aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-04-29 18:51:57 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-04-29 18:51:57 -0400
commitf8efb383a351681cbffe2a4a873d3635b108d2b3 (patch)
tree84be8e92aca33e4d909384f2d04262379ba27fb8 /config/suricata
parentd298aee67a45d08a93831a2b6f272165ff2f89e6 (diff)
parent06cf384a6603bc771dd91773b0d1f4347b47904b (diff)
downloadpfsense-packages-f8efb383a351681cbffe2a4a873d3635b108d2b3.tar.gz
pfsense-packages-f8efb383a351681cbffe2a4a873d3635b108d2b3.tar.bz2
pfsense-packages-f8efb383a351681cbffe2a4a873d3635b108d2b3.zip
Merge branch 'suricata-1.0'
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata.inc154
-rw-r--r--config/suricata/suricata.priv.inc6
-rw-r--r--config/suricata/suricata.xml22
-rw-r--r--config/suricata/suricata_alerts.php33
-rw-r--r--config/suricata/suricata_app_parsers.php10
-rw-r--r--config/suricata/suricata_barnyard.php66
-rw-r--r--config/suricata/suricata_blocked.php311
-rw-r--r--config/suricata/suricata_check_cron_misc.inc32
-rw-r--r--config/suricata/suricata_define_vars.php8
-rw-r--r--config/suricata/suricata_download_updates.php4
-rw-r--r--config/suricata/suricata_flow_stream.php7
-rw-r--r--config/suricata/suricata_generate_yaml.php25
-rw-r--r--config/suricata/suricata_global.php18
-rw-r--r--config/suricata/suricata_interfaces.php7
-rw-r--r--config/suricata/suricata_interfaces_edit.php91
-rw-r--r--config/suricata/suricata_list_view.php65
-rw-r--r--config/suricata/suricata_logs_browser.php6
-rw-r--r--config/suricata/suricata_logs_mgmt.php52
-rw-r--r--config/suricata/suricata_passlist.php195
-rw-r--r--config/suricata/suricata_passlist_edit.php317
-rw-r--r--config/suricata/suricata_rules.php8
-rw-r--r--config/suricata/suricata_rulesets.php8
-rw-r--r--config/suricata/suricata_select_alias.php241
-rw-r--r--config/suricata/suricata_suppress.php4
-rw-r--r--config/suricata/suricata_suppress_edit.php4
-rw-r--r--config/suricata/suricata_yaml_template.inc10
26 files changed, 1510 insertions, 194 deletions
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc
index b5f5fb56..a2be802a 100644
--- a/config/suricata/suricata.inc
+++ b/config/suricata/suricata.inc
@@ -39,9 +39,14 @@ global $g, $config;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
-// Define the binary and package build versions
-define('SURICATA_VER', '1.4.6');
-define('SURICATA_PKG_VER', 'v0.3-BETA');
+/* Get installed package version for display */
+$suricata_package_version = "Suricata {$config['installedpackages']['package'][get_pkg_id("suricata")]['version']}";
+
+// Define the installed package version
+define('SURICATA_PKG_VER', $suricata_package_version);
+
+// Define the name of the pf table used for IP blocks
+define('SURICATA_PF_TABLE', 'snort2c');
// Create some other useful defines
define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/');
@@ -198,13 +203,26 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") {
function suricata_get_blocked_ips() {
- // This is a placeholder function for later use.
- // Blocking is not currently enabled in Suricata.
- return array();
+ $suri_pf_table = SURICATA_PF_TABLE;
+ $blocked_ips = "";
+
+ exec("/sbin/pfctl -t {$suri_pf_table} -T show", $blocked_ips);
+
+ $blocked_ips_array = array();
+ if (!empty($blocked_ips)) {
+ if (is_array($blocked_ips)) {
+ foreach ($blocked_ips as $blocked_ip) {
+ if (empty($blocked_ip))
+ continue;
+ $blocked_ips_array[] = trim($blocked_ip, " \n\t");
+ }
+ }
+ }
+ return $blocked_ips_array;
}
-/* func builds custom white lists */
-function suricata_find_list($find_name, $type = 'whitelist') {
+/* func builds custom Pass Lists */
+function suricata_find_list($find_name, $type = 'passlist') {
global $config;
$suricataglob = $config['installedpackages']['suricata'];
@@ -221,11 +239,11 @@ function suricata_find_list($find_name, $type = 'whitelist') {
return array();
}
-function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
+function suricata_build_list($suricatacfg, $listname = "", $passlist = false) {
/***********************************************************/
/* The default is to build a HOME_NET variable unless */
- /* '$whitelist' is set to 'true' when calling. */
+ /* '$passlist' is set to 'true' when calling. */
/***********************************************************/
global $config, $g, $aliastable, $filterdns;
@@ -247,7 +265,7 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
$home_net = explode(" ", trim(filter_expand_alias($list['address'])));
}
- // Always add loopback to HOME_NET and whitelist (ftphelper)
+ // Always add loopback to HOME_NET and passlist (ftphelper)
if (!in_array("127.0.0.1", $home_net))
$home_net[] = "127.0.0.1";
@@ -255,8 +273,8 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
/* Always put the interface running Suricata in HOME_NET and */
/* whitelist unless it's the WAN. WAN options are handled further */
/* down. If the user specifically chose not to include LOCAL_NETS */
- /* in the WHITELIST, then do not include the Suricata interface */
- /* subnet in the WHITELIST. We do include the actual LAN interface */
+ /* in the PASS LIST, then do not include the Suricata interface */
+ /* subnet in the PASS LIST. We do include the actual LAN interface */
/* IP for Suricata, though, to prevent locking out the firewall. */
/********************************************************************/
$suricataip = get_interface_ip($suricatacfg['interface']);
@@ -297,8 +315,8 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
if (!$whitelist || $localnet == 'yes' || empty($localnet)) {
/*************************************************************************/
- /* Iterate through the interface list and write out whitelist items and */
- /* also compile a HOME_NET list of all the local interfaces for suricata. */
+ /* Iterate through the interface list and write out pass list items and */
+ /* also compile a HOME_NET list of all local interfaces for suricata. */
/* Skip the WAN interface as we do not typically want that whole subnet */
/* whitelisted (just the i/f IP itself which was handled earlier). */
/*************************************************************************/
@@ -365,7 +383,7 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) {
}
if($vips == 'yes') {
- // iterate all vips and add to whitelist
+ // iterate all vips and add to passlist
if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
foreach($config['virtualip']['vip'] as $vip) {
if ($vip['subnet'] && $vip['mode'] != 'proxyarp') {
@@ -484,6 +502,97 @@ function suricata_loglimit_install_cron($should_install=true) {
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", $should_install, "*/5");
}
+function suricata_rm_blocked_install_cron($should_install) {
+ global $config, $g;
+ $suri_pf_table = SURICATA_PF_TABLE;
+
+ $suricata_rm_blocked_info_ck = $config['installedpackages']['suricata']['config'][0]['rm_blocked'];
+
+ if ($suricata_rm_blocked_info_ck == "15m_b") {
+ $suricata_rm_blocked_min = "*/1";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "900";
+ }
+ if ($suricata_rm_blocked_info_ck == "30m_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "1800";
+ }
+ if ($suricata_rm_blocked_info_ck == "1h_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "3600";
+ }
+ if ($suricata_rm_blocked_info_ck == "3h_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "10800";
+ }
+ if ($suricata_rm_blocked_info_ck == "6h_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "21600";
+ }
+ if ($suricata_rm_blocked_info_ck == "12h_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "43200";
+ }
+ if ($suricata_rm_blocked_info_ck == "1d_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "86400";
+ }
+ if ($suricata_rm_blocked_info_ck == "4d_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "345600";
+ }
+ if ($suricata_rm_blocked_info_ck == "7d_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "604800";
+ }
+ if ($suricata_rm_blocked_info_ck == "28d_b") {
+ $suricata_rm_blocked_min = "*/5";
+ $suricata_rm_blocked_hr = "*";
+ $suricata_rm_blocked_mday = "*";
+ $suricata_rm_blocked_month = "*";
+ $suricata_rm_blocked_wday = "*";
+ $suricata_rm_blocked_expire = "2419200";
+ }
+
+ $command = "/usr/bin/nice -n20 /sbin/pfctl -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}";
+ install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root");
+}
+
function sync_suricata_package_config() {
global $config, $g;
@@ -516,9 +625,11 @@ function sync_suricata_package_config() {
$suricataglob = $config['installedpackages']['suricata']['config'][0];
// setup the log directory size check job if enabled
- suricata_loglimit_install_cron();
+ suricata_loglimit_install_cron(true);
// setup the suricata rules update job if enabled
- suricata_rules_up_install_cron($suricataglob['autoruleupdate'] != "never_up" ? true : false);
+ suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false);
+ // set the suricata blocked hosts time
+ suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false);
write_config();
configure_cron();
@@ -1911,7 +2022,12 @@ function suricata_generate_barnyard2_conf($suricatacfg, $if_real) {
$by2_dbpwd = base64_decode($suricatacfg['barnyard_dbpwd']);
$suricatabarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: alert, mysql, ";
$suricatabarnyardlog_output_plugins .= "user={$suricatacfg['barnyard_dbuser']} password={$by2_dbpwd} ";
- $suricatabarnyardlog_output_plugins .= "dbname={$suricatacfg['barnyard_dbname']} host={$suricatacfg['barnyard_dbhost']}\n\n";
