diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-09-09 14:37:15 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-09-09 14:37:15 -0300 |
commit | b40de132a39680cd8d096e14d9f968adac3c82e0 (patch) | |
tree | 6d25fb1594a31c371686f5a2350ca89836cdfce8 /config/suricata | |
parent | 8a33d84b6e7d52e2e7dd414c03428ce6da0296a2 (diff) | |
parent | 942f82201a14aebc97f872aeddae893b9a1e0a55 (diff) | |
download | pfsense-packages-b40de132a39680cd8d096e14d9f968adac3c82e0.tar.gz pfsense-packages-b40de132a39680cd8d096e14d9f968adac3c82e0.tar.bz2 pfsense-packages-b40de132a39680cd8d096e14d9f968adac3c82e0.zip |
Merge pull request #698 from bmeeks8/suricata-2.0.3-v2.0.2
Diffstat (limited to 'config/suricata')
-rw-r--r-- | config/suricata/suricata.xml | 2 | ||||
-rw-r--r-- | config/suricata/suricata_alerts.php | 6 | ||||
-rw-r--r-- | config/suricata/suricata_app_parsers.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_barnyard.php | 4 | ||||
-rw-r--r-- | config/suricata/suricata_blocked.php | 7 | ||||
-rw-r--r-- | config/suricata/suricata_define_vars.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_flow_stream.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_migrate_config.php | 4 | ||||
-rw-r--r-- | config/suricata/suricata_post_install.php | 42 | ||||
-rw-r--r-- | config/suricata/suricata_rules.php | 15 | ||||
-rw-r--r-- | config/suricata/suricata_rulesets.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_sid_mgmt.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_suppress.php | 18 |
13 files changed, 95 insertions, 18 deletions
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml index 43ad68fa..995ed900 100644 --- a/config/suricata/suricata.xml +++ b/config/suricata/suricata.xml @@ -42,7 +42,7 @@ <description>Suricata IDS/IPS Package</description> <requirements>None</requirements> <name>suricata</name> - <version>2.0.3 pkg v2.0.1</version> + <version>2.0.3 pkg v2.0.2</version> <title>Services: Suricata IDS</title> <include_file>/usr/local/pkg/suricata/suricata.inc</include_file> <menu> diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index eab2a1d5..57ccbe27 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -294,6 +294,9 @@ if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsu if (suricata_add_supplist_entry($suppress)) { suricata_reload_config($a_instance[$instanceid]); $savemsg = $success; + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); sleep(2); } else @@ -354,6 +357,9 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen /* Signal Suricata to live-load the new rules */ suricata_reload_config($a_instance[$instanceid]); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); sleep(2); $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules."); diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index 16927092..51514ee5 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -420,6 +420,9 @@ elseif ($_POST['save'] || $_POST['apply']) { conf_mount_rw(); suricata_generate_yaml($natent); conf_mount_ro(); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php index cd233b5e..987055fd 100644 --- a/config/suricata/suricata_barnyard.php +++ b/config/suricata/suricata_barnyard.php @@ -96,7 +96,7 @@ if ($_POST['save']) { // Validate Sensor Name contains no spaces if ($_POST['barnyard_enable'] == 'on') { - if (!empty(trim($_POST['barnyard_sensor_name'])) && strpos(trim($_POST['barnyard_sensor_name']), " ") !== FALSE) + if (!empty($_POST['barnyard_sensor_name']) && strpos($_POST['barnyard_sensor_name'], " ") !== FALSE) $input_errors[] = gettext("The value for 'Sensor Name' cannot contain spaces."); } @@ -153,7 +153,7 @@ if ($_POST['save']) { $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; if ($_POST['barnyard_sensor_id']) $natent['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; else $natent['barnyard_sensor_id'] = '0'; - if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = trim($_POST['barnyard_sensor_name']); else unset($natent['barnyard_sensor_name']); + if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']); if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']); if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']); if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']); diff --git a/config/suricata/suricata_blocked.php b/config/suricata/suricata_blocked.php index c29d5745..842d4073 100644 --- a/config/suricata/suricata_blocked.php +++ b/config/suricata/suricata_blocked.php @@ -208,7 +208,7 @@ if ($savemsg) { <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/> <?php echo gettext("All blocked hosts will be saved."); ?> <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>" - onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/> + onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCEL to quit.");?>');"/> <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("all hosts will be removed."); ?