aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_sid_mgmt.php
diff options
context:
space:
mode:
authorStephane Lapie <stephane.lapie@asahinet.com>2014-09-09 10:38:18 +0900
committerStephane Lapie <stephane.lapie@asahinet.com>2014-09-09 10:38:18 +0900
commit2540793065bc8539001aec717745474569c8ff77 (patch)
tree0160e83bf24c77dfa9d73e2d2d2ce5eeb90610bb /config/suricata/suricata_sid_mgmt.php
parentc93a3c793d53e9076b49e05c32a7c132329ff353 (diff)
parent8a33d84b6e7d52e2e7dd414c03428ce6da0296a2 (diff)
downloadpfsense-packages-2540793065bc8539001aec717745474569c8ff77.tar.gz
pfsense-packages-2540793065bc8539001aec717745474569c8ff77.tar.bz2
pfsense-packages-2540793065bc8539001aec717745474569c8ff77.zip
Merge git+ssh://github.com/pfsense/pfsense-packages
Diffstat (limited to 'config/suricata/suricata_sid_mgmt.php')
-rw-r--r--config/suricata/suricata_sid_mgmt.php597
1 files changed, 597 insertions, 0 deletions
diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php
new file mode 100644
index 00000000..c69a9fcd
--- /dev/null
+++ b/config/suricata/suricata_sid_mgmt.php
@@ -0,0 +1,597 @@
+<?php
+/*
+ * suricata_sid_mgmt.php
+ *
+ * Portions of this code are based on original work done for the
+ * Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+global $g, $config, $rebuild_rules;
+
+$suricatadir = SURICATADIR;
+$pconfig = array();
+
+// Grab saved settings from configuration
+if (!is_array($config['installedpackages']['suricata']['rule']))
+ $config['installedpackages']['suricata']['rule'] = array();
+$a_nat = &$config['installedpackages']['suricata']['rule'];
+
+$pconfig['auto_manage_sids'] = $config['installedpackages']['suricata']['config'][0]['auto_manage_sids'];
+
+// Hard-code the path where SID Mods Lists are stored
+// and disregard any user-supplied path element.
+$sidmods_path = SID_MODS_PATH;
+
+// Set default to not show SID modification lists editor controls
+$sidmodlist_edit_style = "display: none;";
+
+if (!empty($_POST))
+ $pconfig = $_POST;
+
+function suricata_is_sidmodslist_active($sidlist) {
+
+ /*****************************************************
+ * This function checks all the configured Suricata *
+ * interfaces to see if the passed SID Mods List is *
+ * used by an interface. *
+ * *
+ * Returns: TRUE if List is in use *
+ * FALSE if List is not in use *
+ *****************************************************/
+
+ global $g, $config;
+
+ if (!is_array($config['installedpackages']['suricata']['rule']))
+ return FALSE;
+
+ foreach ($config['installedpackages']['suricata']['rule'] as $rule) {
+ if ($rule['enable_sid_file'] == $sidlist) {
+ return TRUE;
+ }
+ if ($rule['disable_sid_file'] == $sidlist) {
+ return TRUE;
+ }
+ if ($rule['modify_sid_file'] == $sidlist) {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+if (isset($_POST['upload'])) {
+ if ($_FILES["sidmods_fileup"]["error"] == UPLOAD_ERR_OK) {
+ $tmp_name = $_FILES["sidmods_fileup"]["tmp_name"];
+ $name = basename($_FILES["sidmods_fileup"]["name"]);
+ move_uploaded_file($tmp_name, "{$sidmods_path}{$name}");
+ }
+ else
+ $input_errors[] = gettext("Failed to upload file {$_FILES["sidmods_fileup"]["name"]}");
+}
+
+if (isset($_POST['sidlist_delete']) && isset($_POST['sidlist_fname'])) {
+ if (!suricata_is_sidmodslist_active(basename($_POST['sidlist_fname'])))
+ unlink_if_exists($sidmods_path . basename($_POST['sidlist_fname']));
+ else
+ $input_errors[] = gettext("This SID Mods List is currently assigned to an interface and cannot be deleted.");
+}
+
+if (isset($_POST['sidlist_edit']) && isset($_POST['sidlist_fname'])) {
+ $file = $sidmods_path . basename($_POST['sidlist_fname']);
+ $data = file_get_contents($file);
+ if ($data !== FALSE) {
+ $sidmodlist_data = htmlspecialchars($data);
+ $sidmodlist_edit_style = "display: table-row-group;";
+ $sidmodlist_name = basename($_POST['sidlist_fname']);
+ unset($data);
+ }
+ else {
+ $input_errors[] = gettext("An error occurred reading the file.");
