Merge pull request #905 from bmeeks8/suricata-2.1.6

16 files changed, 243 insertions, 17 deletions

diff --git a/config/suricata/deprecated_rules b/config/suricata/deprecated_rules
new file mode 100644
index 00000000..42dd6386
--- /dev/null
+++ b/config/suricata/deprecated_rules
@@ -0,0 +1,63 @@
+#
+# Obsoleted Snort VRT rule categories
+#
+snort_attack-responses.rules
+snort_backdoor.rules
+snort_bad-traffic.rules
+snort_botnet-cnc.rules
+snort_chat.rules
+snort_ddos.rules
+snort_dns.rules
+snort_dos.rules
+snort_experimental.rules
+snort_exploit.rules
+snort_finger.rules
+snort_ftp.rules
+snort_icmp-info.rules
+snort_icmp.rules
+snort_imap.rules
+snort_info.rules
+snort_misc.rules
+snort_multimedia.rules
+snort_mysql.rules
+snort_nntp.rules
+snort_oracle.rules
+snort_other-ids.rules
+snort_p2p.rules
+snort_phishing-spam.rules
+snort_policy.rules
+snort_pop2.rules
+snort_pop3.rules
+snort_rpc.rules
+snort_rservices.rules
+snort_scada.rules
+snort_scan.rules
+snort_shellcode.rules
+snort_smtp.rules
+snort_snmp.rules
+snort_specific-threats.rules
+snort_spyware-put.rules
+snort_telnet.rules
+snort_tftp.rules
+snort_virus.rules
+snort_voip.rules
+snort_web-activex.rules
+snort_web-attacks.rules
+snort_web-cgi.rules
+snort_web-client.rules
+snort_web-coldfusion.rules
+snort_web-frontpage.rules
+snort_web-iis.rules
+snort_web-misc.rules
+snort_web-php.rules
+#
+# Obsoleted Emerging Threats Categories
+#
+emerging-rbn-malvertisers.rules
+emerging-rbn.rules
+#
+# Obsoleted Emerging Threats PRO Categories
+#
+etpro-rbn-malvertisers.rules
+etpro-rbn.rules
+
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc
index 73208f61..e3028570 100644
--- a/config/suricata/suricata.inc
+++ b/config/suricata/suricata.inc
@@ -481,7 +481,7 @@ function suricata_build_list($suricatacfg, $listname = "", $passlist = false, $e
 		// iterate all vips and add to passlist
 		if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
 			foreach($config['virtualip']['vip'] as $vip) {
-				if ($vip['subnet'] && $vip['mode'] != 'proxyarp') {
+				if ($vip['subnet']) {
 					if (!in_array("{$vip['subnet']}/{$vip['subnet_bits']}", $home_net))
 						$home_net[] = "{$vip['subnet']}/{$vip['subnet_bits']}";
 				}
@@ -3231,6 +3231,73 @@ function suricata_generate_yaml($suricatacfg) {
 	unset($suricata_conf_text);
 }
 
+function suricata_remove_dead_rules() {
+
+	/*********************************************************/
+	/* This function removes dead and deprecated rules       */
+	/* category files from the base Suricata rules directory */
+	/* and from the RULESETS setting of each interface.      */
+	/* The file "deprecated_rules", if it exists, is used    */
+	/* to determine which rules files to remove.             */
+	/*********************************************************/
+
+	global $config, $g;
+	$rulesdir = SURICATADIR . "rules/";
+	$count = 0;
+	$cats = array();
+
+	// If there is no "deprecated_rules" file, then exit
+	if (!file_exists("{$rulesdir}deprecated_rules"))
+		return;
+
+	// Open a SplFileObject to read in deprecated rules
+	$file = new SplFileObject("{$rulesdir}deprecated_rules");
+	$file->setFlags(SplFileObject::READ_AHEAD | SplFileObject::SKIP_EMPTY | SplFileObject::DROP_NEW_LINE);
+	while (!$file->eof()) {
+		$line = $file->fgets();
+
+		// Skip any lines with just spaces
+		if (trim($line) == "")
+			continue;
+
+		// Skip any comment lines starting with '#'
+		if (preg_match('/^\s*\#+/', $line))
+			continue;
+
+		$cats[] = $line;
+	}
+
+	// Close the SplFileObject since we are finished with it
+	$file = null;
+
+	// Delete any dead rules files from the Suricata RULES directory
+	foreach ($cats as $file) {
+		if (file_exists("{$rulesdir}{$file}"))
+			$count++;
+		unlink_if_exists("{$rulesdir}{$file}");
+	}
+
+	// Log how many obsoleted files were removed
+	log_error(gettext("[Suricata] Removed {$count} obsoleted rules category files."));
+
+	// Now remove any dead rules files from the interface configurations
+	if (!empty($cats) && is_array($config['installedpackages']['suricata']['rule'])) {
+		foreach ($config['installedpackages']['suricata']['rule'] as &$iface) {
+			$enabled_rules = explode("||", $iface['rulesets']);
+			foreach ($enabled_rules as $k => $v) {
+				foreach ($cats as $d) {
+					if (strpos(trim($v), $d) !== false)
+						unset($enabled_rules[$k]);
+				}
+			}
+			$iface['rulesets'] = implode("||", $enabled_rules);
+		}
+	}
+
+	// Clean up
+	unset($cats, $enabled_rules);
+}
+
 /* Uses XMLRPC to synchronize the changes to a remote node */
 function suricata_sync_on_changes() {
 	global $config, $g;
@@ -3366,6 +3433,38 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna
 	if (!empty($sid_files) && $error == "")
 		log_error("[suricata] Suricata pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php).");
 
