aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-02-19 22:34:27 -0500
committerbmeeks8 <bmeeks8@bellsouth.net>2014-02-19 22:34:27 -0500
commitb33b9a9d050bd5bc8247fc4c95ff7bde39d612f2 (patch)
tree04bcd4a8f0cb1520a71668dd011eba529a248186 /config/suricata
parent4b6a70ab6d1a3b50e29e4de5383bf69f867807b1 (diff)
downloadpfsense-packages-b33b9a9d050bd5bc8247fc4c95ff7bde39d612f2.tar.gz
pfsense-packages-b33b9a9d050bd5bc8247fc4c95ff7bde39d612f2.tar.bz2
pfsense-packages-b33b9a9d050bd5bc8247fc4c95ff7bde39d612f2.zip
Incorporate Ermal's comments into Suricata BETA pkg code.
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/README.md6
-rw-r--r--config/suricata/suricata.inc178
-rw-r--r--config/suricata/suricata_app_parsers.php59
-rw-r--r--config/suricata/suricata_define_vars.php46
-rw-r--r--config/suricata/suricata_download_updates.php215
-rw-r--r--config/suricata/suricata_flow_stream.php58
-rw-r--r--config/suricata/suricata_libhtp_policy_engine.php25
-rw-r--r--config/suricata/suricata_log_view.php86
-rw-r--r--config/suricata/suricata_os_policy_engine.php30
-rw-r--r--config/suricata/suricata_post_install.php13
-rw-r--r--config/suricata/suricata_uninstall.php67
11 files changed, 200 insertions, 583 deletions
diff --git a/config/suricata/README.md b/config/suricata/README.md
deleted file mode 100644
index 2ec1d9a3..00000000
--- a/config/suricata/README.md
+++ /dev/null
@@ -1,6 +0,0 @@
-pfsense-suricata
-================
-
-Suricata package port for pfSense
-
-This is a port of the Suricata package for pfSense 2.1 and higher. It is currently under development and is still considered BETA software. Use on production systems is not recommended.
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc
index 95b95711..b87e2f6a 100644
--- a/config/suricata/suricata.inc
+++ b/config/suricata/suricata.inc
@@ -29,6 +29,7 @@
require_once("pfsense-utils.inc");
require_once("config.inc");
require_once("functions.inc");
+require_once("services.inc");
require_once("service-utils.inc");
require_once("pkg-utils.inc");
require_once("filter.inc");
@@ -74,7 +75,7 @@ function suricata_generate_id() {
function suricata_is_running($suricata_uuid, $if_real, $type = 'suricata') {
global $config, $g;
- if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid"))
+ if (isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid"))
return 'yes';
else
return 'no';
@@ -84,9 +85,9 @@ function suricata_barnyard_stop($suricatacfg, $if_real) {
global $config, $g;
$suricata_uuid = $suricatacfg['uuid'];
- if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) {
log_error("[Suricata] Barnyard2 STOP for {$suricatacfg['descr']}({$if_real})...");
- exec("/bin/pkill -TERM -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid");
+ killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid");
}
}
@@ -94,14 +95,15 @@ function suricata_stop($suricatacfg, $if_real) {
global $config, $g;
$suricata_uuid = $suricatacfg['uuid'];
- if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) {
log_error("[Suricata] Suricata STOP for {$suricatacfg['descr']}({$if_real})...");
- exec("/bin/pkill -TERM -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid");
- sleep(1);
- }
- if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"))
- exec("/bin/pkill -TERM -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid");
+ killbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid");
+ sleep(2);
+ // For some reason Suricata seems to need a double TERM signal to actually shutdown
+ if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"))
+ killbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid");
+ }
// Stop Barnyard2 on the interface if running
suricata_barnyard_stop($suricatacfg, $if_real);
}
@@ -158,9 +160,10 @@ function suricata_reload_config($suricatacfg, $signal="USR2") {
/* Only send the SIGUSR2 if Suricata is running and */
/* we can find a valid PID for the process. */
/******************************************************/
- if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) {
log_error("[Suricata] Suricata LIVE RULE RELOAD initiated for {$suricatacfg['descr']} ({$if_real})...");
- exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid 2>&1 &");
+ sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", $signal);
+// exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid 2>&1 &");
}
}
@@ -186,63 +189,34 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") {
/* Only send the SIGHUP if Barnyard2 is running and */
/* we can find a valid PID for the process. */
/******************************************************/
- if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) {
+ if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) {
log_error("[Suricata] Barnyard2 CONFIG RELOAD initiated for {$suricatacfg['descr']} ({$if_real})...");
- exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid 2>&1 &");
+ sigkillbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid", $signal);
+// exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid 2>&1 &");
}
}
function suricata_get_friendly_interface($interface) {
- if (function_exists('convert_friendly_interface_to_friendly_descr'))
- $iface = convert_friendly_interface_to_friendly_descr($interface);
- else {
- if (!$interface || ($interface == "wan"))
- $iface = "WAN";
- else if(strtolower($interface) == "lan")
- $iface = "LAN";
- else if(strtolower($interface) == "pppoe")
- $iface = "PPPoE";
- else if(strtolower($interface) == "pptp")
- $iface = "PPTP";
- else
- $iface = strtoupper($interface);
- }
-
- return $iface;
+ // Pass this directly to the system for now.
