aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/archive/jail_template.xml (renamed from config/jail_template.xml)0
-rw-r--r--config/archive/jail_template/jail_template.img.uzip (renamed from config/jail_template/jail_template.img.uzip)bin63200768 -> 63200768 bytes
-rw-r--r--config/archive/jail_template/jail_template.inc (renamed from config/jail_template/jail_template.inc)0
-rw-r--r--config/archive/jailctl.xml (renamed from config/jailctl.xml)0
-rwxr-xr-xconfig/archive/jailctl/jailctl (renamed from config/jailctl/jailctl)0
-rw-r--r--config/archive/jailctl/jailctl-utils.inc (renamed from config/jailctl/jailctl-utils.inc)0
-rw-r--r--config/archive/jailctl/jailctl.inc (renamed from config/jailctl/jailctl.inc)0
-rw-r--r--config/archive/jailctl/jailctl.xml (renamed from config/jailctl/jailctl.xml)0
-rw-r--r--config/archive/jailctl/jailctl_defaults.xml (renamed from config/jailctl/jailctl_defaults.xml)0
-rw-r--r--config/archive/jailctl/jailctl_list.inc (renamed from config/jailctl/jailctl_list.inc)0
-rw-r--r--config/archive/jailctl/jailctl_settings.xml (renamed from config/jailctl/jailctl_settings.xml)0
-rwxr-xr-xconfig/archive/jailctl/sysinstall (renamed from config/jailctl/sysinstall)bin447888 -> 447888 bytes
-rw-r--r--config/sarg/sarg.inc2
-rw-r--r--config/suricata/suricata.inc9
-rw-r--r--config/suricata/suricata.xml2
-rw-r--r--config/suricata/suricata_alerts.php2
-rw-r--r--config/suricata/suricata_barnyard.php2
-rw-r--r--config/suricata/suricata_interfaces.php45
-rw-r--r--config/suricata/suricata_interfaces_edit.php55
-rw-r--r--config/suricata/suricata_logs_browser.php17
-rw-r--r--config/suricata/suricata_passlist_edit.php7
-rw-r--r--config/suricata/suricata_post_install.php6
-rw-r--r--config/suricata/suricata_suppress_edit.php7
-rw-r--r--config/suricata/suricata_uninstall.php7
-rw-r--r--config/suricata/suricata_yaml_template.inc2
-rw-r--r--pkg_config.10.xml36
-rw-r--r--pkg_config.8.xml36
-rw-r--r--pkg_config.8.xml.amd6434
28 files changed, 141 insertions, 128 deletions
diff --git a/config/jail_template.xml b/config/archive/jail_template.xml
index fc6b2502..fc6b2502 100644
--- a/config/jail_template.xml
+++ b/config/archive/jail_template.xml
diff --git a/config/jail_template/jail_template.img.uzip b/config/archive/jail_template/jail_template.img.uzip
index 1c92fb90..1c92fb90 100644
--- a/config/jail_template/jail_template.img.uzip
+++ b/config/archive/jail_template/jail_template.img.uzip
Binary files differ
diff --git a/config/jail_template/jail_template.inc b/config/archive/jail_template/jail_template.inc
index f9c00b79..f9c00b79 100644
--- a/config/jail_template/jail_template.inc
+++ b/config/archive/jail_template/jail_template.inc
diff --git a/config/jailctl.xml b/config/archive/jailctl.xml
index ab6cf1e3..ab6cf1e3 100644
--- a/config/jailctl.xml
+++ b/config/archive/jailctl.xml
diff --git a/config/jailctl/jailctl b/config/archive/jailctl/jailctl
index 542c2db6..542c2db6 100755
--- a/config/jailctl/jailctl
+++ b/config/archive/jailctl/jailctl
diff --git a/config/jailctl/jailctl-utils.inc b/config/archive/jailctl/jailctl-utils.inc
index 36c50d23..36c50d23 100644
--- a/config/jailctl/jailctl-utils.inc
+++ b/config/archive/jailctl/jailctl-utils.inc
diff --git a/config/jailctl/jailctl.inc b/config/archive/jailctl/jailctl.inc
index d6b7344c..d6b7344c 100644
--- a/config/jailctl/jailctl.inc
+++ b/config/archive/jailctl/jailctl.inc
diff --git a/config/jailctl/jailctl.xml b/config/archive/jailctl/jailctl.xml
index 4c96f88d..4c96f88d 100644
--- a/config/jailctl/jailctl.xml
+++ b/config/archive/jailctl/jailctl.xml
diff --git a/config/jailctl/jailctl_defaults.xml b/config/archive/jailctl/jailctl_defaults.xml
index c499abcb..c499abcb 100644
--- a/config/jailctl/jailctl_defaults.xml
+++ b/config/archive/jailctl/jailctl_defaults.xml
diff --git a/config/jailctl/jailctl_list.inc b/config/archive/jailctl/jailctl_list.inc
index d1869bd6..d1869bd6 100644
--- a/config/jailctl/jailctl_list.inc
+++ b/config/archive/jailctl/jailctl_list.inc
diff --git a/config/jailctl/jailctl_settings.xml b/config/archive/jailctl/jailctl_settings.xml
