diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-03-19 17:24:00 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-03-19 17:24:00 -0400 |
commit | 5cb08a96dec952ae6e1fd657e6940ea79af4f8d8 (patch) | |
tree | 3785b260aa6654f8cca35bab5b188f2cd86cb9f8 /config/suricata | |
parent | 96899344ac872f5e811ea5394192c7c233457124 (diff) | |
download | pfsense-packages-5cb08a96dec952ae6e1fd657e6940ea79af4f8d8.tar.gz pfsense-packages-5cb08a96dec952ae6e1fd657e6940ea79af4f8d8.tar.bz2 pfsense-packages-5cb08a96dec952ae6e1fd657e6940ea79af4f8d8.zip |
Add new Log Mgmt tab link and improve parameter checking.
Diffstat (limited to 'config/suricata')
-rw-r--r-- | config/suricata/suricata_alerts.php | 8 | ||||
-rw-r--r-- | config/suricata/suricata_app_parsers.php | 7 | ||||
-rw-r--r-- | config/suricata/suricata_barnyard.php | 27 | ||||
-rw-r--r-- | config/suricata/suricata_define_vars.php | 6 | ||||
-rw-r--r-- | config/suricata/suricata_download_updates.php | 1 | ||||
-rw-r--r-- | config/suricata/suricata_flow_stream.php | 6 | ||||
-rw-r--r-- | config/suricata/suricata_global.php | 60 | ||||
-rw-r--r-- | config/suricata/suricata_interfaces.php | 1 | ||||
-rw-r--r-- | config/suricata/suricata_interfaces_edit.php | 8 | ||||
-rw-r--r-- | config/suricata/suricata_list_view.php | 10 | ||||
-rw-r--r-- | config/suricata/suricata_logs_browser.php | 7 | ||||
-rw-r--r-- | config/suricata/suricata_rules.php | 3 | ||||
-rw-r--r-- | config/suricata/suricata_rules_flowbits.php | 2 | ||||
-rw-r--r-- | config/suricata/suricata_rulesets.php | 6 | ||||
-rw-r--r-- | config/suricata/suricata_suppress.php | 1 | ||||
-rw-r--r-- | config/suricata/suricata_suppress_edit.php | 13 |
16 files changed, 59 insertions, 107 deletions
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index 99241b7e..01d4daeb 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -121,11 +121,12 @@ function suricata_add_supplist_entry($suppress) { return false; } -if (is_numericint($_POST['instance'])) +if (isset($_POST['instance']) && is_numericint($_POST['instance'])) $instanceid = $_POST['instance']; // This is for the auto-refresh so we can stay on the same interface -if (is_numericint($_GET['instance'])) +elseif (isset($_GET['instance']) && is_numericint($_GET['instance'])) $instanceid = $_GET['instance']; + if (is_null($instanceid)) $instanceid = 0; @@ -355,7 +356,8 @@ if ($savemsg) { $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index e8f20226..8d0bb4f4 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -33,9 +33,11 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); global $g, $rebuild_rules; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) $id = 0; @@ -397,6 +399,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); echo '</td></tr>'; echo '<tr><td>'; diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php index e71dc261..850e4bed 100644 --- a/config/suricata/suricata_barnyard.php +++ b/config/suricata/suricata_barnyard.php @@ -33,9 +33,11 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); global $g, $rebuild_rules; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + if (is_null($id)) { header("Location: /suricata/suricata_interfaces.php"); exit; @@ -55,8 +57,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['barnyard_dbpwd'] = base64_decode($a_nat[$id]['barnyard_dbpwd']); if (empty($a_nat[$id]['barnyard_show_year'])) $pconfig['barnyard_show_year'] = "on"; - if (empty($a_nat[$id]['unified2_log_limit'])) - $pconfig['unified2_log_limit'] = "32"; if (empty($a_nat[$id]['barnyard_archive_enable'])) $pconfig['barnyard_archive_enable'] = "on"; if (empty($a_nat[$id]['barnyard_obfuscate_ip'])) @@ -85,12 +85,6 @@ if ($_POST['save']) { $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on") $input_errors[] = gettext("You must enable at least one output option when using Barnyard2."); - // Validate unified2 log file limit - if ($_POST['barnyard_enable'] == 'on') { - if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1) - $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be a valid integer greater than zero."); - } - // Validate Sensor ID is a valid integer if ($_POST['barnyard_enable'] == 'on') { if (!is_numericint($_POST['barnyard_sensor_id']) || $_POST['barnyard_sensor_id'] < 0) @@ -144,7 +138,6 @@ if ($_POST['save']) { if ($_POST['barnyard_sensor_id']) $natent['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; else $natent['barnyard_sensor_id'] = '0'; if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']); - if ($_POST['unified2_log_limit']) $natent['unified2_log_limit'] = $_POST['unified2_log_limit']; else unset($natent['unified2_log_limit']); if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']); if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']); if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']); @@ -201,6 +194,7 @@ if ($_POST['save']) { $pconfig['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; $pconfig['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable']; + $pconfig['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; $pconfig['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; $pconfig['barnyard_dbhost'] = $_POST['barnyard_dbhost']; $pconfig['barnyard_dbname'] = $_POST['barnyard_dbname']; @@ -247,6 +241,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -284,15 +279,6 @@ include_once("head.inc"); </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td> - <td width="78%" class="vtable"> - <input name="unified2_log_limit" type="text" class="formfld unknown" - id="unified2_log_limit" size="25" value="<?=htmlspecialchars($pconfig['unified2_log_limit']);?>"/> - <?php echo gettext("Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/> - <?php echo gettext("This sets the maximum size for a unified2 log file before it is rotated and a new one created."); ?> - </td> - </tr> - <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Archive Unified2 Logs"); ?></td> <td width="78%" class="vtable"> <input name="barnyard_archive_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_archive_enable'] == "on") echo "checked"; ?