+ // Later, this wrapper will be removed and all
+ // the Suricata code changed to use the system call.
+ return convert_friendly_interface_to_friendly_descr($interface);
}
function suricata_get_real_interface($interface) {
- global $config;
-
- $lc_interface = strtolower($interface);
- if (function_exists('get_real_interface'))
- return get_real_interface($lc_interface);
- else {
- if ($lc_interface == "lan") {
- if ($config['inerfaces']['lan'])
- return $config['interfaces']['lan']['if'];
- return $interface;
- }
- if ($lc_interface == "wan")
- return $config['interfaces']['wan']['if'];
- $ifdescrs = array();
- for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
- $ifname = "opt{$j}";
- if(strtolower($ifname) == $lc_interface)
- return $config['interfaces'][$ifname]['if'];
- if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface))
- return $config['interfaces'][$ifname]['if'];
- }
- }
- return $interface;
+ // Pass this directly to the system for now.
+ // Later, this wrapper will be removed and all
+ // the Suricata code changed to use the system call.
+ return get_real_interface($interface);
}
function suricata_get_blocked_ips() {
+ // This is a placeholder function for later use.
+ // Blocking is not currently enabled in Suricata.
return array();
-
}
/* func builds custom white lists */
@@ -451,18 +425,9 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
function suricata_rules_up_install_cron($should_install) {
global $config, $g;
- if(!$config['cron']['item'])
- $config['cron']['item'] = array();
+ $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php";
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], "suricata_check_for_rule_updates.php")) {
- $is_installed = true;
- break;
- }
- $x++;
- }
+ // Get auto-rule update parameter from configuration
$suricata_rules_up_info_ck = $config['installedpackages']['suricata']['config'][0]['autoruleupdate'];
// See if a customized start time has been set for rule file updates
@@ -525,65 +490,14 @@ function suricata_rules_up_install_cron($should_install) {
$suricata_rules_up_month = "*";
$suricata_rules_up_wday = "*";
}
- switch($should_install) {
- case true:
- $cron_item = array();
- $cron_item['minute'] = $suricata_rules_up_min;
- $cron_item['hour'] = $suricata_rules_up_hr;
- $cron_item['mday'] = $suricata_rules_up_mday;
- $cron_item['month'] = $suricata_rules_up_month;
- $cron_item['wday'] = $suricata_rules_up_wday;
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php";
-
- // Add cron job if not already installed, else just update the existing one
- if (!$is_installed)
- $config['cron']['item'][] = $cron_item;
- elseif ($is_installed)
- $config['cron']['item'][$x] = $cron_item;
- break;
- case false:
- if($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
- }
+
+ // System call to manage the cron job.
