aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_suppress_edit.php
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-02-19 14:08:14 -0500
committerbmeeks8 <bmeeks8@bellsouth.net>2014-02-19 14:08:14 -0500
commit10cab278e653f00bd8ec0ee0e82d30e5c7798042 (patch)
treee1fb9e2286eed94dffc57c59f030e42605f71187 /config/suricata/suricata_suppress_edit.php
parent871cdf7b8021bfd09c7f6365c06f9b531b5fb92a (diff)
downloadpfsense-packages-10cab278e653f00bd8ec0ee0e82d30e5c7798042.tar.gz
pfsense-packages-10cab278e653f00bd8ec0ee0e82d30e5c7798042.tar.bz2
pfsense-packages-10cab278e653f00bd8ec0ee0e82d30e5c7798042.zip
BETA version of Suricata 1.4.6 IDS package v0.1 for pfSense.
Diffstat (limited to 'config/suricata/suricata_suppress_edit.php')
-rw-r--r--config/suricata/suricata_suppress_edit.php213
1 files changed, 213 insertions, 0 deletions
diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php
new file mode 100644
index 00000000..c2c23f10
--- /dev/null
+++ b/config/suricata/suricata_suppress_edit.php
@@ -0,0 +1,213 @@
+<?php
+/*
+ * suricata_suppress_edit.php
+ Copyright (C) 2014 Bill Meeks
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+
+if (!is_array($config['installedpackages']['suricata']))
+ $config['installedpackages']['suricata'] = array();
+$suricataglob = $config['installedpackages']['suricata'];
+
+if (!is_array($config['installedpackages']['suricata']['suppress']))
+ $config['installedpackages']['suricata']['suppress'] = array();
+if (!is_array($config['installedpackages']['suricata']['suppress']['item']))
+ $config['installedpackages']['suricata']['suppress']['item'] = array();
+$a_suppress = &$config['installedpackages']['suricata']['suppress']['item'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+/* returns true if $name is a valid name for a whitelist file name or ip */
+function is_validwhitelistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\_\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+if (isset($id) && $a_suppress[$id]) {
+
+ /* old settings */
+ $pconfig['name'] = $a_suppress[$id]['name'];
+ $pconfig['uuid'] = $a_suppress[$id]['uuid'];
+ $pconfig['descr'] = $a_suppress[$id]['descr'];
+ if (!empty($a_suppress[$id]['suppresspassthru'])) {
+ $pconfig['suppresspassthru'] = base64_decode($a_suppress[$id]['suppresspassthru']);
+ $pconfig['suppresspassthru'] = str_replace("&#8203;", "", $pconfig['suppresspassthru']);
+ }
+ if (empty($a_suppress[$id]['uuid']))
+ $pconfig['uuid'] = uniqid();
+}
+
+if ($_POST['submit']) {
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ $reqdfields = explode(" ", "name");
+ $reqdfieldsn = array("Name");
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultwhitelist")
+ $input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
+
+ if (is_validwhitelistname($_POST['name']) == false)
+ $input_errors[] = "Whitelist file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset.";
+
+ /* check for name conflicts */
+ foreach ($a_suppress as $s_list) {
+ if (isset($id) && ($a_suppress[$id]) && ($a_suppress[$id] === $s_list))
+ continue;
+
+ if ($s_list['name'] == $_POST['name']) {
+ $input_errors[] = "A whitelist file name with this name already exists.";
+ break;
+ }
+ }
+
+
+ if (!$input_errors) {
+ $s_list = array();
+ $s_list['name'] = $_POST['name'];
+ $s_list['uuid'] = uniqid();
+ $s_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ if ($_POST['suppresspassthru']) {
+ $s_list['suppresspassthru'] = str_replace("&#8203;", "", $s_list['suppresspassthru']);
+ $s_list['suppresspassthru'] = base64_encode($_POST['suppresspassthru']);
+ }
+
+ if (isset($id) && $a_suppress[$id])
+ $a_suppress[$id] = $s_list;
+ else
+ $a_suppress[] = $s_list;
+
+ write_config();
+ sync_suricata_package_config();
+
+ header("Location: /suricata/suricata_suppress.php");
+ exit;
+ }
+}
+
+$pgtitle = gettext("Suricata: Suppression List Edit - {$a_suppress[$id]['name']}");
+include_once("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include("fbegin.inc");
+if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
+
+if ($input_errors) print_input_errors($input_errors);
+if ($savemsg)
+ print_info_box($savemsg);
+
+?>
+<form action="/suricata/suricata_suppress_edit.php" name="iform" id="iform" method="post">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr><td><div id="mainarea">
+<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+<tr>
+ <td colspan="2" class="listtopic">Add the name and description of the file.</td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Name"); ?></td>
+ <td width="78%" class="vtable"><input name="name" type="text" id="name"
+ class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
+ <span class="vexpl"> <?php echo gettext("The list name may only consist of the " .
+ "characters \"a-z, A-Z, 0-9 and _\"."); ?>&nbsp;&nbsp;<span class="red"><?php echo gettext("Note:"); ?> </span>
+ <?php echo gettext("No Spaces or dashes."); ?> </span></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Description"); ?></td>
+ <td width="78%" class="vtable"><input name="descr" type="text"
+ class="formfld unknown" id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
+ <span class="vexpl"> <?php echo gettext("You may enter a description here for your " .
+ "reference (not parsed)."); ?> </span></td>
+</tr>
+<tr>
+ <td colspan="2" align="center" height="30px">
+ <font size="2"><span class="red"><strong><?php echo gettext("NOTE:"); ?></strong></span></font>
+ <font color='#000000'>&nbsp;<?php echo gettext("The threshold keyword " .
+ "is deprecated as of version 2.8.5. Use the event_filter keyword " .
+ "instead."); ?></font>
+ </td>
+</tr>
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Apply suppression or " .
+ "filters to rules. Valid keywords are 'suppress', 'event_filter' and 'rate_filter'."); ?></td>
+</tr>
+<tr>
+<td colspan="2" valign="top" class="vncell"><b><?php echo gettext("Example 1;"); ?></b>
+ suppress gen_id 1, sig_id 1852, track by_src, ip 10.1.1.54<br/>
+ <b><?php echo gettext("Example 2;"); ?></b> event_filter gen_id 1, sig_id 1851, type limit,
+ track by_src, count 1, seconds 60<br/>
+ <b><?php echo gettext("Example 3;"); ?></b> rate_filter gen_id 135, sig_id 1, track by_src,
+ count 100, seconds 1, new_action log, timeout 10</td>
+</tr>
+<tr>
+ <td colspan="2" class="vtable"><textarea wrap="off" style="width:100%; height:100%;"
+ name="suppresspassthru" cols="90" rows="26" id="suppresspassthru" class="formpre"><?=htmlspecialchars($pconfig['suppresspassthru']);?></textarea>
+ </td>
+</tr>
+<tr>
+ <td colspan="2"><input id="submit" name="submit" type="submit"
+ class="formbtn" value="Save" />&nbsp;&nbsp;<input id="cancelbutton"
+ name="cancelbutton" type="button" class="formbtn" value="Cancel"
+ onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>"/> <?php endif; ?>
+ </td>
+</tr>
+</table>
+</div>
+</td></tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+<script type="text/javascript">
+Rounded("div#redbox","all","#FFF","#E0E0E0","smooth");
+</script>
+</body>
+</html>