index ae09adaf..ae09adaf 100644
--- a/config/jailctl/jailctl_settings.xml
+++ b/config/archive/jailctl/jailctl_settings.xml
diff --git a/config/jailctl/sysinstall b/config/archive/jailctl/sysinstall
index d4a05fb1..d4a05fb1 100755
--- a/config/jailctl/sysinstall
+++ b/config/archive/jailctl/sysinstall
Binary files differ
diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc
index 1a4db315..2788dab9 100644
--- a/config/sarg/sarg.inc
+++ b/config/sarg/sarg.inc
@@ -354,7 +354,7 @@ function sync_package_sarg() {
else
$new_cron['item'][]=$cron;
}
- $cron_cmd="/usr/local/bin/php /usr/local/www/sarg.php";
+ $cron_cmd="/usr/local/bin/php --no-header /usr/local/www/sarg.php";
$sarg_schedule_id=0;
if (is_array($config['installedpackages']['sargschedule']['config']))
foreach ($config['installedpackages']['sargschedule']['config'] as $sarg_schedule){
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc
index c767f2d0..89bb572f 100644
--- a/config/suricata/suricata.inc
+++ b/config/suricata/suricata.inc
@@ -60,7 +60,12 @@ define('SURICATA_PKG_VER', $suricata_package_version);
define('SURICATA_PF_TABLE', 'snort2c');
// Create some other useful defines
-define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/');
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version >= 2.2)
+ define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/local/etc/suricata/');
+else
+ define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/');
+
define('SURICATALOGDIR', '/var/log/suricata/');
define('RULES_UPD_LOGFILE', SURICATALOGDIR . 'suricata_rules_update.log');
define('ENFORCING_RULES_FILENAME', 'suricata.rules');
@@ -933,7 +938,7 @@ function suricata_build_sid_msg_map($rules_path, $sid_file) {
natcasesort($sidMap);
// Now print the result to the supplied file
- @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Snort.\n\n");
+ @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Suricata.\n\n");
@file_put_contents($sid_file, array_values($sidMap), FILE_APPEND);
}
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index 1a64d619..a2acd49e 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -51,7 +51,7 @@
<description>Suricata IDS/IPS Package</description>
<requirements>None</requirements>
<name>suricata</name>
- <version>1.4.6 pkg v1.0</version>
+ <version>1.4.6 pkg v1.0.2</version>
<title>Services: Suricata IDS</title>
<include_file>/usr/local/pkg/suricata/suricata.inc</include_file>
<menu>
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 07e4eb1f..2f0f114f 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -410,7 +410,7 @@ if ($savemsg) {
<td width="78%" class="vtable">
<input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/>
&nbsp;<?php echo gettext('Refresh');?>&nbsp;&nbsp;<input name="arefresh" type="checkbox" value="on"
- <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/>
+ <?php if ($config['installedpackages']['suricata']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/>
<?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>&nbsp;&nbsp;
<input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/>
&nbsp;<?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?>
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index d4afe4f4..c7488fe4 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -86,8 +86,6 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['barnyard_bro_ids_dport'] = "47760";
if (empty($a_nat[$id]['barnyard_sensor_id']))
$pconfig['barnyard_sensor_id'] = "0";
- if (empty($a_nat[$id]['barnyard_sensor_name']))
- $pconfig['barnyard_sensor_name'] = php_uname("n");
}
if ($_POST['save']) {
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 26d57b71..205a872b 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -57,6 +57,10 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
$a_nat = &$config['installedpackages']['suricata']['rule'];
$id_gen = count($config['installedpackages']['suricata']['rule']);
+// Get list of configured firewall interfaces
+$ifaces = get_configured_interface_list();
+
+
if ($_POST['del_x']) {
