetch a list of files inside a given directory
+function get_content($dir) {
+ $files = array();
+
+ clearstatcache();
+ $fd = @opendir($dir);
+ while($entry = @readdir($fd)) {
+ if($entry == ".") continue;
+ if($entry == "..") continue;
+
+ if(is_dir("{$dir}/{$entry}"))
+ continue;
+ else
+ array_push($files, $entry);
+ }
+ @closedir($fd);
+ natsort($files);
+ return $files;
+}
+
+$path = SURICATA_IPREP_PATH;
+$container = htmlspecialchars($_GET['container']);
+$target = htmlspecialchars($_GET['target']);
+
+// ----- header -----
+?>
+<table width="100%">
+ <tr>
+ <td width="25px" align="left">
+ <img src="/filebrowser/images/icon_home.gif" alt="Home" title="Home" />
+ </td>
+ <td><b><?=$path;?></b></td>
+ <td class="fbClose" align="right">
+ <img onClick="$('<?=$container;?>').hide();" border="0" src="/filebrowser/images/icon_cancel.gif" alt="Close" title="Close" />
+ </td>
+ </tr>
+ <tr>
+ <td id="fbCurrentDir" colspan="3" class="vexpl" align="left">
+ </td>
+ </tr>
+<?php
+$files = get_content($path);
+
+// ----- files -----
+foreach($files as $file):
+ $ext = strrchr($file, ".");
+
+ if($ext == ".css" ) $type = "code";
+ elseif($ext == ".html") $type = "code";
+ elseif($ext == ".xml" ) $type = "code";
+ elseif($ext == ".rrd" ) $type = "database";
+ elseif($ext == ".gif" ) $type = "image";
+ elseif($ext == ".jpg" ) $type = "image";
+ elseif($ext == ".png" ) $type = "image";
+ elseif($ext == ".js" ) $type = "js";
+ elseif($ext == ".pdf" ) $type = "pdf";
+ elseif($ext == ".inc" ) $type = "php";
+ elseif($ext == ".php" ) $type = "php";
+ elseif($ext == ".conf") $type = "system";
+ elseif($ext == ".pid" ) $type = "system";
+ elseif($ext == ".sh" ) $type = "system";
+ elseif($ext == ".bz2" ) $type = "zip";
+ elseif($ext == ".gz" ) $type = "zip";
+ elseif($ext == ".tgz" ) $type = "zip";
+ elseif($ext == ".zip" ) $type = "zip";
+ else $type = "generic";
+
+ $fqpn = "{$path}/{$file}";
+
+ if(is_file($fqpn)) {
+ $fqpn = realpath($fqpn);
+ $size = sprintf("%.2f KiB", filesize($fqpn) / 1024);
+ }
+ else
+ $size = "";
+?>
+ <tr>
+ <td></td>
+ <td class="fbFile vexpl" id="<?=$fqpn;?>" align="left">
+ <?php $filename = str_replace("//","/", "{$path}/{$file}"); ?>
+ <div onClick="$('<?=$target;?>').value='<?=$filename?>'; $('<?=$container;?>').hide();">
+ <img src="/filebrowser/images/file_<?=$type;?>.gif" alt="" title="">
+ &nbsp;<?=$file;?>
+ </div>
+ </td>
+ <td align="right" class="vexpl">
+ <?=$size;?>
+ </td>
+ </tr>
+<?php
+endforeach;
+?>
+</table>
+
diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php
index d4475625..320ba23f 100644
--- a/config/suricata/suricata_logs_browser.php
+++ b/config/suricata/suricata_logs_browser.php
@@ -151,6 +151,7 @@ if ($input_errors) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td>
diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php
index f929675d..aa353d6f 100644
--- a/config/suricata/suricata_logs_mgmt.php
+++ b/config/suricata/suricata_logs_mgmt.php
@@ -278,6 +278,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php
index a53b5ba4..75e13315 100644
--- a/config/suricata/suricata_migrate_config.php
+++ b/config/suricata/suricata_migrate_config.php
@@ -86,6 +86,14 @@ if (empty($config['installedpackages']['suricata']['config'][0]['autogeoipupdate
$updated_cfg = true;
}
+/**********************************************************/
+/* Create new ET IQRisk IP Reputation setting if not set */
+/**********************************************************/
+if (empty($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'])) {
+ $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = "off";
+ $updated_cfg = true;
+}
+
// Now process the interface-specific settings
foreach ($rule as &$r) {
@@ -344,6 +352,26 @@ foreach ($rule as &$r) {
$updated_cfg = true;
}
+ /**********************************************************/
+ /* Create interface IP Reputation settings if not set */
+ /**********************************************************/
+ if (empty($pconfig['enable_iprep'])) {
+ $pconfig['enable_iprep'] = "off";
+ $updated_cfg = true;
+ }
+ if (empty($pconfig['host_memcap'])) {
+ $pconfig['host_memcap'] = "16777216";
+ $updated_cfg = true;
+ }
+ if (empty($pconfig['host_hash_size'])) {
+ $pconfig['host_hash_size'] = "4096";
+ $updated_cfg = true;
+ }
+ if (empty($pconfig['host_prealloc'])) {
+ $pconfig['host_prealloc'] = "1000";
+ $updated_cfg = true;
+ }
+
// Save the new configuration data into the $config array pointer
$r = $pconfig;
}
diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php
index cdfd98e8..af1c4ff5 100644
--- a/config/suricata/suricata_passlist.php
+++ b/config/suricata/suricata_passlist.php
@@ -132,6 +132,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td>
diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php
index b27f69ad..5bfeb8b9 100644
--- a/config/suricata/suricata_passlist_edit.php
+++ b/config/suricata/suricata_passlist_edit.php
@@ -226,6 +226,7 @@ if ($savemsg)
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td>
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 3a82d567..f82ff42c 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -119,6 +119,13 @@ if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] !=
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root");
}
+// Download the latest ET IQRisk updates and create cron task if the feature is not disabled
+if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] != 'off') {
+ log_error(gettext("[Suricata] Installing Emerging Threats IQRisk IP List..."));
+ include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php");
+ install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root");
+}
+
// remake saved settings if previously flagged
if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
@@ -247,8 +254,8 @@ if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettin
conf_mount_ro();
// Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.3";
-write_config("Suricata pkg v2.0.3: post-install configuration saved.");
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.1";
+write_config("Suricata pkg v2.1: post-install configuration saved.");
// Done with post-install, so clear flag
unset($g['suricata_postinstall']);
diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index 539a1daf..480bf3dc 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -473,6 +473,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -485,6 +486,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index c4e5cbf4..7f591b6c 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -290,6 +290,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -302,6 +303,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php
index 2ad2fa5a..eed75f96 100644
--- a/config/suricata/suricata_sid_mgmt.php
+++ b/config/suricata/suricata_sid_mgmt.php
@@ -290,6 +290,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), true, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php
index b3ef6fd4..8fcb3dd5 100644
--- a/config/suricata/suricata_suppress.php
+++ b/config/suricata/suricata_suppress.php
@@ -146,6 +146,7 @@ if ($input_errors) {
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td>
diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php
index 24572789..8814d3db 100644
--- a/config/suricata/suricata_suppress_edit.php
+++ b/config/suricata/suricata_suppress_edit.php
@@ -168,6 +168,7 @@ if ($savemsg)
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php");
display_top_tabs($tab_array, true);
?>
</td></tr>
diff --git a/config/suricata/suricata_sync.xml b/config/suricata/suricata_sync.xml
index a85a3d63..28083d8d 100644
--- a/config/suricata/suricata_sync.xml
+++ b/config/suricata/suricata_sync.xml
@@ -110,6 +110,11 @@ POSSIBILITY OF SUCH DAMAGE.
<no_drop_down/>
<active/>
</tab>
+ <tab>
+ <text>IP Lists</text>
+ <url>/suricata/suricata_ip_list_mgmt.php</url>
+ <no_drop_down/>
+ </tab>
</tabs>
<fields>
<field>
diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php
index b8928d17..c8048a1c 100644
--- a/config/suricata/suricata_uninstall.php
+++ b/config/suricata/suricata_uninstall.php
@@ -78,6 +78,7 @@ install_cron_job("suricata_check_for_rule_updates.php", false);
install_cron_job("suricata_check_cron_misc.inc", false);
install_cron_job("{$suri_pf_table}" , false);
install_cron_job("suricata_geoipupdate.php" , false);
+install_cron_job("suricata_etiqrisk_update.php", false);
/* See if we are to keep Suricata log files on uninstall */
if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') {
diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc
index 82c449d3..a8b06ebe 100644
--- a/config/suricata/suricata_yaml_template.inc
+++ b/config/suricata/suricata_yaml_template.inc
@@ -225,9 +225,9 @@ reassembly:
# Host table is used by tagging and per host thresholding subsystems.
host:
- hash-size: 4096
- prealloc: 1000
- memcap: 16777216
+ hash-size: {$host_hash_size}
+ prealloc: {$host_prealloc}
+ memcap: {$host_memcap}
# Host specific policies for defragmentation and TCP stream reassembly.
host-os-policy:
@@ -286,18 +286,14 @@ vars:
port-groups:
{$port_vars}
-# Set the order of alerts bassed on actions
+# Set the order of alerts based on actions
action-order:
- pass
- drop
- reject
- alert
-# IP Reputation
-#reputation-categories-file: {$iprep_path}/categories.txt
-#default-reputation-path: {$iprep_path}
-#reputation-files:
-# - reputation.list
+{$iprep_config}
# Limit for the maximum number of asn1 frames to decode (default 256)
asn1-max-frames: {$asn1_max_frames}