+	/*************************************************/
+	/* Send over any IPREP IP List files             */
+	/*************************************************/
+	$iprep_files = glob(SURICATA_IPREP_PATH . '*');
+	foreach ($iprep_files as $file) {
+		$content = base64_encode(file_get_contents($file));
+		$payload = "@file_put_contents('{$file}', base64_decode('{$content}'));";
+
+		/* assemble xmlrpc payload */
+		$method = 'pfsense.exec_php';
+		$params = array( XML_RPC_encode($password), XML_RPC_encode($payload) );
+	
+		log_error("[suricata] Suricata XMLRPC CARP sync sending IPREP files to {$url}:{$port}.");
+		$msg = new XML_RPC_Message($method, $params);
+		$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+		$cli->setCredentials($username, $password);
+		$resp = $cli->send($msg, $synctimeout);
+		$error = "";
+		if(!$resp) {
+			$error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}.  Failed to transfer file: " . basename($file);
+			log_error($error);
+			file_notice("sync_settings", $error, "Suricata Settings Sync", "");
+		} elseif($resp->faultCode()) {
+			$error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString();
+			log_error($error);
+			file_notice("sync_settings", $error, "Suricata Settings Sync", "");
+		}
+	}
+
+	if (!empty($iprep_files) && $error == "")
+		log_error("[suricata] Suricata pkg XMLRPC CARP sync IPREP files success with {$url}:{$port} (pfsense.exec_php).");
+
 	/**************************************************/
 	/* Send over the <suricata> portion of config.xml */
 	/* $xml will hold the section to sync.            */
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index 91708672..79189b44 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -42,7 +42,7 @@
 	<description>Suricata IDS/IPS Package</description>
 	<requirements>None</requirements>
 	<name>suricata</name>
-	<version>2.0.8 pkg v2.1.5</version>
+	<version>2.0.8 pkg v2.1.6</version>
 	<title>Services: Suricata IDS</title>
 	<include_file>/usr/local/pkg/suricata/suricata.inc</include_file>
 	<menu>
@@ -123,6 +123,11 @@
 		<chmod>0755</chmod>
 	</additional_files_needed>
 	<additional_files_needed>
+		<item>https://packages.pfsense.org/packages/config/suricata/deprecated_rules</item>
+		<prefix>/usr/local/pkg/suricata/</prefix>
+		<chmod>0755</chmod>
+	</additional_files_needed>
+	<additional_files_needed>
 		<item>https://packages.pfsense.org/packages/config/suricata/suricata_download_updates.php</item>
 		<prefix>/usr/local/www/suricata/</prefix>
 		<chmod>0755</chmod>
diff --git a/config/suricata/suricata_alerts.widget.php b/config/suricata/suricata_alerts.widget.php
index 81d17c2e..954fef17 100644
--- a/config/suricata/suricata_alerts.widget.php
+++ b/config/suricata/suricata_alerts.widget.php
@@ -124,7 +124,10 @@ function suricata_widget_get_alerts() {
 				/*              0          1           2   3   4    5                         6                 7                                       */
 				/************** *************************************************************************************************************************/
 
