aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-09-09 14:37:15 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-09-09 14:37:15 -0300
commitb40de132a39680cd8d096e14d9f968adac3c82e0 (patch)
tree6d25fb1594a31c371686f5a2350ca89836cdfce8 /config/suricata
parent8a33d84b6e7d52e2e7dd414c03428ce6da0296a2 (diff)
parent942f82201a14aebc97f872aeddae893b9a1e0a55 (diff)
downloadpfsense-packages-b40de132a39680cd8d096e14d9f968adac3c82e0.tar.gz
pfsense-packages-b40de132a39680cd8d096e14d9f968adac3c82e0.tar.bz2
pfsense-packages-b40de132a39680cd8d096e14d9f968adac3c82e0.zip
Merge pull request #698 from bmeeks8/suricata-2.0.3-v2.0.2
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata.xml2
-rw-r--r--config/suricata/suricata_alerts.php6
-rw-r--r--config/suricata/suricata_app_parsers.php3
-rw-r--r--config/suricata/suricata_barnyard.php4
-rw-r--r--config/suricata/suricata_blocked.php7
-rw-r--r--config/suricata/suricata_define_vars.php3
-rw-r--r--config/suricata/suricata_flow_stream.php3
-rw-r--r--config/suricata/suricata_migrate_config.php4
-rw-r--r--config/suricata/suricata_post_install.php42
-rw-r--r--config/suricata/suricata_rules.php15
-rw-r--r--config/suricata/suricata_rulesets.php3
-rw-r--r--config/suricata/suricata_sid_mgmt.php3
-rw-r--r--config/suricata/suricata_suppress.php18
13 files changed, 95 insertions, 18 deletions
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index 43ad68fa..995ed900 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -42,7 +42,7 @@
<description>Suricata IDS/IPS Package</description>
<requirements>None</requirements>
<name>suricata</name>
- <version>2.0.3 pkg v2.0.1</version>
+ <version>2.0.3 pkg v2.0.2</version>
<title>Services: Suricata IDS</title>
<include_file>/usr/local/pkg/suricata/suricata.inc</include_file>
<menu>
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index eab2a1d5..57ccbe27 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -294,6 +294,9 @@ if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsu
if (suricata_add_supplist_entry($suppress)) {
suricata_reload_config($a_instance[$instanceid]);
$savemsg = $success;
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
sleep(2);
}
else
@@ -354,6 +357,9 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen
/* Signal Suricata to live-load the new rules */
suricata_reload_config($a_instance[$instanceid]);
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
sleep(2);
$savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules.");
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 16927092..51514ee5 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -420,6 +420,9 @@ elseif ($_POST['save'] || $_POST['apply']) {
conf_mount_rw();
suricata_generate_yaml($natent);
conf_mount_ro();
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index cd233b5e..987055fd 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -96,7 +96,7 @@ if ($_POST['save']) {
// Validate Sensor Name contains no spaces
if ($_POST['barnyard_enable'] == 'on') {
- if (!empty(trim($_POST['barnyard_sensor_name'])) && strpos(trim($_POST['barnyard_sensor_name']), " ") !== FALSE)
+ if (!empty($_POST['barnyard_sensor_name']) && strpos($_POST['barnyard_sensor_name'], " ") !== FALSE)
$input_errors[] = gettext("The value for 'Sensor Name' cannot contain spaces.");
}
@@ -153,7 +153,7 @@ if ($_POST['save']) {
$natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
if ($_POST['barnyard_sensor_id']) $natent['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; else $natent['barnyard_sensor_id'] = '0';
- if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = trim($_POST['barnyard_sensor_name']); else unset($natent['barnyard_sensor_name']);
+ if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']);
if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']);
if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']);
if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']);
diff --git a/config/suricata/suricata_blocked.php b/config/suricata/suricata_blocked.php
index c29d5745..842d4073 100644
--- a/config/suricata/suricata_blocked.php
+++ b/config/suricata/suricata_blocked.php
@@ -208,7 +208,7 @@ if ($savemsg) {
<input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/>
&nbsp;<?php echo gettext("All blocked hosts will be saved."); ?>&nbsp;&nbsp;
<input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>"
- onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/>&nbsp;
+ onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCEL to quit.");?>');"/>&nbsp;
<span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>&nbsp;<?php echo gettext("all hosts will be removed."); ?>
</td>
</tr>
@@ -260,8 +260,11 @@ if ($savemsg) {
/* 0 1 2 3 4 5 6 7 8 9 10 */
/* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,ip,port */
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 11)
+ if(count($fields) != 11) {
