diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-02-19 22:34:27 -0500 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-02-19 22:34:27 -0500 |
commit | b33b9a9d050bd5bc8247fc4c95ff7bde39d612f2 (patch) | |
tree | 04bcd4a8f0cb1520a71668dd011eba529a248186 /config/suricata | |
parent | 4b6a70ab6d1a3b50e29e4de5383bf69f867807b1 (diff) | |
download | pfsense-packages-b33b9a9d050bd5bc8247fc4c95ff7bde39d612f2.tar.gz pfsense-packages-b33b9a9d050bd5bc8247fc4c95ff7bde39d612f2.tar.bz2 pfsense-packages-b33b9a9d050bd5bc8247fc4c95ff7bde39d612f2.zip |
Incorporate Ermal's comments into Suricata BETA pkg code.
Diffstat (limited to 'config/suricata')
-rw-r--r-- | config/suricata/README.md | 6 | ||||
-rw-r--r-- | config/suricata/suricata.inc | 178 | ||||
-rw-r--r-- | config/suricata/suricata_app_parsers.php | 59 | ||||
-rw-r--r-- | config/suricata/suricata_define_vars.php | 46 | ||||
-rw-r--r-- | config/suricata/suricata_download_updates.php | 215 | ||||
-rw-r--r-- | config/suricata/suricata_flow_stream.php | 58 | ||||
-rw-r--r-- | config/suricata/suricata_libhtp_policy_engine.php | 25 | ||||
-rw-r--r-- | config/suricata/suricata_log_view.php | 86 | ||||
-rw-r--r-- | config/suricata/suricata_os_policy_engine.php | 30 | ||||
-rw-r--r-- | config/suricata/suricata_post_install.php | 13 | ||||
-rw-r--r-- | config/suricata/suricata_uninstall.php | 67 |
11 files changed, 200 insertions, 583 deletions
diff --git a/config/suricata/README.md b/config/suricata/README.md deleted file mode 100644 index 2ec1d9a3..00000000 --- a/config/suricata/README.md +++ /dev/null @@ -1,6 +0,0 @@ -pfsense-suricata -================ - -Suricata package port for pfSense - -This is a port of the Suricata package for pfSense 2.1 and higher. It is currently under development and is still considered BETA software. Use on production systems is not recommended. diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index 95b95711..b87e2f6a 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -29,6 +29,7 @@ require_once("pfsense-utils.inc"); require_once("config.inc"); require_once("functions.inc"); +require_once("services.inc"); require_once("service-utils.inc"); require_once("pkg-utils.inc"); require_once("filter.inc"); @@ -74,7 +75,7 @@ function suricata_generate_id() { function suricata_is_running($suricata_uuid, $if_real, $type = 'suricata') { global $config, $g; - if (file_exists("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid")) + if (isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid")) return 'yes'; else return 'no'; @@ -84,9 +85,9 @@ function suricata_barnyard_stop($suricatacfg, $if_real) { global $config, $g; $suricata_uuid = $suricatacfg['uuid']; - if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) { + if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) { log_error("[Suricata] Barnyard2 STOP for {$suricatacfg['descr']}({$if_real})..."); - exec("/bin/pkill -TERM -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid"); + killbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid"); } } @@ -94,14 +95,15 @@ function suricata_stop($suricatacfg, $if_real) { global $config, $g; $suricata_uuid = $suricatacfg['uuid']; - if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) { + if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) { log_error("[Suricata] Suricata STOP for {$suricatacfg['descr']}({$if_real})..."); - exec("/bin/pkill -TERM -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); - sleep(1); - } - if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) - exec("/bin/pkill -TERM -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); + killbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); + sleep(2); + // For some reason Suricata seems to need a double TERM signal to actually shutdown + if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) + killbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"); + } // Stop Barnyard2 on the interface if running suricata_barnyard_stop($suricatacfg, $if_real); } @@ -158,9 +160,10 @@ function suricata_reload_config($suricatacfg, $signal="USR2") { /* Only send the SIGUSR2 if Suricata is running and */ /* we can find a valid PID for the process. */ /******************************************************/ - if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) { + if (isvalidpid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) { log_error("[Suricata] Suricata LIVE RULE RELOAD initiated for {$suricatacfg['descr']} ({$if_real})..."); - exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid 2>&1 &"); + sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", $signal); +// exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid 2>&1 &"); } } @@ -186,63 +189,34 