+ $suricatabarnyardlog_output_plugins .= "dbname={$suricatacfg['barnyard_dbname']} host={$suricatacfg['barnyard_dbhost']}";
+ if (isset($suricatacfg['barnyard_sensor_name']) && strlen($suricatacfg['barnyard_sensor_name']) > 0)
+ $suricatabarnyardlog_output_plugins .= " sensor_name={$suricatacfg['barnyard_sensor_name']}";
+ if ($suricatacfg['barnyard_disable_sig_ref_tbl'] == 'on')
+ $suricatabarnyardlog_output_plugins .= " disable_signature_reference_table";
+ $suricatabarnyardlog_output_plugins .= "\n\n";
}
if ($suricatacfg['barnyard_syslog_enable'] == 'on') {
$suricatabarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\n";
diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc
index 8dcec887..3bbee55a 100644
--- a/config/suricata/suricata.priv.inc
+++ b/config/suricata/suricata.priv.inc
@@ -8,6 +8,7 @@ $priv_list['page-services-suricata']['descr'] = "Allow access to suricata packag
$priv_list['page-services-suricata']['match'] = array();
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_alerts.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_barnyard.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_blocked.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_check_for_rule_updates.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_define_vars.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_download_rules.php*";
@@ -20,11 +21,12 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_global.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress_edit.php*";
-$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist.php*";
-$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist_edit.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_select_alias.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_list_view.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_browser.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_mgmt.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist.php*";
+$priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist_edit.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_flow_stream.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules.php*";
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index fb296aed..34d2af7b 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -42,7 +42,7 @@
<description>Suricata IDS/IPS Package</description>
<requirements>None</requirements>
<name>suricata</name>
- <version>1.4.6 pkg v0.3-BETA</version>
+ <version>1.4.6 pkg v1.0</version>
<title>Services: Suricata IDS</title>
<include_file>/usr/local/pkg/suricata/suricata.inc</include_file>
<menu>
@@ -208,6 +208,26 @@
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_blocked.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_passlist.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_passlist_edit.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/suricata/</prefix>
+ <chmod>0644</chmod>
+ <item>https://packages.pfsense.org/packages/config/suricata/suricata_select_alias.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
<prefix>/usr/local/www/widgets/javascript/</prefix>
<chmod>0644</chmod>
<item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.js</item>
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 01d4daeb..71739f82 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -32,6 +32,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
$supplist = array();
+$suri_pf_table = SURICATA_PF_TABLE;
function suricata_is_alert_globally_suppressed($list, $gid, $sid) {
@@ -165,12 +166,12 @@ if ($_POST['save']) {
exit;
}
-//if ($_POST['unblock'] && $_POST['ip']) {
-// if (is_ipaddr($_POST['ip'])) {
-// exec("/sbin/pfctl -t snort2c -T delete {$_POST['ip']}");
-// $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table.");
-// }
-//}
+if ($_POST['unblock'] && $_POST['ip']) {
+ if (is_ipaddr($_POST['ip'])) {
+ exec("/sbin/pfctl -t {$suri_pf_table} -T delete {$_POST['ip']}");
+ $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table.");
+ }
+}
if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
if ($_POST['addsuppress_srcip'])
@@ -355,10 +356,12 @@ if ($savemsg) {
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -495,10 +498,10 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
$alert_ip_src .= "title='" . gettext("This alert track by_src IP is already in the Suppress List") . "'/>";
}
/* Add icon for auto-removing from Blocked Table if required */
-// if (isset($tmpblocked[$fields[9]])) {
-// $alert_ip_src .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" ";
-// $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
-// }
+ if (isset($tmpblocked[$fields[9]])) {
+ $alert_ip_src .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" ";
+ $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
+ }
/* IP SRC Port */
$alert_src_p = $fields[10];
/* IP Destination */
@@ -524,10 +527,10 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
$alert_ip_dst .= "title='" . gettext("This alert track by_dst IP is already in the Suppress List") . "'/>";
}
/* Add icon for auto-removing from Blocked Table if required */
-// if (isset($tmpblocked[$fields[11]])) {
-// $alert_ip_dst .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" ";
-// $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
-// }
+ if (isset($tmpblocked[$fields[11]])) {
+ $alert_ip_dst .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" ";
+ $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
+ }
/* IP DST Port */
$alert_dst_p = $fields[12];
/* SID */
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 8d0bb4f4..9d78775c 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -379,7 +379,7 @@ include_once("head.inc");
<?php include("fbegin.inc");
/* Display error or save message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
if ($savemsg) {
print_info_box($savemsg);
@@ -393,14 +393,16 @@ include_once("head.inc");
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -412,7 +414,7 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("App Parsers"), true, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index 850e4bed..af784845 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -133,6 +133,7 @@ if ($_POST['save']) {
$natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off';
$natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off';
$natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off';
+ $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off';
$natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
$natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
@@ -167,50 +168,21 @@ if ($_POST['save']) {
elseif ($a_nat[$id]['barnyard_enable'] == "on") {
if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2"))
suricata_barnyard_reload_config($a_nat[$id], "HUP");
- else
- suricata_barnyard_start($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
+ else {
+ // Notify user a Suricata restart is required if enabling Barnyard2 for the first time
+ $savemsg = gettext("NOTE: you must restart Suricata on this interface to activate unified2 logging for Barnyard2.");
+ }
}
- // after click go to this page
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: suricata_barnyard.php?id=$id");
- exit;
+ $pconfig = $natent;
}
else {
- // We had errors, so save incoming field data to prevent retyping
- $pconfig['barnyard_enable'] = $_POST['barnyard_enable'];
- $pconfig['barnyard_show_year'] = $_POST['barnyard_show_year'];
- $pconfig['barnyard_archive_enable'] = $_POST['barnyard_archive_enable'];
- $pconfig['barnyard_dump_payload'] = $_POST['barnyard_dump_payload'];
- $pconfig['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip'];
- $pconfig['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'];
- $pconfig['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'];
- $pconfig['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'];
- $pconfig['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
- $pconfig['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
- $pconfig['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'];
-
- $pconfig['barnyard_sensor_id'] = $_POST['barnyard_sensor_id'];
- $pconfig['barnyard_sensor_name'] = $_POST['barnyard_sensor_name'];
- $pconfig['barnyard_dbhost'] = $_POST['barnyard_dbhost'];
- $pconfig['barnyard_dbname'] = $_POST['barnyard_dbname'];
- $pconfig['barnyard_dbuser'] = $_POST['barnyard_dbuser'];
- $pconfig['barnyard_dbpwd'] = $_POST['barnyard_dbpwd'];
- $pconfig['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost'];
- $pconfig['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport'];
- $pconfig['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility'];
- $pconfig['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority'];
- $pconfig['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost'];
- $pconfig['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport'];
- $pconfig['barnconfigpassthru'] = $_POST['barnconfigpassthru'];
+ // We had errors, so save previous field data to prevent retyping
+ $pconfig = $_POST;
}
}
-$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Barnyard2 Settings");
include_once("head.inc");
@@ -221,7 +193,7 @@ include_once("head.inc");
/* Display Alert message */
if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
}
if ($savemsg) {
@@ -235,14 +207,16 @@ include_once("head.inc");
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -254,7 +228,7 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -358,6 +332,14 @@ include_once("head.inc");
&nbsp;<?php echo gettext("Password for the MySQL database user"); ?>
