diff options
111 files changed, 2571 insertions, 752 deletions
diff --git a/config/apcupsd/apcupsd.conf.php b/config/apcupsd/apcupsd.conf.php index 7a0340cd..7b6096bc 100644 --- a/config/apcupsd/apcupsd.conf.php +++ b/config/apcupsd/apcupsd.conf.php @@ -122,7 +122,7 @@ POLLTIME {$polltime} # LOCKFILE <path to lockfile> # Path for device lock file. Not used on Win32. -LOCKFILE /var/spool/lock +LOCKFILE {$lockfile} # SCRIPTDIR <path to script directory> # Directory in which apccontrol and event scripts are located. diff --git a/config/apcupsd/apcupsd.inc b/config/apcupsd/apcupsd.inc index a2b8d2ff..3340738a 100644 --- a/config/apcupsd/apcupsd.inc +++ b/config/apcupsd/apcupsd.inc @@ -153,6 +153,7 @@ function sync_package_apcupsd(){ $nisport=($apcupsd_config['nisport'] != ''? $apcupsd_config['nisport'] : "3551"); $upsclass=$apcupsd_config['upsclass']; $upsmode=$apcupsd_config['upsmode']; + $lockfile=($apcupsd_config['lockfile'] != ''? $apcupsd_config['lockfile'] : "/var/tmp"); include("/usr/local/pkg/apcupsd.conf.php"); file_put_contents(APCUPSD_BASE . "/etc/apcupsd/apcupsd.conf", $apcupsdconf, LOCK_EX); @@ -163,6 +164,12 @@ function sync_package_apcupsd(){ $apcupsd_rcfile="/usr/local/etc/rc.d/apcupsd.sh"; if (is_array($apcupsd_config) && $apcupsd_config['apcupsdenabled']=="on"){ $apcupsd_start = "echo \"Starting APC UPS Daemon...\"\n"; + $apcupsd_start .= " if [ ! -d {$lockfile} ]; then \n"; + $apcupsd_start .= " /bin/mkdir -p {$lockfile} \n"; + $apcupsd_start .= " fi \n"; + $apcupsd_start .= " if [ -f {$lockfile}/LCK.. ]; then \n"; + $apcupsd_start .= " /bin/rm -f {$lockfile}/LCK.. \n"; + $apcupsd_start .= " fi \n"; if ($apcupsd_config['killonpowerfail']=="on"){ $apcupsd_start .= " " . APCUPSD_BASE . "/sbin/apcupsd --kill-on-powerfail"; }else{ diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml index e69344fc..3ed95a7a 100644 --- a/config/apcupsd/apcupsd.xml +++ b/config/apcupsd/apcupsd.xml @@ -40,7 +40,7 @@ <name>Apcupsd</name> <title>Services: Apcupsd (General)</title> <category>Monitoring</category> - <version>0.2</version> + <version>0.3</version> <include_file>/usr/local/pkg/apcupsd.inc</include_file> <addedit_string>Apcupsd has been created/modified.</addedit_string> <delete_string>Apcupsd has been deleted.</delete_string> @@ -198,6 +198,13 @@ UPSTYPE DEVICE Description <br> <type>checkbox</type> </field> <field> + <fielddescr>Lock File</fielddescr> + <fieldname>lockfile</fieldname> + <description>Path for device lock file. Default is /var/tmp</description> + <type>input</type> + <size>60</size> + </field> + <field> <name>Configuration parameters used during power failures</name> <type>listtopic</type> </field> diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc index 313cc1ac..f67191ae 100644 --- a/config/autoconfigbackup/autoconfigbackup.inc +++ b/config/autoconfigbackup/autoconfigbackup.inc @@ -40,7 +40,7 @@ if(file_exists("/usr/local/pkg/parse_config/parse_config_upload.php")) unlink("/usr/local/pkg/parse_config/parse_config_upload.php"); /* ensures patches match */ -function custom_php_validation_command($post, $input_errors) { +function custom_php_validation_command($post, &$input_errors) { global $_POST, $savemsg, $config; if($post['password'] <> $post['passwordagain']) diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml index 0d324d8a..1e5d44c1 100644 --- a/config/autoconfigbackup/autoconfigbackup.xml +++ b/config/autoconfigbackup/autoconfigbackup.xml @@ -37,7 +37,7 @@ <description>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires Gold or Support Subscription from https://portal.pfsense.org</description> <requirements>pfSense Portal subscription</requirements> <name>AutoConfigBackup</name> - <version>1.22</version> + <version>1.24</version> <title>Diagnostics: Auto Configuration Backup</title> <savetext>Change</savetext> <include_file>/usr/local/pkg/autoconfigbackup.inc</include_file> @@ -140,7 +140,7 @@ </field> </fields> <custom_php_validation_command> - custom_php_validation_command($_POST, &$input_errors); + custom_php_validation_command($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> <![CDATA[ diff --git a/config/blinkled8/blinkled.inc b/config/blinkled8/blinkled.inc index f466da94..6d0da039 100644 --- a/config/blinkled8/blinkled.inc +++ b/config/blinkled8/blinkled.inc @@ -69,7 +69,7 @@ function blinkled_stop() { mwexec("/usr/bin/killall -9 blinkled"); } -function validate_form_blinkled($post, $input_errors) { +function validate_form_blinkled($post, &$input_errors) { /* Make sure both aren't using the same interface */ if (($post['iface_led2']) && ($post['iface_led3']) && (($post['enable_led2']) && ($post['enable_led3'])) && diff --git a/config/blinkled8/blinkled.xml b/config/blinkled8/blinkled.xml index 475e88fc..932d0b0e 100644 --- a/config/blinkled8/blinkled.xml +++ b/config/blinkled8/blinkled.xml @@ -2,7 +2,7 @@ <packagegui> <title>Interfaces: Assign LEDs</title> <name>blinkled</name> - <version>0.4</version> + <version>0.4.1</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/blinkled.inc</include_file> <menu> @@ -61,7 +61,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_blinkled($_POST, &$input_errors); + validate_form_blinkled($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_blinkled(); diff --git a/config/countryblock/countryblock.inc b/config/countryblock/countryblock.inc index 5451b4bf..dc7bffd3 100644 --- a/config/countryblock/countryblock.inc +++ b/config/countryblock/countryblock.inc @@ -139,7 +139,7 @@ function deinstall_command_cb() exec("rm /usr/local/pkg/pf/countryblock.sh"); exec("pfctl -t countryblock -T kill"); exec("sed -i -e '/countryblock/d' /tmp/rules.debug"); - exec("pfctl -o basic -f /tmp/rules.debug"); + exec("pfctl -f /tmp/rules.debug"); conf_mount_ro(); } diff --git a/config/gwled/gwled.inc b/config/gwled/gwled.inc index 7bb25147..dad6fe69 100644 --- a/config/gwled/gwled.inc +++ b/config/gwled/gwled.inc @@ -36,7 +36,7 @@ function gwled_stop() { exec("/bin/pkill -9 -f gwled"); } -function validate_form_gwled($post, $input_errors) { +function validate_form_gwled($post, &$input_errors) { /* Make sure both aren't using the same interface */ if (($post['gw_led2']) && ($post['gw_led3']) && (($post['enable_led2']) && ($post['enable_led3'])) && diff --git a/config/gwled/gwled.xml b/config/gwled/gwled.xml index 4237454b..015ab3bb 100644 --- a/config/gwled/gwled.xml +++ b/config/gwled/gwled.xml @@ -66,7 +66,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_gwled($_POST, &$input_errors); + validate_form_gwled($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_gwled(); diff --git a/config/havp/havp.inc b/config/havp/havp.inc index 29a109ba..f6e37a3b 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -234,11 +234,11 @@ function havp_deinstall() # ============================================================================== # before form # ------------------------------------------------------------------------------ -function havp_before_form($pkg) +function havp_before_form(&$pkg) { } # ------------------------------------------------------------------------------ -function havp_fscan_before_form($pkg) +function havp_fscan_before_form(&$pkg) { if(is_array($pkg['fields']['field'])) { foreach($pkg['fields']['field'] as $key => $field) { @@ -252,7 +252,7 @@ function havp_fscan_before_form($pkg) # ------------------------------------------------------------------------------ # validation # ------------------------------------------------------------------------------ -function havp_validate_settings($post, $input_errors) +function havp_validate_settings($post, &$input_errors) { $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; diff --git a/config/havp/havp.xml b/config/havp/havp.xml index 1e50eb5e..47611030 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -3,7 +3,7 @@ <name>havp</name> <title>Antivirus: HTTP proxy (havp + clamav)</title> <category>Status</category> - <version>0.88_03</version> + <version>1.02</version> <include_file>/usr/local/pkg/havp.inc</include_file> <menu> <name>Antivirus</name> @@ -288,10 +288,10 @@ </field> </fields> <custom_php_command_before_form> - havp_before_form(&$pkg); + havp_before_form($pkg); </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> havp_resync(); diff --git a/config/havp/havp_avset.xml b/config/havp/havp_avset.xml index 3cea9b76..3d4372f4 100644 --- a/config/havp/havp_avset.xml +++ b/config/havp/havp_avset.xml @@ -92,10 +92,10 @@ </field> </fields> <custom_php_command_before_form> - havp_before_form(&$pkg); + havp_before_form($pkg); </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> havp_avset_resync(); diff --git a/config/havp/havp_fscan.xml b/config/havp/havp_fscan.xml index 1f0ca8dc..91dce25c 100644 --- a/config/havp/havp_fscan.xml +++ b/config/havp/havp_fscan.xml @@ -36,10 +36,10 @@ </field> </fields> <custom_php_command_before_form> - havp_fscan_before_form(&$pkg); + havp_fscan_before_form($pkg); </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> </custom_php_resync_config_command> diff --git a/config/mailreport/mail_reports.inc b/config/mailreport/mail_reports.inc index aa2bc3ce..5d9e74b2 100644 --- a/config/mailreport/mail_reports.inc +++ b/config/mailreport/mail_reports.inc @@ -240,7 +240,9 @@ function mail_report_generate_graph($database, $style, $graph, $start, $end) { require_once("filter.inc"); require_once("shaper.inc"); require_once("rrd.inc"); + require_once("util.inc"); global $g; + $g['theme'] = get_current_theme(); $pgtitle = array(gettext("System"),gettext("RRD Graphs"),gettext("Image viewer")); diff --git a/config/mailreport/mailreport.xml b/config/mailreport/mailreport.xml index fe0b98b6..fe6899d4 100644 --- a/config/mailreport/mailreport.xml +++ b/config/mailreport/mailreport.xml @@ -37,7 +37,7 @@ ]]> </copyright> <name>mailreport</name> - <version>2.0.10</version> + <version>2.0.11</version> <title>Status: Email Reports</title> <additional_files_needed> <prefix>/usr/local/bin/</prefix> diff --git a/config/nmap/nmap.inc b/config/nmap/nmap.inc index 18708159..272f27ef 100644 --- a/config/nmap/nmap.inc +++ b/config/nmap/nmap.inc @@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -function nmap_custom_php_validation_command($post, $input_errors) { +function nmap_custom_php_validation_command($post, & $input_errors) { global $_POST, $savemsg, $config; if (empty($_POST['hostname'])) { $input_errors[] = gettext("You must enter an IP address to scan."); diff --git a/config/nmap/nmap.xml b/config/nmap/nmap.xml index 4034222a..b07b3982 100644 --- a/config/nmap/nmap.xml +++ b/config/nmap/nmap.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>nmap</name> - <version>6.01</version> + <version>6.40_2 pkg v1.2.1</version> <title>Diagnostics: NMap</title> <savetext>Scan</savetext> <preoutput>yes</preoutput> @@ -120,6 +120,6 @@ nmap_custom_add_php_command(); </custom_add_php_command> <custom_php_validation_command> - nmap_custom_php_validation_command($_POST, &$input_errors); + nmap_custom_php_validation_command($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/nut/nut.inc b/config/nut/nut.inc index 793e24fd..11fb4b26 100644 --- a/config/nut/nut.inc +++ b/config/nut/nut.inc @@ -97,7 +97,7 @@ return true; } - function before_form_nut($pkg) { + function before_form_nut(&$pkg) { /* return available serial ports */ $serial_types = array("sio", "cua", "tty"); @@ -136,7 +136,7 @@ $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } - function validate_form_nut($post, $input_errors) { + function validate_form_nut($post, &$input_errors) { global $config; /* monitor remote validation */ diff --git a/config/nut/nut.xml b/config/nut/nut.xml index b78c9dba..210d7b82 100644 --- a/config/nut/nut.xml +++ b/config/nut/nut.