> </td> </tr> @@ -260,8 +260,11 @@ if ($savemsg) { /* 0 1 2 3 4 5 6 7 8 9 10 */ /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,ip,port */ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { - if(count($fields) < 11) + if(count($fields) != 11) { + log_error("[suricata] ERROR: block.log entry failed to parse correctly with too many or not enough CSV entities, skipping this entry..."); + log_error("[suricata] Failed block.log entry fields are: " . print_r($fields, true)); continue; + } $fields[9] = inet_pton($fields[9]); if (isset($tmpblocked[$fields[9]])) { if (!is_array($src_ip_list[$fields[9]])) diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php index 3fe5de0d..040244b0 100644 --- a/config/suricata/suricata_define_vars.php +++ b/config/suricata/suricata_define_vars.php @@ -135,6 +135,9 @@ if ($_POST) { /* Soft-restart Suricaa to live-load new variables. */ suricata_reload_config($a_nat[$id]); + /* Sync to configured CARP slaves if any are enabled */ + suricata_sync_on_changes(); + /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index fa9edc16..53c4e010 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -319,6 +319,9 @@ elseif ($_POST['save'] || $_POST['apply']) { conf_mount_rw(); suricata_generate_yaml($natent); conf_mount_ro(); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php index ba13155b..4729109b 100644 --- a/config/suricata/suricata_migrate_config.php +++ b/config/suricata/suricata_migrate_config.php @@ -118,7 +118,7 @@ foreach ($rule as &$r) { /***********************************************************/ /* Add the new 'dns-events.rules' file to the rulesets. */ /***********************************************************/ - if (strpos("dns-events.rules", $pconfig['rulesets']) === FALSE) { + if (strpos($pconfig['rulesets'], "dns-events.rules") === FALSE) { $pconfig['rulesets'] = rtrim($pconfig['rulesets'], "||") . "||dns-events.rules"; $updated_cfg = true; } @@ -344,7 +344,7 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0"; + $config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.2"; log_error("[Suricata] Saving configuration settings in new format..."); write_config("Suricata pkg: migrate existing settings to new format during package upgrade."); log_error("[Suricata] Settings successfully migrated to new configuration format..."); diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 7c8d03a5..42f72eca 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -116,6 +116,46 @@ safe_mkdir(IPREP_PATH); if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); + + /****************************************************************/ + /* Do test and fix for duplicate UUIDs if this install was */ + /* impacted by the DUP (clone) bug that generated a duplicate */ + /* UUID for the cloned interface. Also fix any duplicate */ + /* entries in ['rulesets'] for "dns-events.rules". */ + /****************************************************************/ + if (count($config['installedpackages']['suricata']['rule']) > 0) { + $uuids = array(); + $suriconf = &$config['installedpackages']['suricata']['rule']; + foreach ($suriconf as &$suricatacfg) { + // Remove any duplicate ruleset names from earlier bug + $rulesets = explode("||", $suricatacfg['rulesets']); + $suricatacfg['rulesets'] = implode("||", array_keys(array_flip($rulesets))); + + // Now check for and fix a duplicate UUID + $if_real = get_real_interface($suricatacfg['interface']); + if (!isset($uuids[$suricatacfg['uuid']])) { + $uuids[$suricatacfg['uuid']] = $if_real; + continue; + } + else { + // Found a duplicate UUID, so generate a + // new one for the affected interface. + $old_uuid = $suricatacfg['uuid']; + $new_uuid = suricata_generate_id(); + if (file_exists("{$suricatalogdir}suricata_{$if_real}{$old_uuid}/")) + @rename("{$suricatalogdir}suricata_{$if_real}{$old_uuid}/", "{$suricatalogdir}suricata_{$if_real}{$new_uuid}/"); + $suricatacfg['uuid'] = $new_uuid; + $uuids[$new_uuid] = $if_real; + log_error(gettext("[Suricata] updated UUID for interface " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " from {$old_uuid} to {$new_uuid}.")); + } + } + write_config("Suricata pkg: updated interface UUIDs to eliminate duplicates."); + unset($uuids, $rulesets); + } + /****************************************************************/ + /* End of duplicate UUID and "dns-events.rules" bug fix. */ + /****************************************************************/ + /* Do one-time settings migration for new version configuration */ update_output_window(gettext("Please wait... migrating settings to new configuration...")); include('/usr/local/pkg/suricata/suricata_migrate_config.php'); @@ -198,7 +238,7 @@ if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettin conf_mount_ro(); // Update Suricata package version in configuration -$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0"; +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.2"; write_config("Suricata pkg: updated GUI package version number."); // Done