>/> @@ -590,7 +576,6 @@ function enable_change(enable_change) { endis = !(document.iform.barnyard_enable.checked || enable_change); // make sure a default answer is called if this is invoked. endis2 = (document.iform.barnyard_enable); - document.iform.unified2_log_limit.disabled = endis; document.iform.barnyard_archive_enable.disabled = endis; document.iform.barnyard_show_year.disabled = endis; document.iform.barnyard_dump_payload.disabled = endis; diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php index e130e555..22b8ab3c 100644 --- a/config/suricata/suricata_define_vars.php +++ b/config/suricata/suricata_define_vars.php @@ -34,9 +34,10 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); global $g, $rebuild_rules; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); if (is_null($id)) { header("Location: /suricata/suricata_interfaces.php"); exit; @@ -163,6 +164,7 @@ if ($savemsg) $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php index bae467e4..188255c8 100644 --- a/config/suricata/suricata_download_updates.php +++ b/config/suricata/suricata_download_updates.php @@ -178,6 +178,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); ?> </td></tr> diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index 1a65ddfd..cc00f350 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -33,9 +33,10 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); global $g, $rebuild_rules; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); if (is_null($id)) $id=0; @@ -443,6 +444,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); echo '</td></tr>'; echo '<tr><td>'; diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php index 99abc49b..938d6a97 100644 --- a/config/suricata/suricata_global.php +++ b/config/suricata/suricata_global.php @@ -41,23 +41,15 @@ $pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['e $pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']; $pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']; $pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked']; -$pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimit']; -$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']; $pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate']; $pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime']; $pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates']; $pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog']; -$pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs']; $pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings']; $pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules']; -if (empty($pconfig['suricataloglimit'])) - $pconfig['suricataloglimit'] = 'on'; if (empty($pconfig['autoruleupdatetime'])) $pconfig['autoruleupdatetime'] = '00:30'; -if (empty($pconfig['suricataloglimitsize'])) - // Set limit to 20% of slice that is unused */ - $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024); if ($_POST['autoruleupdatetime']) { if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime'])) @@ -116,18 +108,7 @@ if (!$input_errors) { $config['installedpackages']['suricata']['config'][0]['oinkcode'] = $_POST['oinkcode']; $config['installedpackages']['suricata']['config'][0]['etprocode'] = $_POST['etprocode']; - $config['installedpackages']['suricata']['config'][0]['rm_blocked'] = $_POST['rm_blocked']; - if ($_POST['suricataloglimitsize']) { - $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = $_POST['suricataloglimit']; - $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize']; - } else { - $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = 'on'; - - /* code will set limit to 21% of slice that is unused */ - $suricataloglimitDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .22 / 1024); - $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $suricataloglimitDSKsize; - } $config['installedpackages']['suricata']['config'][0]['autoruleupdate'] = $_POST['autoruleupdate']; /* Check and adjust format of Rule Update Starttime string to add colon and leading zero if necessary */ @@ -139,7 +120,6 @@ if (!$input_errors) { $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT); $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off'; - $config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; $retval = 0; @@ -190,6 +170,7 @@ if ($input_errors) $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); ?> </td></tr> @@ -323,39 +304,6 @@ if ($input_errors) <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> </tr> -<tr> -<?php $suricatalogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " . - "Limit"); ?><br/> - <br/> - <br/> - <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/> - <?php echo gettext("Available space is"); ?> <strong><?php echo $suricatalogCurrentDSKsize; ?> MB</strong></td> - <td width="78%" class="vtable"> - <table cellpadding="0" cellspacing="0"> - <tr> - <td colspan="2"><input name="suricataloglimit" type="radio" id="suricataloglimit" value="on" - <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?>/><span class="vexpl"> - <strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</span></td> - </tr> - <tr> - <td colspan="2"><input name="suricataloglimit" type="radio" id="suricataloglimit" value="off" - <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?>/> <span class="vexpl"><strong><?php echo gettext("Disable"); ?></strong> - <?php echo gettext("directory size limit"); ?></span><br/> - <br/> - <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("Nanobsd " . - "should use no more than 10MB of space."); ?></td> - </tr> - </table> - <table width="100%" border="0" cellpadding="2" cellspacing="0"> - <tr> - <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?> - <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>"/> - <?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td> - </tr> - </table> - </td> -</tr> <tr style="display:none;"> <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts Interval"); ?></td> <td width="78%" class="vtable"> @@ -378,12 +326,6 @@ if ($input_errors) <?