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>nut</name> - <version>2.6.4 pkg 2.0</version> + <version>2.6.5_1 pkg 2.0.1</version> <title>Services: NUT</title> <savetext>Change</savetext> <aftersaveredirect>/status_nut.php</aftersaveredirect> @@ -646,10 +646,10 @@ </field> </fields> <custom_php_command_before_form> - before_form_nut(&$pkg); + before_form_nut($pkg); </custom_php_command_before_form> <custom_php_validation_command> - validate_form_nut($_POST, &$input_errors); + validate_form_nut($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_nut(); diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index af7d1199..1a34c260 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -236,7 +236,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys if (!empty($proxy)) { if ($proxy['proxy_type'] == "http") { - if ($proto == "udp") { + + if (strtoupper(substr($settings['protocol'], 0, 3)) == "UDP") { $input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy."; return; } @@ -344,7 +345,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys $conf .= "management-hold{$nl}"; $conf .= "# query management channel for user/pass{$nl}"; $conf .= "management-query-passwords{$nl}"; - $conf .= "# disconnect VPN when managment program connection is closed{$nl}"; + $conf .= "# disconnect VPN when management program connection is closed{$nl}"; $conf .= "management-signal{$nl}"; $conf .= "# forget password when management disconnects{$nl}"; $conf .= "management-forget-disconnect{$nl}"; @@ -629,7 +630,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", $outpass, false, true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", $outpass, true, true, $openvpnmanager, $advancedoptions); if (!$conf) return false; @@ -733,7 +734,10 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco } else { if (!$interface) $interface = "wan"; - $server_host = get_interface_ip($interface); + if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) + $server_host = get_interface_ipv6($interface); + else + $server_host = get_interface_ip($interface); } } else if ($useaddr == "serverhostname" || empty($useaddr)) { $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; @@ -742,7 +746,10 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco $server_host = $useaddr; $server_port = $settings['local_port']; - $proto = (strtoupper($settings['protocol']) == 'UDP' ? 'udp' : "tcp-client"); + + $proto = strtolower($settings['protocol']); + if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") + $proto .= "-client"; $cipher = $settings['crypto']; $digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1"; @@ -837,7 +844,10 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac } else { if (!$interface || ($interface == "any")) $interface = "wan"; - $server_host = get_interface_ip($interface); + if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) + $server_host = get_interface_ipv6($interface); + else + $server_host = get_interface_ip($interface); } } else if ($useaddr == "serverhostname" || empty($useaddr)) { $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; @@ -845,7 +855,10 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac } else $server_host = $useaddr; - $proto = (strtoupper($settings['protocol']) == 'UDP' ? 'udp' : "tcp"); + $proto = strtolower($settings['protocol']); + if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") + $proto .= "-client"; + if (($expformat == "inlineios") && ($proto == "tcp-client")) $proto = "tcp"; @@ -867,6 +880,9 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe filter_generate_optcfg_array(); $destinations = array(); + if (!is_array($config['nat']) || !is_array($config['nat']['rule'])) + return $destinations; + foreach ($config['nat']['rule'] as $natent) { $dest = array(); if (!isset($natent['disabled']) diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index f8513387..a6a46649 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.2.4</version> + <version>1.2.9</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/pfflowd.xml b/config/pfflowd.xml index f8552189..2470e2b2 100644 --- a/config/pfflowd.xml +++ b/config/pfflowd.xml @@ -1,6 +1,6 @@ <packagegui> <name>pfflowd</name> - <version>0.8</version> + <version>0.8.3 pkg v1.0.1</version> <title>pfflowd: Settings</title> <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&id=0</aftersaveredirect> <menu> @@ -109,7 +109,7 @@ config_unlock(); } - function validate_form_pfflowd($post, $input_errors) { + function validate_form_pfflowd($post, &$input_errors) { if(($post['host'] == "") || !is_ipaddr($post['host'])) $input_errors[] = 'You must specify a valid ip address in the \'Host\' field'; if(($post['port'] == "") || !is_port($post['port'])) @@ -135,7 +135,7 @@ sync_package_pfflowd(); </custom_php_resync_config_command> <custom_php_validation_command> - validate_form_pfflowd($_POST, &$input_errors); + validate_form_pfflowd($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> cleanup_config_pfflowd(); diff --git a/config/servicewatchdog/services_servicewatchdog.php b/config/servicewatchdog/services_servicewatchdog.php index 920fd1bb..bd4d4442 100644 --- a/config/servicewatchdog/services_servicewatchdog.php +++ b/config/servicewatchdog/services_servicewatchdog.php @@ -56,8 +56,33 @@ if ($_GET['act'] == "del") { servicewatchdog_cron_job(); write_config(); header("Location: services_servicewatchdog.php"); - exit; + return; + } +} + +if (isset($_POST['Update'])) { + /* update selected services */ + if (is_array($_POST['notifies']) && count($_POST['notifies'])) { + /* Check each service and set the notify flag only for those chosen, remove those that are unset. */ + foreach ($a_pwservices as $idx => $thisservice) { + if (!is_array($thisservice)) + continue; + if (in_array($idx, $_POST['notifies'])) { + $a_pwservices[$idx]['notify'] = true; + } else { + if (isset($a_pwservices[$idx]['notify'])) + unset($a_pwservices[$idx]['notify']); + } + } + } else { /* No notifies selected, remove them all. */ + foreach ($a_pwservices as $idx => $thisservice) { + unset($a_pwservices[$idx]['notify']); + } } + servicewatchdog_cron_job(); + write_config(); + header("Location: services_servicewatchdog.php"); + return; } if (isset($_POST['del_x'])) { @@ -69,7 +94,7 @@ if (isset($_POST['del_x'])) { servicewatchdog_cron_job(); write_config(); header("Location: services_servicewatchdog.php"); - exit; + return; } } else { /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ @@ -141,6 +166,7 @@ include("head.inc"); </td></tr> <tr id="frheader"> <td width="5%" class="list"> </td> +<td width="5%" class="listhdrr">Notify</td> <td width="30%" class="listhdrr"><?=gettext("Service Name");?></td> <td width="60%" class="listhdrr"><?=gettext("Description");?></td> <td width="5%" class="list"> @@ -164,7 +190,8 @@ foreach ($a_pwservices as $thisservice): ?> <tr valign="top" id="fr<?=$nservices;?>"> <td class="listt"><input type="checkbox" id="frc<?=$nservices;?>" name="pwservices[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nservices;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td> - <td class="listlr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> + <td class="listlr"><input type="checkbox" id="notify<?=$nservices;?>" name="notifies[]" value="<?=$i;?>" style="margin: 0; padding: 0; width: 15px; height: 15px;" <?PHP if (isset($thisservice['notify'])) echo 'checked="CHECKED"';?>/></td> + <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> <?=$thisservice['name'];?> </td> <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> @@ -180,7 +207,7 @@ foreach ($a_pwservices as $thisservice): </td></tr> <?php $i++; $nservices++; endforeach; ?> <tr> - <td class="list" colspan="3"></td> + <td class="list" colspan="4"></td> <td class="list" valign="middle" nowrap> <table border="0" cellspacing="0" cellpadding="1" summary="add"> <tr> @@ -199,7 +226,14 @@ foreach ($a_pwservices as $thisservice): </table> </td> </tr> - <tr><td></td><td colspan="3"> + <tr><td></td><td colspan="4"> + <?php echo gettext("Check Notify next to services to perform an e-mail notification when the service is restarted. Configure e-mail notifications to receive the alerts."); ?> + <br/> + <input name="Update" type="submit" class="formbtn" value="<?=gettext("Update Notification Settings"); ?>" /> + <br/> + <br/> + </td><td></td></tr> + <tr><td></td><td colspan="4"> <?php echo gettext("Click to select a service and use the arrows to re-order them in the list. Higher services are checked first."); ?> </td><td></td></tr> </table> diff --git a/config/servicewatchdog/servicewatchdog.inc b/config/servicewatchdog/servicewatchdog.inc index 696e570e..5b638836 100644 --- a/config/servicewatchdog/servicewatchdog.inc +++ b/config/servicewatchdog/servicewatchdog.inc @@ -3,6 +3,7 @@ require_once("config.inc"); require_once("services.inc"); require_once("service-utils.inc"); require_once("util.inc"); +require_once("notices.inc"); function servicewatchdog_service_matches($svc1, $svc2) { /* If the arrays are equal, it must be the same service. */ @@ -74,7 +75,10 @@ function servicewatchdog_check_services() { foreach ($a_pwservices as $svc) { if (!get_service_status($svc)) { $descr = strlen($svc['description']) > 50 ? substr($svc['description'], 0, 50) . "..." : $svc['description']; - log_error("Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})"); + $error_message = "Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})"; + log_error($error_message); + if (isset($svc['notify'])) + notify_via_smtp($error_message); service_control_start($svc['name'], $svc); } } diff --git a/config/servicewatchdog/servicewatchdog.xml b/config/servicewatchdog/servicewatchdog.xml index e66f878d..685ba997 100644 --- a/config/servicewatchdog/servicewatchdog.xml +++ b/config/servicewatchdog/servicewatchdog.xml @@ -40,7 +40,7 @@ <requirements>None</requirements> <faq>Monitors for stopped services and restarts them.