aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-09-07 17:57:15 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-09-07 17:57:15 -0400
commit1d9c1cc8e530352168b97fd8b9c552c2588b67f4 (patch)
tree4ddf526d573bc142104325a91ccfcdd11e3d73f8 /config/suricata
parente1be647aab970954f0c1312d3579c1e312add9ba (diff)
downloadpfsense-packages-1d9c1cc8e530352168b97fd8b9c552c2588b67f4.tar.gz
pfsense-packages-1d9c1cc8e530352168b97fd8b9c552c2588b67f4.tar.bz2
pfsense-packages-1d9c1cc8e530352168b97fd8b9c552c2588b67f4.zip
Sync some changes to CARP slaves when enabled.
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata_alerts.php6
-rw-r--r--config/suricata/suricata_app_parsers.php3
-rw-r--r--config/suricata/suricata_define_vars.php3
-rw-r--r--config/suricata/suricata_flow_stream.php3
-rw-r--r--config/suricata/suricata_rules.php9
-rw-r--r--config/suricata/suricata_rulesets.php3
-rw-r--r--config/suricata/suricata_sid_mgmt.php3
7 files changed, 30 insertions, 0 deletions
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index eab2a1d5..57ccbe27 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -294,6 +294,9 @@ if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsu
if (suricata_add_supplist_entry($suppress)) {
suricata_reload_config($a_instance[$instanceid]);
$savemsg = $success;
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
sleep(2);
}
else
@@ -354,6 +357,9 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen
/* Signal Suricata to live-load the new rules */
suricata_reload_config($a_instance[$instanceid]);
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
sleep(2);
$savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules.");
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 16927092..51514ee5 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -420,6 +420,9 @@ elseif ($_POST['save'] || $_POST['apply']) {
conf_mount_rw();
suricata_generate_yaml($natent);
conf_mount_ro();
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index 3fe5de0d..040244b0 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -135,6 +135,9 @@ if ($_POST) {
/* Soft-restart Suricaa to live-load new variables. */
suricata_reload_config($a_nat[$id]);
+ /* Sync to configured CARP slaves if any are enabled */
+ suricata_sync_on_changes();
+
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index fa9edc16..53c4e010 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -319,6 +319,9 @@ elseif ($_POST['save'] || $_POST['apply']) {
conf_mount_rw();
suricata_generate_yaml($natent);
conf_mount_ro();
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index aa420371..a787261d 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -375,6 +375,9 @@ elseif ($_POST['clear']) {
conf_mount_ro();
$rebuild_rules = false;
$pconfig['customrules'] = '';
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
elseif ($_POST['cancel']) {
$pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
@@ -395,6 +398,9 @@ elseif ($_POST['save']) {
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_rule[$id]);
clear_subsystem_dirty('suricata_rules');
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
elseif ($_POST['apply']) {
@@ -416,6 +422,9 @@ elseif ($_POST['apply']) {
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('suricata_rules');
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
include_once("head.inc");
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index ce32af20..7ea672b1 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -165,6 +165,9 @@ if ($_POST["save"]) {
$enabled_rulesets_array = explode("||", $enabled_items);
if (suricata_is_running($suricata_uuid, $if_real))
$savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface.");
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
elseif ($_POST['unselectall']) {
// Remove all but the default events and files rules
diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php
index c69a9fcd..2224e81a 100644
--- a/config/suricata/suricata_sid_mgmt.php
+++ b/config/suricata/suricata_sid_mgmt.php
@@ -188,6 +188,9 @@ if (isset($_POST['save_auto_sid_conf'])) {
$intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", ";
}
$savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Suricata signaled to live-load the new rules.");
+
+ // Sync to configured CARP slaves if any are enabled
+ suricata_sync_on_changes();
}
}