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") { /* Only send the SIGHUP if Barnyard2 is running and */ /* we can find a valid PID for the process. */ /******************************************************/ - if (file_exists("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid") && isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) { + if (isvalidpid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid")) { log_error("[Suricata] Barnyard2 CONFIG RELOAD initiated for {$suricatacfg['descr']} ({$if_real})..."); - exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid 2>&1 &"); + sigkillbypid("{$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid", $signal); +// exec("/bin/pkill -{$signal} -F {$g['varrun_path']}/barnyard2_{$if_real}{$suricata_uuid}.pid 2>&1 &"); } } function suricata_get_friendly_interface($interface) { - if (function_exists('convert_friendly_interface_to_friendly_descr')) - $iface = convert_friendly_interface_to_friendly_descr($interface); - else { - if (!$interface || ($interface == "wan")) - $iface = "WAN"; - else if(strtolower($interface) == "lan") - $iface = "LAN"; - else if(strtolower($interface) == "pppoe") - $iface = "PPPoE"; - else if(strtolower($interface) == "pptp") - $iface = "PPTP"; - else - $iface = strtoupper($interface); - } - - return $iface; + // Pass this directly to the system for now. + // Later, this wrapper will be removed and all + // the Suricata code changed to use the system call. + return convert_friendly_interface_to_friendly_descr($interface); } function suricata_get_real_interface($interface) { - global $config; - - $lc_interface = strtolower($interface); - if (function_exists('get_real_interface')) - return get_real_interface($lc_interface); - else { - if ($lc_interface == "lan") { - if ($config['inerfaces']['lan']) - return $config['interfaces']['lan']['if']; - return $interface; - } - if ($lc_interface == "wan") - return $config['interfaces']['wan']['if']; - $ifdescrs = array(); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { - $ifname = "opt{$j}"; - if(strtolower($ifname) == $lc_interface) - return $config['interfaces'][$ifname]['if']; - if(isset($config['interfaces'][$ifname]['descr']) && (strtolower($config['interfaces'][$ifname]['descr']) == $lc_interface)) - return $config['interfaces'][$ifname]['if']; - } - } - return $interface; + // Pass this directly to the system for now. + // Later, this wrapper will be removed and all + // the Suricata code changed to use the system call. + return get_real_interface($interface); } function suricata_get_blocked_ips() { + // This is a placeholder function for later use. + // Blocking is not currently enabled in Suricata. return array(); - } /* func builds custom white lists */ @@ -451,18 +425,9 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { function suricata_rules_up_install_cron($should_install) { global $config, $g; - if(!$config['cron']['item']) - $config['cron']['item'] = array(); + $command = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php"; - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], "suricata_check_for_rule_updates.php")) { - $is_installed = true; - break; - } - $x++; - } + // Get auto-rule update parameter from configuration $suricata_rules_up_info_ck = $config['installedpackages']['suricata']['config'][0]['autoruleupdate']; // See if a customized start time has been set for rule file updates @@ -525,65 +490,14 @@ function suricata_rules_up_install_cron($should_install) { $suricata_rules_up_month = "*"; $suricata_rules_up_wday = "*"; } - switch($should_install) { - case true: - $cron_item = array(); - $cron_item['minute'] = $suricata_rules_up_min; - $cron_item['hour'] = $suricata_rules_up_hr; - $cron_item['mday'] = $suricata_rules_up_mday; - $cron_item['month'] = $suricata_rules_up_month; - $cron_item['wday'] = $suricata_rules_up_wday; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php"; - - // Add cron job if not already installed, else just update the existing one - if (!$is_installed) - $config['cron']['item'][] = $cron_item; - elseif ($is_installed) - $config['cron']['item'][$x] = $cron_item; - break; - case false: - if($is_installed == true) - unset($config['cron']['item'][$x]); - break; - } + + // System call to manage the cron job. + install_cron_job($command, $should_install, $suricata_rules_up_min, $suricata_rules_up_hr, $suricata_rules_up_mday, $suricata_rules_up_month, $suricata_rules_up_wday, "root"); } function suricata_loglimit_install_cron($should_install) { - global $config, $g; - - if (!is_array($config['cron']['item'])) - $config['cron']['item'] = array(); - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], 'suricata_check_cron_misc.inc')) { - $is_installed = true; - break; - } - $x++; - } - - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/5"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc"; - $config['cron']['item'][] = $cron_item; - } - break; - case false: - if($is_installed == true) - unset($config['cron']['item'][$x]); - break; - } + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", $should_install, "*/5"); } function sync_suricata_package_config() { @@ -617,13 +531,9 @@ function sync_suricata_package_config() { suricata_create_rc(); $suricataglob = $config['installedpackages']['suricata']['config'][0]; - + // setup the log directory size check job if enabled suricata_loglimit_install_cron($suricataglob['suricataloglimit'] == 'on' ? true : false); - - // set the suricata block hosts time IMPORTANT -// suricata_rm_blocked_install_cron($suricataglob['rm_blocked'] != "never_b" ? true : false); - - // set the suricata rules update time + // setup the suricata rules update job if enabled suricata_rules_up_install_cron($suricataglob['autoruleupdate'] != "never_up" ? true : false); write_config(); @@ -781,6 +691,7 @@ function suricata_post_delete_logs($suricata_uuid = 0) { unset($filelist[count($filelist) - 1]); foreach ($filelist as $file) @unlink($file); + unset($filelist); } } } @@ -1946,11 +1857,9 @@ esac EOD; // Write out the suricata.sh script file - if (!@file_put_contents("{$rcdir}/suricata.sh", $suricata_sh_text)) { - log_error("Could not open {$rcdir}/suricata.sh for writing."); - return; - } + @file_put_contents("{$rcdir}/suricata.sh", $suricata_sh_text); @chmod("{$rcdir}/suricata.sh", 0755); + unset($suricata_sh_text); } function suricata_generate_barnyard2_conf($suricatacfg, $if_real) { @@ -2051,6 +1960,7 @@ EOD; /* Write out barnyard2_conf text string to disk */ @file_put_contents("{$suricatadir}/barnyard2.conf", $barnyard2_conf_text); + unset($barnyard2_conf_text); } function suricata_generate_yaml($suricatacfg) { @@ -2096,14 +2006,8 @@ function suricata_generate_yaml($suricatacfg) { include("/usr/local/pkg/suricata/suricata_yaml_template.inc"); // Now write out the conf file using $suricata_conf_text contents - $conf = fopen("{$suricatacfgdir}/suricata.yaml", "w"); - if(!$conf) { - log_error("Could not open {$suricatacfgdir}/suricata.yaml for writing."); - return -1; - } - fwrite($conf, $suricata_conf_text); - fclose($conf); - + @file_put_contents("{$suricatacfgdir}/suricata.yaml", $suricata_conf_text); + unset($suricata_conf_text); conf_mount_ro(); } diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index def78f94..bf6650cd 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -282,56 +282,19 @@ include_once("head.inc"); </td></tr></table> </form> <script type="text/javascript"> -<?php - $isfirst = 0; - $aliases = ""; - $addrisfirst = 0; - $portisfirst = 0; - $aliasesaddr = ""; - $aliasesports = ""; - if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) - foreach($config['aliases']['alias'] as $alias_name) { - if ($alias_name['type'] == "host" || $alias_name['type'] == "network") { - // Skip any Aliases that resolve to an empty string - if (trim(filter_expand_alias($alias_name['name'])) == "") - continue; - if($addrisfirst == 1) $aliasesaddr .= ","; - $aliasesaddr .= "'" . $alias_name['name'] . "'"; - $addrisfirst = 1; - } else if ($alias_name['type'] == "port") { - if($portisfirst == 1) $aliasesports .= ","; - $aliasesports .= "'" . $alias_name['name'] . "'"; - $portisfirst = 1; - } - } -?> - - var addressarray=new Array(<?php echo $aliasesaddr; ?>); - var portsarray=new Array(<?php echo $aliasesports; ?>); - -function createAutoSuggest() { -<?php - echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n"; - echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n"; - echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n"; -?> -} - -setTimeout("createAutoSuggest();", 500); - function wopen(url, name, w, h) { -// Fudge factors for window decoration space. -// In my tests these work well on all platforms & browsers. - w += 32; - h += 96; - var win = window.open(url, - name, - 'width=' + w + ', height=' + h + ', ' + - 'location=no, menubar=no, ' + - 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); - win.resizeTo(w, h); - win.focus(); + // Fudge factors for window decoration space. + // In my tests these work well on all platforms & browsers. + w += 32; + h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); } </script> diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php index 05378477..c9ec2bcd 100644 --- a/config/suricata/suricata_define_vars.php +++ b/config/suricata/suricata_define_vars.php @@ -245,44 +245,22 @@ if ($savemsg) </table> </form> <script type="text/javascript"> -<?php - $isfirst = 0; - $aliases = ""; - $addrisfirst = 0; - $portisfirst = 0; - $aliasesaddr = ""; - $aliasesports = ""; - if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) - foreach($config['aliases']['alias'] as $alias_name) { - if ($alias_name['type'] == "host" || $alias_name['type'] == "network") { - // Skip any Aliases that resolve to an empty string - if (trim(filter_expand_alias($alias_name['name'])) == "") - continue; - if($addrisfirst == 1) $aliasesaddr .