/* delete selected interfaces */
if (is_array($_POST['rule'])) {
@@ -207,9 +211,22 @@ include_once("head.inc");
<th class="listhdrr"><?php echo gettext("Block"); ?></th>
<th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th>
<th class="listhdr"><?php echo gettext("Description"); ?></th>
- <th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>">
- <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a>
+ <th class="list">
+ <?php if ($id_gen < count($ifaces)): ?>
+ <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a>
+ <?php else: ?>
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0"
+ title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>">
+ <?php endif; ?>
+ <?php if ($id_gen == 0): ?>
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0">
+ <?php else: ?>
+ <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>"
+ onclick="return intf_del()">
+ <?php endif; ?>
</th>
</tr>
</thead>
@@ -342,7 +359,15 @@ include_once("head.inc");
<td valign="middle" class="list" nowrap>
<a href="suricata_interfaces_edit.php?id=<?=$i;?>">
<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a>
+ width="17" height="17" border="0" title="<?php echo gettext('Edit this Suricata interface mapping'); ?>"></a>
+ <?php if ($id_gen < count($ifaces)): ?>
+ <a href="suricata_interfaces_edit.php?id=<?=$i;?>&action=dup">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Add new interface mapping based on this one'); ?>"></a>
+ <?php else: ?>
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0"
+ title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>">
+ <?php endif; ?>
</td>
</tr>
<?php $i++; $nnats++; endforeach; ob_end_flush(); ?>
@@ -354,8 +379,16 @@ include_once("head.inc");
<?php else: ?>&nbsp;
<?php endif; ?>
</td>
- <td class="list" valign="middle" nowrap>
- <?php if ($nnats == 0): ?>
+ <td class="list">
+ <?php if ($id_gen < count($ifaces)): ?>
+ <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a>
+ <?php else: ?>
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0"
+ title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>">
+ <?php endif; ?>
+ <?php if ($id_gen == 0): ?>
<img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0">
<?php else: ?>
<input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 3b61755c..dcf6fe3f 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -62,6 +62,13 @@ elseif (isset($_GET['id']) && is_numericint($_GET['id']));
if (is_null($id))
$id = 0;
+if (isset($_POST['action']))
+ $action = htmlspecialchars($_POST['action'], ENT_QUOTES | ENT_HTML401);
+elseif (isset($_GET['action']))
+ $action = htmlspecialchars($_GET['action'], ENT_QUOTES | ENT_HTML401);
+else
+ $action = "";
+
$pconfig = array();
if (empty($suricataglob['rule'][$id]['uuid'])) {
/* Adding new interface, so flag rules to build. */
@@ -142,7 +149,37 @@ if (empty($pconfig['max_pcap_log_size']))
if (empty($pconfig['max_pcap_log_files']))
$pconfig['max_pcap_log_files'] = "1000";
-if ($_POST["save"]) {
+// See if creating a new interface by duplicating an existing one
+if (strcasecmp($action, 'dup') == 0) {
+
+ // Try to pick the next available physical interface to use
+ $ifaces = get_configured_interface_list();
+ $ifrules = array();
+ foreach($a_rule as $r)
+ $ifrules[] = $r['interface'];
+ foreach ($ifaces as $i) {
+ if (!in_array($i, $ifrules)) {
+ $pconfig['interface'] = $i;
+ $pconfig['enable'] = 'on';
+ $pconfig['descr'] = strtoupper($i);
+ $pconfig['inspect_recursion_limit'] = '3000';
+ break;
+ }
+ }
+ if (count($ifrules) == count($ifaces)) {
+ $input_errors[] = gettext("No more available interfaces to configure for Suricata!");
+ $interfaces = array();
+ $pconfig = array();
+ }
+
+ // Set Home Net, External Net, Suppress List and Pass List to defaults
+ unset($pconfig['suppresslistname']);
+ unset($pconfig['passlistname']);
+ unset($pconfig['homelistname']);
+ unset($pconfig['externallistname']);
+}
+
+if ($_POST["save"] && !$input_errors) {
// If the interface is not enabled, stop any running Suricata
// instance on it, save the new state and exit.
