aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorErmal Luçi <eri@pfsense.org>2014-03-19 23:50:45 +0100
committerErmal Luçi <eri@pfsense.org>2014-03-19 23:50:45 +0100
commit79719c58b2d433d5f151eb2a7d9766a8cc74088d (patch)
treece0d3c7612d3be50f4efab073a82a66dc6e35149 /config/suricata
parent7157e10ba81c83879039db1259aaef6aab056cb2 (diff)
parent239348fd4adb0ac6b634d5e8255f3081ac62efdf (diff)
downloadpfsense-packages-79719c58b2d433d5f151eb2a7d9766a8cc74088d.tar.gz
pfsense-packages-79719c58b2d433d5f151eb2a7d9766a8cc74088d.tar.bz2
pfsense-packages-79719c58b2d433d5f151eb2a7d9766a8cc74088d.zip
Merge pull request #629 from bmeeks8/master
Suricata 1.4.6 pkg. v0.3-BETA Package Update
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata.inc5
-rw-r--r--config/suricata/suricata.priv.inc3
-rw-r--r--config/suricata/suricata.xml14
-rw-r--r--config/suricata/suricata_alerts.php8
-rw-r--r--config/suricata/suricata_app_parsers.php7
-rw-r--r--config/suricata/suricata_barnyard.php27
-rw-r--r--config/suricata/suricata_check_cron_misc.inc194
-rw-r--r--config/suricata/suricata_check_for_rule_updates.php49
-rw-r--r--config/suricata/suricata_define_vars.php6
-rw-r--r--config/suricata/suricata_download_updates.php1
-rw-r--r--config/suricata/suricata_flow_stream.php6
-rw-r--r--config/suricata/suricata_generate_yaml.php4
-rw-r--r--config/suricata/suricata_global.php60
-rw-r--r--config/suricata/suricata_interfaces.php1
-rw-r--r--config/suricata/suricata_interfaces_edit.php8
-rw-r--r--config/suricata/suricata_list_view.php10
-rw-r--r--config/suricata/suricata_logs_browser.php7
-rw-r--r--config/suricata/suricata_logs_mgmt.php429
-rw-r--r--config/suricata/suricata_post_install.php8
-rw-r--r--config/suricata/suricata_rules.php3
-rw-r--r--config/suricata/suricata_rules_flowbits.php2
-rw-r--r--config/suricata/suricata_rulesets.php6
-rw-r--r--config/suricata/suricata_suppress.php1
-rw-r--r--config/suricata/suricata_suppress_edit.php13
24 files changed, 693 insertions, 179 deletions
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc
index 2660fae6..7936d41c 100644
--- a/config/suricata/suricata.inc
+++ b/config/suricata/suricata.inc
@@ -41,7 +41,7 @@ if (!is_array($config['installedpackages']['suricata']))
// Define the binary and package build versions
define('SURICATA_VER', '1.4.6');
-define('SURICATA_PKG_VER', 'v0.2-BETA');
+define('SURICATA_PKG_VER', 'v0.3-BETA');
// Create some other useful defines
define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/');
@@ -1703,6 +1703,9 @@ function suricata_create_rc() {
// Loop thru each configured interface and build
// the shell script.
foreach ($suricataconf as $value) {
+ // Skip disabled Suricata interfaces
+ if ($value['enable'] <> 'on')
+ continue;
$suricata_uuid = $value['uuid'];
$if_real = get_real_interface($value['interface']);
diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc
index a17a307b..8dcec887 100644
--- a/config/suricata/suricata.priv.inc
+++ b/config/suricata/suricata.priv.inc
@@ -8,7 +8,6 @@ $priv_list['page-services-suricata']['descr'] = "Allow access to suricata packag
$priv_list['page-services-suricata']['match'] = array();
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_alerts.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_barnyard.php*";
-$priv_list['page-services-suricata']['match'][] = "suricata/suricata_blocked.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_check_for_rule_updates.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_define_vars.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_download_rules.php*";
@@ -25,13 +24,13 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist_edit.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_list_view.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_browser.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_mgmt.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_flow_stream.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules_edit.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules_flowbits.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rulesets.php*";
-$priv_list['page-services-suricata']['match'][] = "suricata/suricata_select_alias.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_os_policy_engine.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_global.php*";
$priv_list['page-services-suricata']['match'][] = "pkg_edit.php?xml=suricata/suricata.xml*";
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index 197bdf28..fb296aed 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -42,7 +42,7 @@
<description>Suricata IDS/IPS Package</description>
<requirements>None</requirements>
<name>suricata</name>
- <version>1.4.6 pkg v0.2-BETA</version>
+ <version>1.4.6 pkg v0.3-BETA</version>
<title>Services: Suricata IDS</title>
<include_file>/usr/local/pkg/suricata/suricata.inc</include_file>
<menu>
@@ -58,9 +58,9 @@
<description>Suricata IDS/IPS Daemon</description>
</service>
<additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata.priv.inc</item>
<prefix>/etc/inc/priv/</prefix>
<chmod>077</chmod>
- <item>https://packages.pfsense.org/packages/config/suricata/suricata.priv.inc</item>