= ","; - $aliasesaddr .= "'" . $alias_name['name'] . "'"; - $addrisfirst = 1; - } else if ($alias_name['type'] == "port") { - if($portisfirst == 1) $aliasesports .= ","; - $aliasesports .= "'" . $alias_name['name'] . "'"; - $portisfirst = 1; - } - } -?> - - var addressarray=new Array(<?php echo $aliasesaddr; ?>); - var portsarray=new Array(<?php echo $aliasesports; ?>); +//<![CDATA[ + var addressarray = <?= json_encode(get_alias_list(array("host", "network"))) ?>; + var portsarray = <?= json_encode(get_alias_list("port")) ?>; -function createAutoSuggest() { -<?php - foreach ($suricata_servers as $key => $server) - echo "objAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(addressarray));\n"; - foreach ($suricata_ports as $key => $server) - echo "pobjAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(portsarray));\n"; -?> -} + function createAutoSuggest() { + <?php + foreach ($suricata_servers as $key => $server) + echo " var objAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(addressarray));\n"; + foreach ($suricata_ports as $key => $server) + echo "var pobjAlias{$key} = new AutoSuggestControl(document.getElementById('def_{$key}'), new StateSuggestions(portsarray));\n"; + ?> + } setTimeout("createAutoSuggest();", 500); +//]]> </script> <?php include("fend.inc"); ?> diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php index 8ff30e9b..ecfd5f8b 100644 --- a/config/suricata/suricata_download_updates.php +++ b/config/suricata/suricata_download_updates.php @@ -34,7 +34,6 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); /* Define some locally required variables from Suricata constants */ $suricatadir = SURICATADIR; $suricata_rules_upd_log = RULES_UPD_LOGFILE; -$log = $suricata_rules_upd_log; /* load only javascript that is needed */ $suricata_load_jquery = 'yes'; @@ -56,7 +55,7 @@ else { $et_name = "EMERGING THREATS RULES"; } -/* quick md5s chk */ +/* quick md5 chk of downloaded rules */ $snort_org_sig_chk_local = 'N/A'; if (file_exists("{$suricatadir}{$snort_rules_file}.md5")) $snort_org_sig_chk_local = file_get_contents("{$suricatadir}{$snort_rules_file}.md5"); @@ -70,48 +69,45 @@ if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5")) $snort_community_sig_chk_local = file_get_contents("{$suricatadir}{$snort_community_rules_filename}.md5"); /* Check for postback to see if we should clear the update log file. */ -if (isset($_POST['clear'])) { +if ($_POST['clear']) { if (file_exists("{$suricata_rules_upd_log}")) mwexec("/bin/rm -f {$suricata_rules_upd_log}"); } -if (isset($_POST['update'])) { +if ($_POST['update']) { header("Location: /suricata/suricata_download_rules.php"); exit; } /* check for logfile */ -$suricata_rules_upd_log_chk = 'no'; if (file_exists("{$suricata_rules_upd_log}")) $suricata_rules_upd_log_chk = 'yes'; +else + $suricata_rules_upd_log_chk = 'no'; -$pgtitle = gettext("Suricata: Rule Updates"); +if ($_POST['view']&& $suricata_rules_upd_log_chk == 'yes') { + $contents = @file_get_contents($suricata_rules_upd_log); + if (empty($contents)) + $input_errors[] = gettext("Unable to read log file: {$suricata_rules_upd_log}"); +} + +$pgtitle = gettext("Suricata: Update Rules Set Files"); include_once("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000"> <?php include("fbegin.inc"); ?> -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<script language="javascript" type="text/javascript"> -function wopen(url, name, w, h) -{ -// Fudge factors for window decoration space. -// In my tests these work well on all platforms & browsers. -w += 32; -h += 96; - var win = window.open(url, - name, - 'width=' + w + ', height=' + h + ', ' + - 'location=no, menubar=no, ' + - 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); - win.resizeTo(w, h); - win.focus(); -} - -</script> - +<?php + /* Display Alert message */ + if ($input_errors) { + print_input_errors($input_errors); + } + + if ($savemsg) { + print_info_box($savemsg); + } +?> <form action="suricata_download_updates.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -128,111 +124,94 @@ h += 96; ?> </td></tr> <tr> - <td> + <td> <div id="mainarea"> <table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr align="center"> - <td> - <br/> - <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURES");?