if (!isset($_POST['enable'])) {
@@ -237,7 +274,7 @@ if ($_POST["save"]) {
if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']);
$if_real = get_real_interface($natent['interface']);
- if (isset($id) && $a_rule[$id]) {
+ if (isset($id) && $a_rule[$id] && $action == '') {
// See if moving an existing Suricata instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
@@ -253,7 +290,15 @@ if ($_POST["save"]) {
conf_mount_ro();
}
$a_rule[$id] = $natent;
- } else {
+ }
+ elseif (strcasecmp($action, 'dup') == 0) {
+ // Duplicating a new interface, so set flag to build new rules
+ $rebuild_rules = true;
+
+ // Add the new duplicated interface configuration to the [rule] array in config
+ $a_rule[] = $natent;
+ }
+ else {
// Adding new interface, so set interface configuration parameter defaults
$natent['ip_max_frags'] = "65535";
$natent['ip_frag_timeout'] = "60";
@@ -358,6 +403,9 @@ if ($savemsg) {
?>
<form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input name="action" type="hidden" value="<?=$action;?>"/>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -773,7 +821,6 @@ if ($savemsg) {
<tr>
<td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Click to save settings and exit"); ?>"/>
- <input name="id" type="hidden" value="<?=$id;?>"/>
</td>
</tr>
<tr>
diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php
index 04edf373..cbe5ee7b 100644
--- a/config/suricata/suricata_logs_browser.php
+++ b/config/suricata/suricata_logs_browser.php
@@ -55,21 +55,22 @@ $suricata_uuid = $a_instance[$instanceid]['uuid'];
$if_real = get_real_interface($a_instance[$instanceid]['interface']);
// Construct a pointer to the instance's logging subdirectory
-$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
+$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}/";
-$logfile = $_POST['file'];
+// Limit all file access to just the currently selected interface's logging subdirectory
+$logfile = htmlspecialchars($suricatalogdir . basename($_POST['file']));
if ($_POST['action'] == 'load') {
- if(!is_file($_POST['file'])) {
+ if(!is_file($logfile)) {
echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|";
}
else {
- $data = file_get_contents($_POST['file']);
+ $data = file_get_contents($logfile);
if($data === false) {
echo "|1|" . gettext("Failed to read log file") . ".|";
} else {
$data = base64_encode($data);
- echo "|0|{$_POST['file']}|{$data}|";
+ echo "|0|{$logfile}|{$data}|";
}
}
exit;
@@ -101,7 +102,7 @@ if ($input_errors) {
jQuery.ajax(
"<?=$_SERVER['SCRIPT_NAME'];?>", {
type: 'POST',
- data: "action=load&file=" + jQuery("#logFile").val(),
+ data: "instance=" + jQuery("#instance").val() + "&action=load&file=" + jQuery("#logFile").val(),
complete: loadComplete
}
);
@@ -180,7 +181,7 @@ if ($input_errors) {
$selected = "";
if ($log == basename($logfile))
$selected = "selected";
- echo "<option value='{$suricatalogdir}/{$log}' {$selected}>" . $log . "</option>\n";
+ echo "<option value='{$suricatalogdir}{$log}' {$selected}>" . $log . "</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which log you want to view.'); ?>
@@ -222,7 +223,7 @@ if ($input_errors) {
</table>
</form>
-<?php if(empty($logfile)): ?>
+<?php if(empty($_POST['file'])): ?>
<script type="text/javascript">
document.getElementById("logFile").selectedIndex=-1;
</script>
diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php
index 35c7b66e..437ae9a8 100644
--- a/config/suricata/suricata_passlist_edit.php
+++ b/config/suricata/suricata_passlist_edit.php
@@ -114,7 +114,12 @@ if ($_POST['save']) {
/* input validation */
$reqdfields = explode(" ", "name");
$reqdfieldsn = explode(",", "Name");
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+ if ($pf_version < 2.1)
+ $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;');
+ else
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if(strtolower($_POST['name']) == "defaultpasslist")
$input_errors[] = gettext("Pass List file names may not be named defaultpasslist.");
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index c44b392f..eb193d58 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -60,14 +60,14 @@ if(is_process_running("suricata")) {
killbyname("suricata");
sleep(2);
// Delete any leftover suricata PID files in /var/run