</faq> <name>Service Watchdog</name> - <version>1.5</version> + <version>1.6</version> <title>Services: Service Watchdog</title> <include_file>/usr/local/pkg/servicewatchdog.inc</include_file> <menu> diff --git a/config/siproxd.inc b/config/siproxd.inc index a34f5b34..7e72c868 100644 --- a/config/siproxd.inc +++ b/config/siproxd.inc @@ -270,7 +270,7 @@ function sync_package_siproxd() { } -function validate_form_siproxd($post, $input_errors) { +function validate_form_siproxd($post, &$input_errors) { if ($post['port'] && !is_port($post['port'])) $input_errors[] = 'Invalid port entered for "Listening Port"'; if ($post['rtplower'] && !is_port($post['rtplower'])) diff --git a/config/siproxd.xml b/config/siproxd.xml index d989f964..27d00f32 100644 --- a/config/siproxd.xml +++ b/config/siproxd.xml @@ -37,7 +37,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>siproxdsettings</name> - <version>0.5.13_pfs2</version> + <version>0.8.0_2 pkg v1.0.1</version> <title>siproxd: Settings</title> <include_file>/usr/local/pkg/siproxd.inc</include_file> <aftersaveredirect>/pkg_edit.php?xml=siproxd.xml&id=0</aftersaveredirect> @@ -339,6 +339,6 @@ </custom_php_resync_config_command> <filter_rules_needed>siproxd_generate_rules</filter_rules_needed> <custom_php_validation_command> - validate_form_siproxd($_POST, &$input_errors); + validate_form_siproxd($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 1c9c5cd6..c0c5756c 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -53,9 +53,11 @@ $snort_version = $snortver[0]; if (empty($snort_version)) $snort_version = "2.9.6.0"; -/* package version */ -$pfSense_snort_version = "3.0.5"; -$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}"; +/* Used to indicate latest version of this include file has been loaded */ +$pfSense_snort_version = "3.0.8"; + +/* get installed package version for display */ +$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; // Define SNORTDIR and SNORTLIBDIR constants according to pfSense version $pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); @@ -648,7 +650,7 @@ function snort_post_delete_logs($snort_uuid = 0) { /* Clean-up stats file if enabled */ if ($value['perform_stat'] == 'on') - file_put_contents("{$snort_log_dir}/{$if_real}.stats", ""); + @file_put_contents("{$snort_log_dir}/{$if_real}.stats", ""); } } } @@ -753,8 +755,15 @@ function snort_rm_blocked_install_cron($should_install) { $snort_rm_blocked_expire = "2419200"; } - $command = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; - install_cron_job($command, $should_install, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root"); + // First remove any existing "expiretable" jobs for Snort. + install_cron_job("snort2c", false); + + // Now either install the new or updated cron job, + // or return if "rm_blocked" is disabled + if ($should_install) { + $command = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; + install_cron_job($command, $should_install, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root"); + } } /* func to install snort update */ @@ -1628,7 +1637,7 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) { /* If the $rule_map array is empty, then exit. */ if (empty($rule_map)) { - file_put_contents($rule_file, ""); + @file_put_contents($rule_file, ""); return; } @@ -1984,10 +1993,13 @@ function snort_generate_barnyard2_conf($snortcfg, $if_real) { if ($snortcfg['barnyard_mysql_enable'] == 'on') { $by2_dbpwd = base64_decode($snortcfg['barnyard_dbpwd']); $snortbarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: log, mysql, "; - if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0) - $snortbarnyardlog_output_plugins .= "sensor_name={$snortcfg['barnyard_sensor_name']}, "; $snortbarnyardlog_output_plugins .= "user={$snortcfg['barnyard_dbuser']} password={$by2_dbpwd} "; - $snortbarnyardlog_output_plugins .= "dbname={$snortcfg['barnyard_dbname']} host={$snortcfg['barnyard_dbhost']}\n\n"; + $snortbarnyardlog_output_plugins .= "dbname={$snortcfg['barnyard_dbname']} host={$snortcfg['barnyard_dbhost']}"; + if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0) + $snortbarnyardlog_output_plugins .= " sensor_name={$snortcfg['barnyard_sensor_name']}"; + if ($snortcfg['barnyard_disable_sig_ref_tbl'] == 'on') + $snortbarnyardlog_output_plugins .= " disable_signature_reference_table"; + $snortbarnyardlog_output_plugins .= "\n\n"; } if ($snortcfg['barnyard_syslog_enable'] == 'on') { $snortbarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\noutput alert_syslog_full: "; @@ -2109,7 +2121,7 @@ function snort_deinstall() { } } $config['widgets']['sequence'] = implode(",", $widgetlist); - write_config(); + write_config("Snort pkg: remove Snort Dashboard Widget on package deinstall."); } /* See if we are to clear blocked hosts on uninstall */ @@ -2199,7 +2211,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { $sd_tmp_new_file=""; foreach ($sd_tmp_file as $sd_tmp_line) $sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : ""; - file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX); + @file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX); } } elseif ($snortcfg['sensitive_data'] != 'on' && $snortcfg['protect_preproc_rules'] != 'on') { @@ -3541,7 +3553,7 @@ EOD; // Check for and configure Host Attribute Table if enabled $host_attrib_config = ""; if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribute_data'])) { - file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data'])); + @file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data'])); $host_attrib_config = "# Host Attribute Table #\n"; $host_attrib_config .= "attribute_table filename {$snortcfgdir}/host_attributes\n"; if (!empty($snortcfg['max_attribute_hosts'])) @@ -3778,7 +3790,7 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src EOD; // Write out snort.conf file - file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); + @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); conf_mount_ro(); unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); unset($home_net, $external_net, $ipvardef, $portvardef); diff --git a/config/snort/snort.xml b/config/snort/snort.xml index d391d397..ca99accf 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.9.6.0</version> - <title>Services:2.9.6.0 pkg v3.0.5</title> + <title>Services:2.9.6.0 pkg v3.0.8</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -269,7 +269,7 @@ </custom_add_php_command> <custom_php_resync_config_command> <![CDATA[ - if ($GLOBALS['pfSense_snort_version'] == "3.0.5") + if ($GLOBALS['pfSense_snort_version'] == "3.0.8") sync_snort_package_config(); ]]> </custom_php_resync_config_command> diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 998cd061..45443ec2 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -99,11 +99,13 @@ function snort_add_supplist_entry($suppress) { $a_suppress[] = $s_list; $a_instance[$instanceid]['suppresslistname'] = $s_list['name']; $found_list = true; + $list_name = $s_list['name']; } else { /* If we get here, a Suppress List is defined for the interface so see if we can find it */ foreach ($a_suppress as $a_id => $alist) { if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) { $found_list = true; + $list_name = $alist['name']; if (!empty($alist['suppresspassthru'])) { $tmplist = base64_decode($alist['suppresspassthru']); $tmplist .= "\n{$suppress}"; @@ -121,7 +123,7 @@ function snort_add_supplist_entry($suppress) { /* If we created a new list or updated an existing one, save the change, */ /* tell Snort to load it, and return true; otherwise return false. */ if ($found_list) { - write_config(); + write_config("Snort pkg: modified Suppress List {$list_name}."); sync_snort_package_config(); snort_reload_config($a_instance[$instanceid]); return true; @@ -168,7 +170,7 @@ if ($_POST['save']) { $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; - write_config(); + write_config("Snort pkg: updated ALERTS tab settings."); header("Location: /snort/snort_alerts.php?instance={$instanceid}"); exit; @@ -274,7 +276,7 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen unset($a_instance[$instanceid]['rule_sid_off']); /* Update the config.xml file. */ - write_config(); + write_config("Snort pkg: modified state for rule {$gid}:{$sid}"); /*************************************************/ /* Update the snort.conf file and rebuild the */ diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 7acf95c3..902c1637 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -144,6 +144,7 @@ if ($_POST['save']) { $natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off'; $natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off'; $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off'; + $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off'; $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; @@ -163,7 +164,7 @@ if ($_POST['save']) { if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']); $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: modified Barnyard2 settings."); // No need to rebuild rules for Barnyard2 changes $rebuild_rules = false; @@ -378,6 +379,14 @@ include_once("head.inc"); <?php echo gettext("Password for the MySQL database user"); ?> </td> </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/> + <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/> + <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Snort instances."); ?> + </td> + </tr> </tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td> @@ -539,6 +548,7 @@ function toggle_mySQL() { document.iform.barnyard_dbname.disabled = endis; document.iform.barnyard_dbuser.disabled = endis; document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; if (endis) document.getElementById("mysql_config_rows").style.display = "none"; @@ -608,6 +618,7 @@ function enable_change(enable_change) { document.iform.barnyard_dbname.disabled = endis; document.iform.barnyard_dbuser.disabled = endis; document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; document.iform.barnyard_syslog_enable.disabled = endis; document.iform.barnyard_syslog_local.disabled = endis; document.iform.barnyard_syslog_opmode_default.disabled = endis; diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index b05384ae..76d5a9df 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -119,7 +119,7 @@ if ($_POST['save']) $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; - write_config(); + write_config("Snort pkg: updated BLOCKED tab settings."); header("Location: /snort/snort_blocked.php"); exit; diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index 7b0cfe34..a5b9e65e 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -58,7 +58,7 @@ function snort_check_dir_size_limit($snortloglimitsize) { // Truncate the Rules Update Log file if it exists if (file_exists(RULES_UPD_LOGFILE)) { log_error(gettext("[Snort] Truncating the Rules Update Log file...")); - file_put_contents(RULES_UPD_LOGFILE, ""); + @file_put_contents(RULES_UPD_LOGFILE, ""); } // Clean-up the logs for each configured Snort instance @@ -71,7 +71,7 @@ function snort_check_dir_size_limit($snortloglimitsize) { // Truncate the alert log file if it exists if (file_exists("{$snort_log_dir}/alert")) { - file_put_contents("{$snort_log_dir}/alert", ""); + @file_put_contents("{$snort_log_dir}/alert", ""); } // This is needed if snort is run as snort user diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index f16e3310..667f4044 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -68,6 +68,7 @@ if (!defined("IPREP_PATH")) $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; +$snortiprepdir = IPREP_PATH; $snort_rules_upd_log = RULES_UPD_LOGFILE; /* Save the state of $pkg_interface so we can restore it */ @@ -415,7 +416,7 @@ safe_mkdir("{$snortdir}/preproc_rules"); safe_mkdir("{$tmpfname}"); safe_mkdir("{$snortlibdir}/dynamicrules"); safe_mkdir("{$snortlogdir}"); -safe_mkdir(IPREP_PATH); +safe_mkdir("{$snortiprepdir}"); /* See if we need to automatically clear the Update Log based on 1024K size limit */ if (file_exists($snort_rules_upd_log)) { @@ -812,5 +813,5 @@ if ($update_errors) else $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("success"); $config['installedpackages']['snortglobal']['last_rule_upd_time'] = time(); -write_config(); +write_config("Snort pkg: updated status for updated rules package(s) check."); ?> diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index d210da2c..4d1b3c2e 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -134,7 +134,7 @@ if ($_POST['save']) { $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: modified settings for VARIABLES tab."); /* Update the snort conf file for this interface. */ $rebuild_rules = false; diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php index cef6a894..a5ec0aad 100644 --- a/config/snort/snort_edit_hat_data.php +++ b/config/snort/snort_edit_hat_data.php @@ -66,7 +66,7 @@ else if ($_POST['clear']) { unset($a_nat[$id]['host_attribute_data']); $a_nat[$id]['host_attribute_table'] = 'off'; - write_config(); + write_config("Snort pkg: cleared Host Attribute Table data for {$a_nat[$id]['interface']}."); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); $pconfig['host_attribute_data'] = ""; @@ -78,7 +78,7 @@ if ($_POST['save']) { $a_nat[$id]['host_attribute_table'] = 'on'; else $a_nat[$id]['host_attribute_table'] = 'off'; - write_config(); + write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}."); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); $pconfig['host_attribute_data'] = $_POST['host_attribute_data']; diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php index a4c8cb53..9489bf16 100644 --- a/config/snort/snort_frag3_engine.php +++ b/config/snort/snort_frag3_engine.php @@ -185,7 +185,7 @@ if ($_POST['save']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified frag3 engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row"); exit; diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php index 9058a06e..f462efa8 100644 --- a/config/snort/snort_ftp_client_engine.php +++ b/config/snort/snort_ftp_client_engine.php @@ -216,7 +216,7 @@ if ($_POST['save']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified ftp_telnet_client engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php index 618c8d85..cb9abc9c 100644 --- a/config/snort/snort_ftp_server_engine.php +++ b/config/snort/snort_ftp_server_engine.php @@ -187,7 +187,7 @@ if ($_POST['save']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified ftp_telnet_server engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php index 47495ebe..c7680892 100644 --- a/config/snort/snort_httpinspect_engine.php +++ b/config/snort/snort_httpinspect_engine.php @@ -296,7 +296,7 @@ if ($_POST['save']) { } // Now write the new engine array to conf - write_config(); + write_config("Snort pkg: modified http_inspect engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#httpinspect_row"); exit; diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index 7edadea7..80b3bb1d 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -206,7 +206,7 @@ if ($_POST['save']) { } // Now write the new engine array to conf and return - write_config(); + write_config("Snort pkg: imported new host or network alias."); header("Location: /snort/snort_preprocessors.php?id={$id}{$anchor}"); exit; diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 9f42ab2e..c82ec57e 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -65,7 +65,7 @@ if (isset($_POST['del_x'])) { if (empty($a_nat)) unset($a_nat); - write_config(); + write_config("Snort pkg: deleted one or more Snort interfaces."); sleep(2); /* if there are no ifaces remaining do not create snort.sh */ diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 1f3a3cbe..4c868844 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -273,7 +273,7 @@ if ($_POST["save"]) { snort_stop($natent, $if_real); /* Save configuration changes */ - write_config(); + write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); /* Most changes don't require a rules rebuild, so default to "off" */ $rebuild_rules = false; diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 99c8313d..69a182bd 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -151,7 +151,7 @@ if (!$input_errors) { /* create whitelist and homenet file then sync files */ sync_snort_package_config(); - write_config(); + write_config("Snort pkg: modified global settings."); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index 216b93c6..ecbd04a7 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -76,7 +76,7 @@ if ($_POST['del']) { } else { unset($a_suppress[$_POST['list_id']]); - write_config(); + write_config("Snort pkg: deleted a Suppress List."); header("Location: /snort/snort_interfaces_suppress.php"); exit; } diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 370fa017..986bfc38 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -109,7 +109,6 @@ if ($_POST['save']) { } } - if (!$input_errors) { $s_list = array(); $s_list['name'] = $_POST['name']; @@ -125,7 +124,7 @@ if ($_POST['save']) { else $a_suppress[] = $s_list; - write_config(); + write_config("Snort pkg: modified Suppress List {$s_list['name']}."); sync_snort_package_config(); header("Location: /snort/snort_interfaces_suppress.php"); @@ -142,14 +141,14 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - -if ($input_errors) print_input_errors($input_errors); +if ($input_errors) + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> <form action="/snort/snort_interfaces_suppress_edit.php" name="iform" id="iform" method="post"> +<input name="id" type="hidden" value="<?=$id;?>"/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -215,8 +214,7 @@ if ($savemsg) <td colspan="2"><input id="save" name="save" type="submit" class="formbtn" value="Save" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" - onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"/> <?php endif; ?> + onclick="history.back();"/> </td> </tr> </table> diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php index a59021db..3de8c661 100644 --- a/config/snort/snort_ip_reputation.php +++ b/config/snort/snort_ip_reputation.php @@ -75,13 +75,24 @@ if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) { // Test the supplied IP List file to see if it exists if (file_exists($_POST['iplist'])) { - $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']); - write_config(); - $pconfig['blist_files'] = $a_nat[$id]['blist_files']; - $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; + // See if the file is already assigned to the interface + foreach ($a_nat[$id]['blist_files']['item'] as $f) { + if ($f == basename($_POST['iplist'])) { + $input_errors[] = gettext("The file {$f} is already assigned as a blacklist file."); + break; + } + } + if (!$input_errors) { + $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']); + write_config("Snort pkg: added new blacklist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); + } } else $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + + $pconfig['blist_files'] = $a_nat[$id]['blist_files']; + $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; } if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) { @@ -89,19 +100,31 @@ if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) { // Test the supplied IP List file to see if it exists if (file_exists($_POST['iplist'])) { - $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']); - write_config(); - $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; - $pconfig['blist_files'] = $a_nat[$id]['blist_files']; + // See if the file is already assigned to the interface + foreach ($a_nat[$id]['wlist_files']['item'] as $f) { + if ($f == basename($_POST['iplist'])) { + $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file."); + break; + } + } + if (!$input_errors) { + $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']); + write_config("Snort pkg: added new whitelist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); + } } else $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + + $pconfig['blist_files'] = $a_nat[$id]['blist_files']; + $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; } if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) { $pconfig = $_POST; unset($a_nat[$id]['blist_files']['item'][$_POST['list_id']]); - write_config(); + write_config("Snort pkg: deleted blacklist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); $pconfig['blist_files'] = $a_nat[$id]['blist_files']; $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; } @@ -109,12 +132,13 @@ if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) { if ($_POST['wlist_del'] && is_numericint($_POST['list_id'])) { $pconfig = $_POST; unset($a_nat[$id]['wlist_files']['item'][$_POST['list_id']]); - write_config(); + write_config("Snort pkg: deleted whitelist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; $pconfig['blist_files'] = $a_nat[$id]['blist_files']; } -if ($_POST['save']) { +if ($_POST['save'] || $_POST['apply']) { $natent = array(); $natent = $pconfig; @@ -134,7 +158,7 @@ if ($_POST['save']) { $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}."); // Update the snort conf file for this interface $rebuild_rules = false; @@ -143,6 +167,9 @@ if ($_POST['save']) { // Soft-restart Snort to live-load new variables snort_reload_config($a_nat[$id]); $pconfig = $natent; + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('snort_iprep'); } else $pconfig = $_POST; @@ -169,6 +196,11 @@ if ($savemsg) <input type="hidden" id="mode" name="mode" value="" /> <input name="iplist" id="iplist" type="hidden" value="" /> <input name="list_id" id="list_id" type="hidden" value="" /> + +<?php if (is_subsystem_dirty('snort_iprep')): ?><p> +<?php print_info_box_np(gettext("A change has been made to blacklist or whitelist file assignments.") . "<br/>" . gettext("You must apply the changes in order for them to take effect."));?> +<?php endif; ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> @@ -379,7 +411,6 @@ if ($savemsg) </td> </tr> </table> -</form> <script type="text/javascript"> Event.observe( @@ -469,6 +500,7 @@ function wlistComplete(req) { </script> +</form> <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index d7a20726..d483ba47 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -339,7 +339,6 @@ foreach ($rule as &$r) { $pconfig['barnyard_dbpwd'] = base64_encode($matches[2][$k]); } $pconfig['barnyard_mysql_enable'] = 'on'; - $pconfig['barnyard_enable'] = 'on'; unset($pconfig['barnyard_mysql']); } // Since Barnyard2 was enabled, configure the new archived log settings @@ -366,9 +365,9 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.5"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; log_error("[Snort] Saving configuration settings in new format..."); - write_config(); + write_config("Snort pkg: migrate existing settings to new format as part of package upgrade."); log_error("[Snort] Settings successfully migrated to new configuration format..."); } else diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php index 4eea356a..2cac9cd4 100644 --- a/config/snort/snort_passlist.php +++ b/config/snort/snort_passlist.php @@ -85,7 +85,7 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) { } if (!