></td> + </tr> + <tr> + <td align="center"><br/> + <table width="100%" border="0" cellpadding="2" cellspacing="2"> <tr> - <td id="download_rules_td" style="background-color: #eeeeee"> - <div height="32" width="725px" style="background-color: #eeeeee"> - <p style="text-align: left; margin-left: 225px;"> - <font color="#777777" size="2.5px"> - <b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/> - <font color="#FF850A" size="1px"><b><?=$et_name;?> --></b></font> - <font size="1px" color="#000000"> <? echo $emergingt_net_sig_chk_local; ?></font><br/> - <font color="#FF850A" size="1px"><b>SNORT VRT RULES --></b></font> - <font size="1px" color="#000000"> <? echo $snort_org_sig_chk_local; ?></font><br/> - <font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES --></b></font> - <font size="1px" color="#000000"> <? echo $snort_community_sig_chk_local; ?></font><br/> - </p> - </div> - </td> + <td align="right" class="vexpl"><b><?=$et_name;?> ---></b></td> + <td class="vexpl"><? echo $emergingt_net_sig_chk_local; ?></td> </tr> - </table> - <br/> - <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - <p style="text-align: left; margin-left: 225px;"> - <font color='#777777' size='2.5px'><b><?php echo gettext("UPDATE YOUR RULESET"); ?></b></font><br/> - <br/> - - <?php - - if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on') { - echo ' - <button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/> - <p style="text-align:left; margin-left:150px;"> - <font color="#fc3608" size="2px"><b>' . gettext("WARNING:") . '</b></font><font size="1px" color="#000000"> ' . gettext('No rule types have been selected for download. ') . - gettext('Visit the ') . '<a href="/suricata/suricata_global.php">Global Settings Tab</a>' . gettext(' to select rule types.') . '</font><br/>'; - - echo '</p>' . "\n"; - } else { - - echo ' - <input type="submit" value="' . gettext("Update Rules") . '" name="update" id="Submit" class="formbtn" /><br/>' . "\n"; - - } - - ?> <br/> - </p> - </div> - </td> + <td align="right" class="vexpl"><b>SNORT VRT RULES ---></b></td> + <td class="vexpl"><? echo $snort_org_sig_chk_local; ?></td> </tr> - </table> - <br/> - <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'> - <p style="text-align: left; margin-left: 225px;"> - <font color='#777777' size='2.5px'><b><?php echo gettext("VIEW UPDATE LOG"); ?></b></font><br/> - <br> - <?php - - if ($suricata_rules_upd_log_chk == 'yes') { - echo " - <button class=\"formbtn\" onclick=\"wopen('suricata_log_view.php?logfile={$log}', 'LogViewer', 800, 600)\"><span class='pwhitetxt'>" . gettext("View Log") . "</span></button>"; - echo " <input type=\"submit\" value=\"Clear Log\" name=\"clear\" id=\"Submit\" class=\"formbtn\" />\n"; - }else{ - echo " - <button disabled='disabled'><span class='pwhitetxt'>" . gettext("View Log") . "</span></button> " . gettext("Log is empty.") . "\n"; - } - echo '<br><br>' . gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); - ?> - <br/> - </p> - </div> - </td> + <td align="right" class="vexpl"><b>SNORT GPLv2 COMMUNITY RULES ---></b></td> + <td class="vexpl"><? echo $snort_community_sig_chk_local; ?></td> </tr> - </table> - - <br/> + </table><br/> + </td> + </tr> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("UPDATE YOUR RULE SET");?></td> + </tr> + <tr> + <td align="center"> + <?php if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on'): ?> + <br/><button disabled="disabled"><?php echo gettext("Update Rules"); ?></button><br/> + <p style="text-align:left;"> + <font color="red" size="2px"><b><?php echo gettext("WARNING:");?></b></font><font size="1px" color="#000000"> + <?php echo gettext('No rule types have been selected for download. ') . + gettext('Visit the ') . '<a href="/suricata/suricata_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?> + </font><br/></p> + <?php else: ?> + <br/> + <input type="submit" value="<?php echo gettext(" Update "); ?>" name="update" id="submit" class="formbtn" + title="<?php echo gettext("Check for new updates to configured rulesets"); ?>"/><br/><br/> + <?php endif; ?> + </td> + </tr> - <table id="download_rules" height="32px" width="725px" border="0" cellpadding="5px" cellspacing="0"> - <tr> - <td id="download_rules_td" style='background-color: #eeeeee'> - <div height="32" width="725px" style='background-color: #eeeeee'><span class="vexpl"> - <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span> - <a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" . - gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" . - gettext(" will go down from time to time. Please be patient."); ?></span> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("MANAGE RULE SET LOG");?></td> + </tr> + <tr> + <td align="center" valign="middle" class="vexpl"> + <?php if ($suricata_rules_upd_log_chk == 'yes'): ?