+ }
+}
+
+if (isset($_POST['save']) && isset($_POST['sidlist_data'])) {
+ if (strlen(basename($_POST['sidlist_name'])) > 0) {
+ $file = $sidmods_path . basename($_POST['sidlist_name']);
+ $data = str_replace("\r\n", "\n", $_POST['sidlist_data']);
+ file_put_contents($file, $data);
+ unset($data);
+ }
+ else {
+ $input_errors[] = gettext("You must provide a valid filename for the SID Mods List.");
+ $sidmodlist_edit_style = "display: table-row-group;";
+ }
+}
+
+if (isset($_POST['save_auto_sid_conf'])) {
+ $config['installedpackages']['suricata']['config'][0]['auto_manage_sids'] = $pconfig['auto_manage_sids'] ? "on" : "off";
+
+ // Grab the SID Mods config for the interfaces from the form's controls array
+ foreach ($_POST['sid_state_order'] as $k => $v) {
+ $a_nat[$k]['sid_state_order'] = $v;
+ }
+ foreach ($_POST['enable_sid_file'] as $k => $v) {
+ if ($v == "None") {
+ unset($a_nat[$k]['enable_sid_file']);
+ continue;
+ }
+ $a_nat[$k]['enable_sid_file'] = $v;
+ }
+ foreach ($_POST['disable_sid_file'] as $k => $v) {
+ if ($v == "None") {
+ unset($a_nat[$k]['disable_sid_file']);
+ continue;
+ }
+ $a_nat[$k]['disable_sid_file'] = $v;
+ }
+ foreach ($_POST['modify_sid_file'] as $k => $v) {
+ if ($v == "None") {
+ unset($a_nat[$k]['modify_sid_file']);
+ continue;
+ }
+ $a_nat[$k]['modify_sid_file'] = $v;
+ }
+
+ // Write the new configuration
+ write_config("Suricata pkg: updated automatic SID management settings.");
+
+ $intf_msg = "";
+
+ // If any interfaces were marked for restart, then do it
+ if (is_array($_POST['torestart'])) {
+ foreach ($_POST['torestart'] as $k) {
+ // Update the suricata.yaml file and
+ // rebuild rules for this interface.
+ $rebuild_rules = true;
+ conf_mount_rw();
+ suricata_generate_yaml($a_nat[$k]);
+ conf_mount_ro();
+ $rebuild_rules = false;
+
+ // Signal Suricata to "live reload" the rules
+ suricata_reload_config($a_nat[$k]);
+
+ $intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", ";
+ }
+ $savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Suricata signaled to live-load the new rules.");
+ }
+}
+
+if (isset($_POST['sidlist_dnload']) && isset($_POST['sidlist_fname'])) {
+ $file = $sidmods_path . basename($_POST['sidlist_fname']);
+ if (file_exists($file)) {
+ ob_start(); //important or other posts will fail
+ if (isset($_SERVER['HTTPS'])) {
+ header('Pragma: ');
+ header('Cache-Control: ');
+ } else {
+ header("Pragma: private");
+ header("Cache-Control: private, must-revalidate");
+ }
+ header("Content-Type: application/octet-stream");
+ header("Content-length: " . filesize($file));
+ header("Content-disposition: attachment; filename = " . basename($file));
+ ob_end_clean(); //important or other post will fail
+ readfile($file);
+ }
+ else
+ $savemsg = gettext("Unable to locate the file specified!");
+}
+
+if (isset($_POST['sidlist_dnload_all_x'])) {
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "suricata_sid_conf_files_{$save_date}.tar.gz";
+ exec("cd {$sidmods_path} && /usr/bin/tar -czf /tmp/{$file_name} *");
+
+ if (file_exists("/tmp/{$file_name}")) {
+ ob_start(); //important or other posts will fail
+ if (isset($_SERVER['HTTPS'])) {
+ header('Pragma: ');
+ header('Cache-Control: ');
+ } else {
+ header("Pragma: private");
+ header("Cache-Control: private, must-revalidate");
+ }
+ header("Content-Type: application/octet-stream");
+ header("Content-length: " . filesize("/tmp/{$file_name}"));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ ob_end_clean(); //important or other post will fail
+ readfile("/tmp/{$file_name}");
+
+ // Clean up the temp file
+ @unlink("/tmp/{$file_name}");
+ }
+ else
+ $savemsg = gettext("An error occurred while creating the gzip archive!");
+}
+
+// Get all files in the SID Mods Lists sub-directory as an array
+// Leave this as the last thing before spewing the page HTML
+// so we can pick up any changes made to files in code above.