</additional_files_needed>
<additional_files_needed>
<item>https://packages.pfsense.org/packages/config/suricata/suricata.inc</item>
@@ -168,6 +168,11 @@
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_logs_mgmt.php</item>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
<item>https://packages.pfsense.org/packages/config/suricata/suricata_list_view.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
@@ -203,11 +208,6 @@
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>https://packages.pfsense.org/packages/config/suricata/suricata_uninstall.php</item>
- <prefix>/usr/local/www/suricata/</prefix>
- <chmod>0755</chmod>
- </additional_files_needed>
- <additional_files_needed>
<prefix>/usr/local/www/widgets/javascript/</prefix>
<chmod>0644</chmod>
<item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.js</item>
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 99241b7e..01d4daeb 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -121,11 +121,12 @@ function suricata_add_supplist_entry($suppress) {
return false;
}
-if (is_numericint($_POST['instance']))
+if (isset($_POST['instance']) && is_numericint($_POST['instance']))
$instanceid = $_POST['instance'];
// This is for the auto-refresh so we can stay on the same interface
-if (is_numericint($_GET['instance']))
+elseif (isset($_GET['instance']) && is_numericint($_GET['instance']))
$instanceid = $_GET['instance'];
+
if (is_null($instanceid))
$instanceid = 0;
@@ -355,7 +356,8 @@ if ($savemsg) {
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
?>
</td></tr>
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index e8f20226..8d0bb4f4 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -33,9 +33,11 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id))
$id = 0;
@@ -397,6 +399,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td>';
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index e71dc261..850e4bed 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -33,9 +33,11 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
if (is_null($id)) {
header("Location: /suricata/suricata_interfaces.php");
exit;
@@ -55,8 +57,6 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['barnyard_dbpwd'] = base64_decode($a_nat[$id]['barnyard_dbpwd']);
if (empty($a_nat[$id]['barnyard_show_year']))
$pconfig['barnyard_show_year'] = "on";
- if (empty($a_nat[$id]['unified2_log_limit']))
- $pconfig['unified2_log_limit'] = "32";
if (empty($a_nat[$id]['barnyard_archive_enable']))
$pconfig['barnyard_archive_enable'] = "on";
if (empty($a_nat[$id]['barnyard_obfuscate_ip']))
@@ -85,12 +85,6 @@ if ($_POST['save']) {
$_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on")
$input_errors[] = gettext("You must enable at least one output option when using Barnyard2.");
- // Validate unified2 log file limit
- if ($_POST['barnyard_enable'] == 'on') {
- if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1)
- $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be a valid integer greater than zero.");
- }
-
// Validate Sensor ID is a valid integer
if ($_POST['barnyard_enable'] == 'on') {
if (!is_numericint($_POST['barnyard_sensor_id']) || $_POST['barnyard_sensor_id'] < 0)
@@ -144,7 +138,6 @@ if ($_POST['save']) {
if ($_POST['barnyard_sensor_id']) $natent['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; else $natent['barnyard_sensor_id'] = '0';
if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']);
- if ($_POST['unified2_log_limit']) $natent['unified2_log_limit'] = $_POST['unified2_log_limit']; else unset($natent['unified2_log_limit']);
if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']);
if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']);
if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']);
@@ -201,6 +194,7 @@ if ($_POST['save']) {
$pconfig['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
$pconfig['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'];
+ $pconfig['barnyard_sensor_id'] = $_POST['barnyard_sensor_id'];
$pconfig['barnyard_sensor_name'] = $_POST['barnyard_sensor_name'];
$pconfig['barnyard_dbhost'] = $_POST['barnyard_dbhost'];
$pconfig['barnyard_dbname'] = $_POST['barnyard_dbname'];
@@ -247,6 +241,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -284,15 +279,6 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td>
- <td width="78%" class="vtable">
- <input name="unified2_log_limit" type="text" class="formfld unknown"
- id="unified2_log_limit" size="25" value="<?=htmlspecialchars($pconfig['unified2_log_limit']);?>"/>
- &nbsp;<?php echo gettext("Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/>
- <?php echo gettext("This sets the maximum size for a unified2 log file before it is rotated and a new one created."); ?>
- </td>
- </tr>
- <tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Archive Unified2 Logs"); ?></td>
<td width="78%" class="vtable">
<input name="barnyard_archive_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_archive_enable'] == "on") echo "checked"; ?>/>
@@ -590,7 +576,6 @@ function enable_change(enable_change) {
endis = !(document.iform.barnyard_enable.checked || enable_change);
// make sure a default answer is called if this is invoked.