+ log_error("[suricata] ERROR: block.log entry failed to parse correctly with too many or not enough CSV entities, skipping this entry...");
+ log_error("[suricata] Failed block.log entry fields are: " . print_r($fields, true));
continue;
+ }
$fields[9] = inet_pton($fields[9]);
if (isset($tmpblocked[$fields[9]])) {
if (!is_array($src_ip_list[$fields[9]]))
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index 3fe5de0d..040244b0 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -135,6 +135,9 @@ if ($_POST) {
/* Soft-restart Suricaa to live-load new variables. */
suricata_reload_config($a_nat[$id]);
+ /* Sync to configured CARP slaves if any are enabled */
+ suricata_sync_on_changes();
+
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index fa9edc16..53c4e010 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -319,6 +319,9 @@ elseif ($_POST['save'] || $_POST['apply']) {
conf_mount_rw();
suricata_generate_yaml($natent);
conf_mount_ro();
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php
index ba13155b..4729109b 100644
--- a/config/suricata/suricata_migrate_config.php
+++ b/config/suricata/suricata_migrate_config.php
@@ -118,7 +118,7 @@ foreach ($rule as &$r) {
/***********************************************************/
/* Add the new 'dns-events.rules' file to the rulesets. */
/***********************************************************/
- if (strpos("dns-events.rules", $pconfig['rulesets']) === FALSE) {
+ if (strpos($pconfig['rulesets'], "dns-events.rules") === FALSE) {
$pconfig['rulesets'] = rtrim($pconfig['rulesets'], "||") . "||dns-events.rules";
$updated_cfg = true;
}
@@ -344,7 +344,7 @@ unset($r);
// Write out the new configuration to disk if we changed anything
if ($updated_cfg) {
- $config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0";
+ $config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.2";
log_error("[Suricata] Saving configuration settings in new format...");
write_config("Suricata pkg: migrate existing settings to new format during package upgrade.");
log_error("[Suricata] Settings successfully migrated to new configuration format...");
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 7c8d03a5..42f72eca 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -116,6 +116,46 @@ safe_mkdir(IPREP_PATH);
if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
update_status(gettext("Saved settings detected..."));
+
+ /****************************************************************/
+ /* Do test and fix for duplicate UUIDs if this install was */
+ /* impacted by the DUP (clone) bug that generated a duplicate */
+ /* UUID for the cloned interface. Also fix any duplicate */
+ /* entries in ['rulesets'] for "dns-events.rules". */
+ /****************************************************************/
+ if (count($config['installedpackages']['suricata']['rule']) > 0) {
+ $uuids = array();
+ $suriconf = &$config['installedpackages']['suricata']['rule'];
+ foreach ($suriconf as &$suricatacfg) {
+ // Remove any duplicate ruleset names from earlier bug
+ $rulesets = explode("||", $suricatacfg['rulesets']);
+ $suricatacfg['rulesets'] = implode("||", array_keys(array_flip($rulesets)));
+
+ // Now check for and fix a duplicate UUID
+ $if_real = get_real_interface($suricatacfg['interface']);
+ if (!isset($uuids[$suricatacfg['uuid']])) {
+ $uuids[$suricatacfg['uuid']] = $if_real;
+ continue;
+ }
+ else {
+ // Found a duplicate UUID, so generate a
+ // new one for the affected interface.
+ $old_uuid = $suricatacfg['uuid'];
+ $new_uuid = suricata_generate_id();
+ if (file_exists("{$suricatalogdir}suricata_{$if_real}{$old_uuid}/"))
+ @rename("{$suricatalogdir}suricata_{$if_real}{$old_uuid}/", "{$suricatalogdir}suricata_{$if_real}{$new_uuid}/");
+ $suricatacfg['uuid'] = $new_uuid;
+ $uuids[$new_uuid] = $if_real;
+ log_error(gettext("[Suricata] updated UUID for interface " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " from {$old_uuid} to {$new_uuid}."));
+ }
+ }
+ write_config("Suricata pkg: updated interface UUIDs to eliminate duplicates.");
+ unset($uuids, $rulesets);
+ }
+ /****************************************************************/
+ /* End of duplicate UUID and "dns-events.rules" bug fix. */
+ /****************************************************************/
+
/* Do one-time settings migration for new version configuration */
update_output_window(gettext("Please wait... migrating settings to new configuration..."));
include('/usr/local/pkg/suricata/suricata_migrate_config.php');
@@ -198,7 +238,7 @@ if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettin
conf_mount_ro();
// Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0";
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.2";
write_config("Suricata pkg: updated GUI package version number.");
// Done with post-install, so clear flag
diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index aa420371..539a1daf 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -375,6 +375,9 @@ elseif ($_POST['clear']) {
conf_mount_ro();
$rebuild_rules = false;
$pconfig['customrules'] = '';
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
elseif ($_POST['cancel']) {
$pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
@@ -395,6 +398,9 @@ elseif ($_POST['save']) {
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_rule[$id]);
clear_subsystem_dirty('suricata_rules');
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
elseif ($_POST['apply']) {
@@ -416,6 +422,9 @@ elseif ($_POST['apply']) {
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('suricata_rules');
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
include_once("head.inc");
@@ -632,7 +641,7 @@ if ($savemsg) {
<tbody>
<?php
- $counter = $enable_cnt = $disable_cnt = $managed_count = 0;
+ $counter = $enable_cnt = $disable_cnt = $user_enable_cnt = $user_disable_cnt = $managed_count = 0;
foreach ($rules_map as $k1 => $rulem) {
foreach ($rulem as $k2 => $v) {
$sid = suricata_get_sid($v['rule']);
@@ -660,6 +669,7 @@ if ($savemsg) {
$textse = "</span>";
$iconb = "icon_reject_d.gif";
$disable_cnt++;
+ $user_disable_cnt++;
$title = gettext("Disabled by user. Click to toggle to enabled state");
}
elseif (($v['disabled'] == 1) && (!isset($enablesid[$gid][$sid]))) {
@@ -673,6 +683,7 @@ if ($savemsg) {
$textss = $textse = "";
$iconb = "icon_reject.gif";
$enable_cnt++;
+ $user_enable_cnt++;
$title = gettext("Enabled by user. Click to toggle to disabled state");
}
else {
@@ -762,6 +773,8 @@ if ($savemsg) {
gettext("Total Rules: {$counter}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
gettext("Enabled: {$enable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
gettext("Disabled: {$disable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
+ gettext("User Enabled: {$user_enable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
+ gettext("User Disabled: {$user_disable_cnt}") . "&nbsp;&nbsp;&nbsp;&nbsp;" .
gettext("Auto-Managed: {$managed_count}"); ?></td>
</tr>
<tr>
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index ce32af20..7ea672b1 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -165,6 +165,9 @@ if ($_POST["save"]) {
$enabled_rulesets_array = explode("||", $enabled_items);
if (suricata_is_running($suricata_uuid, $if_real))
$savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface.");
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
elseif ($_POST['unselectall']) {
// Remove all but the default events and files rules
diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php
index c69a9fcd..2224e81a 100644
--- a/config/suricata/suricata_sid_mgmt.php
+++ b/config/suricata/suricata_sid_mgmt.php
@@ -188,6 +188,9 @@ if (isset($_POST['save_auto_sid_conf'])) {
$intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", ";
}
$savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Suricata signaled to live-load the new rules.");
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
}
diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php
index 2fd2deeb..80249724 100644
--- a/config/suricata/suricata_suppress.php
+++ b/config/suricata/suricata_suppress.php
@@ -94,15 +94,16 @@ function suricata_find_suppresslist_interface($supplist) {
return false;
}
-if ($_GET['act'] == "del") {
- if ($a_suppress[$_GET['id']]) {
+if ($_POST['del'] && is_numericint($_POST['list_id'])) {
+ if ($a_suppress[$_POST['list_id']]) {
// make sure list is not being referenced by any Suricata-configured interface
- if (suricata_suppresslist_used($a_suppress[$_GET['id']]['name'])) {
+ if (suricata_suppresslist_used($a_suppress[$_POST['list_id']]['name'])) {
$input_errors[] = gettext("ERROR -- Suppress List is currently assigned to an interface and cannot be removed!");
}
else {
- unset($a_suppress[$_GET['id']]);
- write_config();
+ unset($a_suppress[$_POST['list_id']]);
+ write_config("Suricata pkg: deleted SUPPRESS LIST.");
+ sync_suricata_package_config();
header("Location: /suricata/suricata_suppress.php");
exit;
}
@@ -126,6 +127,7 @@ if ($input_errors) {
?>
<form action="/suricata/suricata_suppress.php" method="post"><?php if ($savemsg) print_info_box($savemsg); ?>
+<input type="hidden" name="list_id" id="list_id" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr><td>
@@ -189,10 +191,8 @@ if ($input_errors) {
width="17" height="17" border="0" title="<?php echo gettext("Goto first instance associated with this Suppress List");?>"/></a>
</td>
<?php else : ?>
- <td><a href="/suricata/suricata_suppress.php?act=del&id=<?=$i;?>"
- onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img
- src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td>
+ <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this Suppress List?");?>');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete Suppress List");?>"/></td>
<td>&nbsp;</td>
<?php endif; ?>
</tr>