+$sidmodfiles = return_dir_as_array($sidmods_path);
+$sidmodselections = array_merge(Array( "None" ), $sidmodfiles);
+
+$pgtitle = gettext("Suricata: SID Management");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+
+/* Display Alert message, under form tag or no refresh */
+if ($input_errors)
+ print_input_errors($input_errors);
+?>
+
+<form action="suricata_sid_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
+<input type="hidden" name="sidlist_fname" id="sidlist_fname" value=""/>
+
+<?php
+if ($savemsg) {
+ /* Display save message */
+ print_info_box($savemsg);
+}
+?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tbody>
+ <tr><td>
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ $tab_array[] = array(gettext("SID Mgmt"), true, "/suricata/suricata_sid_mgmt.php");
+ $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+ display_top_tabs($tab_array, true);
+ ?>
+ </td></tr>
+ <tr><td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Automatic SID State Management"); ?></td>
+ <td width="78%" class="vtable"><input type="checkbox" id="auto_manage_sids" name="auto_manage_sids" value="on"
+ <?php if ($pconfig['auto_manage_sids'] == 'on') echo " checked"; ?> onclick="enable_sid_conf();" />&nbsp;<?=gettext("Enable automatic management of rule state ") .
+ gettext("and content using configuration files. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>";?>.<br/><br/>
+ <?=gettext("Suricata will automatically enable/disable/modify text rules upon each update using criteria specified in configuration files. ") .
+ gettext("The supported configuration file format is the same as that used in the PulledPork and Oinkmaster enablesid.conf, disablesid.conf and ") .
+ gettext("modifysid.conf files. You can either upload existing files or create your own."); ?>
+ </td>
+ </tr>
+ </tbody>
+ <tbody id="sid_conf_rows">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("SID Management Configuration Files"); ?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="vtable" align="center" >
+ <table width="100%" border="0" cellpadding="4" cellspacing="0">
+ <tbody id="uploader" style="display: none;">
+ <tr>
+ <td class="list"><br/><?php echo gettext("Click BROWSE to select a file to import, and then click UPLOAD. Click CLOSE to quit."); ?></td>
+ </tr>
+ <tr>
+ <td class="list"><input type="file" name="sidmods_fileup" id="sidmods_fileup" class="formfld file" size="50" />
+ &nbsp;&nbsp;<input type="submit" name="upload" id="upload" value="<?=gettext("Upload");?>"
+ title="<?=gettext("Upload selected SID mods list to firewall");?>"/>&nbsp;&nbsp;<input type="button"
+ value="<?=gettext("Close");?>" onClick="document.getElementById('uploader').style.display='none';" /><br/></td>
+ <td class="list"></td>
+ </tr>
+ </tbody>
+ <tbody>
+ <tr>
+ <td>
+ <table id="maintable" width="100%" border="0" cellpadding="4" cellspacing="0">
+ <colgroup>
+ <col style="width: 45%;">
+ <col style="width: 25%;">
+ <col style="width: 15%;">
+ <col style="width: 15%;">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?php echo gettext("SID Mods List File Name"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Last Modified Time"); ?></th>
+ <th class="listhdrr"><?php echo gettext("File Size"); ?></th>
+ <th class="list" align="left"><img style="cursor:pointer;" name="sidlist_new" id="sidlist_new"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Create a new SID Mods List');?>"
+ onClick="document.getElementById('sidlist_data').value=''; document.getElementById('sidlist_name').value=''; document.getElementById('sidlist_editor').style.display='table-row-group'; document.getElementById('sidlist_name').focus();" />
+ <img style="cursor:pointer;" name="sidlist_import" id="sidlist_import"
+ onClick="document.getElementById('uploader').style.display='table-row-group';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Import/Upload a SID Mods List');?>"/>
+ <input type="image" name="sidlist_dnload_all" id="sidlist_dnload_all"
+ src="../tree/page-file_play.gif" width="16" height="16" border="0"
+ title="<?php echo gettext('Download all SID Mods List files in a single gzip archive');?>"/>
+ </th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php foreach ($sidmodfiles as $file): ?>
+ <tr>
+ <td class="listr"><?php echo gettext($file); ?></td>
+ <td class="listr"><?=date('M-d Y g:i a', filemtime("{$sidmods_path}{$file}")); ?></td>