endis2 = (document.iform.barnyard_enable);
- document.iform.unified2_log_limit.disabled = endis;
document.iform.barnyard_archive_enable.disabled = endis;
document.iform.barnyard_show_year.disabled = endis;
document.iform.barnyard_dump_payload.disabled = endis;
diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc
index b2678059..25e8bb8a 100644
--- a/config/suricata/suricata_check_cron_misc.inc
+++ b/config/suricata/suricata_check_cron_misc.inc
@@ -30,74 +30,162 @@
require_once("/usr/local/pkg/suricata/suricata.inc");
-// 'B' => 1,
-// 'KB' => 1024,
-// 'MB' => 1024 * 1024,
-// 'GB' => 1024 * 1024 * 1024,
-// 'TB' => 1024 * 1024 * 1024 * 1024,
-// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024,
+function suricata_check_dir_size_limit($suricataloglimitsize) {
+ /********************************************************
+ * This function checks the total size of the Suricata *
+ * logging sub-directory structure and prunes the files *
+ * for all Suricata interfaces if the size exceeds the *
+ * passed limit. *
+ * *
+ * On Entry: $surictaaloglimitsize = dir size limit *
+ * in megabytes *
+ ********************************************************/
+
+ // Convert Log Limit Size setting from MB to KB
+ $suricataloglimitsizeKB = round($suricataloglimitsize * 1024);
+ $suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR);
-/* chk if snort log dir is full if so clear it */
-$suricataloglimit = $config['installedpackages']['suricata']['config'][0]['suricataloglimit'];
-$suricataloglimitsize = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
+ if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) {
+ log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated."));
+ conf_mount_rw();
-if ($g['booting']==true)
- return;
+ // Truncate the Rules Update Log file if it exists
+ if (file_exists(RULES_UPD_LOGFILE)) {
+ log_error(gettext("[Suricata] Truncating the Rules Update Log file..."));
+ @file_put_contents(RULES_UPD_LOGFILE, "");
+ }
-if ($suricataloglimit == 'off')
- return;
+ // Initialize an array of the log files we want to prune
+ $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" );
-if (!is_array($config['installedpackages']['suricata']['rule']))
- return;
+ // Clean-up the logs for each configured Suricata instance
+ foreach ($config['installedpackages']['suricata']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $suricata_uuid = $value['uuid'];
+ $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
+ log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})..."));
+ suricata_post_delete_logs($suricata_uuid);
+
+ foreach ($logs as $file) {
+ // Truncate the log file if it exists
+ if (file_exists("{$suricata_log_dir}/{$file}")) {
+ try {
+ file_put_contents("{$suricata_log_dir}/{$file}", "");
+ } catch (Exception $e) {
+ log_error("[Suricata] Failed to truncate file '{$suricata_log_dir}/{$file}' -- error was {$e->getMessage()}");
+ }
+ }
+ }
-/* Convert Log Limit Size setting from MB to KB */
-$suricataloglimitsizeKB = round($suricataloglimitsize * 1024);
-$suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR);
-if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) {
- log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated."));
- conf_mount_rw();
-
- /* Truncate the Rules Update Log file if it exists */
- if (file_exists(RULES_UPD_LOGFILE)) {
- log_error(gettext("[Suricata] Truncating the Rules Update Log file..."));
- $fd = @fopen(RULES_UPD_LOGFILE, "w+");
- if ($fd)
- fclose($fd);
+ // Check for any captured stored files and clean them up
+ unlink_if_exists("{$suricata_log_dir}/files/*");
+
+ // This is needed if suricata is run as suricata user
+ mwexec('/bin/chmod 660 /var/log/suricata/*', true);
+ }
+ conf_mount_ro();
+ log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed."));
}
+}
- /* Clean-up the logs for each configured Suricata instance */
- foreach ($config['installedpackages']['suricata']['rule'] as $value) {
- $if_real = get_real_interface($value['interface']);
- $suricata_uuid = $value['uuid'];
- $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
- log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})..."));
- suricata_post_delete_logs($suricata_uuid);
+function suricata_check_rotate_log($log_file, $log_limit, $retention) {
- // Initialize an array of the log files we want to prune
- $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" );
+ /********************************************************
+ * This function checks the passed log file against *
+ * the passed size limit and rotates the log file if *
+ * necessary. It also checks the age of previously *
+ * rotated logs and removes those older than the *
+ * rentention parameter. *
+ * *
+ * On Entry: $log_file -> full pathname/filename of *
+ * log file to check *
+ * $log_limit -> size of file in bytes to *
+ * trigger rotation. Zero *
+ * means no rotation. *
+ * $retention -> retention period in hours *
+ * for rotated logs. Zero *
+ * means never remove. *
+ ********************************************************/
- foreach ($logs as $file) {
- // Truncate the log file if it exists
- if (file_exists("{$suricata_log_dir}/$file")) {
- $fd = @fopen("{$suricata_log_dir}/$file", "w+");
- if ($fd)
- fclose($fd);
- }
+ // Check the current log to see if it needs rotating.
+ // If it does, rotate it and put the current time
+ // on the end of the filename as UNIX timestamp.
+ if (($log_limit > 0) && (filesize($log_file) >= $log_limit)) {
+ $newfile = $log_file . "." . strval(time());
+ try {
+ copy($log_file, $newfile);
+ file_put_contents($log_file, "");
+ } catch (Exception $e) {
+ log_error("[Suricata] Failed to rotate file '{$log_file}' -- error was {$e->getMessage()}");
}
+ }
- // Check for any captured stored files and clean them up
- $filelist = glob("{$suricata_log_dir}/files/*");
- if (!empty($filelist)) {
- foreach ($filelist as $file)
- @unlink($file);
+ // Check previously rotated logs to see if time to
+ // delete any older than the retention period.
+ // Rotated logs have a UNIX timestamp appended to
+ // filename.