+ install_cron_job($command, $should_install, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root");
}
function suricata_loglimit_install_cron($should_install) {
- global $config, $g;
-
- if (!is_array($config['cron']['item']))
- $config['cron']['item'] = array();
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], 'suricata_check_cron_misc.inc')) {
- $is_installed = true;
- break;
- }
- $x++;
- }
-
- switch($should_install) {
- case true:
- if(!$is_installed) {
- $cron_item = array();
- $cron_item['minute'] = "*/5";
- $cron_item['hour'] = "*";
- $cron_item['mday'] = "*";
- $cron_item['month'] = "*";
- $cron_item['wday'] = "*";
- $cron_item['who'] = "root";
- $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc";
- $config['cron']['item'][] = $cron_item;
- }
- break;
- case false:
- if($is_installed == true)
- unset($config['cron']['item'][$x]);
- break;
- }
+ install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", $should_install, "*/5");
}
function sync_suricata_package_config() {
@@ -617,13 +531,9 @@ function sync_suricata_package_config() {
suricata_create_rc();
$suricataglob = $config['installedpackages']['suricata']['config'][0];
-
+ // setup the log directory size check job if enabled
suricata_loglimit_install_cron($suricataglob['suricataloglimit'] == 'on' ? true : false);
-
- // set the suricata block hosts time IMPORTANT
-// suricata_rm_blocked_install_cron($suricataglob['rm_blocked'] != "never_b" ? true : false);
-
- // set the suricata rules update time
+ // setup the suricata rules update job if enabled
suricata_rules_up_install_cron($suricataglob['autoruleupdate'] != "never_up" ? true : false);
write_config();
@@ -781,6 +691,7 @@ function suricata_post_delete_logs($suricata_uuid = 0) {
unset($filelist[count($filelist) - 1]);
foreach ($filelist as $file)
@unlink($file);
+ unset($filelist);
}
}
}
@@ -1946,11 +1857,9 @@ esac
EOD;
// Write out the suricata.sh script file
- if (!@file_put_contents("{$rcdir}/suricata.sh", $suricata_sh_text)) {
- log_error("Could not open {$rcdir}/suricata.sh for writing.");
- return;
- }
+ @file_put_contents("{$rcdir}/suricata.sh", $suricata_sh_text);
@chmod("{$rcdir}/suricata.sh", 0755);
+ unset($suricata_sh_text);
}
function suricata_generate_barnyard2_conf($suricatacfg, $if_real) {
@@ -2051,6 +1960,7 @@ EOD;
/* Write out barnyard2_conf text string to disk */
@file_put_contents("{$suricatadir}/barnyard2.conf", $barnyard2_conf_text);
+ unset($barnyard2_conf_text);
}
function suricata_generate_yaml($suricatacfg) {
@@ -2096,14 +2006,8 @@ function suricata_generate_yaml($suricatacfg) {
include("/usr/local/pkg/suricata/suricata_yaml_template.inc");
// Now write out the conf file using $suricata_conf_text contents
- $conf = fopen("{$suricatacfgdir}/suricata.yaml", "w");
- if(!$conf) {
- log_error("Could not open {$suricatacfgdir}/suricata.yaml for writing.");
- return -1;
- }
- fwrite($conf, $suricata_conf_text);
- fclose($conf);
-
+ @file_put_contents("{$suricatacfgdir}/suricata.yaml", $suricata_conf_text);
+ unset($suricata_conf_text);
conf_mount_ro();
}
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index def78f94..bf6650cd 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -282,56 +282,19 @@ include_once("head.inc");
</td></tr></table>
</form>
<script type="text/javascript">
-<?php
- $isfirst = 0;
- $aliases = "";
- $addrisfirst = 0;
- $portisfirst = 0;
- $aliasesaddr = "";
- $aliasesports = "";
- if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
- foreach($config['aliases']['alias'] as $alias_name) {
- if ($alias_name['type'] == "host" || $alias_name['type'] == "network") {
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
- if($addrisfirst == 1) $aliasesaddr .= ",";
- $aliasesaddr .= "'" . $alias_name['name'] . "'";
- $addrisfirst = 1;
- } else if ($alias_name['type'] == "port") {
- if($portisfirst == 1) $aliasesports .= ",";
- $aliasesports .= "'" . $alias_name['name'] . "'";
- $portisfirst = 1;
- }
- }
-?>
-
- var addressarray=new Array(<?php echo $aliasesaddr; ?>);
- var portsarray=new Array(<?php echo $aliasesports; ?>);
-
-function createAutoSuggest() {
-<?php
- echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n";
-?>
-}
-
-setTimeout("createAutoSuggest();", 500);
-
function wopen(url, name, w, h)
{
-// Fudge factors for window decoration space.
-// In my tests these work well on all platforms & browsers.
- w += 32;
- h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
+ // Fudge factors for window decoration space.
+ // In my tests these work well on all platforms & browsers.