-				$fd = fopen("/tmp/surialerts_{$suricata_uuid}", "r");
+				if (!$fd = fopen("/tmp/surialerts_{$suricata_uuid}", "r")) {
+					log_error(gettext("[Suricata Widget] Failed to open file /tmp/surialerts_{$suricata_uuid}"));
+					continue;
+				}
 				$buf = "";
 				while (($buf = fgets($fd)) !== FALSE) {
 					$fields = array();
diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 0fa4fb2d..67334957 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -196,9 +196,11 @@ function suricata_download_file_url($url, $file_out) {
 		}
 
 		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
-		curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)");
-		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
-		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
+		curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 Chrome/43.0.2357.65 Safari/537.36");
+		curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, "TLSv1.2, TLSv1");
+		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
+		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true);
+		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
 		curl_setopt($ch, CURLOPT_TIMEOUT, 0);
 
 		// Use the system proxy server setttings if configured
@@ -604,6 +606,12 @@ if ($snortcommunityrules == 'on') {
 	}
 }
 
+// If removing deprecated rules categories, then do it
+if ($config['installedpackages']['suricata']['config'][0]['hide_deprecated_rules'] == "on") {
+	log_error(gettext("[Suricata] Hide Deprecated Rules is enabled.  Removing obsoleted rules categories."));
+	suricata_remove_dead_rules();
+}
+
 function suricata_apply_customizations($suricatacfg, $if_real) {
 
 	global $vrt_enabled, $rebuild_rules;
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index 1aff122c..eac0c2a8 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -101,10 +101,14 @@ if ($_POST) {
 	foreach ($suricata_servers as $key => $server) {
 		if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"]))
 			$input_errors[] = "Only aliases are allowed";
+		if ($_POST["def_{$key}"] && is_alias($_POST["def_{$key}"]) && trim(filter_expand_alias($_POST["def_{$key}"])) == "")
+			$input_errors[] = "FQDN aliases are not allowed for IP variables in Suricata.";
 	}
 	foreach ($suricata_ports as $key => $server) {
 		if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"]))
 			$input_errors[] = "Only aliases are allowed";
+		if ($_POST["def_{$key}"] && is_alias($_POST["def_{$key}"]) && trim(filter_expand_alias($_POST["def_{$key}"])) == "")
+			$input_errors[] = "FQDN aliases are not allowed for port variables in Suricata.";
 	}
 	/* if no errors write to suricata.yaml */
 	if (!$input_errors) {
diff --git a/config/suricata/suricata_defs.inc b/config/suricata/suricata_defs.inc
index 5467f88c..29e0a368 100644
--- a/config/suricata/suricata_defs.inc
+++ b/config/suricata/suricata_defs.inc
@@ -52,7 +52,7 @@ if (!is_array($config['installedpackages']['suricata']))
 	$config['installedpackages']['suricata'] = array();
 
 /* Get installed package version for display */
-$suricata_package_version = "Suricata {$config['installedpackages']['package'][get_pkg_id("suricata")]['version']}";
+$suricata_package_version = "{$config['installedpackages']['package'][get_pkg_id("suricata")]['version']}";
 
 // Define the installed package version
 if (!defined('SURICATA_PKG_VER'))
@@ -71,6 +71,16 @@ if (!defined('SURICATA_PBI_BASEDIR')) {
 if (!defined('SURICATA_PBI_BINDIR'))
 	define('SURICATA_PBI_BINDIR', SURICATA_PBI_BASEDIR . 'bin/');
 
+if (!defined("SURICATA_BIN_VERSION")) {
+	// Grab the Suricata binary version programmatically
+	$suricatabindir = SURICATA_PBI_BINDIR;
+	$suricataver = exec_command("{$suricatabindir}suricata -V 2>&1 |/usr/bin/cut -c26-");
+	if (!empty($suricataver))
+		define("SURICATA_BIN_VERSION", $suricataver);
+	else
+		define("SURICATA_BIN_VERSION", "");
+}
+
 // Define the name of the pf table used for IP blocks
 if (!defined('SURICATA_PF_TABLE'))
 	define('SURICATA_PF_TABLE', 'snort2c');
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index 8eea8d2d..013cde3e 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -67,6 +67,7 @@ else {
 	$pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'];
 	$pconfig['snort_rules_file'] = $config['installedpackages']['suricata']['config'][0]['snort_rules_file'];
 	$pconfig['autogeoipupdate'] = $config['installedpackages']['suricata']['config'][0]['autogeoipupdate'];
+	$pconfig['hide_deprecated_rules'] = $config['installedpackages']['suricata']['config'][0]['hide_deprecated_rules'] == "on" ? 'on' : 'off';
 }
 