+ if ($retention > 0) {
+ $now = time();
+ $rotated_files = glob("{$log_file}.*");
+ foreach ($rotated_files as $file) {
+ if (($now - filemtime($file)) > ($retention * 3600))
+ unlink_if_exists($file);
}
+ unset($rotated_files);
+ }
+}
+
+/*************************
+ * Start of main code *
+ *************************/
+
+// If firewall is booting, do nothing
+if ($g['booting'] == true)
+ return;
+
+// If no interfaces defined, there is nothing to clean up
+if (!is_array($config['installedpackages']['suricata']['rule']))
+ return;
- // This is needed if suricata is run as suricata user
- mwexec('/bin/chmod 660 /var/log/suricata/*', true);
+$logs = array ();
+
+// Build an arry of files to check and limits to check them against from our saved configuration
+$logs['alerts.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'];
+$logs['alerts.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention'];
+$logs['files-json.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'];
+$logs['files-json.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'];
+$logs['http.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'];
+$logs['http.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention'];
+$logs['stats.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'];
+$logs['stats.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention'];
+$logs['tls.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'];
+$logs['tls.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention'];
+
+// Check log limits and retention in the interface logging directories if enabled
+if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on') {
+ foreach ($config['installedpackages']['suricata']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$value['uuid']}";
+ foreach ($logs as $k => $p)
+ suricata_check_rotate_log("{$suricata_log_dir}/{$k}", $p['limit']*1024, $p['retention']);
}
- conf_mount_ro();
- log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed."));
+
+ // Prune any aged-out Barnyard2 archived logs if any exist
+ if (is_dir("{$suricata_log_dir}/barnyard2/archive") &&
+ $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) {
+ $now = time();
+ $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*");
+ foreach ($files as $f) {
+ if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600))
+ unlink_if_exists($f);
+ }
+ }
+ unset($files);
}
+// Check the overall log directory limit (if enabled) and prune if necessary
+if ($config['installedpackages']['suricata']['config'][0]['suricataloglimit'] == 'on')
+ suricata_check_dir_size_limit($config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']);
+
?>
diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 867a7efe..51efd7d0 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -29,7 +29,6 @@
require_once("functions.inc");
require_once("service-utils.inc");
-require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $pkg_interface, $suricata_gui_include, $rebuild_rules;
@@ -141,7 +140,51 @@ function suricata_download_file_url($url, $file_out) {
/* It provides logging of returned CURL errors. */
/************************************************/
- global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update, $rfc2616;
+ global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update;
+
+ $rfc2616 = array(
+ 100 => "100 Continue",
+ 101 => "101 Switching Protocols",
+ 200 => "200 OK",
+ 201 => "201 Created",
+ 202 => "202 Accepted",
+ 203 => "203 Non-Authoritative Information",
+ 204 => "204 No Content",
+ 205 => "205 Reset Content",
+ 206 => "206 Partial Content",
+ 300 => "300 Multiple Choices",
+ 301 => "301 Moved Permanently",
+ 302 => "302 Found",
+ 303 => "303 See Other",
+ 304 => "304 Not Modified",
+ 305 => "305 Use Proxy",
+ 306 => "306 (Unused)",
+ 307 => "307 Temporary Redirect",
+ 400 => "400 Bad Request",
+ 401 => "401 Unauthorized",
+ 402 => "402 Payment Required",
+ 403 => "403 Forbidden",
+ 404 => "404 Not Found",
+ 405 => "405 Method Not Allowed",
+ 406 => "406 Not Acceptable",
+ 407 => "407 Proxy Authentication Required",
+ 408 => "408 Request Timeout",
+ 409 => "409 Conflict",
+ 410 => "410 Gone",
+ 411 => "411 Length Required",
+ 412 => "412 Precondition Failed",
+ 413 => "413 Request Entity Too Large",
+ 414 => "414 Request-URI Too Long",
+ 415 => "415 Unsupported Media Type",
+ 416 => "416 Requested Range Not Satisfiable",
+ 417 => "417 Expectation Failed",
+ 500 => "500 Internal Server Error",
+ 501 => "501 Not Implemented",
+ 502 => "502 Bad Gateway",
+ 503 => "503 Service Unavailable",
+ 504 => "504 Gateway Timeout",
+ 505 => "505 HTTP Version Not Supported"
+ );
// Initialize required variables for the pfSense "read_body()" function
$file_size = 1;
@@ -196,7 +239,7 @@ function suricata_download_file_url($url, $file_out) {
if ($rc === false)
$last_curl_error = curl_error($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- if (is_rfc2616_code($http_code))
+ if (isset($rfc2616[$http_code]))
$last_curl_error = $rfc2616[$http_code];
curl_close($ch);
fclose($fout);
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index e130e555..22b8ab3c 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -34,9 +34,10 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
if (is_null($id)) {
header("Location: /suricata/suricata_interfaces.php");
exit;
@@ -163,6 +164,7 @@ if ($savemsg)
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php
index bae467e4..188255c8 100644
--- a/config/suricata/suricata_download_updates.php
+++ b/config/suricata/suricata_download_updates.php
@@ -178,6 +178,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
?>
</td></tr>
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index 1a65ddfd..cc00f350 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -33,9 +33,10 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
if (is_null($id))
$id=0;
@@ -443,6 +444,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td>';
diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php
index 115f0045..0e348631 100644
--- a/config/suricata/suricata_generate_yaml.php
+++ b/config/suricata/suricata_generate_yaml.php
@@ -226,8 +226,8 @@ if ($suricatacfg['barnyard_enable'] == 'on')
else
$barnyard2_enabled = "no";
-if (isset($suricatacfg['unified2_log_limit']))
- $unified2_log_limit = "{$suricatacfg['unified2_log_limit']}mb";
+if (isset($config['installedpackages']['suricata']['config'][0]['unified2_log_limit']))
+ $unified2_log_limit = "{$config['installedpackages']['suricata']['config'][0]['unified2_log_limit']}mb";
else
$unified2_log_limit = "32mb";
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index 99abc49b..938d6a97 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -41,23 +41,15 @@ $pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['e
$pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'];
$pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'];
$pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked'];
-$pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimit'];