+ w += 32;
+ h += 96;
+ var win = window.open(url,
+ name,
+ 'width=' + w + ', height=' + h + ', ' +
+ 'location=no, menubar=no, ' +
+ 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
+ win.resizeTo(w, h);
+ win.focus();
}
</script>
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index 05378477..c9ec2bcd 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -245,44 +245,22 @@ if ($savemsg)
</table>
</form>
<script type="text/javascript">
-<?php
- $isfirst = 0;
- $aliases = "";
- $addrisfirst = 0;
- $portisfirst = 0;
- $aliasesaddr = "";
- $aliasesports = "";
- if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
- foreach($config['aliases']['alias'] as $alias_name) {
- if ($alias_name['type'] == "host" || $alias_name['type'] == "network") {
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
- if($addrisfirst == 1) $aliasesaddr .= ",";
- $aliasesaddr .= "'" . $alias_name['name'] . "'";
- $addrisfirst = 1;
- } else if ($alias_name['type'] == "port") {
- if($portisfirst == 1) $aliasesports .= ",";
- $aliasesports .= "'" . $alias_name['name'] . "'";
- $portisfirst = 1;
- }
- }
-?>
-
- var addressarray=new Array(<?php echo $aliasesaddr; ?>);
- var portsarray=new Array(<?php echo $aliasesports; ?>);
+//<![CDATA[
+ var addressarray = <?= json_encode(get_alias_list(array("host", "network"))) ?>;
+ var portsarray = <?= json_encode(get_alias_list("port")) ?>;
-function createAutoSuggest() {
-<?php
- foreach ($suricata_servers as $key => $server)
- echo "objAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(addressarray));\n";
- foreach ($suricata_ports as $key => $server)
- echo "pobjAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(portsarray));\n";
-?>
-}
+ function createAutoSuggest() {
+ <?php
+ foreach ($suricata_servers as $key => $server)
+ echo " var objAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(addressarray));\n";
+ foreach ($suricata_ports as $key => $server)
+ echo "var pobjAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(portsarray));\n";
+ ?>
+ }
setTimeout("createAutoSuggest();", 500);
+//]]>
</script>
<?php include("fend.inc"); ?>
diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php
index 8ff30e9b..ecfd5f8b 100644
--- a/config/suricata/suricata_download_updates.php
+++ b/config/suricata/suricata_download_updates.php
@@ -34,7 +34,6 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
/* Define some locally required variables from Suricata constants */
$suricatadir = SURICATADIR;
$suricata_rules_upd_log = RULES_UPD_LOGFILE;
-$log = $suricata_rules_upd_log;
/* load only javascript that is needed */
$suricata_load_jquery = 'yes';
@@ -56,7 +55,7 @@ else {
$et_name = "EMERGING THREATS RULES";
}
-/* quick md5s chk */
+/* quick md5 chk of downloaded rules */
$snort_org_sig_chk_local = 'N/A';
if (file_exists("{$suricatadir}{$snort_rules_file}.md5"))
$snort_org_sig_chk_local = file_get_contents("{$suricatadir}{$snort_rules_file}.md5");
@@ -70,48 +69,45 @@ if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5"))
$snort_community_sig_chk_local = file_get_contents("{$suricatadir}{$snort_community_rules_filename}.md5");
/* Check for postback to see if we should clear the update log file. */
-if (isset($_POST['clear'])) {
+if ($_POST['clear']) {
if (file_exists("{$suricata_rules_upd_log}"))
mwexec("/bin/rm -f {$suricata_rules_upd_log}");
}
-if (isset($_POST['update'])) {
+if ($_POST['update']) {
header("Location: /suricata/suricata_download_rules.php");
exit;
}
/* check for logfile */
-$suricata_rules_upd_log_chk = 'no';
if (file_exists("{$suricata_rules_upd_log}"))
$suricata_rules_upd_log_chk = 'yes';
+else
+ $suricata_rules_upd_log_chk = 'no';
-$pgtitle = gettext("Suricata: Rule Updates");
+if ($_POST['view']&& $suricata_rules_upd_log_chk == 'yes') {
+ $contents = @file_get_contents($suricata_rules_upd_log);
+ if (empty($contents))
+ $input_errors[] = gettext("Unable to read log file: {$suricata_rules_upd_log}");
+}
+
+$pgtitle = gettext("Suricata: Update Rules Set Files");
include_once("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000">
<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<script language="javascript" type="text/javascript">
-function wopen(url, name, w, h)
-{
-// Fudge factors for window decoration space.
-// In my tests these work well on all platforms & browsers.