</td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Suricata instances."); ?>
+ </td>
+ </tr>
</tbody>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td>
@@ -521,6 +503,7 @@ function toggle_mySQL() {
document.iform.barnyard_dbname.disabled = endis;
document.iform.barnyard_dbuser.disabled = endis;
document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
if (endis)
document.getElementById("mysql_config_rows").style.display = "none";
@@ -587,6 +570,7 @@ function enable_change(enable_change) {
document.iform.barnyard_dbname.disabled = endis;
document.iform.barnyard_dbuser.disabled = endis;
document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_disable_sig_ref_tbl.disabled = endis;
document.iform.barnyard_syslog_enable.disabled = endis;
document.iform.barnyard_syslog_local.disabled = endis;
document.iform.barnyard_syslog_opmode_default.disabled = endis;
diff --git a/config/suricata/suricata_blocked.php b/config/suricata/suricata_blocked.php
new file mode 100644
index 00000000..4747d98f
--- /dev/null
+++ b/config/suricata/suricata_blocked.php
@@ -0,0 +1,311 @@
+<?php
+/*
+ * suricata_blocked.php
+ *
+ * Copyright (C) 2014 Bill Meeks
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+$suricatalogdir = SURICATALOGDIR;
+$suri_pf_table = SURICATA_PF_TABLE;
+
+if (!is_array($config['installedpackages']['suricata']['alertsblocks']))
+ $config['installedpackages']['suricata']['alertsblocks'] = array();
+
+$pconfig['brefresh'] = $config['installedpackages']['suricata']['alertsblocks']['brefresh'];
+$pconfig['blertnumber'] = $config['installedpackages']['suricata']['alertsblocks']['blertnumber'];
+
+if (empty($pconfig['blertnumber']))
+ $bnentries = '500';
+else
+ $bnentries = $pconfig['blertnumber'];
+
+if ($_POST['todelete']) {
+ $ip = "";
+ if ($_POST['ip'])
+ $ip = $_POST['ip'];
+ if (is_ipaddr($ip))
+ exec("/sbin/pfctl -t {$suri_pf_table} -T delete {$ip}");
+ else
+ $input_errors[] = gettext("An invalid IP address was provided as a parameter.");
+}
+
+if ($_POST['remove']) {
+ exec("/sbin/pfctl -t {$suri_pf_table} -T flush");
+ header("Location: /suricata/suricata_blocked.php");
+ exit;
+}
+
+/* TODO: build a file with block ip and disc */
+if ($_POST['download'])
+{
+ $blocked_ips_array_save = "";
+ exec("/sbin/pfctl -t {$suri_pf_table} -T show", $blocked_ips_array_save);
+ /* build the list */
+ if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) {
+ $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
+ $file_name = "suricata_blocked_{$save_date}.tar.gz";
+ exec('/bin/mkdir -p /tmp/suricata_blocked');
+ file_put_contents("/tmp/suricata_blocked/suricata_block.pf", "");
+ foreach($blocked_ips_array_save as $counter => $fileline) {
+ if (empty($fileline))
+ continue;
+ $fileline = trim($fileline, " \n\t");
+ file_put_contents("/tmp/suricata_blocked/suricata_block.pf", "{$fileline}\n", FILE_APPEND);
+ }
+
+ // Create a tar gzip archive of blocked host IP addresses
+ exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/suricata_blocked suricata_block.pf");
+
+ // If we successfully created the archive, send it to the browser.
+ if(file_exists("/tmp/{$file_name}")) {
+ ob_start(); //important or other posts will fail
+ if (isset($_SERVER['HTTPS'])) {
+ header('Pragma: ');
+ header('Cache-Control: ');
+ } else {
+ header("Pragma: private");
+ header("Cache-Control: private, must-revalidate");
+ }
+ header("Content-Type: application/octet-stream");
+ header("Content-length: " . filesize("/tmp/{$file_name}"));
+ header("Content-disposition: attachment; filename = {$file_name}");
+ ob_end_clean(); //important or other post will fail
+ readfile("/tmp/{$file_name}");
+
+ // Clean up the temp files and directory
+ @unlink("/tmp/{$file_name}");
+ exec("/bin/rm -fr /tmp/suricata_blocked");
+ } else
+ $savemsg = gettext("An error occurred while creating archive");
+ } else
+ $savemsg = gettext("No content on suricata block list");
+}
+
+if ($_POST['save'])
+{
+ /* no errors */
+ if (!$input_errors) {
+ $config['installedpackages']['suricata']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off';
+ $config['installedpackages']['suricata']['alertsblocks']['blertnumber'] = $_POST['blertnumber'];
+
+ write_config("Suricata pkg: updated BLOCKED tab settings.");
+
+ header("Location: /suricata/suricata_blocked.php");
+ exit;
+ }
+
+}
+
+$pgtitle = gettext("Suricata: Blocked Hosts");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+<script src="/javascript/filter_log.js" type="text/javascript"></script>
+
+<?php
+
+include_once("fbegin.inc");
+
+/* refresh every 60 secs */
+if ($pconfig['brefresh'] == 'on')
+ echo "<meta http-equiv=\"refresh\" content=\"60;url=/suricata/suricata_blocked.php\" />\n";
+
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+?>
+
+<form action="/suricata/suricata_blocked.php" method="post">
+<input type="hidden" name="ip" id="ip" value=""/>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+ <td>
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), true, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
+ ?>
+ </td>
+</tr>
+<tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" class="listtopic"><?php echo gettext("Blocked Hosts Log View Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell"><?php echo gettext("Save or Remove Hosts"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/>
+ &nbsp;<?php echo gettext("All blocked hosts will be saved."); ?>&nbsp;&nbsp;
+ <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>"
+ onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/>&nbsp;
+ <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span>&nbsp;<?php echo gettext("all hosts will be removed."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" class="vncell"><?php echo gettext("Auto Refresh and Log View"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
+ &nbsp;&nbsp;<?php echo gettext("Refresh"); ?>&nbsp;<input name="brefresh" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['suricata']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['suricata']['alertsblocks']['brefresh']=='') echo "checked"; ?>/>
+ &nbsp;<?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
+ <input name="blertnumber" type="text" class="formfld unknown" id="blertnumber"
+ size="5" value="<?=htmlspecialchars($bnentries);?>"/>&nbsp;<?php printf(gettext("Enter number of " .
+ "blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Hosts Blocked by Suricata"), $bnentries); ?></td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="2" cellspacing="0">
+ <colgroup>
+ <col width="5%" align="center" axis="number">
+ <col width="15%" align="center" axis="string">
+ <col width="70%" align="left" axis="string">
+ <col width="10%" align="center">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr" axis="number">#</th>
+ <th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th>
+ <th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Remove"); ?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php
+
+ /* set the arrays */
+ $blocked_ips_array = suricata_get_blocked_ips();
+ if (!empty($blocked_ips_array)) {
+ foreach ($blocked_ips_array as &$ip)
+ $ip = inet_pton($ip);
+ $tmpblocked = array_flip($blocked_ips_array);
+ $src_ip_list = array();
+ foreach (glob("{$suricatalogdir}*/block.log*") as $alertfile) {
+ $fd = fopen($alertfile, "r");
+ if ($fd) {
+ /* 0 1 2 3 4 5 6 7 8 9 10 */
+ /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,ip,port */
+ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
+ if(count($fields) < 11)
+ continue;
+ $fields[9] = inet_pton($fields[9]);
+ if (isset($tmpblocked[$fields[9]])) {
+ if (!is_array($src_ip_list[$fields[9]]))
+ $src_ip_list[$fields[9]] = array();
+ $src_ip_list[$fields[9]][$fields[5]] = "{$fields[5]} - " . substr($fields[0], 0, -7);
+ }
+ }
+ fclose($fd);
+ }
+ }
+
+ foreach($blocked_ips_array as $blocked_ip) {
+ if (is_ipaddr($blocked_ip) && !isset($src_ip_list[$blocked_ip]))
+ $src_ip_list[$blocked_ip] = array("N\A\n");
+ }
+
+ /* build final list, build html */
+ $counter = 0;
+ foreach($src_ip_list as $blocked_ip => $blocked_msg) {
+ $blocked_desc = implode("<br/>", $blocked_msg);
+ if($counter > $bnentries)
+ break;
+ else
+ $counter++;
+
+ $block_ip_str = inet_ntop($blocked_ip);
+ /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
+ $tmp_ip = str_replace(":", ":&#8203;", $block_ip_str);
+ /* Add reverse DNS lookup icons */
+ $rdns_link = "";
+ $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$block_ip_str}&dialog_output=true', outputrule);\">";
+ $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' ";
+ $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a>&nbsp;";
+ $rdns_link .= "<a href='/diag_dns.php?host={$block_ip_str}'>";
+ $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' ";
+ $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
+ /* use one echo to do the magic*/
+ echo "<tr>
+ <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td>
+ <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td>
+ <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td>
+ <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\">
+ <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$block_ip_str}';\"
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td>
+ </tr>\n";
+ }
+ }
+ ?>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="vexpl" align="center">
+ <?php if (!empty($blocked_ips_array)) {
+ if ($counter > 1)
+ echo "{$counter}" . gettext(" host IP addresses are currently being blocked.");