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Suricata Log Files After Deinstall"); ?></td> - <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes" - <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo " checked"; ?>/> - <?php echo gettext("Suricata log files will be removed during package deinstallation."); ?></td> -</tr> -<tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Suricata Settings After Deinstall"); ?></td> <td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes" <?php if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings']=="on") echo " checked"; ?>/> diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php index 5e5d8c44..e8125986 100644 --- a/config/suricata/suricata_interfaces.php +++ b/config/suricata/suricata_interfaces.php @@ -166,6 +166,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); ?> </td> diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 389566a2..fbb78aa2 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -40,9 +40,9 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); $a_rule = &$config['installedpackages']['suricata']['rule']; -if ($_POST['id']) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -elseif ($_GET['id']); +elseif (isset($_GET['id']) && is_numericint($_GET['id'])); $id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401); if (is_null($id)) @@ -81,6 +81,9 @@ elseif (isset($id) && !isset($a_rule[$id])) { foreach ($ifaces as $i) { if (!in_array($i, $ifrules)) { $pconfig['interface'] = $i; + $pconfig['enable'] = 'on'; + $pconfig['descr'] = strtoupper($i); + $pconfig['inspect_recursion_limit'] = '3000'; break; } } @@ -333,6 +336,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php index 2ff121f2..b6616909 100644 --- a/config/suricata/suricata_list_view.php +++ b/config/suricata/suricata_list_view.php @@ -34,9 +34,11 @@ global $g, $config; $contents = ''; -$id = $_GET['id']; -$wlist = $_GET['wlist']; -$type = $_GET['type']; +if (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +$wlist = htmlspecialchars($_GET['wlist']); +$type = htmlspecialchars($_GET['type']); if (isset($id) && isset($wlist)) { $a_rule = $config['installedpackages']['suricata']['rule'][$id]; @@ -86,7 +88,7 @@ $pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer")); <tr> <td colspan="2" valign="top" class="label"> <div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. --> - <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea> + <textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea> </div> </td> </tr> diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php index f9c34ed0..53530881 100644 --- a/config/suricata/suricata_logs_browser.php +++ b/config/suricata/suricata_logs_browser.php @@ -30,10 +30,10 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); -if ($_POST['instance']) +if (isset($_POST['instance']) && is_numericint($_POST['instance'])) $instanceid = $_POST['instance']; -if ($_GET['instance']) - $instanceid = $_GET['instance']; +elseif (isset($_GET['instance']) && is_numericint($_GET['instance'])) + $instanceid = htmlspecialchars($_GET['instance']); if (empty($instanceid)) $instanceid = 0; @@ -131,6 +131,7 @@ if ($input_errors) { $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), true, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); ?> </td> diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index 567c29ea..5883ed8e 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -40,7 +40,7 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); $a_rule = &$config['installedpackages']['suricata']['rule']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; elseif (isset($_GET['id']) && is_numericint($_GET['id'])) $id = htmlspecialchars($_GET['id']); @@ -391,6 +391,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php index 6470ff4b..1907cbeb 100644 --- a/config/suricata/suricata_rules_flowbits.php +++ b/config/suricata/suricata_rules_flowbits.php @@ -41,7 +41,7 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) { } $a_nat = &$config['installedpackages']['suricata']['rule']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; elseif (isset($_GET['id']) && is_numericint($_GET['id'])) $id = htmlspecialchars($_GET['id']); diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php index 4365de4b..e607acc1 100644 --- a/config/suricata/suricata_rulesets.php +++ b/config/suricata/suricata_rulesets.php @@ -44,9 +44,10 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) { } $a_nat = &$config['installedpackages']['suricata']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); if (is_null($id)) $id = 0; @@ -255,6 +256,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php index 12227f3d..1b833276 100644 --- a/config/suricata/suricata_suppress.php +++ b/config/suricata/suricata_suppress.php @@ -125,6 +125,7 @@ if ($input_errors) { $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); ?> </td> diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php index 3d5bad27..aad67a95 100644 --- a/config/suricata/suricata_suppress_edit.php +++ b/config/suricata/suricata_suppress_edit.php @@ -40,9 +40,10 @@ if (!is_array($config['installedpackages']['suricata']['suppress']['item'])) $config['installedpackages']['suricata']['suppress']['item'] = array(); $a_suppress = &$config['installedpackages']['suricata']['suppress']['item']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); /* returns true if $name is a valid name for a whitelist file name or ip */ function is_validwhitelistname($name) { @@ -69,7 +70,7 @@ if (isset($id) && $a_suppress[$id]) { $pconfig['uuid'] = uniqid(); } -if ($_POST['submit']) { +if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -139,11 +140,13 @@ if ($savemsg) <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); display_top_tabs($tab_array); ?> </td></tr> @@ -193,7 +196,7 @@ if ($savemsg) </td> </tr> <tr> - <td colspan="2"><input id="submit" name="submit" type="submit" + <td colspan="2"><input id="save" name="save" type="submit" class="formbtn" value="Save" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?> |