> + <br/> + <input type="submit" value="<?php echo gettext("View Log"); ?>" name="view" id="view" class="formbtn" + title="<?php echo gettext("View rules update log contents"); ?>"/> + + <input type="submit" value="<?php echo gettext("Clear Log"); ?>" name="clear" id="clear" class="formbtn" + title="<?php echo gettext("Clear rules update log contents"); ?>" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/> + <br/> + <?php else: ?> + <br/> + <button disabled='disabled'><?php echo gettext("View Log"); ?></button> <?php echo gettext("Log is empty."); ?><br/> + <?php endif; ?> + <br/><?php echo gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); ?><br/><br/> + </td> + </tr> + <?php if (!empty($contents)): ?> + <tr> + <td valign="top" class="listtopic" align="center"><?php echo gettext("RULE SET UPDATE LOG");?></td> + </tr> + <tr> + <td align="center"> + <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> + <textarea style="width:100%; height:100%;" readonly wrap="off" rows="24" cols="80" name="logtext"><?=$contents;?></textarea> </div> - </td> - </tr> - </table> - + </td> + </tr> + <?php endif; ?> + <tr> + <td align="center"> + <span class="vexpl"><br/><br/> + <span class="red"><b><?php echo gettext("NOTE:"); ?></b></span> + <a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" . + gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" . + gettext(" will go down from time to time. Please be patient."); ?></span><br/> </td> </tr> </table> </div> - <br> - </td> - </tr> + </td> +</tr> </table> <!-- end of final table --> </form> diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index 8db40a47..a994593c 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -622,56 +622,20 @@ include_once("head.inc"); </td></tr></table> </form> <script type="text/javascript"> -<?php - $isfirst = 0; - $aliases = ""; - $addrisfirst = 0; - $portisfirst = 0; - $aliasesaddr = ""; - $aliasesports = ""; - if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) - foreach($config['aliases']['alias'] as $alias_name) { - if ($alias_name['type'] == "host" || $alias_name['type'] == "network") { - // Skip any Aliases that resolve to an empty string - if (trim(filter_expand_alias($alias_name['name'])) == "") - continue; - if($addrisfirst == 1) $aliasesaddr .= ","; - $aliasesaddr .= "'" . $alias_name['name'] . "'"; - $addrisfirst = 1; - } else if ($alias_name['type'] == "port") { - if($portisfirst == 1) $aliasesports .= ","; - $aliasesports .= "'" . $alias_name['name'] . "'"; - $portisfirst = 1; - } - } -?> - - var addressarray=new Array(<?php echo $aliasesaddr; ?>); - var portsarray=new Array(<?php echo $aliasesports; ?>); - -function createAutoSuggest() { -<?php - echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n"; - echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_net'), new StateSuggestions(addressarray));\n"; - echo "objAlias = new AutoSuggestControl(document.getElementById('ftp_telnet_bounce_to_port'), new StateSuggestions(portsarray));\n"; -?> -} - -setTimeout("createAutoSuggest();", 500); function wopen(url, name, w, h) { -// Fudge factors for window decoration space. -// In my tests these work well on all platforms & browsers. - w += 32; - h += 96; - var win = window.open(url, - name, - 'width=' + w + ', height=' + h + ', ' + - 'location=no, menubar=no, ' + - 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); - win.resizeTo(w, h); - win.focus(); + // Fudge factors for window decoration space. + // In my tests these work well on all platforms & browsers. + w += 32; + h += 96; + var win = window.open(url, + name, + 'width=' + w + ', height=' + h + ', ' + + 'location=no, menubar=no, ' + + 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); + win.resizeTo(w, h); + win.focus(); } </script> diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php index a1f6a77c..6b710e85 100644 --- a/config/suricata/suricata_libhtp_policy_engine.php +++ b/config/suricata/suricata_libhtp_policy_engine.php @@ -296,29 +296,14 @@ if ($savemsg) <script type="text/javascript" src="/javascript/autosuggest.js"> </script> <script type="text/javascript" src="/javascript/suggestions.js"> - -<?php - $isfirst = 0; - $aliases = ""; - $addrisfirst = 0; - $aliasesaddr = ""; - if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) - foreach($config['aliases']['alias'] as $alias_name) { - if ($alias_name['type'] != "host" && $alias_name['type'] != "network") - continue; - // Skip any Aliases that resolve to an empty string - if (trim(filter_expand_alias($alias_name['name'])) == "") - continue; - if($addrisfirst == 1) $aliasesaddr .= ","; - $aliasesaddr .= "'" . $alias_name['name'] . "'"; - $addrisfirst = 1; - } -?