with post-install, so clear flag diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index aa420371..539a1daf 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -375,6 +375,9 @@ elseif ($_POST['clear']) { conf_mount_ro(); $rebuild_rules = false; $pconfig['customrules'] = ''; + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } elseif ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); @@ -395,6 +398,9 @@ elseif ($_POST['save']) { /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); clear_subsystem_dirty('suricata_rules'); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } elseif ($_POST['apply']) { @@ -416,6 +422,9 @@ elseif ($_POST['apply']) { // We have saved changes and done a soft restart, so clear "dirty" flag clear_subsystem_dirty('suricata_rules'); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } include_once("head.inc"); @@ -632,7 +641,7 @@ if ($savemsg) { <tbody> <?php - $counter = $enable_cnt = $disable_cnt = $managed_count = 0; + $counter = $enable_cnt = $disable_cnt = $user_enable_cnt = $user_disable_cnt = $managed_count = 0; foreach ($rules_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { $sid = suricata_get_sid($v['rule']); @@ -660,6 +669,7 @@ if ($savemsg) { $textse = "</span>"; $iconb = "icon_reject_d.gif"; $disable_cnt++; + $user_disable_cnt++; $title = gettext("Disabled by user. Click to toggle to enabled state"); } elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) { @@ -673,6 +683,7 @@ if ($savemsg) { $textss = $textse = ""; $iconb = "icon_reject.gif"; $enable_cnt++; + $user_enable_cnt++; $title = gettext("Enabled by user. Click to toggle to disabled state"); } else { @@ -762,6 +773,8 @@ if ($savemsg) { gettext("Total Rules: {$counter}") . " " . gettext("Enabled: {$enable_cnt}") . " " . gettext("Disabled: {$disable_cnt}") . " " . + gettext("User Enabled: {$user_enable_cnt}") . " " . + gettext("User Disabled: {$user_disable_cnt}") . " " . gettext("Auto-Managed: {$managed_count}"); ?></td> </tr> <tr> diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php index ce32af20..7ea672b1 100644 --- a/config/suricata/suricata_rulesets.php +++ b/config/suricata/suricata_rulesets.php @@ -165,6 +165,9 @@ if ($_POST["save"]) { $enabled_rulesets_array = explode("||", $enabled_items); if (suricata_is_running($suricata_uuid, $if_real)) $savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface."); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } elseif ($_POST['unselectall']) { // Remove all but the default events and files rules diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php index c69a9fcd..2224e81a 100644 --- a/config/suricata/suricata_sid_mgmt.php +++ b/config/suricata/suricata_sid_mgmt.php @@ -188,6 +188,9 @@ if (isset($_POST['save_auto_sid_conf'])) { $intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", "; } $savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Suricata signaled to live-load the new rules."); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } } diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php index 2fd2deeb..80249724 100644 --- a/config/suricata/suricata_suppress.php +++ b/config/suricata/suricata_suppress.php @@ -94,15 +94,16 @@ function suricata_find_suppresslist_interface($supplist) { return false; } -if ($_GET['act'] == "del") { - if ($a_suppress[$_GET['id']]) { +if ($_POST['del'] && is_numericint($_POST['list_id'])) { + if ($a_suppress[$_POST['list_id']]) { // make sure list is not being referenced by any Suricata-configured interface - if (suricata_suppresslist_used($a_suppress[$_GET['id']]['name'])) { + if (suricata_suppresslist_used($a_suppress[$_POST['list_id']]['name'])) { $input_errors[] = gettext("ERROR -- Suppress List is currently assigned to an interface and cannot be removed!"); } else { - unset($a_suppress[$_GET['id']]); - write_config(); + unset($a_suppress[$_POST['list_id']]); + write_config("Suricata pkg: deleted SUPPRESS LIST."); + sync_suricata_package_config(); header("Location: /suricata/suricata_suppress.php"); exit; } @@ -126,6 +127,7 @@ if ($input_errors) { ?> <form action="/suricata/suricata_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?> +<input type="hidden" name="list_id" id="list_id" value=""/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr><td> @@ -189,10 +191,8 @@ if ($input_errors) { width="17" height="17" border="0" title="<?php echo gettext("Goto first instance associated with this Suppress List");?>"/></a> </td> <?php else : ?> - <td><a href="/suricata/suricata_suppress.php?act=del&id=<?=$i;?>" - onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img - src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" - width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td> + <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this Suppress List?");?>');" + src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete Suppress List");?>"/></td> <td> </td> <?php endif; ?> </tr> |