+ <td class="listr"><?=format_bytes(filesize("{$sidmods_path}{$file}")); ?> </td>
+ <td class="list"><input type="image" name="sidlist_edit[]" id="sidlist_edit[]"
+ onClick="document.getElementById('sidlist_fname').value='<?=$file;?>';"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Edit this SID Mods List');?>"/>
+ <input type="image" name="sidlist_delete[]" id="sidlist_delete[]"
+ onClick="document.getElementById('sidlist_fname').value='<?=$file;?>';
+ return confirm('<?=gettext("Are you sure you want to permanently delete this file? Click OK to continue or CANCEL to quit.");?>');"
+ src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17"
+ height="17" border="0" title="<?php echo gettext('Delete this SID Mods List');?>"/>
+ <input type="image" name="sidlist_dnload[]" id="sidlist_dnload[]"
+ onClick="document.getElementById('sidlist_fname').value='<?=$file;?>';"
+ src="../tree/page-file_play.gif" width="16" height="16" border="0"
+ title="<?php echo gettext('Download this SID Mods List file');?>"/>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </tbody>
+ <tbody id="sidlist_editor" style="<?=$sidmodlist_edit_style;?>">
+ <tr>
+ <td colspan="4">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="4"><strong><?=gettext("File Name: ");?></strong><input type="text" size="45" class="formfld file" id="sidlist_name" name="sidlist_name" value="<?=$sidmodlist_name;?>" />
+ &nbsp;&nbsp;<input type="submit" id="save" name="save" value="<?=gettext(" Save ");?>" title="<?=gettext("Save changes and close editor");?>" />
+ &nbsp;&nbsp;<input type="button" id="cancel" name="cancel" value="<?=gettext("Cancel");?>" onClick="document.getElementById('sidlist_editor').style.display='none';"
+ title="<?=gettext("Abandon changes and quit editor");?>" /></td>
+ </tr>
+ <tr>
+ <td colspan="4">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="4"><textarea wrap="off" cols="80" rows="20" name="sidlist_data" id="sidlist_data"
+ style="width:95%; height:100%;"><?=$sidmodlist_data;?></textarea>
+ </td>
+ </tr>
+ </tbody>
+ <tbody>
+ <tr>
+ <td colspan="3" class="vexpl"><br/><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span>
+ <br/><?php echo gettext("SID Mods Lists are stored as local files on the firewall and their contents are " .
+ "not saved as part of the firewall configuration file."); ?></td>
+ <td class="list"></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="vexpl"><br/><strong><?php echo gettext("File List Controls:"); ?></strong><br/><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the editor window to create a new SID Mods List. You must provide a valid filename before saving.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_import_alias.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the file upload control for uploading a new SID Mods List from your local machine.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Opens the SID Mods List in a text edit control for viewing or editing its contents.");?><br/>
+ &nbsp;&nbsp;<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" />
+ &nbsp;<?=gettext("Deletes the SID Mods List from the file system after confirmation.");?><br/>
+ &nbsp;&nbsp;<img src="../tree/page-file_play.gif" width="16" height="16" border="0" />
+ &nbsp;<?=gettext("Downloads the SID Mods List file to your local machine.");?><br/>
+ </td>
+ <td class="list"></td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Interface SID Management File Assignments"); ?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="vtable" align="center" >
+ <table width="100%" border="0" cellpadding="2" cellspacing="0">
+ <tbody>
+ <tr>
+ <td>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <colgroup>
+ <col width="4%" align="center">
+ <col width="20" align="center">
+ <col width="16%" align="center">
+ <col width="20%" align="center">
+ <col width="20%" align="center">
+ <col width="20%" align="center">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?=gettext("Rebuild"); ?></th>
+ <th class="listhdrr"><?=gettext("Interface"); ?></th>
+ <th class="listhdrr"><?=gettext("SID State Order"); ?></th>
+ <th class="listhdrr"><?=gettext("Enable SID File"); ?></th>
+ <th class="listhdrr"><?=gettext("Disable SID File"); ?></th>
+ <th class="listhdrr"><?=gettext("Modify SID File"); ?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php foreach ($a_nat as $k => $natent): ?>
+ <tr>
+ <td class="listr" align="center">