 // Do input validation on parameters
@@ -99,6 +100,7 @@ if (!$input_errors) {
 		$config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'] = $_POST['enable_etopen_rules'] ? 'on' : 'off';
 		$config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'] = $_POST['enable_etpro_rules'] ? 'on' : 'off';
 		$config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] = $_POST['autogeoipupdate'] ? 'on' : 'off';
+		$config['installedpackages']['suricata']['config'][0]['hide_deprecated_rules'] = $_POST['hide_deprecated_rules'] ? 'on' : 'off';
 
 		// If any rule sets are being turned off, then remove them
 		// from the active rules section of each interface.  Start
@@ -135,6 +137,12 @@ if (!$input_errors) {
 			}
 		}
 
+		// If deprecated rules should be removed, then do it
+		if ($config['installedpackages']['suricata']['config'][0]['hide_deprecated_rules'] == "on") {
+			log_error(gettext("[Suricata] Hide Deprecated Rules is enabled.  Removing obsoleted rules categories."));
+			suricata_remove_dead_rules();
+		}
+
 		$config['installedpackages']['suricata']['config'][0]['snort_rules_file'] = $_POST['snort_rules_file'];
 		$config['installedpackages']['suricata']['config'][0]['oinkcode'] = $_POST['oinkcode'];
 		$config['installedpackages']['suricata']['config'][0]['etprocode'] = $_POST['etprocode'];
@@ -329,6 +337,13 @@ if ($input_errors)
 		</table></td>
 </tr>
 <tr>
+	<td width="22%" valign="top" class="vncell"><?php echo gettext("Hide Deprecated Rules Categories"); ?></td>
+	<td width="78%" class="vtable"><input name="hide_deprecated_rules" id="hide_deprecated_rules" type="checkbox" value="yes" 
+		<?php if ($pconfig['hide_deprecated_rules']=="on") echo "checked"; ?> />
+		&nbsp;&nbsp;<?php echo gettext("Hide deprecated rules categories in the GUI and remove them from the configuration.  Default is ") . 
+		"<strong>" . gettext("Not Checked") . "</strong>" . gettext("."); ?></td>
+</tr>
+<tr>
 	<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Rules Update Settings"); ?></td>
 </tr>
 <tr>
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index e996a24f..39291803 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -145,8 +145,9 @@ if ($_POST['toggle']) {
 	header("Location: /suricata/suricata_interfaces.php");
 	exit;
 }
+$suri_bin_ver = SURICATA_BIN_VERSION;
 $suri_pkg_ver = SURICATA_PKG_VER;
-$pgtitle = "Services: {$suri_pkg_ver} - Intrusion Detection System";
+$pgtitle = "Services: Suricata {$suri_bin_ver} pkg v{$suri_pkg_ver} - Intrusion Detection System";
 include_once("head.inc");
 
 ?>
diff --git a/config/suricata/suricata_ip_reputation.php b/config/suricata/suricata_ip_reputation.php
index d9d45a5f..953b167c 100644
--- a/config/suricata/suricata_ip_reputation.php
+++ b/config/suricata/suricata_ip_reputation.php
@@ -163,6 +163,9 @@ if ($_POST['save'] || $_POST['apply']) {
 		// Soft-restart Suricata to live-load new variables
 		suricata_reload_config($a_nat[$id]);
 
+		// Sync to configured CARP slaves if any are enabled
+		suricata_sync_on_changes();
+
 		// We have saved changes and done a soft restart, so clear "dirty" flag
 		clear_subsystem_dirty('suricata_iprep');
 	}
diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php
index ec335abd..93ecd305 100644
--- a/config/suricata/suricata_list_view.php
+++ b/config/suricata/suricata_list_view.php
@@ -90,7 +90,7 @@ $pgtitle = array(gettext("Suricata"), gettext($title . " Viewer"));
 	<td class="tabcont">
 		<table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
 		<tr>
-			<td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td>
+			<td class="pgtitle" colspan="2">Suricata: <?php echo gettext($title . " Viewer"); ?></td>
 		</tr>
 		<tr>
 			<td align="left" width="20%">
diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php
index 384033b3..2fd5f96e 100644
--- a/config/suricata/suricata_migrate_config.php
+++ b/config/suricata/suricata_migrate_config.php
@@ -95,6 +95,14 @@ if (empty($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enabl
 }
 