-w += 32;
-h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
-
+<?php
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors);
+ }
+
+ if ($savemsg) {
+ print_info_box($savemsg);
+ }
+?>
<form action="suricata_download_updates.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
@@ -128,111 +124,94 @@ h += 96;
?>
</td></tr>
<tr>
- <td>
+ <td>
<div id="mainarea">
<table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr align="center">
- <td>
- <br/>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURES");?></td>
+ </tr>
+ <tr>
+ <td align="center"><br/>
+ <table width="100%" border="0" cellpadding="2" cellspacing="2">
<tr>
- <td id="download_rules_td" style="background-color: #eeeeee">
- <div height="32" width="725px" style="background-color: #eeeeee">
- <p style="text-align: left; margin-left: 225px;">
- <font color="#777777" size="2.5px">
- <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/>
- <font color="#FF850A" size="1px"><b><?=$et_name;?>&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br/>
- <font color="#FF850A" size="1px"><b>SNORT VRT RULES&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br/>
- <font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;--></b></font>
- <font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_community_sig_chk_local; ?></font><br/>
- </p>
- </div>
- </td>
+ <td align="right" class="vexpl"><b><?=$et_name;?>&nbsp;&nbsp;---></b></td>
+ <td class="vexpl"><? echo $emergingt_net_sig_chk_local; ?></td>
</tr>
- </table>
- <br/>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
<tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
- <p style="text-align: left; margin-left: 225px;">
- <font color='#777777' size='2.5px'><b><?php echo gettext("UPDATE YOUR RULESET"); ?></b></font><br/>
- <br/>
-
- <?php
-
- if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on') {
- echo '
- <button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/>
- <p style="text-align:left; margin-left:150px;">
- <font color="#fc3608" size="2px"><b>' . gettext("WARNING:") . '</b></font><font size="1px" color="#000000">&nbsp;&nbsp;' . gettext('No rule types have been selected for download. ') .
- gettext('Visit the ') . '<a href="/suricata/suricata_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br/>';
-
- echo '</p>' . "\n";
- } else {
-
- echo '
- <input type="submit" value="' . gettext("Update Rules") . '" name="update" id="Submit" class="formbtn" /><br/>' . "\n";
-
- }
-
- ?> <br/>
- </p>
- </div>
- </td>
+ <td align="right" class="vexpl"><b>SNORT VRT RULES&nbsp;&nbsp;---></b></td>
+ <td class="vexpl"><? echo $snort_org_sig_chk_local; ?></td>
</tr>
- </table>
- <br/>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'>
- <p style="text-align: left; margin-left: 225px;">
- <font color='#777777' size='2.5px'><b><?php echo gettext("VIEW UPDATE LOG"); ?></b></font><br/>
- <br>
- <?php
-
- if ($suricata_rules_upd_log_chk == 'yes') {
- echo "
- <button class=\"formbtn\" onclick=\"wopen('suricata_log_view.php?logfile={$log}', 'LogViewer', 800, 600)\"><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>";
- echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" value=\"Clear Log\" name=\"clear\" id=\"Submit\" class=\"formbtn\" />\n";
- }else{
- echo "
- <button disabled='disabled'><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>&nbsp;&nbsp;&nbsp;" . gettext("Log is empty.") . "\n";
- }
- echo '<br><br>' . gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded.");
- ?>
- <br/>
- </p>
- </div>
- </td>
+ <td align="right" class="vexpl"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;---></b></td>
+ <td class="vexpl"><? echo $snort_community_sig_chk_local; ?></td>
</tr>
- </table>
-
- <br/>
+ </table><br/>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("UPDATE YOUR RULE SET");?></td>
+ </tr>
+ <tr>
+ <td align="center">
+ <?php if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on'): ?>
+ <br/><button disabled="disabled"><?php echo gettext("Update Rules"); ?></button><br/>
+ <p style="text-align:left;">
+ <font color="red" size="2px"><b><?php echo gettext("WARNING:");?></b></font><font size="1px" color="#000000">&nbsp;&nbsp;
+ <?php echo gettext('No rule types have been selected for download. ') .
+ gettext('Visit the ') . '<a href="/suricata/suricata_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?>
+ </font><br/></p>
+ <?php else: ?>
+ <br/>
+ <input type="submit" value="<?php echo gettext(" Update "); ?>" name="update" id="submit" class="formbtn"
+ title="<?php echo gettext("Check for new updates to configured rulesets"); ?>"/><br/><br/>
+ <?php endif; ?>
+ </td>
+ </tr>
- <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0">
- <tr>
- <td id="download_rules_td" style='background-color: #eeeeee'>
- <div height="32" width="725px" style='background-color: #eeeeee'><span class="vexpl">
- <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
- &nbsp;&nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
- gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" .