$input_errors) { unset($a_passlist[$_POST['list_id']]); - write_config(); + write_config("Snort pkg: deleted PASS LIST."); sync_snort_package_config(); header("Location: /snort/snort_passlist.php"); exit; diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index e486a076..3be776f4 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -156,7 +156,7 @@ if ($_POST['save']) { else $a_passlist[] = $w_list; - write_config(); + write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); /* create pass list and homenet file, then sync files */ sync_snort_package_config(); diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index c2b46cd5..8d3c427d 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -1423,7 +1423,7 @@ if ($pkgid >= 0) { log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package.")); unset($config['installedpackages']['package'][$pkgid]); unlink_if_exists("/usr/local/pkg/widget-snort.xml"); - write_config(); + write_config("Snort pkg: removed legacy Snort Dashboard Widget."); } /* Define a default Dashboard Widget Container for Snort */ @@ -1494,8 +1494,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.5"; -write_config(); +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; +write_config("Snort pkg: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 6c3dc90f..5cee95df 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -199,7 +199,7 @@ if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalu if ($_POST['del_http_inspect']) { if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) { unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted http_inspect engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#httpinspect_row"); exit; } @@ -207,7 +207,7 @@ if ($_POST['del_http_inspect']) { elseif ($_POST['del_frag3']) { if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted frag3 engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#frag3_row"); exit; } @@ -215,7 +215,7 @@ elseif ($_POST['del_frag3']) { elseif ($_POST['del_stream5_tcp']) { if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted stream5 engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#stream5_row"); exit; } @@ -223,7 +223,7 @@ elseif ($_POST['del_stream5_tcp']) { elseif ($_POST['del_ftp_client']) { if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted ftp_client engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row"); exit; } @@ -231,7 +231,7 @@ elseif ($_POST['del_ftp_client']) { elseif ($_POST['del_ftp_server']) { if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted ftp_server engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row"); exit; } @@ -377,7 +377,7 @@ if ($_POST['save']) { if (isset($id) && isset($a_nat[$id])) { $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}."); } /*************************************************/ @@ -427,7 +427,7 @@ if ($_POST['btn_import']) { $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data']; $a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts']; $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; - write_config(); + write_config("Snort pkg: imported Host Attribute Table data for {$a_nat[$id]['interface']}."); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -449,7 +449,7 @@ if ($_POST['btn_edit_hat']) { $a_nat[$id]['host_attribute_table'] = "on"; $a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts']; $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; - write_config(); + write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}."); header("Location: snort_edit_hat_data.php?id=$id"); exit; } diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 158999f9..e69152c3 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -196,7 +196,7 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ - write_config(); + write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}."); $anchor = "rule_{$gid}_{$sid}"; } @@ -236,7 +236,7 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) { else unset($a_rule[$id]['rule_sid_off']); - write_config(); + write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); } elseif ($_POST['enable_all'] && !empty($rules_map)) { @@ -273,7 +273,7 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) { else unset($a_rule[$id]['rule_sid_off']); - write_config(); + write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); } elseif ($_POST['resetcategory'] && !empty($rules_map)) { @@ -312,7 +312,7 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) { else unset($a_rule[$id]['rule_sid_off']); - write_config(); + write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}."); } elseif ($_POST['resetall'] && !empty($rules_map)) { @@ -321,14 +321,14 @@ elseif ($_POST['resetall'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ - write_config(); + write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}."); } else if ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); } elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); - write_config(); + write_config("Snort pkg: clear all custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; @@ -340,7 +340,7 @@ elseif ($_POST['save']) { $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); else unset($a_rule[$id]['customrules']); - write_config(); + write_config("Snort pkg: save modified custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; @@ -364,7 +364,7 @@ elseif ($_POST['save']) { } else if ($_POST['apply']) { /* Save new configuration */ - write_config(); + write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index de5bdc6b..daf1c4ef 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -125,7 +125,7 @@ if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid } } if ($found_list) { - write_config(); + write_config("Snort pkg: modified Suppress List for {$a_nat[$id]['interface']}."); $rebuild_rules = false; sync_snort_package_config(); snort_reload_config($a_nat[$id]); diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 46a67913..79365f5f 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -153,7 +153,7 @@ if ($_POST["save"]) { @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } - write_config(); + write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php index 9a91e0d6..89b0bc02 100644 --- a/config/snort/snort_stream5_engine.php +++ b/config/snort/snort_stream5_engine.php @@ -328,7 +328,7 @@ if ($_POST['save']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: save modified stream5 engine."); header("Location: /snort/snort_preprocessors.php?id={$id}#stream5_row"); exit; diff --git a/config/softflowd/softflowd.xml b/config/softflowd/softflowd.xml index 149631b8..88e521a7 100644 --- a/config/softflowd/softflowd.xml +++ b/config/softflowd/softflowd.xml @@ -1,6 +1,6 @@ <packagegui> <name>softflowd</name> - <version>0.9.8</version> + <version>0.9.8 pkg v1.0.1</version> <title>softflowd: Settings</title> <aftersaveredirect>pkg_edit.php?xml=softflowd.xml&id=0</aftersaveredirect> <menu> @@ -103,7 +103,7 @@ config_unlock(); } - function validate_form_softflowd($post, $input_errors) { + function validate_form_softflowd($post, &$input_errors) { if (($post['host'] == "") || !is_ipaddr($post['host'])) $input_errors[] = 'You must specify a valid ip address in the \'Host\' field'; if (($post['port'] == "") || !is_port($post['port'])) @@ -129,7 +129,7 @@ sync_package_softflowd(); </custom_php_resync_config_command> <custom_php_validation_command> - validate_form_softflowd($_POST, &$input_errors); + validate_form_softflowd($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> cleanup_config_softflowd(); diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php index c4c8ffe2..c2df25d1 100644 --- a/config/spamd/spamd_db.php +++ b/config/spamd/spamd_db.php @@ -205,7 +205,6 @@ $blacklist_items = $blacklist_items + $spamdb_black; <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> <script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script> <script type="text/javascript" language="javascript" src="row_toggle.js"></script> -<script src="/javascript/sorttable.js"></script> <script language="javascript"> function outputrule(req) { if(req.content != '') { @@ -314,6 +313,9 @@ if (typeof getURL == 'undefined') { <td class="listhdrr">IP</td> <td class="listhdrr">From</td> <td class="listhdrr">To</td> + <td class="listhdrr">First</td> + <td class="listhdrr">Pass</td> + <td class="listhdrr">Expire</td> <td class="listhdr">Attempts</td> <td class="list"></td> </tr> @@ -386,6 +388,9 @@ if (typeof getURL == 'undefined') { $srcip = htmlentities($pkgdb_split[1]); $fromaddress = htmlentities($pkgdb_split[3]); $toaddress = htmlentities($pkgdb_split[4]); + $first = ""; + $pass = ""; + $expire = ""; $attempts = htmlentities($pkgdb_split[8]); break; case "TRAPPED": @@ -393,6 +398,9 @@ if (typeof getURL == 'undefined') { $srcip = htmlentities($pkgdb_split[1]); $fromaddress = ""; $toaddress = ""; + $first = ""; + $pass = ""; + $expire = htmlentities($pkgdb_split[2]); $attempts = ""; break; case "GREY": @@ -400,6 +408,9 @@ if (typeof getURL == 'undefined') { $srcip = htmlentities($pkgdb_split[1]); $fromaddress = htmlentities($pkgdb_split[3]); $toaddress = htmlentities($pkgdb_split[4]); + $first = htmlentities($pkgdb_split[5]); + $pass = htmlentities($pkgdb_split[6]); + $expire = htmlentities($pkgdb_split[7]); $attempts = htmlentities($pkgdb_split[8]); break; case "WHITE": @@ -407,6 +418,9 @@ if (typeof getURL == 'undefined') { $srcip = htmlentities($pkgdb_split[1]); $fromaddress = ""; $toaddress = ""; + $first = htmlentities($pkgdb_split[4]); + $pass = htmlentities($pkgdb_split[5]); + $expire = htmlentities($pkgdb_split[6]); $attempts = htmlentities($pkgdb_split[8]); break; } @@ -417,6 +431,9 @@ if (typeof getURL == 'undefined') { echo "<td class=\"listr\">{$srcip}</td>"; echo "<td class=\"listr\">{$fromaddress}</td>"; echo "<td class=\"listr\">{$toaddress}</td>"; + echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . date("Y-m-d", $first) . "<br/>" . date("H:i:s", $first) . "</span></td>"; + echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . date("Y-m-d", $pass) . "<br/>" . date("H:i:s", $pass) . "</span></td>"; + echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . date("Y-m-d", $expire) . "<br/>" . date("H:i:s", $expire) . "</span></td>"; echo "<td class=\"listr\">{$attempts}</td>"; echo "<td>"; $rowtext = "<NOBR><a href='javascript:toggle_on(\"w{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_plus_p.gif\"); getURL(\"spamd_db.php?buttonid=w{$rows}&srcip={$srcip}&action=whitelist\", outputrule);'><img title=\"Add to whitelist\" name='w{$rows}' id='w{$rows}' border=\"0\" alt=\"Add to whitelist\" src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\"></a> "; diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index 5ffa14c3..68cf4a00 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -165,7 +165,7 @@ function sudo_get_users($list_all_user = false) { /* Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior. This also forces the user to give full paths to executables, which they should be doing anyhow. */ -function sudo_validate_commands($input_errors) { +function sudo_validate_commands(&$input_errors) { $idx = 0; while(isset($_POST["cmdlist{$idx}"])) { $commands = $_POST["cmdlist" . $idx++]; diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml index 16fc272b..2fccab24 100644 --- a/config/sudo/sudo.xml +++ b/config/sudo/sudo.xml @@ -3,7 +3,7 @@ <description>Sudo Command Control</description> <requirements>None</requirements> <name>sudo</name> - <version>0.2</version> + <version>0.2.1</version> <title>Sudo - Shell Command Privilege Delegation Utility</title> <include_file>/usr/local/pkg/sudo.inc</include_file> <menu> @@ -83,7 +83,7 @@ User permission definitions for allowing the use of sudo by shell users to run c </custom_php_resync_config_command> <custom_php_validation_command> <![CDATA[ - sudo_validate_commands(&$input_errors); + sudo_validate_commands($input_errors); ]]> </custom_php_validation_command> </packagegui> diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index b5f5fb56..c767f2d0 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -1,30 +1,41 @@ <?php /* - suricata.inc - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata.inc + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("pfsense-utils.inc"); require_once("config.inc"); @@ -39,9 +50,14 @@ global $g, $config; if (!is_array($config['installedpackages']['suricata'])) $config['installedpackages']['suricata'] = array(); -// Define the binary and package build versions -define('SURICATA_VER', '1.4.6'); -define('SURICATA_PKG_VER', 'v0.3-BETA'); +/* Get installed package version for display */ +$suricata_package_version = "Suricata {$config['installedpackages']['package'][get_pkg_id("suricata")]['version']}"; + +// Define the installed package version +define('SURICATA_PKG_VER', $suricata_package_version); + +// Define the name of the pf table used for IP blocks +define('SURICATA_PF_TABLE', 'snort2c'); // Create some other useful defines define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/'); @@ -198,13 +214,26 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") { function suricata_get_blocked_ips() { - // This is a placeholder function for later use. - // Blocking is not currently enabled in Suricata. - return array(); + $suri_pf_table = SURICATA_PF_TABLE; + $blocked_ips = ""; + + exec("/sbin/pfctl -t {$suri_pf_table} -T show", $blocked_ips); + + $blocked_ips_array = array(); + if (!empty($blocked_ips)) { + if (is_array($blocked_ips)) { + foreach ($blocked_ips as $blocked_ip) { + if (empty($blocked_ip)) + continue; + $blocked_ips_array[] = trim($blocked_ip, " \n\t"); + } + } + } + return $blocked_ips_array; } -/* func builds custom white lists */ -function suricata_find_list($find_name, $type = 'whitelist') { +/* func builds custom Pass Lists */ +function suricata_find_list($find_name, $type = 'passlist') { global $config; $suricataglob = $config['installedpackages']['suricata']; @@ -221,11 +250,11 @@ function suricata_find_list($find_name, $type = 'whitelist') { return array(); } -function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { +function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { /***********************************************************/ /* The default is to build a HOME_NET variable unless */ - /* '$whitelist' is set to 'true' when calling. */ + /* '$passlist' is set to 'true' when calling. */ /***********************************************************/ global $config, $g, $aliastable, $filterdns; @@ -247,7 +276,7 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { $home_net = explode(" ", trim(filter_expand_alias($list['address']))); } - // Always add loopback to HOME_NET and whitelist (ftphelper) + // Always add loopback to HOME_NET and passlist (ftphelper) if (!in_array("127.0.0.1", $home_net)) $home_net[] = "127.0.0.1"; @@ -255,8 +284,8 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { /* Always put the interface running Suricata in HOME_NET and */ /* whitelist unless it's the WAN. WAN options are handled further */ /* down. If the user specifically chose not to include LOCAL_NETS */ - /* in the WHITELIST, then do not include the Suricata interface */ - /* subnet in the WHITELIST. We do include the actual LAN interface */ + /* in the PASS LIST, then do not include the Suricata interface */ + /* subnet in the PASS LIST. We do include the actual LAN interface */ /* IP for Suricata, though, to prevent locking out the firewall. */ /********************************************************************/ $suricataip = get_interface_ip($suricatacfg['interface']); @@ -297,8 +326,8 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { if (!$whitelist || $localnet == 'yes' || empty($localnet)) { /*************************************************************************/ - /* Iterate through the interface list and write out whitelist items and */ - /* also compile a HOME_NET list of all the local interfaces for suricata. */ + /* Iterate through the interface list and write out pass list items and */ + /* also compile a HOME_NET list of all local interfaces for suricata. */ /* Skip the WAN interface as we do not typically want that whole subnet */ /* whitelisted (just the i/f IP itself which was handled earlier). */ /*************************************************************************/ @@ -365,7 +394,7 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { } if($vips == 'yes') { - // iterate all vips and add to whitelist + // iterate all vips and add to passlist if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $vip) { if ($vip['subnet'] && $vip['mode'] != 'proxyarp') { @@ -484,6 +513,104 @@ function suricata_loglimit_install_cron($should_install=true) { install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", $should_install, "*/5"); } +function suricata_rm_blocked_install_cron($should_install) { + global $config, $g; + $suri_pf_table = SURICATA_PF_TABLE; + + $suricata_rm_blocked_info_ck = $config['installedpackages']['suricata']['config'][0]['rm_blocked']; + + if ($suricata_rm_blocked_info_ck == "15m_b") { + $suricata_rm_blocked_min = "*/1"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "900"; + } + if ($suricata_rm_blocked_info_ck == "30m_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "1800"; + } + if ($suricata_rm_blocked_info_ck == "1h_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "3600"; + } + if ($suricata_rm_blocked_info_ck == "3h_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "10800"; + } + if ($suricata_rm_blocked_info_ck == "6h_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "21600"; + } + if ($suricata_rm_blocked_info_ck == "12h_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "43200"; + } + if ($suricata_rm_blocked_info_ck == "1d_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "86400"; + } + if ($suricata_rm_blocked_info_ck == "4d_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "345600"; + } + if ($suricata_rm_blocked_info_ck == "7d_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "604800"; + } + if ($suricata_rm_blocked_info_ck == "28d_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "2419200"; + } + + // First, remove any existing cron task for "rm_blocked" hosts + install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false); + + // Now add or update the cron task for "rm_blocked" hosts + // if enabled. + if ($should_install) { + $command = "/usr/bin/nice -n20 /sbin/pfctl -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}"; + install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root"); + } +} + function sync_suricata_package_config() { global $config, $g; @@ -516,9 +643,11 @@ function sync_suricata_package_config() { $suricataglob = $config['installedpackages']['suricata']['config'][0]; // setup the log directory size check job if enabled - suricata_loglimit_install_cron(); + suricata_loglimit_install_cron(true); // setup the suricata rules update job if enabled - suricata_rules_up_install_cron($suricataglob['autoruleupdate'] != "never_up" ? true : false); + suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false); + // set the suricata blocked hosts time + suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); write_config(); configure_cron(); @@ -1911,7 +2040,12 @@ function suricata_generate_barnyard2_conf($suricatacfg, $if_real) { $by2_dbpwd = base64_decode($suricatacfg['barnyard_dbpwd']); $suricatabarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: alert, mysql, "; $suricatabarnyardlog_output_plugins .= "user={$suricatacfg['barnyard_dbuser']} password={$by2_dbpwd} "; - $suricatabarnyardlog_output_plugins .= "dbname={$suricatacfg['barnyard_dbname']} host={$suricatacfg['barnyard_dbhost']}\n\n"; + $suricatabarnyardlog_output_plugins .= "dbname={$suricatacfg['barnyard_dbname']} host={$suricatacfg['barnyard_dbhost']}"; + if (isset($suricatacfg['barnyard_sensor_name']) && strlen($suricatacfg['barnyard_sensor_name']) > 0) + $suricatabarnyardlog_output_plugins .= " sensor_name={$suricatacfg['barnyard_sensor_name']}"; + if ($suricatacfg['barnyard_disable_sig_ref_tbl'] == 'on') + $suricatabarnyardlog_output_plugins .= " disable_signature_reference_table"; + $suricatabarnyardlog_output_plugins .= "\n\n"; } if ($suricatacfg['barnyard_syslog_enable'] == 'on') { $suricatabarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\n"; diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc index 8dcec887..3bbee55a 100644 --- a/config/suricata/suricata.priv.inc +++ b/config/suricata/suricata.priv.inc @@ -8,6 +8,7 @@ $priv_list['page-services-suricata']['descr'] = "Allow access to suricata packag $priv_list['page-services-suricata']['match'] = array(); $priv_list['page-services-suricata']['match'][] = "suricata/suricata_alerts.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_barnyard.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_blocked.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_check_for_rule_updates.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_define_vars.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_download_rules.php*"; @@ -20,11 +21,12 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_global.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress_edit.php*"; -$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist.php*"; -$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist_edit.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_select_alias.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_list_view.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_browser.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_mgmt.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist_edit.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_flow_stream.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules.php*"; diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml index fb296aed..1a64d619 100644 --- a/config/suricata/suricata.xml +++ b/config/suricata/suricata.xml @@ -9,40 +9,49 @@ /* suricata.xml part of the Suricata package for pfSense - Copyright (C) 2014 Bill meeks - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Significant portions are based on original work done for the Snort + package for pfSense from the following contributors: + + Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya Sr. Developer + Copyright (C) 2012 Ermal Luci + All rights reserved. + + Adapted for Suricata by: + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ /* ========================================================================== */ ]]> </copyright> <description>Suricata IDS/IPS Package</description> <requirements>None</requirements> <name>suricata</name> - <version>1.4.6 pkg v0.3-BETA</version> + <version>1.4.6 pkg v1.0</version> <title>Services: Suricata IDS</title> <include_file>/usr/local/pkg/suricata/suricata.inc</include_file> <menu> @@ -208,6 +217,26 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_blocked.