-$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
$pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate'];
$pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'];
$pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates'];
$pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'];
-$pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs'];
$pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'];
$pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'];
-if (empty($pconfig['suricataloglimit']))
- $pconfig['suricataloglimit'] = 'on';
if (empty($pconfig['autoruleupdatetime']))
$pconfig['autoruleupdatetime'] = '00:30';
-if (empty($pconfig['suricataloglimitsize']))
- // Set limit to 20% of slice that is unused */
- $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024);
if ($_POST['autoruleupdatetime']) {
if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime']))
@@ -116,18 +108,7 @@ if (!$input_errors) {
$config['installedpackages']['suricata']['config'][0]['oinkcode'] = $_POST['oinkcode'];
$config['installedpackages']['suricata']['config'][0]['etprocode'] = $_POST['etprocode'];
-
$config['installedpackages']['suricata']['config'][0]['rm_blocked'] = $_POST['rm_blocked'];
- if ($_POST['suricataloglimitsize']) {
- $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = $_POST['suricataloglimit'];
- $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize'];
- } else {
- $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = 'on';
-
- /* code will set limit to 21% of slice that is unused */
- $suricataloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024);
- $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $suricataloglimitDSKsize;
- }
$config['installedpackages']['suricata']['config'][0]['autoruleupdate'] = $_POST['autoruleupdate'];
/* Check and adjust format of Rule Update Starttime string to add colon and leading zero if necessary */
@@ -139,7 +120,6 @@ if (!$input_errors) {
$config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT);
$config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off';
- $config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
$retval = 0;
@@ -190,6 +170,7 @@ if ($input_errors)
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
?>
</td></tr>
@@ -323,39 +304,6 @@ if ($input_errors)
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
</tr>
-<tr>
-<?php $suricatalogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " .
- "Limit"); ?><br/>
- <br/>
- <br/>
- <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/>
- <?php echo gettext("Available space is"); ?> <strong><?php echo $suricatalogCurrentDSKsize; ?>&nbsp;MB</strong></td>
- <td width="78%" class="vtable">
- <table cellpadding="0" cellspacing="0">
- <tr>
- <td colspan="2"><input name="suricataloglimit" type="radio" id="suricataloglimit" value="on"
- <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?>/><span class="vexpl">
- <strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</span></td>
- </tr>
- <tr>
- <td colspan="2"><input name="suricataloglimit" type="radio" id="suricataloglimit" value="off"
- <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?>/> <span class="vexpl"><strong><?php echo gettext("Disable"); ?></strong>
- <?php echo gettext("directory size limit"); ?></span><br/>
- <br/>
- <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("Nanobsd " .
- "should use no more than 10MB of space."); ?></td>
- </tr>
- </table>
- <table width="100%" border="0" cellpadding="2" cellspacing="0">
- <tr>
- <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?>&nbsp;
- <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>"/>
- &nbsp;<?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td>
- </tr>
- </table>
- </td>
-</tr>
<tr style="display:none;">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts Interval"); ?></td>
<td width="78%" class="vtable">
@@ -378,12 +326,6 @@ if ($input_errors)
<?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Suricata Log Files After Deinstall"); ?></td>
- <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo " checked"; ?>/>&nbsp;
- <?php echo gettext("Suricata log files will be removed during package deinstallation."); ?></td>
-</tr>
-<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Suricata Settings After Deinstall"); ?></td>
<td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes"
<?php if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings']=="on") echo " checked"; ?>/>&nbsp;
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 5e5d8c44..e8125986 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -166,6 +166,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
?>
</td>
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 389566a2..fbb78aa2 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -40,9 +40,9 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_rule = &$config['installedpackages']['suricata']['rule'];
-if ($_POST['id'])
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
-elseif ($_GET['id']);
+elseif (isset($_GET['id']) && is_numericint($_GET['id']));
$id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401);
if (is_null($id))
@@ -81,6 +81,9 @@ elseif (isset($id) && !isset($a_rule[$id])) {
foreach ($ifaces as $i) {
if (!in_array($i, $ifrules)) {
$pconfig['interface'] = $i;
+ $pconfig['enable'] = 'on';
+ $pconfig['descr'] = strtoupper($i);
+ $pconfig['inspect_recursion_limit'] = '3000';
break;
}
}
@@ -333,6 +336,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php
index 2ff121f2..b6616909 100644
--- a/config/suricata/suricata_list_view.php
+++ b/config/suricata/suricata_list_view.php
@@ -34,9 +34,11 @@ global $g, $config;
$contents = '';
-$id = $_GET['id'];
-$wlist = $_GET['wlist'];
-$type = $_GET['type'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+$wlist = htmlspecialchars($_GET['wlist']);
+$type = htmlspecialchars($_GET['type']);
if (isset($id) && isset($wlist)) {
$a_rule = $config['installedpackages']['suricata']['rule'][$id];
@@ -86,7 +88,7 @@ $pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer"));
<tr>
<td colspan="2" valign="top" class="label">
<div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea>
+ <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea>
</div>
</td>
</tr>
diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php
index f9c34ed0..53530881 100644
--- a/config/suricata/suricata_logs_browser.php
+++ b/config/suricata/suricata_logs_browser.php
@@ -30,10 +30,10 @@
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
-if ($_POST['instance'])
+if (isset($_POST['instance']) && is_numericint($_POST['instance']))
$instanceid = $_POST['instance'];
-if ($_GET['instance'])
- $instanceid = $_GET['instance'];
+elseif (isset($_GET['instance']) && is_numericint($_GET['instance']))
+ $instanceid = htmlspecialchars($_GET['instance']);
if (empty($instanceid))
$instanceid = 0;
@@ -131,6 +131,7 @@ if ($input_errors) {
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), true, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