+ else
+ echo "{$counter}" . gettext(" host IP address is currently being blocked.");
+ }
+ else {
+ echo gettext("There are currently no hosts being blocked by Suricata.");
+ }
+ ?>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+</tr>
+</table>
+</form>
+<?php
+include("fend.inc");
+?>
+</body>
+</html>
diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc
index b9ba3fb7..0a3bf113 100644
--- a/config/suricata/suricata_check_cron_misc.inc
+++ b/config/suricata/suricata_check_cron_misc.inc
@@ -173,19 +173,31 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] ==
$suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$value['uuid']}";
foreach ($logs as $k => $p)
suricata_check_rotate_log("{$suricata_log_dir}/{$k}", $p['limit']*1024, $p['retention']);
- }
- // Prune any aged-out Barnyard2 archived logs if any exist
- if (is_dir("{$suricata_log_dir}/barnyard2/archive") &&
- $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) {
- $now = time();
- $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*");
- foreach ($files as $f) {
- if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600))
- unlink_if_exists($f);
+ // Prune any aged-out Barnyard2 archived logs if any exist
+ if (is_dir("{$suricata_log_dir}/barnyard2/archive") &&
+ $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) {
+ $now = time();
+ $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*");
+ foreach ($files as $f) {
+ if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600))
+ unlink_if_exists($f);
+ }
+ }
+ unset($files);
+
+ // Prune aged-out File Store files if any exist
+ if (is_dir("{$suricata_log_dir}/files") &&
+ $config['installedpackages']['suricata']['config'][0]['file_store_retention'] > 0) {
+ $now = time();
+ $files = glob("{$suricata_log_dir}/files/file.*");
+ foreach ($files as $f) {
+ if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['file_store_retention'] * 3600))
+ unlink_if_exists($f);
+ }
}
+ unset($files);
}
- unset($files);
}
// Check the overall log directory limit (if enabled) and prune if necessary
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index 22b8ab3c..67167c05 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -158,14 +158,16 @@ if ($savemsg)
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -177,7 +179,7 @@ if ($savemsg)
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), true, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php
index 188255c8..d47c931c 100644
--- a/config/suricata/suricata_download_updates.php
+++ b/config/suricata/suricata_download_updates.php
@@ -176,10 +176,12 @@ include_once("head.inc");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), true, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index cc00f350..1ac57342 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -438,14 +438,15 @@ include_once("head.inc");
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td>';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -457,7 +458,7 @@ include_once("head.inc");
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php
index 0e348631..e4d2c153 100644
--- a/config/suricata/suricata_generate_yaml.php
+++ b/config/suricata/suricata_generate_yaml.php
@@ -64,6 +64,11 @@ if (!empty($suricatacfg['externallistname']) && $suricatacfg['externallistname']
$external_net = trim($external_net);
}
+// Set the PASS LIST and write its contents to disk
+$plist = suricata_build_list($suricatacfg, $suricatacfg['passlistname'], true);
+@file_put_contents("{$suricatacfgdir}/passlist", implode("\n", $plist));
+$suri_passlist = "{$suricatacfgdir}/passlist";
+
// Set default and user-defined variables for SERVER_VARS and PORT_VARS
$suricata_servers = array (
"dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET",
@@ -137,6 +142,26 @@ if (!empty($suricatacfg['inspect_recursion_limit']) || $suricatacfg['inspect_rec
else
$inspection_recursion_limit = "";
+// Add interface-specific blocking settings
+if ($suricatacfg['blockoffenders'] == 'on')
+ $suri_blockoffenders = "yes";
+else
+ $suri_blockoffenders = "no";
+
+if ($suricatacfg['blockoffenderskill'] == 'on')
+ $suri_killstates = "yes";
+else
+ $suri_killstates = "no";
+
+if ($suricatacfg['blockoffendersip'] == 'src')
+ $suri_blockip = 'SRC';
+elseif ($suricatacfg['blockoffendersip'] == 'dst')
+ $suri_blockip = 'DST';
+else
+ $suri_blockip = 'BOTH';
+
+$suri_pf_table = SURICATA_PF_TABLE;
+
// Add interface-specific logging settings
if ($suricatacfg['alertsystemlog'] == 'on')
$alert_syslog = "yes";
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index 938d6a97..a780cb89 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -124,7 +124,7 @@ if (!$input_errors) {
$retval = 0;
- /* create whitelist and homenet file, then sync files */
+ /* create passlist and homenet file, then sync files */
sync_suricata_package_config();
write_config();
@@ -168,10 +168,12 @@ if ($input_errors)
$tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -304,18 +306,18 @@ if ($input_errors)
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
</tr>
-<tr style="display:none;">
+<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts Interval"); ?></td>
<td width="78%" class="vtable">
<select name="rm_blocked" class="formselect" id="rm_blocked">
<?php
$interfaces3 = array('never_b' => gettext('NEVER'), '15m_b' => gettext('15 MINS'), '30m_b' => gettext('30 MINS'), '1h_b' => gettext('1 HOUR'), '3h_b' => gettext('3 HOURS'), '6h_b' => gettext('6 HOURS'), '12h_b' => gettext('12 HOURS'), '1d_b' => gettext('1 DAY'), '4d_b' => gettext('4 DAYS'), '7d_b' => gettext('7 DAYS'), '28d_b' => gettext('28 DAYS'));
foreach ($interfaces3 as $iface3 => $ifacename3): ?>
- <option value="<?=$iface3;?>"
- <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
- <?=htmlspecialchars($ifacename3);?></option>
- <?php endforeach; ?>
- </select>&nbsp;
+ <option value="<?=$iface3;?>"
+ <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename3);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;
<?php echo gettext("Please select the amount of time you would like hosts to be blocked."); ?><br/><br/>
<?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td>
</tr>
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index e8125986..062745dd 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -134,9 +134,8 @@ if ($_POST['toggle']) {
header("Location: /suricata/suricata_interfaces.php");
exit;
}
-$suri_bin_ver = SURICATA_VER;
$suri_pkg_ver = SURICATA_PKG_VER;
-$pgtitle = "Services: Suricata {$suri_bin_ver} pkg {$suri_pkg_ver} - Intrusion Detection System";
+$pgtitle = "Services: {$suri_pkg_ver} - Intrusion Detection System";
include_once("head.inc");
?>
@@ -164,10 +163,12 @@ include_once("head.inc");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index fbb78aa2..62c5eecb 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -32,6 +32,9 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
+$suricatadir = SURICATADIR;
+$suricatalogdir = SURICATALOGDIR;
+
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
$suricataglob = $config['installedpackages']['suricata'];
@@ -173,6 +176,16 @@ if ($_POST["save"]) {
if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit']))
$input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0.");
+ /* See if assigned interface is already in use */
+ if (isset($_POST['interface'])) {
+ foreach ($a_rule as $k => $v) {
+ if (($v['interface'] == $_POST['interface']) && ($id <> $k)) {
+ $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance.");
+ break;
+ }
+ }
+ }
+
// if no errors write to suricata.yaml
if (!$input_errors) {
$natent = $a_rule[$id];
@@ -204,7 +217,7 @@ if ($_POST["save"]) {
if ($_POST['blockoffenders'] == "on") $natent['blockoffenders'] = 'on'; else $natent['blockoffenders'] = 'off';
if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']);
if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']);
- if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']);
+ if ($_POST['passlistname']) $natent['passlistname'] = $_POST['passlistname']; else unset($natent['passlistname']);
if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']);
if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']);
if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']);
@@ -213,14 +226,20 @@ if ($_POST["save"]) {
$if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id]) {
+ // See if moving an existing Suricata instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
- suricata_stop($a_rule[$id], $oif_real);
- exec("rm -r /var/log/suricata_{$oif_real}" . $a_rule[$id]['uuid']);
- exec("mv -f {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ if (suricata_is_running($a_rule[$id]['uuid'], $oif_real)) {
+ suricata_stop($a_rule[$id], $oif_real);
+ $suricata_start = true;
+ }
+ else
+ $suricata_start = false;
+ exec("mv -f {$suricatalogdir}suricata_{$oif_real}" . $a_rule[$id]['uuid'] . " {$suricatalogdir}suricata_{$if_real}" . $a_rule[$id]['uuid']);
+ conf_mount_rw();
+ exec("mv -f {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ conf_mount_ro();
}
- // Edits don't require a rules rebuild, so turn it "off"
- $rebuild_rules = false;
$a_rule[$id] = $natent;
} else {
// Adding new interface, so set interface configuration parameter defaults
@@ -330,14 +349,16 @@ if ($savemsg) {
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -349,7 +370,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -490,8 +511,6 @@ if ($savemsg) {
<?php echo gettext("Enter maximum number of packet log files to maintain. Default is ") . "<strong>" .
gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td>
</tr>
-
-<!-- ### Blocking not yet enabled, so hide the controls ###
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
</tr>
@@ -527,9 +546,6 @@ if ($savemsg) {
<span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td>
</td>
</tr>
- ### End of Blocking controls ###
--->
-
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Detection Engine Settings"); ?></td>
</tr>
@@ -666,17 +682,16 @@ if ($savemsg) {
"setting at default. Create an Alias for custom External Net settings."); ?><br/>
</td>
</tr>
-<!--
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td>
<td width="78%" class="vtable">
- <select name="whitelistname" class="formselect" id="whitelistname">
+ <select name="passlistname" class="formselect" id="passlistname">
<?php
- /* find whitelist names and filter by type, make sure to track by uuid */
+ /* find passlist names and filter by type, make sure to track by uuid */
echo "<option value='default' >default</option>\n";
- if (is_array($suricataglob['whitelist']['item'])) {
- foreach ($suricataglob['whitelist']['item'] as $value) {
- if ($value['name'] == $pconfig['whitelistname'])
+ if (is_array($suricataglob['passlist']['item'])) {
+ foreach ($suricataglob['passlist']['item'] as $value) {
+ if ($value['name'] == $pconfig['passlistname'])
echo "<option value='{$value['name']}' selected>";
else
echo "<option value='{$value['name']}'>";
@@ -685,17 +700,15 @@ if ($savemsg) {
}
?>
</select>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')"
- id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','passlistname','passlist')"
+ id="btnPasslist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/>
<br/>
- <?php echo gettext("Choose the whitelist you want this interface to " .
- "use."); ?> <br/><br/>
+ <?php echo gettext("Choose the Pass List you want this interface to use."); ?> <br/><br/>
<span class="red"><?php echo gettext("Note:"); ?></span>&nbsp;<?php echo gettext("This option will only be used when block offenders is on."); ?><br/>
<span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("Default " .
- "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
+ "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
</td>
</tr>
--->
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Suppression and Filtering"); ?></td>
</tr>
@@ -756,11 +769,11 @@ if ($savemsg) {
<script language="JavaScript">
function enable_blockoffenders() {
-// var endis = !(document.iform.blockoffenders.checked);
-// document.iform.blockoffenderskill.disabled=endis;
-// document.iform.blockoffendersip.disabled=endis;
-// document.iform.whitelistname.disabled=endis;
-// document.iform.btnWhitelist.disabled=endis;
+ var endis = !(document.iform.blockoffenders.checked);
+ document.iform.blockoffenderskill.disabled=endis;
+ document.iform.blockoffendersip.disabled=endis;
+ document.iform.passlistname.disabled=endis;
+ document.iform.btnPasslist.disabled=endis;
}
function toggle_stats_log() {
@@ -855,17 +868,17 @@ function enable_change(enable_change) {
document.iform.mpm_algo.disabled = endis;
document.iform.sgh_mpm_context.disabled = endis;
document.iform.inspect_recursion_limit.disabled = endis;
-// document.iform.blockoffenders.disabled = endis;
-// document.iform.blockoffendersip.disabled=endis;
-// document.iform.blockoffenderskill.disabled=endis;
+ document.iform.blockoffenders.disabled = endis;
+ document.iform.blockoffendersip.disabled=endis;
+ document.iform.blockoffenderskill.disabled=endis;
document.iform.alertsystemlog.disabled = endis;
document.iform.externallistname.disabled = endis;
document.iform.homelistname.disabled = endis;
-// document.iform.whitelistname.disabled=endis;
+ document.iform.passlistname.disabled=endis;
document.iform.suppresslistname.disabled = endis;
document.iform.configpassthru.disabled = endis;
document.iform.btnHomeNet.disabled=endis;
-// document.iform.btnWhitelist.disabled=endis;
+ document.iform.btnPasslist.disabled=endis;
document.iform.btnSuppressList.disabled=endis;
}
@@ -890,12 +903,12 @@ function getSelectedValue(elemID) {
function viewList(id, elemID, elemType) {
if (typeof elemType == "undefined") {
- elemType = "whitelist";
+ elemType = "passlist";
}
var url = "suricata_list_view.php?id=" + id + "&wlist=";
url = url + getSelectedValue(elemID) + "&type=" + elemType;
url = url + "&time=" + new Date().getTime();
- wopen(url, 'WhitelistViewer', 640, 480);
+ wopen(url, 'PassListViewer', 640, 480);
}
enable_change(false);
diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php
index b6616909..722bf47a 100644
--- a/config/suricata/suricata_list_view.php
+++ b/config/suricata/suricata_list_view.php
@@ -2,29 +2,29 @@
/*
* suricata_list_view.php
*
- Copyright (C) 2014 Bill Meeks
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
@@ -39,20 +39,24 @@ if (isset($_GET['id']) && is_numericint($_GET['id']))
$wlist = htmlspecialchars($_GET['wlist']);
$type = htmlspecialchars($_GET['type']);
+$title = "List";
if (isset($id) && isset($wlist)) {
- $a_rule = $config['installedpackages']['suricata']['rule'][$id];
+ $a_rule = $config['installedpackages']['suricataglobal']['rule'][$id];
if ($type == "homenet") {
$list = suricata_build_list($a_rule, $wlist);
$contents = implode("\n", $list);
+ $title = "HOME_NET";
}
- elseif ($type == "whitelist") {
+ elseif ($type == "passlist") {
$list = suricata_build_list($a_rule, $wlist, true);
$contents = implode("\n", $list);
+ $title = "Pass List";
}
elseif ($type == "suppress") {
$list = suricata_find_list($wlist, $type);
$contents = str_replace("\r", "", base64_decode($list['suppresspassthru']));
+ $title = "Suppress List";
}
else
$contents = gettext("\n\nERROR -- Requested List Type entity is not valid!");
@@ -60,29 +64,26 @@ if (isset($id) && isset($wlist)) {
else
$contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!");
-$pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer"));
+$pgtitle = array(gettext("Suricata"), gettext($title . " Viewer"));
?>
<?php include("head.inc");?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php if ($savemsg) print_info_box($savemsg); ?>
-<?php // include("fbegin.inc");?>
-<form action="suricata_list_view.php" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
<table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee">
<tr>
- <td class="pgtitle" colspan="2">Suricata: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td>
+ <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td>
</tr>
<tr>
<td align="left" width="20%">
<input type="button" class="formbtn" value="Return" onclick="window.close()">
</td>
<td align="right">
- <b><?php echo gettext(ucfirst($type) . ": ") . '</b>&nbsp;' . $_GET['wlist']; ?>&nbsp;&nbsp;&nbsp;&nbsp;
+ <b><?php echo gettext($title . ": ") . '</b>&nbsp;' . htmlspecialchars($_GET['wlist']); ?>&nbsp;&nbsp;&nbsp;&nbsp;
</td>
</tr>
<tr>
@@ -96,7 +97,5 @@ $pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer"));
</td>
</tr>
</table>
-</form>
-<?php // include("fend.inc");?>
</body>
</html>
diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php
index 53530881..bbde5aeb 100644
--- a/config/suricata/suricata_logs_browser.php
+++ b/config/suricata/suricata_logs_browser.php
@@ -129,10 +129,12 @@ if ($input_errors) {
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), true, "/suricata/suricata_logs_browser.php");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
@@ -162,7 +164,7 @@ if ($input_errors) {
<td width="78%" class="vtable">
<select name="logFile" id="logFile" class="formselect" onChange="loadFile();">
<?php
- $logs = array( "alerts.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" );
+ $logs = array( "alerts.log", "block.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" );
foreach ($logs as $log) {
$selected = "";
if ($log == basename($logfile))
diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php
index 7418dd80..577cd510 100644
--- a/config/suricata/suricata_logs_mgmt.php
+++ b/config/suricata/suricata_logs_mgmt.php
@@ -44,6 +44,8 @@ $pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'
$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
$pconfig['alert_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'];
$pconfig['alert_log_retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention'];
+$pconfig['block_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['block_log_limit_size'];
+$pconfig['block_log_retention'] = $config['installedpackages']['suricata']['config'][0]['block_log_retention'];
$pconfig['files_json_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'];
$pconfig['files_json_log_retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'];
$pconfig['http_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'];
@@ -54,6 +56,7 @@ $pconfig['tls_log_limit_size'] = $config['installedpackages']['suricata']['confi
$pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention'];
$pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'];
$pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'];
+$pconfig['file_store_retention'] = $config['installedpackages']['suricata']['config'][0]['file_store_retention'];
// Load up some arrays with selection values (we use these later).