- unlink_if_exists("/var/run/suricata_*.pid");
+ unlink_if_exists("{$g['varrun_path']}/suricata_*.pid");
}
// Hard kill any running Barnyard2 processes
if(is_process_running("barnyard")) {
killbyname("barnyard2");
sleep(2);
// Delete any leftover barnyard2 PID files in /var/run
- unlink_if_exists("/var/run/barnyard2_*.pid");
+ unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid");
}
// Set flag for post-install in progress
@@ -148,7 +148,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
}
// Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.1";
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.2";
write_config();
// Done with post-install, so clear flag
diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php
index a46e9e99..d4549e56 100644
--- a/config/suricata/suricata_suppress_edit.php
+++ b/config/suricata/suricata_suppress_edit.php
@@ -88,7 +88,12 @@ if ($_POST['save']) {
$reqdfields = explode(" ", "name");
$reqdfieldsn = array("Name");
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+ if ($pf_version < 2.1)
+ $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;');
+ else
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if(strtolower($_POST['name']) == "defaultwhitelist")
$input_errors[] = "Whitelist file names may not be named defaultwhitelist.";
diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php
index 2317578e..2a82e473 100644
--- a/config/suricata/suricata_uninstall.php
+++ b/config/suricata/suricata_uninstall.php
@@ -58,7 +58,7 @@ killbyname("suricata");
sleep(1);
// Delete any leftover suricata PID files in /var/run
-array_map('@unlink', glob("/var/run/suricata_*.pid"));
+unlink_if_exists("{$g['varrun_path']}/suricata_*.pid");
/* Make sure all active Barnyard2 processes are terminated */
/* Log a message only if a running process is detected */
@@ -68,10 +68,7 @@ killbyname("barnyard2");
sleep(1);
// Delete any leftover barnyard2 PID files in /var/run
-array_map('@unlink', glob("/var/run/barnyard2_*.pid"));
-
-/* Remove the suricata user and group */
-mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true);
+unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid");
/* Remove the Suricata cron jobs. */
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false);
diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc
index c20ca8db..44fd1d5f 100644
--- a/config/suricata/suricata_yaml_template.inc
+++ b/config/suricata/suricata_yaml_template.inc
@@ -29,7 +29,7 @@ default-log-dir: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}
# Configure the type of alert (and other) logging.
outputs:
- # alert_pf blocking plugin
+ # alert-pf blocking plugin
- alert-pf:
enabled: {$suri_blockoffenders}
kill-state: {$suri_killstates}
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index 3753084f..23d0a048 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -94,7 +94,7 @@
<package>
<name>Strikeback</name>
<descr>Detect port scans with iplog and strikeback</descr>
- <website></website>
+ <website/>
<pkginfolink>https://forum.pfsense.org/index.php/topic,37225.0.html</pkginfolink>
<category>Services</category>
<version>0.1</version>
@@ -466,9 +466,9 @@
<!-- NOTE: Distfile must be fetched manually from http://dansguardian.org/downloads/2/Alpha/dansguardian-2.12.0.0.tar.gz -->
</package>
<package>
- <name>jailscanner</name>
+ <name>mailscanner</name>
<internal_name>mailscanner</internal_name>
- <website>www.mailscanner.info</website>
+ <website>http://www.mailscanner.info</website>
<descr><![CDATA[MailScanner is an e-mail security and anti-spam package for e-mail gateway systems.<br />
This is a level3 mail scanning tool with high CPU load.]]></descr>
<category>Services</category>
@@ -1122,32 +1122,6 @@
<after_install_info>Please check the HAVP settings.</after_install_info>
</package>
<package>
- <name>pfJailctl</name>
- <descr>pfSense wrapper for jailctl - a jail management tool. Allows you to run jails on pfSense.</descr>
- <website>http://anduin.net/jailctl/</website>
- <category>System</category>
- <version>0.51</version>
- <required_version>2.2</required_version>
- <status>BETA</status>
- <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink>
