diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-09-07 17:57:15 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-09-07 17:57:15 -0400 |
commit | 1d9c1cc8e530352168b97fd8b9c552c2588b67f4 (patch) | |
tree | 4ddf526d573bc142104325a91ccfcdd11e3d73f8 /config/suricata | |
parent | e1be647aab970954f0c1312d3579c1e312add9ba (diff) | |
download | pfsense-packages-1d9c1cc8e530352168b97fd8b9c552c2588b67f4.tar.gz pfsense-packages-1d9c1cc8e530352168b97fd8b9c552c2588b67f4.tar.bz2 pfsense-packages-1d9c1cc8e530352168b97fd8b9c552c2588b67f4.zip |
Sync some changes to CARP slaves when enabled.
Diffstat (limited to 'config/suricata')
-rw-r--r-- | config/suricata/suricata_alerts.php | 6 | ||||
-rw-r--r-- | config/suricata/suricata_app_parsers.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_define_vars.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_flow_stream.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_rules.php | 9 | ||||
-rw-r--r-- | config/suricata/suricata_rulesets.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_sid_mgmt.php | 3 |
7 files changed, 30 insertions, 0 deletions
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index eab2a1d5..57ccbe27 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -294,6 +294,9 @@ if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsu if (suricata_add_supplist_entry($suppress)) { suricata_reload_config($a_instance[$instanceid]); $savemsg = $success; + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); sleep(2); } else @@ -354,6 +357,9 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen /* Signal Suricata to live-load the new rules */ suricata_reload_config($a_instance[$instanceid]); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); sleep(2); $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules."); diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index 16927092..51514ee5 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -420,6 +420,9 @@ elseif ($_POST['save'] || $_POST['apply']) { conf_mount_rw(); suricata_generate_yaml($natent); conf_mount_ro(); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php index 3fe5de0d..040244b0 100644 --- a/config/suricata/suricata_define_vars.php +++ b/config/suricata/suricata_define_vars.php @@ -135,6 +135,9 @@ if ($_POST) { /* Soft-restart Suricaa to live-load new variables. */ suricata_reload_config($a_nat[$id]); + /* Sync to configured CARP slaves if any are enabled */ + suricata_sync_on_changes(); + /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index fa9edc16..53c4e010 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -319,6 +319,9 @@ elseif ($_POST['save'] || $_POST['apply']) { conf_mount_rw(); suricata_generate_yaml($natent); conf_mount_ro(); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index aa420371..a787261d 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -375,6 +375,9 @@ elseif ($_POST['clear']) { conf_mount_ro(); $rebuild_rules = false; $pconfig['customrules'] = ''; + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } elseif ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); @@ -395,6 +398,9 @@ elseif ($_POST['save']) { /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); clear_subsystem_dirty('suricata_rules'); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } elseif ($_POST['apply']) { @@ -416,6 +422,9 @@ elseif ($_POST['apply']) { // We have saved changes and done a soft restart, so clear "dirty" flag clear_subsystem_dirty('suricata_rules'); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } include_once("head.inc"); diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php index ce32af20..7ea672b1 100644 --- a/config/suricata/suricata_rulesets.php +++ b/config/suricata/suricata_rulesets.php @@ -165,6 +165,9 @@ if ($_POST["save"]) { $enabled_rulesets_array = explode("||", $enabled_items); if (suricata_is_running($suricata_uuid, $if_real)) $savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface."); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } elseif ($_POST['unselectall']) { // Remove all but the default events and files rules diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php index c69a9fcd..2224e81a 100644 --- a/config/suricata/suricata_sid_mgmt.php +++ b/config/suricata/suricata_sid_mgmt.php @@ -188,6 +188,9 @@ if (isset($_POST['save_auto_sid_conf'])) { $intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", "; } $savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Suricata signaled to live-load the new rules."); + + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); } } |