- gettext(" will go down from time to time. Please be patient."); ?></span>
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("MANAGE RULE SET LOG");?></td>
+ </tr>
+ <tr>
+ <td align="center" valign="middle" class="vexpl">
+ <?php if ($suricata_rules_upd_log_chk == 'yes'): ?>
+ <br/>
+ <input type="submit" value="<?php echo gettext("View Log"); ?>" name="view" id="view" class="formbtn"
+ title="<?php echo gettext("View rules update log contents"); ?>"/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" value="<?php echo gettext("Clear Log"); ?>" name="clear" id="clear" class="formbtn"
+ title="<?php echo gettext("Clear rules update log contents"); ?>" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/>
+ <br/>
+ <?php else: ?>
+ <br/>
+ <button disabled='disabled'><?php echo gettext("View Log"); ?></button>&nbsp;&nbsp;&nbsp;<?php echo gettext("Log is empty."); ?><br/>
+ <?php endif; ?>
+ <br/><?php echo gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); ?><br/><br/>
+ </td>
+ </tr>
+ <?php if (!empty($contents)): ?>
+ <tr>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("RULE SET UPDATE LOG");?></td>
+ </tr>
+ <tr>
+ <td align="center">
+ <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
+ <textarea style="width:100%; height:100%;" readonly wrap="off" rows="24" cols="80" name="logtext"><?=$contents;?></textarea>
</div>
- </td>
- </tr>
- </table>
-
+ </td>
+ </tr>
+ <?php endif; ?>
+ <tr>
+ <td align="center">
+ <span class="vexpl"><br/><br/>
+ <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
+ &nbsp;&nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
+ gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" .
+ gettext(" will go down from time to time. Please be patient."); ?></span><br/>
</td>
</tr>
</table>
</div>
- <br>
- </td>
- </tr>
+ </td>
+</tr>
</table>
<!-- end of final table -->
</form>
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index 8db40a47..a994593c 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -622,56 +622,20 @@ include_once("head.inc");
</td></tr></table>
</form>
<script type="text/javascript">
-<?php
- $isfirst = 0;
- $aliases = "";
- $addrisfirst = 0;
- $portisfirst = 0;
- $aliasesaddr = "";
- $aliasesports = "";
- if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
- foreach($config['aliases']['alias'] as $alias_name) {
- if ($alias_name['type'] == "host" || $alias_name['type'] == "network") {
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
- if($addrisfirst == 1) $aliasesaddr .= ",";
- $aliasesaddr .= "'" . $alias_name['name'] . "'";
- $addrisfirst = 1;
- } else if ($alias_name['type'] == "port") {
- if($portisfirst == 1) $aliasesports .= ",";
- $aliasesports .= "'" . $alias_name['name'] . "'";
- $portisfirst = 1;
- }
- }
-?>
-
- var addressarray=new Array(<?php echo $aliasesaddr; ?>);
- var portsarray=new Array(<?php echo $aliasesports; ?>);
-
-function createAutoSuggest() {
-<?php
- echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n";
- echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n";
-?>
-}
-
-setTimeout("createAutoSuggest();", 500);
function wopen(url, name, w, h)
{
-// Fudge factors for window decoration space.
-// In my tests these work well on all platforms & browsers.
- w += 32;
- h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
+ // Fudge factors for window decoration space.
+ // In my tests these work well on all platforms & browsers.
+ w += 32;
+ h += 96;
+ var win = window.open(url,
+ name,
+ 'width=' + w + ', height=' + h + ', ' +
+ 'location=no, menubar=no, ' +
+ 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
+ win.resizeTo(w, h);
+ win.focus();
}
</script>
diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php
index a1f6a77c..6b710e85 100644
--- a/config/suricata/suricata_libhtp_policy_engine.php
+++ b/config/suricata/suricata_libhtp_policy_engine.php
@@ -296,29 +296,14 @@ if ($savemsg)
<script type="text/javascript" src="/javascript/autosuggest.js">
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
-
-<?php
- $isfirst = 0;
- $aliases = "";
- $addrisfirst = 0;
- $aliasesaddr = "";
- if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
- foreach($config['aliases']['alias'] as $alias_name) {
- if ($alias_name['type'] != "host" && $alias_name['type'] != "network")
- continue;
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
- if($addrisfirst == 1) $aliasesaddr .= ",";
- $aliasesaddr .= "'" . $alias_name['name'] . "'";
- $addrisfirst = 1;
- }
-?>
- var addressarray=new Array(<?php echo $aliasesaddr; ?>);
+</script>
+<script type="text/javascript">
+//<![CDATA[
+var addressarray = <?= json_encode(get_alias_list(array("host", "network"))) ?>;
function createAutoSuggest() {
<?php
- echo "objAlias = new AutoSuggestControl(document.getElementById('frag3_bind_to'), new StateSuggestions(addressarray));\n";
+ echo "\tvar objAlias = new AutoSuggestControl(document.getElementById('policy_bind_to'), new StateSuggestions(addressarray));\n";
?>
}
diff --git a/config/suricata/suricata_log_view.php b/config/suricata/suricata_log_view.php
deleted file mode 100644
index 41a7225e..00000000
--- a/config/suricata/suricata_log_view.php
+++ /dev/null
@@ -1,86 +0,0 @@
-<?php
-/*
- * suricata_log_view.php
- *
- * Copyright (C) 2014 Bill Meeks
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
-
-$contents = '';
-
-// Read the contents of the argument passed to us.
-// Is it a fully qualified path and file?
-$logfile = htmlspecialchars($_GET['logfile'], ENT_QUOTES | ENT_HTML401);
-if (file_exists($logfile))
- if (substr(realpath($logfile), 0, strlen(SURICATALOGDIR)) != SURICATALOGDIR)
- $contents = gettext("\n\nERROR -- File: {$logfile} can not be viewed!");
- else
- $contents = file_get_contents($logfile);
-// It is not something we can display, so print an error.
-else
- $contents = gettext("\n\nERROR -- File: {$logfile} not found!");
-
-$pgtitle = array(gettext("Suricata"), gettext("Log File Viewer"));
-?>
-
-<?php include("head.inc");?>
-
-<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php // include("fbegin.inc");?>
-
-<form action="suricata_log_view.php" method="post">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
- <td class="tabcont">
- <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
- <tr>
- <td class="pgtitle" colspan="2">Suricata: Log File Viewer</td>
- </tr>
- <tr>
- <td align="left" width="20%">
- <input type="button" class="formbtn" value="Return" onclick="window.close()">
- </td>
- <td align="right">
- <b><?php echo gettext("Log File: ") . '</b>&nbsp;' . $_GET['logfile']; ?>&nbsp;&nbsp;&nbsp;&nbsp;
- </td>
- </tr>
- <tr>
- <td colspan="2" valign="top" class="label">
- <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
- <textarea style="width:100%; height:100%;" readonly wrap="off" rows="33" cols="80" name="code2"><?=$contents;?></textarea>
- </div>
- </td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
-</form>
-<?php // include("fend.inc");?>
-</body>
-</html>
diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php
index 5c0ebbc1..ed673006 100644
--- a/config/suricata/suricata_os_policy_engine.php
+++ b/config/suricata/suricata_os_policy_engine.php
@@ -242,33 +242,19 @@ if ($savemsg)
<script type="text/javascript" src="/javascript/autosuggest.js">
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
-
-<?php
- $isfirst = 0;
- $aliases = "";
- $addrisfirst = 0;
- $aliasesaddr = "";
- if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
- foreach($config['aliases']['alias'] as $alias_name) {
- if ($alias_name['type'] != "host" && $alias_name['type'] != "network")
- continue;
- // Skip any Aliases that resolve to an empty string
- if (trim(filter_expand_alias($alias_name['name'])) == "")
- continue;
- if($addrisfirst == 1) $aliasesaddr .= ",";
- $aliasesaddr .= "'" . $alias_name['name'] . "'";
- $addrisfirst = 1;
- }
-?>
- var addressarray=new Array(<?php echo $aliasesaddr; ?>);
+</script>
+<script type="text/javascript">
+//<![CDATA[
+ var addressarray = <?= json_encode(get_alias_list(array("host", "network"))) ?>;
function createAutoSuggest() {
-<?php
- echo "objAlias = new AutoSuggestControl(document.getElementById('frag3_bind_to'), new StateSuggestions(addressarray));\n";
-?>
+ <?php
+ echo "\tvar objAlias = new AutoSuggestControl(document.getElementById('policy_bind_to'), new StateSuggestions(addressarray));\n";
+ ?>
}
setTimeout("createAutoSuggest();", 500);
+//]]>
</script>
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 0d6f553e..653f47fd 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -47,14 +47,14 @@ $rcdir = RCFILEPREFIX;
// Hard kill any running Suricata process that may have been started by any
// of the pfSense scripts such as check_reload_status() or rc.start_packages
if(is_process_running("suricata")) {
- exec("/usr/bin/killall -z suricata");
+ killbyname("suricata");
sleep(2);
// Delete any leftover suricata PID files in /var/run
array_map('@unlink', glob("/var/run/suricata_*.pid"));
}
// Hard kill any running Barnyard2 processes
if(is_process_running("barnyard")) {
- exec("/usr/bin/killall -z barnyard2");
+ killbyname("barnyard2");
sleep(2);
// Delete any leftover barnyard2 PID files in /var/run
array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
@@ -63,13 +63,6 @@ if(is_process_running("barnyard")) {
// Set flag for post-install in progress
$g['suricata_postinstall'] = true;
-// Fix up the sample filenames from a PBI package install
-//$sample_files = array("classification.config", "reference.config", "suricata.yaml");
-//foreach ($sample_files as $file) {
-// if (file_exists("{$suricatadir}{$file}-sample"))
-// @rename("{$suricatadir}{$file}-sample", "{$suricatadir}{$file}");