?>
</td>
diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php
new file mode 100644
index 00000000..7418dd80
--- /dev/null
+++ b/config/suricata/suricata_logs_mgmt.php
@@ -0,0 +1,429 @@
+<?php
+/*
+ * suricata_logs_mgmt.php
+ * part of pfSense
+ *
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+global $g;
+
+$suricatadir = SURICATADIR;
+
+$pconfig = array();
+
+// Grab saved settings from configuration
+$pconfig['enable_log_mgmt'] = $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on' ? 'on' : 'off';
+$pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs'];
+$pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimit'];
+$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
+$pconfig['alert_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'];
+$pconfig['alert_log_retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention'];
+$pconfig['files_json_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'];
+$pconfig['files_json_log_retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'];
+$pconfig['http_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'];
+$pconfig['http_log_retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention'];
+$pconfig['stats_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'];
+$pconfig['stats_log_retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention'];
+$pconfig['tls_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'];
+$pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention'];
+$pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'];
+$pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'];
+
+// Load up some arrays with selection values (we use these later).
+// The keys in the $retentions array are the retention period
+// converted to hours. The keys in the $log_sizes array are
+// the file size limits in KB.
+$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'),
+ '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'),
+ '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") );
+$log_sizes = array( '0' => gettext('NO LIMIT'), '50' => gettext('50 KB'), '150' => gettext('150 KB'), '250' => gettext('250 KB'),
+ '500' => gettext('500 KB'), '750' => gettext('750 KB'), '1000' => gettext('1 MB'), '2000' => gettext('2 MB'),
+ '5000' => gettext("5 MB"), '10000' => gettext("10 MB") );
+
+// Set sensible defaults for any unset parameters
+if (empty($pconfig['suricataloglimit']))
+ $pconfig['suricataloglimit'] = 'on';
+if (empty($pconfig['suricataloglimitsize'])) {
+ // Set limit to 20% of slice that is unused */
+ $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024);
+}
+
+// Set default retention periods for rotated logs
+if (empty($pconfig['alert_log_retention']))
+ $pconfig['alert_log_retention'] = "336";
+if (empty($pconfig['files_json_log_retention']))
+ $pconfig['files_json_log_retention'] = "168";
+if (empty($pconfig['http_log_retention']))
+ $pconfig['http_log_retention'] = "168";
+if (empty($pconfig['stats_log_retention']))
+ $pconfig['stats_log_retention'] = "168";
+if (empty($pconfig['tls_log_retention']))
+ $pconfig['tls_log_retention'] = "336";
+if (empty($pconfig['u2_archive_log_retention']))
+ $pconfig['u2_archive_log_retention'] = "168";
+
+// Set default log file size limits
+if (empty($pconfig['alert_log_limit_size']))
+ $pconfig['alert_log_limit_size'] = "500";
+if (empty($pconfig['files_json_log_limit_size']))
+ $pconfig['files_json_log_limit_size'] = "1000";
+if (empty($pconfig['http_log_limit_size']))
+ $pconfig['http_log_limit_size'] = "1000";
+if (empty($pconfig['stats_log_limit_size']))
+ $pconfig['stats_log_limit_size'] = "500";
+if (empty($pconfig['tls_log_limit_size']))
+ $pconfig['tls_log_limit_size'] = "500";
+if (empty($pconfig['unified2_log_limit']))
+ $pconfig['unified2_log_limit'] = "32";
+
+if ($_POST["save"]) {
+ if ($_POST['suricataloglimit'] == 'on') {
+ if (!is_numericint($_POST['suricataloglimitsize']) || $_POST['suricataloglimitsize'] < 1)
+ $input_errors[] = gettext("The 'Log Directory Size Limit' must be an integer value greater than zero.");
+ }
+
+ // Validate unified2 log file limit
+ if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1)
+ $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be an integer value greater than zero.");
+
+ if (!$input_errors) {
+ $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off';
+ $config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off';
+ $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = $_POST['suricataloglimit'];
+ $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize'];
+ $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'] = $_POST['alert_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['alert_log_retention'] = $_POST['alert_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'] = $_POST['files_json_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'] = $_POST['files_json_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'] = $_POST['http_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['http_log_retention'] = $_POST['http_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'] = $_POST['stats_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['stats_log_retention'] = $_POST['stats_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'] = $_POST['tls_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['tls_log_retention'] = $_POST['tls_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit'];
+ $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention'];
+
+ write_config();
+ sync_suricata_package_config();
+
+ /* forces page to reload new settings */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /suricata/suricata_logs_mgmt.php");
+ exit;
+ }
+}
+
+$pgtitle = gettext("Suricata: Logs Management");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+
+/* Display Alert message, under form tag or no refresh */
+if ($input_errors)
+ print_input_errors($input_errors);
+
+?>
+
+<form action="suricata_logs_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Suricata Log Files During Package Uninstall"); ?></td>
+ <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("Suricata log files will be removed when the Suricata package is uninstalled."); ?></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Auto Log Management"); ?></td>
+ <td width="78%" class="vtable"><input name="enable_log_mgmt" id="enable_log_mgmt" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt']=="on") echo " checked"; ?> onClick="enable_change();"/>&nbsp;
+ <?php echo gettext("Enable automatic unattended management of Suricata logs using parameters specified below."); ?><br/>
+ <span class="red"><strong><?=gettext("Note: ") . "</strong></span>" . gettext("This must be be enabled in order to set Log Size and Retention Limits below.");?>
+ </td>
+</tr>
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Logs Directory Size Limit"); ?></td>
+</tr>
+<tr>
+<?php $suricatalogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " .
+ "Limit"); ?><br/><br/><br/><br/><br/><br/><br/>
+ <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/>
+ <?php echo gettext("Available space is"); ?> <strong><?php echo $suricatalogCurrentDSKsize; ?>&nbsp;MB</strong></td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_on" value="on"
+ <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?> onClick="enable_change_dirSize();"/>
+ &nbsp;<strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</td>
+ </tr>
+ <tr>
+ <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_off" value="off"
+ <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?> onClick="enable_change_dirSize();"/>
+ &nbsp;<strong><?php echo gettext("Disable"); ?></strong>
+ <?php echo gettext("directory size limit"); ?><br/>
+ <br/><span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("this setting imposes a hard-limit on the combined log directory size of all Suricata interfaces. ") .
+ gettext("When the size limit set is reached, rotated logs for all interfaces will be removed, and any active logs pruned to zero-length.");?>
+ <br/><br/>
+ <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("NanoBSD " .
+ "should use no more than 10MB of space."); ?></td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?>&nbsp;
+ <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>"/>
+ &nbsp;<?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Log Size and Retention Limits"); ?></td>
+</tr>
+<tr>
+ <td class="vncell" valign="top" width="22%"><?php echo gettext("Text Log Settings");?></td>
+ <td class="vtable" width="78%">
+ <table width="100%" border="0" cellpadding="2" cellspacing="0">
+ <colgroup>
+ <col style="width: 15%;">
+ <col style="width: 18%;">
+ <col style="width: 20%;">
+ <col>
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?=gettext("Log Name");?></th>
+ <th class="listhdrr"><?=gettext("Max Size");?></th>
+ <th class="listhdrr"><?=gettext("Retention");?></th>
+ <th class="listhdrr"><?=gettext("Log Description");?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td class="listbg">alerts</td>
+ <td class="listr" align="center"><select name="alert_log_limit_size" class="formselect" id="alert_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['alert_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="alert_log_retention" class="formselect" id="alert_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['alert_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Suricata alerts and event details");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">files-json</td>
+ <td class="listr" align="center"><select name="files_json_log_limit_size" class="formselect" id="files_json_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['files_json_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="files_json_log_retention" class="formselect" id="files_json_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['files_json_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Captured files info in JSON format");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">http</td>
+ <td class="listr" align="center"><select name="http_log_limit_size" class="formselect" id="http_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['http_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="http_log_retention" class="formselect" id="http_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['http_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Captured HTTP events and session info");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">stats</td>
+ <td class="listr" align="center"><select name="stats_log_limit_size" class="formselect" id="stats_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['stats_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="stats_log_retention" class="formselect" id="stats_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['stats_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Suricata performance statistics");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">tls</td>
+ <td class="listr" align="center"><select name="tls_log_limit_size" class="formselect" id="tls_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['tls_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="tls_log_retention" class="formselect" id="tls_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['tls_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("SMTP TLS handshake details");?></td>
+ </tr>
+ </tbody>
+ </table>
+ <br/><?=gettext("Settings will be ignored for any log in the list above not enabled on the Interface Settings tab. ") .
+ gettext("When a log reaches the Max Size limit, it will be rotated and tagged with a timestamp. The Retention period determines ") .
+ gettext("how long rotated logs are kept before they are automatically deleted.");?>
+ </td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="unified2_log_limit" type="text" class="formfld unknown"
+ id="unified2_log_limit" size="10" value="<?=htmlspecialchars($pconfig['unified2_log_limit']);?>"/>
+ &nbsp;<?php echo gettext("Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/>
+ <?php echo gettext("This sets the maximum size for a unified2 log file before it is rotated and a new one created."); ?>
+ </td>
+</tr>
+<tr>
+ <td class="vncell" width="22%" valign="top"><?=gettext("Unified2 Archived Log Retention Period");?></td>
+ <td width="78%" class="vtable"><select name="u2_archive_log_retention" class="formselect" id="u2_archive_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['u2_archive_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;<?=gettext("Choose retention period for archived Barnyard2 binary log files. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/>
+ <?=gettext("When Barnyard2 output is enabled, Suricata writes event data to a binary format file that Barnyard2 reads and processes. ") .