// The keys in the $retentions array are the retention period
@@ -77,6 +80,8 @@ if (empty($pconfig['suricataloglimitsize'])) {
// Set default retention periods for rotated logs
if (empty($pconfig['alert_log_retention']))
$pconfig['alert_log_retention'] = "336";
+if (empty($pconfig['block_log_retention']))
+ $pconfig['block_log_retention'] = "336";
if (empty($pconfig['files_json_log_retention']))
$pconfig['files_json_log_retention'] = "168";
if (empty($pconfig['http_log_retention']))
@@ -87,10 +92,14 @@ if (empty($pconfig['tls_log_retention']))
$pconfig['tls_log_retention'] = "336";
if (empty($pconfig['u2_archive_log_retention']))
$pconfig['u2_archive_log_retention'] = "168";
+if (empty($pconfig['file_store_retention']))
+ $pconfig['file_store_retention'] = "168";
// Set default log file size limits
if (empty($pconfig['alert_log_limit_size']))
$pconfig['alert_log_limit_size'] = "500";
+if (empty($pconfig['block_log_limit_size']))
+ $pconfig['block_log_limit_size'] = "500";
if (empty($pconfig['files_json_log_limit_size']))
$pconfig['files_json_log_limit_size'] = "1000";
if (empty($pconfig['http_log_limit_size']))
@@ -119,6 +128,8 @@ if ($_POST["save"]) {
$config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize'];
$config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'] = $_POST['alert_log_limit_size'];
$config['installedpackages']['suricata']['config'][0]['alert_log_retention'] = $_POST['alert_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['block_log_limit_size'] = $_POST['block_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['block_log_retention'] = $_POST['block_log_retention'];
$config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'] = $_POST['files_json_log_limit_size'];
$config['installedpackages']['suricata']['config'][0]['files_json_log_retention'] = $_POST['files_json_log_retention'];
$config['installedpackages']['suricata']['config'][0]['http_log_limit_size'] = $_POST['http_log_limit_size'];
@@ -129,6 +140,7 @@ if ($_POST["save"]) {
$config['installedpackages']['suricata']['config'][0]['tls_log_retention'] = $_POST['tls_log_retention'];
$config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit'];
$config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['file_store_retention'] = $_POST['file_store_retention'];
write_config();
sync_suricata_package_config();
@@ -169,10 +181,12 @@ if ($input_errors)
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
$tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -276,6 +290,26 @@ if ($input_errors)
<td class="listbg"><?=gettext("Suricata alerts and event details");?></td>
</tr>
<tr>
+ <td class="listbg">block</td>
+ <td class="listr" align="center"><select name="block_log_limit_size" class="formselect" id="block_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['block_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="block_log_retention" class="formselect" id="block_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['block_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Suricata blocked IPs and event details");?></td>
+ </tr>
+ <tr>
<td class="listbg">files-json</td>
<td class="listr" align="center"><select name="files_json_log_limit_size" class="formselect" id="files_json_log_limit_size">
<?php foreach ($log_sizes as $k => $l): ?>
@@ -386,6 +420,19 @@ if ($input_errors)
</td>
</tr>
<tr>
+ <td class="vncell" width="22%" valign="top"><?=gettext("Captured Files Retention Period");?></td>
+ <td width="78%" class="vtable"><select name="file_store_retention" class="formselect" id="file_store_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['file_store_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;<?=gettext("Choose retention period for captured files in File Store. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/>
+ <?=gettext("When file capture and store is enabled, Suricata captures downloaded files from HTTP sessions and stores them, along with metadata, ") .
+ gettext("for later analysis. This setting determines how long files remain in the File Store folder before they are automatically deleted.");?>
+ </td>
+</tr>
+<tr>
<td width="22%"></td>
<td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/><br/>
<br/><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
@@ -402,6 +449,8 @@ function enable_change() {
var endis = !(document.iform.enable_log_mgmt.checked);
document.iform.alert_log_limit_size.disabled = endis;
document.iform.alert_log_retention.disabled = endis;
+ document.iform.block_log_limit_size.disabled = endis;
+ document.iform.block_log_retention.disabled = endis;
document.iform.files_json_log_limit_size.disabled = endis;
document.iform.files_json_log_retention.disabled = endis;
document.iform.http_log_limit_size.disabled = endis;
@@ -412,6 +461,7 @@ function enable_change() {
document.iform.tls_log_retention.disabled = endis;
document.iform.unified2_log_limit.disabled = endis;
document.iform.u2_archive_log_retention.disabled = endis;
+ document.iform.file_store_retention.disabled = endis;
}
function enable_change_dirSize() {
diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php
new file mode 100644
index 00000000..a42cc82f
--- /dev/null
+++ b/config/suricata/suricata_passlist.php
@@ -0,0 +1,195 @@
+<?php
+/*
+ * suricata_passlist.php
+ *
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+if (!is_array($config['installedpackages']['suricata']['passlist']))
+ $config['installedpackages']['suricata']['passlist'] = array();
+if (!is_array($config['installedpackages']['suricata']['passlist']['item']))
+ $config['installedpackages']['suricata']['passlist']['item'] = array();
+$a_passlist = &$config['installedpackages']['suricata']['passlist']['item'];
+
+// Calculate the next Pass List index ID
+if (isset($config['installedpackages']['suricata']['passlist']['item']))
+ $id_gen = count($config['installedpackages']['suricata']['passlist']['item']);
+else
+ $id_gen = '0';
+
+function suricata_is_passlist_used($list) {
+
+ /**********************************************
+ * This function tests the provided Pass List *
+ * to determine if it is assigned to an *
+ * interface. *
+ * *
+ * On Entry: $list -> Pass List name to test *
+ * *
+ * Returns: TRUE if Pass List is in use or *
+ * FALSE if not in use *
+ **********************************************/
+
+ global $config;
+
+ if (!is_array($config['installedpackages']['suricata']['rule']))
+ return FALSE;
+
+ foreach($config['installedpackages']['suricata']['rule'] as $v) {
+ if (isset($v['passlistname']) && $v['passlistname'] == $list)
+ return TRUE;
+ }
+ return FALSE;
+}
+
+if ($_POST['del'] && is_numericint($_POST['list_id'])) {
+ if ($a_passlist[$_POST['list_id']]) {
+ /* make sure list is not being referenced by any interface */
+ if (suricata_is_passlist_used($a_passlist[$_POST['list_id']]['name'])) {
+ $input_errors[] = gettext("This Pass List is currently assigned to a Suricata interface and cannot be deleted. Unassign it from all Suricata interfaces first.");
+ }
+ if (!$input_errors) {
+ unset($a_passlist[$_POST['list_id']]);
+ write_config("Suricata pkg: deleted PASS LIST.");
+ sync_suricata_package_config();
+ header("Location: /suricata/suricata_passlist.php");
+ exit;
+ }
+ }
+}
+
+$pgtitle = gettext("Suricata: Pass Lists");
+include_once("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php
+include_once("fbegin.inc");
+
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
+?>
+
+<form action="/suricata/suricata_passlist.php" method="post">
+<input type="hidden" name="list_id" id="list_id" value=""/>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
+ ?>
+ </td>
+</tr>
+<tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="25%" class="listhdrr">List Name</td>
+ <td width="30%" class="listhdrr">Assigned Alias</td>
+ <td class="listhdr">Description</td>
+ <td width="40px" class="list"></td>
+ </tr>
+ <?php foreach ($a_passlist as $i => $list): ?>
+ <tr>
+ <td class="listlr"
+ ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?></td>
+ <td class="listr"
+ ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';"
+ title="<?=filter_expand_alias($list['address']);?>">
+ <?php echo gettext($list['address']);?></td>
+ <td class="listbg"
+ ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="suricata_passlist_edit.php?id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit pass list"); ?>"></a>
+ </td>
+ <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this pass list? Click OK to continue or CANCEL to quit.)!");?>');"
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete pass list"); ?>"/>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a href="suricata_passlist_edit.php?id=<?php echo $id_gen;?> ">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("add a new pass list"); ?>"/></a>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+<br>
+<table width="100%" border="0" cellpadding="1"
+ cellspacing="1">
+ <tr>
+ <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span>
+ <p><?php echo gettext("1. Here you can create Pass List files for your Suricata package rules. Hosts on a Pass List are never blocked by Suricata."); ?><br/>
+ <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Suricata block decisions."); ?><br/>
+ <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/>
+ <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td>
+ </tr>
+ <tr>
+ <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Suricata on the interface for changes to take effect!"); ?></span></td>
+ </tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php
new file mode 100644
index 00000000..0e03ca41
--- /dev/null
+++ b/config/suricata/suricata_passlist_edit.php
@@ -0,0 +1,317 @@
+<?php
+/*
+ * suricata_passlist_edit.php
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+if ($_POST['cancel']) {
+ header("Location: /suricata/suricata_passlist.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['suricata']['passlist']))
+ $config['installedpackages']['suricata']['passlist'] = array();
+if (!is_array($config['installedpackages']['suricata']['passlist']['item']))
