aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2014-05-02 07:09:34 +0000
committerErmal <eri@pfsense.org>2014-05-02 07:09:34 +0000
commit8aec99c2678dc2c7bd82ff068733ccc8459a779b (patch)
treec0a070c35362edcb09abd1e821bb71d9a968b93f /config/suricata
parentbb88eed5e00ea1064d61020e59349b83f4c633d1 (diff)
parent7bb99d97c33021c4e4cacb0b8dd739be5933c61f (diff)
downloadpfsense-packages-8aec99c2678dc2c7bd82ff068733ccc8459a779b.tar.gz
pfsense-packages-8aec99c2678dc2c7bd82ff068733ccc8459a779b.tar.bz2
pfsense-packages-8aec99c2678dc2c7bd82ff068733ccc8459a779b.zip
Merge pull request #654 from bmeeks8/suricata-1.0.1
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata.inc11
-rw-r--r--config/suricata/suricata_alerts.php5
-rw-r--r--config/suricata/suricata_generate_yaml.php5
-rw-r--r--config/suricata/suricata_interfaces_edit.php13
-rw-r--r--config/suricata/suricata_post_install.php6
-rw-r--r--config/suricata/suricata_uninstall.php2
-rw-r--r--config/suricata/suricata_yaml_template.inc2
7 files changed, 34 insertions, 10 deletions
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc
index a2be802a..53dc678f 100644
--- a/config/suricata/suricata.inc
+++ b/config/suricata/suricata.inc
@@ -589,8 +589,15 @@ function suricata_rm_blocked_install_cron($should_install) {
$suricata_rm_blocked_expire = "2419200";
}
- $command = "/usr/bin/nice -n20 /sbin/pfctl -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}";
- install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root");
+ // First, remove any existing cron task for "rm_blocked" hosts
+ install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false);
+
+ // Now add or update the cron task for "rm_blocked" hosts
+ // if enabled.
+ if ($should_install) {
+ $command = "/usr/bin/nice -n20 /sbin/pfctl -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}";
+ install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root");
+ }
}
function sync_suricata_package_config() {
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 71739f82..66916e26 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -110,12 +110,11 @@ function suricata_add_supplist_entry($suppress) {
}
}
- /* If we created a new list or updated an existing one, save the change, */
- /* tell Snort to load it, and return true; otherwise return false. */
+ /* If we created a new list or updated an existing one, save the change */
+ /* and return true; otherwise return false. */
if ($found_list) {
write_config();
sync_suricata_package_config();
- suricata_reload_config($a_instance[$instanceid]);
return true;
}
else
diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php
index e4d2c153..3f9e307b 100644
--- a/config/suricata/suricata_generate_yaml.php
+++ b/config/suricata/suricata_generate_yaml.php
@@ -142,6 +142,11 @@ if (!empty($suricatacfg['inspect_recursion_limit']) || $suricatacfg['inspect_rec
else
$inspection_recursion_limit = "";
+if ($suricatacfg['delayed_detect'] == 'on')
+ $delayed_detect = "yes";
+else
+ $delayed_detect = "no";
+
// Add interface-specific blocking settings
if ($suricatacfg['blockoffenders'] == 'on')
$suri_blockoffenders = "yes";
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 62c5eecb..f9319f92 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -222,6 +222,7 @@ if ($_POST["save"]) {
if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']);
if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']);
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
+ if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; }
if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']);
$if_real = get_real_interface($natent['interface']);
@@ -281,6 +282,7 @@ if ($_POST["save"]) {
$natent['reassembly_to_client_chunk'] = '2560';
$natent['enable_midstream_sessions'] = 'off';
$natent['enable_async_sessions'] = 'off';
+ $natent['delayed_detect'] = 'off';
$natent['asn1_max_frames'] = '256';
@@ -622,6 +624,14 @@ if ($savemsg) {
gettext("3000") . "</strong>."; ?><br/><br/><?php echo gettext("When set to 0 an internal default is used. When left blank there is no recursion limit.") ?></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Delayed Detect"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="delayed_detect" id="delayed_detect" type="checkbox" value="on"
+ <?php if ($pconfig['delayed_detect'] == "on") echo " checked"; ?>/>
+ <?php echo gettext("Suricata will build list of signatures after packet capture threads have started. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
+ </tr>
+ <tr>
<td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td>
</tr>
<tr>
@@ -880,7 +890,8 @@ function enable_change(enable_change) {
document.iform.btnHomeNet.disabled=endis;
document.iform.btnPasslist.disabled=endis;
document.iform.btnSuppressList.disabled=endis;
-}
+} document.iform.delayed_detect.disabled=endis;
+
function wopen(url, name, w, h) {
// Fudge factors for window decoration space.
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 4d5454d5..91866982 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -110,8 +110,8 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
suricata_create_rc();
// Set Log Limit, Block Hosts Time and Rules Update Time
- suricata_loglimit_install_cron();
-// suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false);
+ suricata_loglimit_install_cron(true);
+ suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false);
suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false);
// Add the recurring jobs created above to crontab
@@ -138,7 +138,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
}
// Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v0.3-BETA";
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.1";
write_config();
// Done with post-install, so clear flag
diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php
index b8ea6097..558069be 100644
--- a/config/suricata/suricata_uninstall.php
+++ b/config/suricata/suricata_uninstall.php
@@ -35,6 +35,7 @@ $suricatadir = SURICATADIR;
$suricatalogdir = SURICATALOGDIR;
$rcdir = RCFILEPREFIX;
$suricata_rules_upd_log = RULES_UPD_LOGFILE;
+$suri_pf_table = SURICATA_PF_TABLE;
log_error(gettext("[Suricata] Suricata package uninstall in progress..."));
@@ -64,6 +65,7 @@ mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true);
/* Remove the Suricata cron jobs. */
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false);
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false);
+install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false);
/* See if we are to keep Suricata log files on uninstall */
if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') {
diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc
index 4ced9059..c20ca8db 100644
--- a/config/suricata/suricata_yaml_template.inc
+++ b/config/suricata/suricata_yaml_template.inc
@@ -117,7 +117,7 @@ detect-engine:
- sgh-mpm-context: {$sgh_mpm_ctx}
- inspection-recursion-limit: {$inspection_recursion_limit}
- rule-reload: true
- - delayed-detect: yes
+ - delayed-detect: {$delayed_detect}
# Suricata is multi-threaded. Here the threading can be influenced.
threading: