diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-09-06 10:28:55 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-09-06 10:28:55 -0300 |
| commit | 81ff18ddc45fff6018e7e052c865aaa4f85cfe14 (patch) | |
| tree | 724108d95af058335d078040aca6ec6aeaeb1746 /config/suricata/suricata_global.php | |
| parent | 200641d3d2e8dcaf66bb5c141def1b4ad109df3b (diff) | |
| parent | ad7e3dca2b915b9f27ba01bade962305a0dd34bb (diff) | |
| download | pfsense-packages-81ff18ddc45fff6018e7e052c865aaa4f85cfe14.tar.gz pfsense-packages-81ff18ddc45fff6018e7e052c865aaa4f85cfe14.tar.bz2 pfsense-packages-81ff18ddc45fff6018e7e052c865aaa4f85cfe14.zip | |
Merge pull request #696 from bmeeks8/suricata-2.0.3-v2.0
Diffstat (limited to 'config/suricata/suricata_global.php')
| -rw-r--r-- | config/suricata/suricata_global.php | 124 |
1 files changed, 93 insertions, 31 deletions
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php index 9c932222..5f01a660 100644 --- a/config/suricata/suricata_global.php +++ b/config/suricata/suricata_global.php @@ -45,29 +45,45 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); global $g; $suricatadir = SURICATADIR; +$pconfig = array(); -$pconfig['enable_vrt_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules']; -$pconfig['oinkcode'] = $config['installedpackages']['suricata']['config'][0]['oinkcode']; -$pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['etprocode']; -$pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; -$pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; -$pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked']; -$pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate']; -$pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime']; -$pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates']; -$pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog']; -$pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings']; -$pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules']; +// If doing a postback, used typed values, else load from stored config +if (!empty($_POST)) { + $pconfig = $_POST; +} +else { + $pconfig['enable_vrt_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules']; + $pconfig['oinkcode'] = $config['installedpackages']['suricata']['config'][0]['oinkcode']; + $pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['etprocode']; + $pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; + $pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; + $pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked']; + $pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate']; + $pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime']; + $pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates']; + $pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog']; + $pconfig['log_to_systemlog_facility'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog_facility']; + $pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings']; + $pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules']; + $pconfig['snort_rules_file'] = $config['installedpackages']['suricata']['config'][0]['snort_rules_file']; +} +// Do input validation on parameters if (empty($pconfig['autoruleupdatetime'])) $pconfig['autoruleupdatetime'] = '00:30'; +if (empty($pconfig['log_to_systemlog_facility'])) + $pconfig['log_to_systemlog_facility'] = "local1"; + if ($_POST['autoruleupdatetime']) { if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime'])) $input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'."; } -if ($_POST['suricatadownload'] == "on" && empty($_POST['oinkcode'])) +if ($_POST['enable_vrt_rules'] == "on" && empty($_POST['snort_rules_file'])) + $input_errors[] = "You must supply a snort rules tarball filename in the box provided in order to enable Snort VRT rules!"; + +if ($_POST['enable_vrt_rules'] == "on" && empty($_POST['oinkcode'])) $input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!"; if ($_POST['enable_etpro_rules'] == "on" && empty($_POST['etprocode'])) @@ -117,6 +133,7 @@ if (!$input_errors) { } } + $config['installedpackages']['suricata']['config'][0]['snort_rules_file'] = $_POST['snort_rules_file']; $config['installedpackages']['suricata']['config'][0]['oinkcode'] = $_POST['oinkcode']; $config['installedpackages']['suricata']['config'][0]['etprocode'] = $_POST['etprocode']; $config['installedpackages']['suricata']['config'][0]['rm_blocked'] = $_POST['rm_blocked']; @@ -130,6 +147,7 @@ if (!$input_errors) { } $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT); $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['log_to_systemlog_facility'] = $_POST['log_to_systemlog_facility']; $config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; @@ -138,7 +156,7 @@ if (!$input_errors) { /* create passlist and homenet file, then sync files */ sync_suricata_package_config(); - write_config(); + write_config("Suricata pkg: modified global settings."); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); @@ -161,9 +179,6 @@ include_once("head.inc"); <?php include_once("fbegin.inc"); -if($pfsense_stable == 'yes') - echo '<p class="pgtitle">' . $pgtitle . '</p>'; - /* Display Alert message, under form tag or no refresh */ if ($input_errors) print_input_errors($input_errors); @@ -172,25 +187,29 @@ if ($input_errors) <form action="suricata_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tbody> <tr><td> <?php - $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); - $tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php"); - $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array = array(); + $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); - $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php"); $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array, true); + $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); + $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> <td> <div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> +<tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Please Choose The Type Of Rules You Wish To Download");?