+ $config['installedpackages']['suricata']['passlist']['item'] = array();
+$a_passlist = &$config['installedpackages']['suricata']['passlist']['item'];
+
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+ $id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
+
+/* Should never be called without identifying list index, so bail */
+if (is_null($id)) {
+ header("Location: /suricata/suricata_interfaces_passlist.php");
+ exit;
+}
+
+/* If no entry for this passlist, then create a UUID and treat it like a new list */
+if (!isset($a_passlist[$id]['uuid'])) {
+ $passlist_uuid = 0;
+ while ($passlist_uuid > 65535 || $passlist_uuid == 0) {
+ $passlist_uuid = mt_rand(1, 65535);
+ $pconfig['uuid'] = $passlist_uuid;
+ $pconfig['name'] = "passlist_{$passlist_uuid}";
+ }
+} else
+ $passlist_uuid = $a_passlist[$id]['uuid'];
+
+/* returns true if $name is a valid name for a pass list file name or ip */
+function is_validpasslistname($name) {
+ if (!is_string($name))
+ return false;
+
+ if (!preg_match("/[^a-zA-Z0-9\_\.\/]/", $name))
+ return true;
+
+ return false;
+}
+
+if (isset($id) && $a_passlist[$id]) {
+ /* old settings */
+ $pconfig = array();
+ $pconfig['name'] = $a_passlist[$id]['name'];
+ $pconfig['uuid'] = $a_passlist[$id]['uuid'];
+ $pconfig['detail'] = $a_passlist[$id]['detail'];
+ $pconfig['address'] = $a_passlist[$id]['address'];
+ $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']);
+ $pconfig['localnets'] = $a_passlist[$id]['localnets'];
+ $pconfig['wanips'] = $a_passlist[$id]['wanips'];
+ $pconfig['wangateips'] = $a_passlist[$id]['wangateips'];
+ $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips'];
+ $pconfig['vips'] = $a_passlist[$id]['vips'];
+ $pconfig['vpnips'] = $a_passlist[$id]['vpnips'];
+}
+
+// Check for returned "selected alias" if action is import
+if ($_GET['act'] == "import") {
+ if ($_GET['varname'] == "address" && isset($_GET['varvalue']))
+ $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']);
+}
+
+if ($_POST['save']) {
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "name");
+ $reqdfieldsn = explode(",", "Name");
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if(strtolower($_POST['name']) == "defaultpasslist")
+ $input_errors[] = gettext("Pass List file names may not be named defaultpasslist.");
+
+ if (is_validpasslistname($_POST['name']) == false)
+ $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset.");
+
+ /* check for name conflicts */
+ foreach ($a_passlist as $w_list) {
+ if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list))
+ continue;
+
+ if ($w_list['name'] == $_POST['name']) {
+ $input_errors[] = gettext("A Pass List file name with this name already exists.");
+ break;
+ }
+ }
+
+ if ($_POST['address'])
+ if (!is_alias($_POST['address']))
+ $input_errors[] = gettext("A valid alias must be provided");
+
+ if (!$input_errors) {
+ $w_list = array();
+ /* post user input */
+ $w_list['name'] = $_POST['name'];
+ $w_list['uuid'] = $passlist_uuid;
+ $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no';
+ $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no';
+ $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no';
+ $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no';
+ $w_list['vips'] = $_POST['vips']? 'yes' : 'no';
+ $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no';
+
+ $w_list['address'] = $_POST['address'];
+ $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto");
+ $w_list['detail'] = $final_address_details;
+
+ if (isset($id) && $a_passlist[$id])
+ $a_passlist[$id] = $w_list;
+ else
+ $a_passlist[] = $w_list;
+
+ write_config("Snort pkg: modified PASS LIST {$w_list['name']}.");
+
+ /* create pass list and homenet file, then sync files */
+ sync_suricata_package_config();
+
+ header("Location: /suricata/suricata_passlist.php");
+ exit;
+ }
+}
+
+$pgtitle = gettext("Suricata: Pass List Edit - {$pconfig['name']}");
+include_once("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
+
+<?php
+include("fbegin.inc");
+if ($input_errors)
+ print_input_errors($input_errors);
+if ($savemsg)
+ print_info_box($savemsg);
+?>
+<script type="text/javascript" src="/javascript/autosuggest.js">
+</script>
+<script type="text/javascript" src="/javascript/suggestions.js">
+</script>
+<form action="suricata_passlist_edit.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>" />
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array, true);
+?>
+ </td>
+</tr>
+<tr><td><div id="mainarea">
+<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add the name and " .
+ "description of the file."); ?></td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq"><?php echo gettext("Name"); ?></td>
+ <td class="vtable"><input name="name" type="text" id="name" class="formfld unknown"
+ size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br />
+ <span class="vexpl"> <?php echo gettext("The list name may only consist of the " .
+ "characters \"a-z, A-Z, 0-9 and _\"."); ?>&nbsp;&nbsp;<span class="red"><?php echo gettext("Note:"); ?> </span>
+ <?php echo gettext("No Spaces or dashes."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Description"); ?></td>
+ <td width="78%" class="vtable"><input name="descr" type="text" class="formfld unknown"
+ id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br />
+ <span class="vexpl"> <?php echo gettext("You may enter a description here for your " .
+ "reference (not parsed)."); ?> </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add auto-generated IP Addresses."); ?></td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Networks"); ?></td>
+ <td width="78%" class="vtable"><input name="localnets" type="checkbox"
+ id="localnets" size="40" value="yes"
+ <?php if($pconfig['localnets'] == 'yes'){ echo "checked";} if($pconfig['localnets'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add firewall Local Networks to the list (excluding WAN)."); ?> </span></td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN IPs"); ?></td>
+ <td width="78%" class="vtable"><input name="wanips" type="checkbox"
+ id="wanips" size="40" value="yes"
+ <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add WAN interface IPs to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN Gateways"); ?></td>
+ <td width="78%" class="vtable"><input name="wangateips"
+ type="checkbox" id="wangateips" size="40" value="yes"
+ <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add WAN Gateways to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN DNS servers"); ?></td>
+ <td width="78%" class="vtable"><input name="wandnsips"
+ type="checkbox" id="wandnsips" size="40" value="yes"
+ <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add WAN DNS servers to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Virtual IP Addresses"); ?></td>
+ <td width="78%" class="vtable"><input name="vips" type="checkbox"
+ id="vips" size="40" value="yes"
+ <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add Virtual IP Addresses to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("VPNs"); ?></td>
+ <td width="78%" class="vtable"><input name="vpnips" type="checkbox"
+ id="vpnips" size="40" value="yes"
+ <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> />
+ <span class="vexpl"> <?php echo gettext("Add VPN Addresses to the list."); ?> </span></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add custom IP Addresses from configured Aliases."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">
+ <?php echo gettext("Assigned Aliases:"); ?>
+ </td>
+ <td width="78%" class="vtable">
+ <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>"
+ title="<?=trim(filter_expand_alias($pconfig['address']));?>"/>
+ &nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ title="<?php echo gettext("Select an existing IP alias");?>"/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input id="save" name="save" type="submit" class="formbtn" value="Save" />
+ <input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" />
+ </td>
+ </tr>
+</table>
+</div>
+</td></tr>
+</table>
+</form>
+<script type="text/javascript">
+<?php
+ $isfirst = 0;
+ $aliases = "";
+ $addrisfirst = 0;
+ $aliasesaddr = "";
+ if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias']))
+ foreach($config['aliases']['alias'] as $alias_name) {
+ if ($alias_name['type'] != "host" && $alias_name['type'] != "network")
+ continue;
+ if($addrisfirst == 1) $aliasesaddr .= ",";
+ $aliasesaddr .= "'" . $alias_name['name'] . "'";
+ $addrisfirst = 1;
+ }
+?>
+ var addressarray=new Array(<?php echo $aliasesaddr; ?>);
+
+function createAutoSuggest() {
+<?php
+ echo "objAlias = new AutoSuggestControl(document.getElementById('address'), new StateSuggestions(addressarray));\n";
+?>
+}
+
+setTimeout("createAutoSuggest();", 500);
+
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index 5883ed8e..3c412152 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -385,14 +385,16 @@ if ($savemsg) {
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");;
@@ -404,7 +406,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index e607acc1..1259a5a7 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -250,14 +250,16 @@ if ($savemsg) {
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
@@ -269,7 +271,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
diff --git a/config/suricata/suricata_select_alias.php b/config/suricata/suricata_select_alias.php
new file mode 100644
index 00000000..527412d1
--- /dev/null
+++ b/config/suricata/suricata_select_alias.php
@@ -0,0 +1,241 @@
+<?php
+/* $Id$ */
+/*
+ suricata_select_alias.php
+ Copyright (C) 2014 Bill Meeks
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require_once("functions.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+// Need to keep track of who called us so we can return to the correct page
+// when the SAVE button is clicked. On initial entry, a GET variable is
+// passed with the referrer's URL encoded within. That value is saved and
+// used when SAVE or CANCEL is clicked to return to the referring page.