 /**********************************************************/
+/* Create new HIDE_DEPRECATED_RULES setting if not set    */
+/**********************************************************/
+if (empty($config['installedpackages']['suricata']['config'][0]['hide_deprecated_rules'])) {
+	$config['installedpackages']['suricata']['config'][0]['hide_deprecated_rules'] = "off";
+	$updated_cfg = true;
+}
+
+/**********************************************************/
 /* Set default log size and retention limits if not set   */
 /**********************************************************/
 if (!isset($config['installedpackages']['suricata']['config'][0]['alert_log_retention']) && $config['installedpackages']['suricata']['config'][0]['alert_log_retention'] != '0') {
diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php
index e7e55d20..e414fbd0 100644
--- a/config/suricata/suricata_passlist.php
+++ b/config/suricata/suricata_passlist.php
@@ -207,7 +207,8 @@ if ($savemsg) {
 		<p><?php echo gettext("1. Here you can create Pass List files for your Suricata package rules.  Hosts on a Pass List are never blocked by Suricata."); ?><br/>
 		<?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Suricata block decisions."); ?><br/>
 		<?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/>
-		<?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td>
+		<?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?><br/>
+		<?php echo gettext("5. To use a custom Pass List on an interface, you must manually assign the list using the drop-down control on the Interface Settings tab."); ?></p></span></td>
 	</tr>
 	<tr>
 		<td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Suricata on the interface for changes to take effect!"); ?></span></td>
diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php
index 1d92e644..357b3818 100644
--- a/config/suricata/suricata_passlist_edit.php
+++ b/config/suricata/suricata_passlist_edit.php
@@ -154,10 +154,12 @@ if ($_POST['save']) {
 		}
 	}
 
-	if ($_POST['address'])
+	if ($_POST['address']) {
 		if (!is_alias($_POST['address']))
 			$input_errors[] = gettext("A valid alias must be provided");
-
+		if (is_alias($_POST['address']) && trim(filter_expand_alias($_POST['address'])) == "")
+			$input_errors[] = gettext("FQDN aliases are not supported in Suricata.");
+	}
 	if (!$input_errors) {
 		$p_list = array();
 		/* post user input */
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index aec8983e..ea1d7b0a 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -130,6 +130,10 @@ if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] ==
 	install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, "*/6", "*", "*", "*", "root");
 }
 
+// Move deprecated_rules file to SURICATADIR/rules directory
+@rename("/usr/local/pkg/suricata/deprecated_rules", "{$suricatadir}rules/deprecated_rules");
+
+
 /*********************************************************/
 /* START OF BUG FIX CODE                                 */
 /*                                                       */
@@ -264,8 +268,8 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 		if ($pkg_interface <> "console") {
 			update_status(gettext("Starting Suricata using rebuilt configuration..."));
 			update_output_window(gettext("Please wait while Suricata is started..."));
-			mwexec("{$rcdir}suricata.sh start");
-			update_output_window(gettext("Suricata has been started using the rebuilt configuration..."));
+			mwexec_bg("{$rcdir}suricata.sh start");
+			update_output_window(gettext("Suricata is starting as a background task using the rebuilt configuration..."));
 		}
 		else
 			mwexec_bg("{$rcdir}suricata.sh start");
@@ -281,8 +285,8 @@ if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettin
 conf_mount_ro();
 
 // Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.1.5";
-write_config("Suricata pkg v2.1.5: post-install configuration saved.");
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = $config['installedpackages']['package'][get_pkg_id("suricata")]['version'];
+write_config("Suricata pkg v{$config['installedpackages']['package'][get_pkg_id("suricata")]['version']}: post-install configuration saved.");
 
 // Done with post-install, so clear flag
 unset($g['suricata_postinstall']);
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index 3d977045..f0822968 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -1654,7 +1654,7 @@
 		<website>http://suricata-ids.org/</website>
 		<descr><![CDATA[High Performance Network IDS, IPS and Security Monitoring engine by OISF.]]></descr>
 		<category>Security</category>
-		<version>2.1.5</version>
+		<version>2.1.6</version>
 		<status>Stable</status>
 		<required_version>2.2</required_version>
 		<config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file>