+ <input type="checkbox" name="torestart[]" id="torestart[]" value="<?=$k;?>" title="<?=gettext("Apply new configuration and rebuild rules for this interface when saving");?>" />
+ </td>
+ <td class="listbg"><?=convert_friendly_interface_to_friendly_descr($natent['interface']); ?></td>
+ <td class="listr" align="center">
+ <select name="sid_state_order[<?=$k?>]" class="formselect" id="sid_state_order[<?=$k?>]">
+ <?php
+ foreach (array("disable_enable" => "Disable, Enable", "enable_disable" => "Enable, Disable") as $key => $order) {
+ if ($key == $natent['sid_state_order'])
+ echo "<option value='{$key}' selected>";
+ else
+ echo "<option value='{$key}'>";
+ echo htmlspecialchars($order) . '</option>';
+ }
+ ?>
+ </select>
+ </td>
+ <td class="listr" align="center">
+ <select name="enable_sid_file[<?=$k?>]" class="formselect" id="enable_sid_file[<?=$k?>]">
+ <?php
+ foreach ($sidmodselections as $choice) {
+ if ($choice == $natent['enable_sid_file'])
+ echo "<option value='{$choice}' selected>";
+ else
+ echo "<option value='{$choice}'>";
+ echo htmlspecialchars(gettext($choice)) . '</option>';
+ }
+ ?>
+ </select>
+ </td>
+ <td class="listr" align="center">
+ <select name="disable_sid_file[<?=$k?>]" class="formselect" id="disable_sid_file[<?=$k?>]">
+ <?php
+ foreach ($sidmodselections as $choice) {
+ if ($choice == $natent['disable_sid_file'])
+ echo "<option value='{$choice}' selected>";
+ else
+ echo "<option value='{$choice}'>";
+ echo htmlspecialchars(gettext($choice)) . '</option>';
+ }
+ ?>
+ </select>
+ </td>
+ <td class="listr" align="center">
+ <select name="modify_sid_file[<?=$k?>]" class="formselect" id="modify_sid_file[<?=$k?>]">
+ <?php
+ foreach ($sidmodselections as $choice) {
+ if ($choice == $natent['modify_sid_file'])
+ echo "<option value='{$choice}' selected>";
+ else
+ echo "<option value='{$choice}'>";
+ echo htmlspecialchars(gettext($choice)) . '</option>';
+ }
+ ?>
+ </select>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td class="vexpl">&nbsp;
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <table width="100%" cellpadding="2" cellspacing="2" border="0">
+ <tbody>
+ <tr>
+ <td colspan="2" class="vexpl" style="text-align: bottom;"><strong><span class="red"><?=gettext("Notes:");?></span></strong></td>
+ </tr>
+ <tr>
+ <td class="vexpl" style="vertical-align: top;"><?=gettext("1.");?></td>
+ <td class="vexpl"><?=gettext("Check the box beside an interface to immediately apply new auto-SID management ") .
+ gettext("changes and signal Suricata to live-load the new rules for the interface when clicking SAVE; ") .
+ gettext("otherwise only the new file assignments will be saved.");?>
+ </td>
+ </tr>
+ <tr>
+ <td class="vexpl" style="vertical-align: top;"><?=gettext("2.");?></td>
+ <td class="vexpl"><?=gettext("SID State Order controls the order in which enable and disable state modifications are performed. ") .
+ gettext("An example would be to disable an entire category and later enable only a rule or two from it. In this case you would ") .
+ gettext("choose 'disable,enable' for the State Order. Note that the last action performed takes priority.");?>
+ </td>
+ </tr>
+ <tr>
+ <td class="vexpl" style="vertical-align: top;"><?=gettext("3.");?></td>
+ <td class="vexpl"><?=gettext("The Enable SID File, Disable SID File and Modify SID File controls specify which rule modification ") .
+ gettext("files are run automatically for the interface. Setting a file control to 'None' disables that modification. ") .
+ gettext("Setting all file controls for an interface to 'None' disables automatic SID state management for the interface.");?>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ </tbody>
+ <tbody>
+ <tr>
+ <td colspan="2" class="vexpl" align="center"><input type="submit" id="save_auto_sid_conf" name="save_auto_sid_conf" class="formbtn" value="<?=gettext("Save");?>" title="<?=gettext("Save SID Management configuration");?>" />
+ &nbsp;&nbsp;<?=gettext("Remember to save changes before exiting this page"); ?>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </td></tr>
+ </tbody>
+</table>
+</form>
+
+
+<?php include("fend.inc"); ?>
+<script type="text/javascript">
+
+function enable_sid_conf() {
+ var endis = !document.iform.auto_manage_sids.checked;
+ if (endis) {
+ document.getElementById("sid_conf_rows").style.display = "none";
+ }
+ else {
+ document.getElementById("sid_conf_rows").style.display = "";
+ }
+}
+
+enable_sid_conf();
+
+</script>
+</body>
+</html>