+//
+
+// Retrieve the QUERY STRING of the original referrer so we can return it.
+// On the initial pass, we will save it in a hidden POST field so we won't
+// overwrite it on subsequent POST-BACKs to this page.
+if (!isset($_POST['org_querystr']))
+ $querystr = $_SERVER['QUERY_STRING'];
+else
+ $querystr = $_POST['org_querystr'];
+
+// Retrieve any passed QUERY STRING or POST variables
+if (isset($_POST['type']))
+ $type = $_POST['type'];
+elseif (isset($_GET['type']))
+ $type = htmlspecialchars($_GET['type']);
+
+if (isset($_POST['varname']))
+ $varname = $_POST['varname'];
+elseif (isset($_GET['varname']))
+ $varname = htmlspecialchars($_GET['varname']);
+
+if (isset($_POST['multi_ip']))
+ $multi_ip = $_POST['multi_ip'];
+elseif (isset($_GET['multi_ip']))
+ $multi_ip = htmlspecialchars($_GET['multi_ip']);
+
+if (isset($_POST['returl']))
+ $referrer = urldecode($_POST['returl']);
+elseif (isset($_GET['returl']))
+ $referrer = urldecode($_GET['returl']);
+
+// Make sure we have a valid VARIABLE name
+// and ALIAS TYPE, or else bail out.
+if (is_null($type) || is_null($varname)) {
+ header("Location: http://{$referrer}?{$querystr}");
+ exit;
+}
+
+// Used to track if any selectable Aliases are found
+$selectablealias = false;
+
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
+// Create an array consisting of the Alias types the
+// caller wants to select from.
+$a_types = array();
+$a_types = explode('|', strtolower($type));
+
+// Create a proper title based on the Alias types
+$title = "a";
+switch (count($a_types)) {
+ case 1:
+ $title .= " " . ucfirst($a_types[0]);
+ break;
+
+ case 2:
+ $title .= " " . ucfirst($a_types[0]) . " or " . ucfirst($a_types[1]);
+ break;
+
+ case 3:
+ $title .= " " . ucfirst($a_types[0]) . ", " . ucfirst($a_types[1]) . " or " . ucfirst($a_types[2]);
+
+ default:
+ $title = "n";
+}
+
+if ($_POST['cancel']) {
+ header("Location: {$referrer}?{$querystr}");
+ exit;
+}
+
+if ($_POST['save']) {
+ if(empty($_POST['alias']))
+ $input_errors[] = gettext("No alias is selected. Please select an alias before saving.");
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ $selection = $_POST['alias'];
+ header("Location: {$referrer}?{$querystr}&varvalue={$selection}");
+ exit;
+ }
+}
+
+$pgtitle = gettext("Suricata: Select {$title} Alias");
+include("head.inc");
+
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<form action="suricata_select_alias.php" method="post">
+<input type="hidden" name="varname" value="<?=$varname;?>"/>
+<input type="hidden" name="type" value="<?=$type;?>"/>
+<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/>
+<input type="hidden" name="returl" value="<?=$referrer;?>"/>
+<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<div id="boxarea">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+ <td class="tabcont"><strong><?=gettext("Select an Alias to use from the list below.");?></strong><br/>
+ </td>
+</tr>
+<tr>
+ <td class="tabcont">
+ <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <colgroup>
+ <col width="5%" align="center">
+ <col width="25%" align="left" axis="string">
+ <col width="35%" align="left" axis="string">
+ <col width="35%" align="left" axis="string">
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"></th>
+ <th class="listhdrr" axis="string"><?=gettext("Alias Name"); ?></th>
+ <th class="listhdrr" axis="string"><?=gettext("Values"); ?></th>
+ <th class="listhdrr" axis="string"><?=gettext("Description"); ?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php $i = 0; foreach ($a_aliases as $alias): ?>
+ <?php if (!in_array($alias['type'], $a_types))
+ continue;
+ if ( ($alias['type'] == "network" || $alias['type'] == "host") &&
+ $multi_ip != "yes" &&
+ !suricata_is_single_addr_alias($alias['name'])) {
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $disable = true;
+ $tooltip = gettext("Aliases resolving to multiple address entries cannot be used with the destination target.");
+ }
+ elseif (($alias['type'] == "network" || $alias['type'] == "host") &&
+ trim(filter_expand_alias($alias['name'])) == "") {
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ $disable = true;
+ $tooltip = gettext("Aliases representing a FQDN host cannot be used in Suricata configurations.");
+ }
+ else {
+ $textss = "";
+ $textse = "";
+ $disable = "";
+ $selectablealias = true;
+ $tooltip = gettext("Selected entry will be imported. Click to toggle selection.");
+ }
+ ?>
+ <?php if ($disable): ?>
+ <tr title="<?=$tooltip;?>">
+ <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
+ <?php else: ?>
+ <tr>
+ <td class="listlr" align="center"><input type="radio" name="alias" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
+ <?php endif; ?>
+ <td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td>
+ <td class="listr" align="left">
+ <?php
+ $tmpaddr = explode(" ", $alias['address']);
+ $addresses = implode(", ", array_slice($tmpaddr, 0, 10));
+ echo "{$textss}{$addresses}{$textse}";
+ if(count($tmpaddr) > 10) {
+ echo "...";
+ }
+ ?>
+ </td>
+ <td class="listbg" align="left">
+ <?=$textss . htmlspecialchars($alias['descr']) . $textse;?>&nbsp;
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ </table>
+ </td>
+</tr>
+<?php if (!$selectablealias): ?>
+<tr>
+ <td class="tabcont" align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for selection.");?></b></td>
+</tr>
+<tr>
+ <td class="tabcont" align="center">
+ <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+ </td>
+</tr>
+<?php else: ?>
+<tr>
+ <td class="tabcont" align="center">
+ <input type="Submit" name="save" value="Save" id="save" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;&nbsp;
+ <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+ </td>
+</tr>
+<?php endif; ?>
+<tr>
+ <td class="tabcont">
+ <span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br></strong></span><?=gettext("Fully-Qualified Domain Name (FQDN) host Aliases cannot be used as Suricata configuration parameters. Aliases resolving to a single FQDN value are disabled in the list above. In the case of nested Aliases where one or more of the nested values is a FQDN host, the FQDN host will not be included in the {$title} configuration.");?></span>
+ </td>
+</tr>
+</table>
+</div>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php
index 1b833276..963486a1 100644
--- a/config/suricata/suricata_suppress.php
+++ b/config/suricata/suricata_suppress.php
@@ -123,10 +123,12 @@ if ($input_errors) {
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td>
</tr>
diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php
index aad67a95..25a47c87 100644
--- a/config/suricata/suricata_suppress_edit.php
+++ b/config/suricata/suricata_suppress_edit.php
@@ -144,10 +144,12 @@ if ($savemsg)
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc
index 07ada36e..4ced9059 100644
--- a/config/suricata/suricata_yaml_template.inc
+++ b/config/suricata/suricata_yaml_template.inc
@@ -29,6 +29,14 @@ default-log-dir: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}
# Configure the type of alert (and other) logging.
outputs:
+ # alert_pf blocking plugin
+ - alert-pf:
+ enabled: {$suri_blockoffenders}
+ kill-state: {$suri_killstates}
+ pass-list: {$suri_passlist}
+ block-ip: {$suri_blockip}
+ pf-table: {$suri_pf_table}
+
# a line based alerts log similar to Snort's fast.log
- fast:
enabled: yes
@@ -99,7 +107,7 @@ outputs:
force-md5: {$json_log_md5}
# Magic file. The extension .mgc is added to the value here.
-magic-file: {$suricatacfgdir}/magic
+magic-file: /usr/share/misc/magic
# Specify a threshold config file
threshold-file: {$suricatacfgdir}/threshold.config