- <config_file>https://packages.pfsense.org/packages/config/jailctl.xml</config_file>
- <configurationfile>jailctl.xml</configurationfile>
- <maintainer>ltning-jailctl@anduin.net</maintainer>
- </package>
- <package>
- <name>jail_template</name>
- <descr>Basic template for jails, probably requires pfJailctl to be useful. Includes 'base' and 'manpages' dists.</descr>
- <website>http://anduin.net/jailctl/</website>
- <category>System</category>
- <version>0.2</version>
- <required_version>2.2</required_version>
- <status>BETA</status>
- <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink>
- <config_file>https://packages.pfsense.org/packages/config/jail_template.xml</config_file>
- <configurationfile>jail_template.xml</configurationfile>
- <maintainer>ltning-jailctl@anduin.net</maintainer>
- </package>
- <package>
<name>blinkled</name>
<descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr>
<category>System</category>
@@ -1285,7 +1259,7 @@
<category>Services</category>
<version>1.2.1</version>
<status>BETA</status>
- <website>www.winton.org.uk/zebedee/</website>
+ <website>http://www.winton.org.uk/zebedee/</website>
<maintainer>jorgelustosa@gmail.com marcellocoutinho@gmail.com</maintainer>
<required_version>2.2</required_version>
<depends_on_package_pbi>zebedee-2.5.3-##ARCH##.pbi</depends_on_package_pbi>
@@ -1567,7 +1541,7 @@
<website>http://suricata-ids.org/</website>
<descr><![CDATA[Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.]]></descr>
<category>Security</category>
- <version>1.4.6 pkg v1.0.2</version>
+ <version>1.4.6 pkg v1.0.3</version>
<status>Stable</status>
<required_version>2.2</required_version>
<config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 3c47fbf3..ac85d4f4 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -97,7 +97,7 @@
<package>
<name>Strikeback</name>
<descr>Detect port scans with iplog and strikeback</descr>
- <website></website>
+ <website/>
<pkginfolink>https://forum.pfsense.org/index.php/topic,37225.0.html</pkginfolink>
<category>Services</category>
<version>0.1</version>
@@ -623,7 +623,7 @@
<package>
<name>mailscanner</name>
<internal_name>mailscanner</internal_name>
- <website>www.mailscanner.info</website>
+ <website>http://www.mailscanner.info</website>
<descr><![CDATA[MailScanner is an e-mail security and anti-spam package for e-mail gateway systems.<br />
This is a level3 mail scanning tool with high CPU load.]]></descr>
<category>Services</category>
@@ -1479,32 +1479,6 @@
<after_install_info>Please check the HAVP settings.</after_install_info>
</package>
<package>
- <name>pfJailctl</name>
- <descr>pfSense wrapper for jailctl - a jail management tool. Allows you to run jails on pfSense.</descr>
- <website>http://anduin.net/jailctl/</website>
- <category>System</category>
- <version>0.51</version>
- <required_version>1.2.3</required_version>
- <status>BETA</status>
- <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink>
- <config_file>https://packages.pfsense.org/packages/config/jailctl.xml</config_file>
- <configurationfile>jailctl.xml</configurationfile>
- <maintainer>ltning-jailctl@anduin.net</maintainer>
- </package>
- <package>
- <name>jail_template</name>
- <descr>Basic template for jails, probably requires pfJailctl to be useful. Includes 'base' and 'manpages' dists.</descr>
- <website>http://anduin.net/jailctl/</website>
- <category>System</category>
- <version>0.2</version>
- <required_version>1.2.3</required_version>
- <status>BETA</status>
- <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink>
- <config_file>https://packages.pfsense.org/packages/config/jail_template.xml</config_file>
- <configurationfile>jail_template.xml</configurationfile>
- <maintainer>ltning-jailctl@anduin.net</maintainer>
- </package>
- <package>
<name>blinkled</name>
<descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr>
<category>System</category>
@@ -1616,7 +1590,7 @@
<package>
<name>widescreen</name>
<descr>The package makes pfSense adapt to browser's current width. It is particularly convenient for Status->Dashboard page that allocates columns for widgets according to browser's current width. ATTENTION: the package heavily modifies pfsense_ng theme and affects other's themes appearance. Please REFRESH your browser's window after installing/uninstalling this package.</descr>