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_passlist.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_passlist_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_select_alias.php</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.js</item> diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index 01d4daeb..07e4eb1f 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -3,19 +3,30 @@ * suricata_alerts.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -32,6 +43,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); $supplist = array(); +$suri_pf_table = SURICATA_PF_TABLE; function suricata_is_alert_globally_suppressed($list, $gid, $sid) { @@ -109,12 +121,11 @@ function suricata_add_supplist_entry($suppress) { } } - /* If we created a new list or updated an existing one, save the change, */ - /* tell Snort to load it, and return true; otherwise return false. */ + /* If we created a new list or updated an existing one, save the change */ + /* and return true; otherwise return false. */ if ($found_list) { write_config(); sync_suricata_package_config(); - suricata_reload_config($a_instance[$instanceid]); return true; } else @@ -165,12 +176,12 @@ if ($_POST['save']) { exit; } -//if ($_POST['unblock'] && $_POST['ip']) { -// if (is_ipaddr($_POST['ip'])) { -// exec("/sbin/pfctl -t snort2c -T delete {$_POST['ip']}"); -// $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table."); -// } -//} +if ($_POST['unblock'] && $_POST['ip']) { + if (is_ipaddr($_POST['ip'])) { + exec("/sbin/pfctl -t {$suri_pf_table} -T delete {$_POST['ip']}"); + $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table."); + } +} if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) { if ($_POST['addsuppress_srcip']) @@ -355,10 +366,12 @@ if ($savemsg) { $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -495,10 +508,10 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo $alert_ip_src .= "title='" . gettext("This alert track by_src IP is already in the Suppress List") . "'/>"; } /* Add icon for auto-removing from Blocked Table if required */ -// if (isset($tmpblocked[$fields[9]])) { -// $alert_ip_src .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" "; -// $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; -// } + if (isset($tmpblocked[$fields[9]])) { + $alert_ip_src .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" "; + $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; + } /* IP SRC Port */ $alert_src_p = $fields[10]; /* IP Destination */ @@ -524,10 +537,10 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo $alert_ip_dst .= "title='" . gettext("This alert track by_dst IP is already in the Suppress List") . "'/>"; } /* Add icon for auto-removing from Blocked Table if required */ -// if (isset($tmpblocked[$fields[11]])) { -// $alert_ip_dst .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" "; -// $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; -// } + if (isset($tmpblocked[$fields[11]])) { + $alert_ip_dst .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" "; + $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; + } /* IP DST Port */ $alert_dst_p = $fields[12]; /* SID */ diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index 8d0bb4f4..c28b99d1 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -3,12 +3,23 @@ * suricata_app_parsers.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -379,7 +390,7 @@ include_once("head.inc"); <?php include("fbegin.inc"); /* Display error or save message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); } if ($savemsg) { print_info_box($savemsg); @@ -393,14 +404,16 @@ include_once("head.inc"); <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); @@ -412,7 +425,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), true, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php index 850e4bed..d4afe4f4 100644 --- a/config/suricata/suricata_barnyard.php +++ b/config/suricata/suricata_barnyard.php @@ -3,12 +3,23 @@ * suricata_barnyard.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -133,6 +144,7 @@ if ($_POST['save']) { $natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off'; $natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off'; $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off'; + $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off'; $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; @@ -167,50 +179,21 @@ if ($_POST['save']) { elseif ($a_nat[$id]['barnyard_enable'] == "on") { if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) suricata_barnyard_reload_config($a_nat[$id], "HUP"); - else - suricata_barnyard_start($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); + else { + // Notify user a Suricata restart is required if enabling Barnyard2 for the first time + $savemsg = gettext("NOTE: you must restart Suricata on this interface to activate unified2 logging for Barnyard2."); + } } - // after click go to this page - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: suricata_barnyard.php?id=$id"); - exit; + $pconfig = $natent; } else { - // We had errors, so save incoming field data to prevent retyping - $pconfig['barnyard_enable'] = $_POST['barnyard_enable']; - $pconfig['barnyard_show_year'] = $_POST['barnyard_show_year']; - $pconfig['barnyard_archive_enable'] = $_POST['barnyard_archive_enable']; - $pconfig['barnyard_dump_payload'] = $_POST['barnyard_dump_payload']; - $pconfig['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip']; - $pconfig['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable']; - $pconfig['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable']; - $pconfig['barnyard_syslog_local'] = $_POST['barnyard_syslog_local']; - $pconfig['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; - $pconfig['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; - $pconfig['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable']; - - $pconfig['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; - $pconfig['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; - $pconfig['barnyard_dbhost'] = $_POST['barnyard_dbhost']; - $pconfig['barnyard_dbname'] = $_POST['barnyard_dbname']; - $pconfig['barnyard_dbuser'] = $_POST['barnyard_dbuser']; - $pconfig['barnyard_dbpwd'] = $_POST['barnyard_dbpwd']; - $pconfig['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost']; - $pconfig['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; - $pconfig['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; - $pconfig['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; - $pconfig['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; - $pconfig['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; - $pconfig['barnconfigpassthru'] = $_POST['barnconfigpassthru']; + // We had errors, so save previous field data to prevent retyping + $pconfig = $_POST; } } -$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Suricata: Interface {$if_friendly} - Barnyard2 Settings"); include_once("head.inc"); @@ -221,7 +204,7 @@ include_once("head.inc"); /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); } if ($savemsg) { @@ -235,14 +218,16 @@ include_once("head.inc"); <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); @@ -254,7 +239,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -358,6 +343,14 @@ include_once("head.inc"); <?php echo gettext("Password for the MySQL database user"); ?> </td> </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/> + <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/> + <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Suricata instances."); ?> + </td> + </tr> </tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td> @@ -521,6 +514,7 @@ function toggle_mySQL() { document.iform.barnyard_dbname.disabled = endis; document.iform.barnyard_dbuser.disabled = endis; document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; if (endis) document.getElementById("mysql_config_rows").style.display = "none"; @@ -587,6 +581,7 @@ function enable_change(enable_change) { document.iform.barnyard_dbname.disabled = endis; document.iform.barnyard_dbuser.disabled = endis; document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; document.iform.barnyard_syslog_enable.disabled = endis; document.iform.barnyard_syslog_local.disabled = endis; document.iform.barnyard_syslog_opmode_default.disabled = endis; diff --git a/config/suricata/suricata_blocked.php b/config/suricata/suricata_blocked.php new file mode 100644 index 00000000..96171c1e --- /dev/null +++ b/config/suricata/suricata_blocked.php @@ -0,0 +1,323 @@ +<?php +/* + * suricata_blocked.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +$suricatalogdir = SURICATALOGDIR; +$suri_pf_table = SURICATA_PF_TABLE; + +if (!is_array($config['installedpackages']['suricata']['alertsblocks'])) + $config['installedpackages']['suricata']['alertsblocks'] = array(); + +$pconfig['brefresh'] = $config['installedpackages']['suricata']['alertsblocks']['brefresh']; +$pconfig['blertnumber'] = $config['installedpackages']['suricata']['alertsblocks']['blertnumber']; + +if (empty($pconfig['blertnumber'])) + $bnentries = '500'; +else + $bnentries = $pconfig['blertnumber']; + +if ($_POST['todelete']) { + $ip = ""; + if ($_POST['ip']) + $ip = $_POST['ip']; + if (is_ipaddr($ip)) + exec("/sbin/pfctl -t {$suri_pf_table} -T delete {$ip}"); + else + $input_errors[] = gettext("An invalid IP address was provided as a parameter."); +} + +if ($_POST['remove']) { + exec("/sbin/pfctl -t {$suri_pf_table} -T flush"); + header("Location: /suricata/suricata_blocked.php"); + exit; +} + +/* TODO: build a file with block ip and disc */ +if ($_POST['download']) +{ + $blocked_ips_array_save = ""; + exec("/sbin/pfctl -t {$suri_pf_table} -T show", $blocked_ips_array_save); + /* build the list */ + if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) { + $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $file_name = "suricata_blocked_{$save_date}.tar.gz"; + exec('/bin/mkdir -p /tmp/suricata_blocked'); + file_put_contents("/tmp/suricata_blocked/suricata_block.pf", ""); + foreach($blocked_ips_array_save as $counter => $fileline) { + if (empty($fileline)) + continue; + $fileline = trim($fileline, " \n\t"); + file_put_contents("/tmp/suricata_blocked/suricata_block.pf", "{$fileline}\n", FILE_APPEND); + } + + // Create a tar gzip archive of blocked host IP addresses + exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/suricata_blocked suricata_block.pf"); + + // If we successfully created the archive, send it to the browser. + if(file_exists("/tmp/{$file_name}")) { + ob_start(); //important or other posts will fail + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + header("Content-Type: application/octet-stream"); + header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-disposition: attachment; filename = {$file_name}"); + ob_end_clean(); //important or other post will fail + readfile("/tmp/{$file_name}"); + + // Clean up the temp files and directory + @unlink("/tmp/{$file_name}"); + exec("/bin/rm -fr /tmp/suricata_blocked"); + } else + $savemsg = gettext("An error occurred while creating archive"); + } else + $savemsg = gettext("No content on suricata block list"); +} + +if ($_POST['save']) +{ + /* no errors */ + if (!