-//}
-
// Remove any previously installed script since we rebuild it
@unlink("{$rcdir}/suricata.sh");
@@ -92,7 +85,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
// Create the suricata.yaml files for each enabled interface
$suriconf = $config['installedpackages']['suricata']['rule'];
foreach ($suriconf as $value) {
- $if_real = suricata_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
// create a suricata.yaml file for interface
suricata_generate_yaml($value);
diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php
index 808aefec..071a89a4 100644
--- a/config/suricata/suricata_uninstall.php
+++ b/config/suricata/suricata_uninstall.php
@@ -42,11 +42,8 @@ log_error(gettext("[Suricata] Suricata package uninstall in progress..."));
/* Log a message only if a running process is detected */
if (is_service_running("suricata"))
log_error(gettext("[Suricata] Suricata STOP for all interfaces..."));
-
-mwexec('/usr/bin/killall -z suricata', true);
-sleep(2);
-mwexec('/usr/bin/killall -9 suricata', true);
-sleep(2);
+killbyname("suricata");
+sleep(1);
// Delete any leftover suricata PID files in /var/run
array_map('@unlink', glob("/var/run/suricata_*.pid"));
@@ -55,11 +52,8 @@ array_map('@unlink', glob("/var/run/suricata_*.pid"));
/* Log a message only if a running process is detected */
if (is_service_running("barnyard2"))
log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces..."));
-
-mwexec('/usr/bin/killall -z barnyard2', true);
-sleep(2);
-mwexec('/usr/bin/killall -9 barnyard2', true);
-sleep(2);
+killbyname("barnyard2");
+sleep(1);
// Delete any leftover barnyard2 PID files in /var/run
array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
@@ -67,58 +61,21 @@ array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
/* Remove the suricata user and group */
mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true);
-/* Remove suricata cron entries Ugly code needs smoothness */
-if (!function_exists('suricata_deinstall_cron')) {
- function suricata_deinstall_cron($crontask) {
- global $config, $g;
-
- if(!is_array($config['cron']['item']))
- return;
-
- $x=0;
- $is_installed = false;
- foreach($config['cron']['item'] as $item) {
- if (strstr($item['command'], $crontask)) {
- $is_installed = true;
- break;
- }
- $x++;
- }
- if ($is_installed == true)
- unset($config['cron']['item'][$x]);
- }
-}
-
-/* Remove all the Suricata cron jobs. */
-suricata_deinstall_cron("suricata_check_for_rule_updates.php");
-suricata_deinstall_cron("suricata_check_cron_misc.inc");
-configure_cron();
-
-/**********************************************************/
-/* Test for existence of library backup tarballs in /tmp. */
-/* If these are present, then a package "delete" */
-/* operation is in progress and we need to wipe out the */
-/* configuration files. Otherwise we leave the binary- */
-/* side configuration intact since only a GUI files */
-/* deinstall and reinstall operation is in progress. */
-/* */
-/* XXX: hopefully a better method presents itself in */
-/* future versions of pfSense. */
-/**********************************************************/
-if (file_exists("/tmp/pkg_libs.tgz") || file_exists("/tmp/pkg_bins.tgz")) {
- log_error(gettext("[Suricata] Package deletion requested... removing all package files..."));
- mwexec("/bin/rm -f {$rcdir}/suricata.sh");
- mwexec("/bin/rm -rf /usr/local/etc/suricata");
- mwexec("/bin/rm -rf /usr/local/pkg/suricata");
- mwexec("/bin/rm -rf /usr/local/www/suricata");
-}
+/* Remove the Suricata cron jobs. */
+install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false);
+install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false);
+/* See if we are to keep Suricata log files on uninstall */
if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') {
log_error(gettext("[Suricata] Clearing all Suricata-related log files..."));
@unlink("{$suricata_rules_upd_log}");
mwexec("/bin/rm -rf {$suricatalogdir}");
}
+/* Remove the Suricata GUI app directories */
+@unlink("/usr/local/pkg/suricata");
+@unlink("/usr/local/www/suricata");
+
/* Keep this as a last step */
if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] != 'on') {
log_error(gettext("Not saving settings... all Suricata configuration info and logs deleted..."));