- <website></website>
+ <website/>
<pkginfolink></pkginfolink>
<category>Enhancements</category>
<version>0.2</version>
@@ -1702,7 +1676,7 @@
<category>Services</category>
<version>1.2.1</version>
<status>BETA</status>
- <website>www.winton.org.uk/zebedee/</website>
+ <website>http://www.winton.org.uk/zebedee/</website>
<maintainer>jorgelustosa@gmail.com marcellocoutinho@gmail.com</maintainer>
<required_version>2.0</required_version>
<depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
@@ -2016,7 +1990,7 @@
<website>http://suricata-ids.org/</website>
<descr><![CDATA[Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.]]></descr>
<category>Security</category>
- <version>1.4.6 pkg v1.0.1</version>
+ <version>1.4.6 pkg v1.0.2</version>
<status>Stable</status>
<required_version>2.1</required_version>
<config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index be45ce58..6c76c247 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -610,7 +610,7 @@
<package>
<name>mailscanner</name>
<internal_name>mailscanner</internal_name>
- <website>www.mailscanner.info</website>
+ <website>http://www.mailscanner.info</website>
<descr><![CDATA[MailScanner is an e-mail security and anti-spam package for e-mail gateway systems.<br />
This is a level3 mail scanning tool with high CPU load.]]></descr>
<category>Services</category>
@@ -1466,32 +1466,6 @@
<after_install_info>Please check the HAVP settings.</after_install_info>
</package>
<package>
- <name>pfJailctl</name>
- <descr>pfSense wrapper for jailctl - a jail management tool. Allows you to run jails on pfSense.</descr>
- <website>http://anduin.net/jailctl/</website>
- <category>System</category>
- <version>0.51</version>
- <required_version>1.2.3</required_version>
- <status>BETA</status>
- <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink>
- <config_file>https://packages.pfsense.org/packages/config/jailctl.xml</config_file>
- <configurationfile>jailctl.xml</configurationfile>
- <maintainer>ltning-jailctl@anduin.net</maintainer>
- </package>
- <package>
- <name>jail_template</name>
- <descr>Basic template for jails, probably requires pfJailctl to be useful. Includes 'base' and 'manpages' dists.</descr>
- <website>http://anduin.net/jailctl/</website>
- <category>System</category>
- <version>0.2</version>
- <required_version>1.2.3</required_version>
- <status>BETA</status>
- <pkginfolink>https://doc.pfsense.org/index.php/PfJailctl_package</pkginfolink>
- <config_file>https://packages.pfsense.org/packages/config/jail_template.xml</config_file>
- <configurationfile>jail_template.xml</configurationfile>
- <maintainer>ltning-jailctl@anduin.net</maintainer>
- </package>
- <package>
<name>blinkled</name>
<descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr>
<category>System</category>
@@ -1603,7 +1577,7 @@
<package>
<name>widescreen</name>
<descr>The package makes pfSense adapt to browser's current width. It is particularly convenient for Status->Dashboard page that allocates columns for widgets according to browser's current width. ATTENTION: the package heavily modifies pfsense_ng theme and affects other's themes appearance. Please REFRESH your browser's window after installing/uninstalling this package.</descr>
- <website></website>
+ <website/>
<pkginfolink></pkginfolink>
<category>Enhancements</category>
<version>0.2</version>
@@ -1689,7 +1663,7 @@
<category>Services</category>
<version>1.2.1</version>
<status>BETA</status>
- <website>www.winton.org.uk/zebedee/</website>
+ <website>http://www.winton.org.uk/zebedee/</website>
<maintainer>jorgelustosa@gmail.com marcellocoutinho@gmail.com</maintainer>
<required_version>2.0</required_version>
<depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
@@ -2003,7 +1977,7 @@
<website>http://suricata-ids.org/</website>
<descr><![CDATA[Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.]]></descr>
<category>Security</category>
- <version>1.4.6 pkg v1.0.1</version>
+ <version>1.4.6 pkg v1.0.2</version>
<status>Stable</status>
<required_version>2.1</required_version>
<config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file>