+ gettext("When finished processing a file, Barnyard2 moves it to an archive folder. This setting determines how long files ") .
+ gettext("remain in the archive folder before they are automatically deleted.");?>
+ </td>
+</tr>
+<tr>
+ <td width="22%"></td>
+ <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/><br/>
+ <br/><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
+ </span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td>
+</tr>
+ </table>
+</div><br/>
+</td></tr>
+</table>
+</form>
+
+<script language="JavaScript">
+function enable_change() {
+ var endis = !(document.iform.enable_log_mgmt.checked);
+ document.iform.alert_log_limit_size.disabled = endis;
+ document.iform.alert_log_retention.disabled = endis;
+ document.iform.files_json_log_limit_size.disabled = endis;
+ document.iform.files_json_log_retention.disabled = endis;
+ document.iform.http_log_limit_size.disabled = endis;
+ document.iform.http_log_retention.disabled = endis;
+ document.iform.stats_log_limit_size.disabled = endis;
+ document.iform.stats_log_retention.disabled = endis;
+ document.iform.tls_log_limit_size.disabled = endis;
+ document.iform.tls_log_retention.disabled = endis;
+ document.iform.unified2_log_limit.disabled = endis;
+ document.iform.u2_archive_log_retention.disabled = endis;
+}
+
+function enable_change_dirSize() {
+ var endis = !(document.getElementById('suricataloglimit_on').checked);
+ document.getElementById('suricataloglimitsize').disabled = endis;
+}
+
+enable_change();
+enable_change_dirSize();
+</script>
+
+<?php include("fend.inc"); ?>
+
+</body>
+</html>
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 72257325..4d5454d5 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -50,14 +50,14 @@ if(is_process_running("suricata")) {
killbyname("suricata");
sleep(2);
// Delete any leftover suricata PID files in /var/run
- array_map('@unlink', glob("/var/run/suricata_*.pid"));
+ unlink_if_exists("/var/run/suricata_*.pid");
}
// Hard kill any running Barnyard2 processes
if(is_process_running("barnyard")) {
killbyname("barnyard2");
sleep(2);
// Delete any leftover barnyard2 PID files in /var/run
- array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
+ unlink_if_exists("/var/run/barnyard2_*.pid");
}
// Set flag for post-install in progress
@@ -110,7 +110,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
suricata_create_rc();
// Set Log Limit, Block Hosts Time and Rules Update Time
- suricata_loglimit_install_cron($config['installedpackages']['suricata']['config'][0]['suricataloglimit'] == 'on' ? true : false);
+ suricata_loglimit_install_cron();
// suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false);
suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false);
@@ -138,7 +138,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
}
// Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v0.2-BETA";
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v0.3-BETA";
write_config();
// Done with post-install, so clear flag
diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index 567c29ea..5883ed8e 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -40,7 +40,7 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_rule = &$config['installedpackages']['suricata']['rule'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
elseif (isset($_GET['id']) && is_numericint($_GET['id']))
$id = htmlspecialchars($_GET['id']);
@@ -391,6 +391,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php
index 6470ff4b..1907cbeb 100644
--- a/config/suricata/suricata_rules_flowbits.php
+++ b/config/suricata/suricata_rules_flowbits.php
@@ -41,7 +41,7 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) {
}
$a_nat = &$config['installedpackages']['suricata']['rule'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
elseif (isset($_GET['id']) && is_numericint($_GET['id']))
$id = htmlspecialchars($_GET['id']);
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index 4365de4b..e607acc1 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -44,9 +44,10 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) {
}
$a_nat = &$config['installedpackages']['suricata']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
if (is_null($id))
$id = 0;
@@ -255,6 +256,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php
index 12227f3d..1b833276 100644
--- a/config/suricata/suricata_suppress.php
+++ b/config/suricata/suricata_suppress.php
@@ -125,6 +125,7 @@ if ($input_errors) {
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
$tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
?>
</td>
diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php
index 3d5bad27..aad67a95 100644
--- a/config/suricata/suricata_suppress_edit.php
+++ b/config/suricata/suricata_suppress_edit.php
@@ -40,9 +40,10 @@ if (!is_array($config['installedpackages']['suricata']['suppress']['item']))
$config['installedpackages']['suricata']['suppress']['item'] = array();
$a_suppress = &$config['installedpackages']['suricata']['suppress']['item'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
/* returns true if $name is a valid name for a whitelist file name or ip */
function is_validwhitelistname($name) {
@@ -69,7 +70,7 @@ if (isset($id) && $a_suppress[$id]) {
$pconfig['uuid'] = uniqid();
}
-if ($_POST['submit']) {
+if ($_POST['save']) {
unset($input_errors);
$pconfig = $_POST;
@@ -139,11 +140,13 @@ if ($savemsg)
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
$tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
display_top_tabs($tab_array);
?>
</td></tr>
@@ -193,7 +196,7 @@ if ($savemsg)
</td>
</tr>
<tr>
- <td colspan="2"><input id="submit" name="submit" type="submit"
+ <td colspan="2"><input id="save" name="save" type="submit"
class="formbtn" value="Save" />&nbsp;&nbsp;<input id="cancelbutton"
name="cancelbutton" type="button" class="formbtn" value="Cancel"
onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?>