> - var addressarray=new Array(<?php echo $aliasesaddr; ?>); +</script> +<script type="text/javascript"> +//<![CDATA[ +var addressarray = <?= json_encode(get_alias_list(array("host", "network"))) ?>; function createAutoSuggest() { <?php - echo "objAlias = new AutoSuggestControl(document.getElementById('frag3_bind_to'), new StateSuggestions(addressarray));\n"; + echo "\tvar objAlias = new AutoSuggestControl(document.getElementById('policy_bind_to'), new StateSuggestions(addressarray));\n"; ?> } diff --git a/config/suricata/suricata_log_view.php b/config/suricata/suricata_log_view.php deleted file mode 100644 index 41a7225e..00000000 --- a/config/suricata/suricata_log_view.php +++ /dev/null @@ -1,86 +0,0 @@ -<?php -/* - * suricata_log_view.php - * - * Copyright (C) 2014 Bill Meeks - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/suricata/suricata.inc"); - -$contents = ''; - -// Read the contents of the argument passed to us. -// Is it a fully qualified path and file? -$logfile = htmlspecialchars($_GET['logfile'], ENT_QUOTES | ENT_HTML401); -if (file_exists($logfile)) - if (substr(realpath($logfile), 0, strlen(SURICATALOGDIR)) != SURICATALOGDIR) - $contents = gettext("\n\nERROR -- File: {$logfile} can not be viewed!"); - else - $contents = file_get_contents($logfile); -// It is not something we can display, so print an error. -else - $contents = gettext("\n\nERROR -- File: {$logfile} not found!"); - -$pgtitle = array(gettext("Suricata"), gettext("Log File Viewer")); -?> - -<?php include("head.inc");?> - -<body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php // include("fbegin.inc");?> - -<form action="suricata_log_view.php" method="post"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr> - <td class="tabcont"> - <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> - <tr> - <td class="pgtitle" colspan="2">Suricata: Log File Viewer</td> - </tr> - <tr> - <td align="left" width="20%"> - <input type="button" class="formbtn" value="Return" onclick="window.close()"> - </td> - <td align="right"> - <b><?php echo gettext("Log File: ") . '</b> ' . $_GET['logfile']; ?> - </td> - </tr> - <tr> - <td colspan="2" valign="top" class="label"> - <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea style="width:100%; height:100%;" readonly wrap="off" rows="33" cols="80" name="code2"><?=$contents;?></textarea> - </div> - </td> - </tr> - </table> - </td> -</tr> -</table> -</form> -<?php // include("fend.inc");?> -</body> -</html> diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php index 5c0ebbc1..ed673006 100644 --- a/config/suricata/suricata_os_policy_engine.php +++ b/config/suricata/suricata_os_policy_engine.php @@ -242,33 +242,19 @@ if ($savemsg) <script type="text/javascript" src="/javascript/autosuggest.js"> </script> <script type="text/javascript" src="/javascript/suggestions.js"> - -<?php - $isfirst = 0; - $aliases = ""; - $addrisfirst = 0; - $aliasesaddr = ""; - if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) - foreach($config['aliases']['alias'] as $alias_name) { - if ($alias_name['type'] != "host" && $alias_name['type'] != "network") - continue; - // Skip any Aliases that resolve to an empty string - if (trim(filter_expand_alias($alias_name['name'])) == "") - continue; - if($addrisfirst == 1) $aliasesaddr .= ","; - $aliasesaddr .= "'" . $alias_name['name'] . "'"; - $addrisfirst = 1; - } -?> - var addressarray=new Array(<?php echo $aliasesaddr; ?>); +</script> +<script type="text/javascript"> +//<![CDATA[ + var addressarray = <?= json_encode(get_alias_list(array("host", "network"))) ?>; function createAutoSuggest() { -<?php - echo "objAlias = new AutoSuggestControl(document.getElementById('frag3_bind_to'), new StateSuggestions(addressarray));\n"; -?> + <?php + echo "\tvar objAlias = new AutoSuggestControl(document.getElementById('policy_bind_to'), new StateSuggestions(addressarray));\n"; + ?> } setTimeout("createAutoSuggest();", 500); +//]]> </script> diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 0d6f553e..653f47fd 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -47,14 +47,14 @@ $rcdir = RCFILEPREFIX; // Hard kill any running Suricata process that may have been started by any // of the pfSense scripts such as check_reload_status() or rc.start_packages if(is_process_running("suricata")) { - exec("/usr/bin/killall -z suricata"); + killbyname("suricata"); sleep(2); // Delete any leftover suricata PID files in /var/run array_map('@unlink', glob("/var/run/suricata_*.pid")); } // Hard kill any running Barnyard2 processes if(is_process_running("barnyard")) { - exec("/usr/bin/killall -z barnyard2"); + killbyname("barnyard2"); sleep(2); // Delete any leftover barnyard2 PID files in /var/run array_map('@unlink', glob("/var/run/barnyard2_*.pid")); @@ -63,13 +63,6 @@ if(is_process_running("barnyard")) { // Set flag for post-install in progress $g['suricata_postinstall'] = true; -// Fix up the sample filenames from a PBI package install -//$sample_files = array("classification.config", "reference.config", "suricata.yaml"); -//foreach ($sample_files as $file) { -// if (file_exists("{$suricatadir}{$file}-sample")) -// @rename("{$suricatadir}{$file}-sample", "{$suricatadir}{$file}"); -//} - // Remove any previously installed script since we rebuild it @unlink("{$rcdir}/suricata.sh"); @@ -92,7 +85,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = // Create the suricata.yaml files for each enabled interface $suriconf = $config['installedpackages']['suricata']['rule']; foreach ($suriconf as $value) { - $if_real = suricata_get_real_interface($value['interface']); + $if_real = get_real_interface($value['interface']); // create a suricata.yaml file for interface suricata_generate_yaml($value); diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php index 808aefec..071a89a4 100644 --- a/config/suricata/suricata_uninstall.php +++ b/config/suricata/suricata_uninstall.php @@ -42,11 +42,8 @@ log_error(gettext("[Suricata] Suricata package uninstall in progress...")); /* Log a message only if a running process is detected */ if (is_service_running("suricata")) log_error(gettext("[Suricata] Suricata STOP for all interfaces...")); - -mwexec('/usr/bin/killall -z suricata', true); -sleep(2); -mwexec('/usr/bin/killall -9 suricata', true); -sleep(2); +killbyname("suricata"); +sleep(1); // Delete any leftover suricata PID files in /var/run array_map('@unlink', glob("/var/run/suricata_*.pid")); @@ -55,11 +52,8 @@ array_map('@unlink', glob("/var/run/suricata_*.pid")); /* Log a message only if a running process is detected */ if (is_service_running("barnyard2")) log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces...")); - -mwexec('/usr/bin/killall -z barnyard2', true); -sleep(2); -mwexec('/usr/bin/killall -9 barnyard2', true); -sleep(2); +killbyname("barnyard2"); +sleep(1); // Delete any leftover barnyard2 PID files in /var/run array_map('@unlink', glob("/var/run/barnyard2_*.pid")); @@ -67,58 +61,21 @@ array_map('@unlink', glob("/var/run/barnyard2_*.pid")); /* Remove the suricata user and group */ mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true); -/* Remove suricata cron entries Ugly code needs smoothness */ -if (!function_exists('suricata_deinstall_cron')) { - function suricata_deinstall_cron($crontask) { - global $config, $g; - - if(!is_array($config['cron']['item'])) - return; - - $x=0; - $is_installed = false; - foreach($config['cron']['item'] as $item) { - if (strstr($item['command'], $crontask)) { - $is_installed = true; - break; - } - $x++; - } - if ($is_installed == true) - unset($config['cron']['item'][$x]); - } -} - -/* Remove all the Suricata cron jobs. */ -suricata_deinstall_cron("suricata_check_for_rule_updates.php"); -suricata_deinstall_cron("suricata_check_cron_misc.inc"); -configure_cron(); - -/**********************************************************/ -/* Test for existence of library backup tarballs in /tmp. */ -/* If these are present, then a package "delete" */ -/* operation is in progress and we need to wipe out the */ -/* configuration files. Otherwise we leave the binary- */ -/* side configuration intact since only a GUI files */ -/* deinstall and reinstall operation is in progress. */ -/* */ -/* XXX: hopefully a better method presents itself in */ -/* future versions of pfSense. */ -/**********************************************************/ -if (file_exists("/tmp/pkg_libs.tgz") || file_exists("/tmp/pkg_bins.tgz")) { - log_error(gettext("[Suricata] Package deletion requested... removing all package files...")); - mwexec("/bin/rm -f {$rcdir}/suricata.sh"); - mwexec("/bin/rm -rf /usr/local/etc/suricata"); - mwexec("/bin/rm -rf /usr/local/pkg/suricata"); - mwexec("/bin/rm -rf /usr/local/www/suricata"); -} +/* Remove the Suricata cron jobs. */ +install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false); +install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false); +/* See if we are to keep Suricata log files on uninstall */ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { log_error(gettext("[Suricata] Clearing all Suricata-related log files...")); @unlink("{$suricata_rules_upd_log}"); mwexec("/bin/rm -rf {$suricatalogdir}"); } +/* Remove the Suricata GUI app directories */ +@unlink("/usr/local/pkg/suricata"); +@unlink("/usr/local/www/suricata"); + /* Keep this as a last step */ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] != 'on') { log_error(gettext("Not saving settings... all Suricata configuration info and logs deleted...")); |