></td> </tr> @@ -198,6 +217,7 @@ if ($input_errors) <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Emerging Threats") . "</strong>" . gettext(" rules");?></td> <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td valign="top" width="8%"><input name="enable_etopen_rules" type="checkbox" value="on" onclick="enable_et_rules();" <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>/></td> @@ -218,8 +238,10 @@ if ($input_errors) <td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . " " . gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td> </tr> + </tbody> </table> <table id="etpro_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td colspan="2"> </td> </tr> @@ -232,6 +254,7 @@ if ($input_errors) value="<?=htmlspecialchars($pconfig['etprocode']);?>"/><br/> <?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td> </tr> + </tbody> </table> </td> </tr> @@ -239,36 +262,45 @@ if ($input_errors) <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Snort VRT") . "</strong>" . gettext(" rules");?></td> <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td><input name="enable_vrt_rules" type="checkbox" id="enable_vrt_rules" value="on" onclick="enable_snort_vrt();" <?php if($pconfig['enable_vrt_rules']=='on') echo 'checked'; ?>/></td> <td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td> <tr> <td> </td> - <td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> - <a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank"> + <td><a href="https://www.snort.org/users/sign_up" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/> + <a href="https://www.snort.org/products" target="_blank"> <?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td> </tr> + </tbody> </table> <table id="snort_oink_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> - <td colspan="2"> </td> + <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Configuration"); ?></span></b></td> </tr> <tr> - <td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Oinkmaster Configuration"); ?></span></b></td> + <td valign="top" align="right"><span class="vexpl"><strong><?php echo gettext("Rules Filename:"); ?></strong></span> </td> + <td><input name="snort_rules_file" type="text" class="formfld unknown" id="snort_rules_file" size="52" + value="<?=htmlspecialchars($pconfig['snort_rules_file']);?>"/><br/> + <?php echo gettext("Enter the rules tarball filename (filename only, do not include the URL.)"); ?> + <br/><span class="red"><strong><?php echo gettext("Example: ") . "</strong></span>" . gettext("snortrules-snapshot-2962.tar.gz");?><br/><br/></td> </tr> <tr> - <td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td> + <td valign="top" align="right"><span class="vexpl"><strong><?php echo gettext("Oinkmaster Code:"); ?></strong></span> </td> <td><input name="oinkcode" type="text" class="formfld unknown" id="oinkcode" size="52" value="<?=htmlspecialchars($pconfig['oinkcode']);?>"/><br/> <?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td> </tr> + </tbody> </table> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Snort Community") . "</strong>" . gettext(" rules");?></td> <td width="78%" class="vtable"> <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tbody> <tr> <td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on" <?php if ($config['installedpackages']['suricata']['config'][0]['snortcommunityrules']=="on") echo " checked";?>/></td> @@ -278,6 +310,7 @@ if ($input_errors) gettext("If you are a Snort VRT Paid Subscriber, the community ruleset is already built into your download of the ") . gettext("Snort VRT rules, and there is no benefit in adding this rule set.");?><br/></td> </tr> + </tbody> </table></td> </tr> <tr> @@ -334,10 +367,29 @@ if ($input_errors) </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Log to System Log"); ?></td> - <td width="78%" class="vtable"><input name="log_to_systemlog" id="log_to_systemlog" type="checkbox" value="yes" + <td width="78%" class="vtable"><input name="log_to_systemlog" id="log_to_systemlog" type="checkbox" value="yes" onclick="toggle_log_to_systemlog();" <?php if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog']=="on") echo " checked"; ?>/> <?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td> </tr> + <tbody id="log_to_systemlog_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td> + <td width="78%" class="vtable"> + <select name="log_to_systemlog_facility" id="log_to_systemlog_facility" class="formselect"> + <?php + $log_facility = array( "auth", "authpriv", "daemon", "kern", "security", "syslog", "user", "local0", + "local1", "local2", "local3", "local4", "local5", "local6", "local7" ); + foreach ($log_facility as $facility) { + $selected = ""; + if ($facility == $pconfig['log_to_systemlog_facility']) + $selected = " selected"; + echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log facility to use for reporting. Default is ") . "<strong>" . gettext("local1") . "</strong>."; ?> + </td> + </tr> + </tbody> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Suricata Settings After Deinstall"); ?></td> <td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" @@ -351,9 +403,10 @@ if ($input_errors) <td colspan="2" class="vexpl" align="center"><span class="red"><strong><?php echo gettext("Note:");?></strong> </span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td> </tr> +</tbody> </table> </div><br/> -</td></tr> +</td></tr></tbody> </table> </form> <?php include("fend.inc"); ?> @@ -396,11 +449,20 @@ function enable_change_rules_upd() { document.iform.autoruleupdatetime.disabled=""; } +function toggle_log_to_systemlog() { + var endis = !document.iform.log_to_systemlog.checked; + if (endis) + document.getElementById("log_to_systemlog_rows").style.display="none"; + else + document.getElementById("log_to_systemlog_rows").style.display=""; +} + // Initialize the form controls state based on saved settings enable_snort_vrt(); enable_et_rules(); enable_pro_rules(); enable_change_rules_upd(); +toggle_log_to_systemlog(); //--> </script> |