$input_errors) { + $config['installedpackages']['suricata']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; + + write_config("Suricata pkg: updated BLOCKED tab settings."); + + header("Location: /suricata/suricata_blocked.php"); + exit; + } + +} + +$pgtitle = gettext("Suricata: Blocked Hosts"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<script src="/javascript/filter_log.js" type="text/javascript"></script> + +<?php + +include_once("fbegin.inc"); + +/* refresh every 60 secs */ +if ($pconfig['brefresh'] == 'on') + echo "<meta http-equiv=\"refresh\" content=\"60;url=/suricata/suricata_blocked.php\" />\n"; + +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} +if ($savemsg) { + print_info_box($savemsg); +} +?> + +<form action="/suricata/suricata_blocked.php" method="post"> +<input type="hidden" name="ip" id="ip" value=""/> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), true, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array, true); + ?> + </td> +</tr> +<tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Blocked Hosts Log View Settings"); ?></td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext("Save or Remove Hosts"); ?></td> + <td width="78%" class="vtable"> + <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/> + <?php echo gettext("All blocked hosts will be saved."); ?> + <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>" + onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/> + <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("all hosts will be removed."); ?> + </td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext("Auto Refresh and Log View"); ?></td> + <td width="78%" class="vtable"> + <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/> + <?php echo gettext("Refresh"); ?> <input name="brefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['suricata']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['suricata']['alertsblocks']['brefresh']=='') echo "checked"; ?>/> + <?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="blertnumber" type="text" class="formfld unknown" id="blertnumber" + size="5" value="<?=htmlspecialchars($bnentries);?>"/> <?php printf(gettext("Enter number of " . + "blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + </td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Hosts Blocked by Suricata"), $bnentries); ?></td> + </tr> + <tr> + <td colspan="2"> + <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="2" cellspacing="0"> + <colgroup> + <col width="5%" align="center" axis="number"> + <col width="15%" align="center" axis="string"> + <col width="70%" align="left" axis="string"> + <col width="10%" align="center"> + </colgroup> + <thead> + <tr> + <th class="listhdrr" axis="number">#</th> + <th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th> + <th class="listhdrr"><?php echo gettext("Remove"); ?></th> + </tr> + </thead> + <tbody> + <?php + + /* set the arrays */ + $blocked_ips_array = suricata_get_blocked_ips(); + if (!empty($blocked_ips_array)) { + foreach ($blocked_ips_array as &$ip) + $ip = inet_pton($ip); + $tmpblocked = array_flip($blocked_ips_array); + $src_ip_list = array(); + foreach (glob("{$suricatalogdir}*/block.log*") as $alertfile) { + $fd = fopen($alertfile, "r"); + if ($fd) { + /* 0 1 2 3 4 5 6 7 8 9 10 */ + /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,ip,port */ + while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { + if(count($fields) < 11) + continue; + $fields[9] = inet_pton($fields[9]); + if (isset($tmpblocked[$fields[9]])) { + if (!is_array($src_ip_list[$fields[9]])) + $src_ip_list[$fields[9]] = array(); + $src_ip_list[$fields[9]][$fields[5]] = "{$fields[5]} - " . substr($fields[0], 0, -7); + } + } + fclose($fd); + } + } + + foreach($blocked_ips_array as $blocked_ip) { + if (is_ipaddr($blocked_ip) && !isset($src_ip_list[$blocked_ip])) + $src_ip_list[$blocked_ip] = array("N\A\n"); + } + + /* build final list, build html */ + $counter = 0; + foreach($src_ip_list as $blocked_ip => $blocked_msg) { + $blocked_desc = implode("<br/>", $blocked_msg); + if($counter > $bnentries) + break; + else + $counter++; + + $block_ip_str = inet_ntop($blocked_ip); + /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ + $tmp_ip = str_replace(":", ":​", $block_ip_str); + /* Add reverse DNS lookup icons */ + $rdns_link = ""; + $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$block_ip_str}&dialog_output=true', outputrule);\">"; + $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; + $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; + $rdns_link .= "<a href='/diag_dns.php?host={$block_ip_str}'>"; + $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; + $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + /* use one echo to do the magic*/ + echo "<tr> + <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> + <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td> + <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td> + <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\"> + <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$block_ip_str}';\" + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td> + </tr>\n"; + } + } + ?> + </tbody> + </table> + </td> + </tr> + <tr> + <td colspan="2" class="vexpl" align="center"> + <?php if (!empty($blocked_ips_array)) { + if ($counter > 1) + echo "{$counter}" . gettext(" host IP addresses are currently being blocked."); + else + echo "{$counter}" . gettext(" host IP address is currently being blocked."); + } + else { + echo gettext("There are currently no hosts being blocked by Suricata."); + } + ?> + </td> + </tr> + </table> + </div> + </td> +</tr> +</table> +</form> +<?php +include("fend.inc"); +?> +</body> +</html> diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc index b9ba3fb7..f750c530 100644 --- a/config/suricata/suricata_check_cron_misc.inc +++ b/config/suricata/suricata_check_cron_misc.inc @@ -3,12 +3,23 @@ * suricata_check_cron_misc.inc * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -173,19 +184,31 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$value['uuid']}"; foreach ($logs as $k => $p) suricata_check_rotate_log("{$suricata_log_dir}/{$k}", $p['limit']*1024, $p['retention']); - } - // Prune any aged-out Barnyard2 archived logs if any exist - if (is_dir("{$suricata_log_dir}/barnyard2/archive") && - $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) { - $now = time(); - $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); - foreach ($files as $f) { - if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) - unlink_if_exists($f); + // Prune any aged-out Barnyard2 archived logs if any exist + if (is_dir("{$suricata_log_dir}/barnyard2/archive") && + $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) { + $now = time(); + $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) + unlink_if_exists($f); + } + } + unset($files); + + // Prune aged-out File Store files if any exist + if (is_dir("{$suricata_log_dir}/files") && + $config['installedpackages']['suricata']['config'][0]['file_store_retention'] > 0) { + $now = time(); + $files = glob("{$suricata_log_dir}/files/file.*"); + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['file_store_retention'] * 3600)) + unlink_if_exists($f); + } } + unset($files); } - unset($files); } // Check the overall log directory limit (if enabled) and prune if necessary diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php index 51efd7d0..bb29078f 100644 --- a/config/suricata/suricata_check_for_rule_updates.php +++ b/config/suricata/suricata_check_for_rule_updates.php @@ -2,19 +2,30 @@ /* * suricata_check_for_rule_updates.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php index 22b8ab3c..d072ff42 100644 --- a/config/suricata/suricata_define_vars.php +++ b/config/suricata/suricata_define_vars.php @@ -3,12 +3,23 @@ * suricata_define_vars.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -158,14 +169,16 @@ if ($savemsg) <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); @@ -177,7 +190,7 @@ if ($savemsg) $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), true, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> diff --git a/config/suricata/suricata_download_rules.php b/config/suricata/suricata_download_rules.php index 26737dcf..2de286ba 100644 --- a/config/suricata/suricata_download_rules.php +++ b/config/suricata/suricata_download_rules.php @@ -2,19 +2,31 @@ /* * suricata_download_rules.php * + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php index 188255c8..b5377351 100644 --- a/config/suricata/suricata_download_updates.php +++ b/config/suricata/suricata_download_updates.php @@ -3,19 +3,30 @@ * suricata_download_updates.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -176,10 +187,12 @@ include_once("head.inc"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), true, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index cc00f350..ba594d55 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -3,12 +3,23 @@ * suricata_flow_stream.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -438,14 +449,15 @@ include_once("head.inc"); <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); @@ -457,7 +469,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php index 0e348631..bd3ce368 100644 --- a/config/suricata/suricata_generate_yaml.php +++ b/config/suricata/suricata_generate_yaml.php @@ -1,30 +1,41 @@ <?php /* - suricata_generate_yaml.php - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata_generate_yaml.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ // Create required Suricata directories if they don't exist @@ -64,6 +75,11 @@ if (!empty($suricatacfg['externallistname']) && $suricatacfg['externallistname'] $external_net = trim($external_net); } +// Set the PASS LIST and write its contents to disk +$plist = suricata_build_list($suricatacfg, $suricatacfg['passlistname'], true); +@file_put_contents("{$suricatacfgdir}/passlist", implode("\n", $plist)); +$suri_passlist = "{$suricatacfgdir}/passlist"; + // Set default and user-defined variables for SERVER_VARS and PORT_VARS $suricata_servers = array ( "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", @@ -137,6 +153,31 @@ if (!empty($suricatacfg['inspect_recursion_limit']) || $suricatacfg['inspect_rec else $inspection_recursion_limit = ""; +if ($suricatacfg['delayed_detect'] == 'on') + $delayed_detect = "yes"; +else + $delayed_detect = "no"; + +// Add interface-specific blocking settings +if ($suricatacfg['blockoffenders'] == 'on') + $suri_blockoffenders = "yes"; +else + $suri_blockoffenders = "no"; + +if ($suricatacfg['blockoffenderskill'] == 'on') + $suri_killstates = "yes"; +else + $suri_killstates = "no"; + +if ($suricatacfg['blockoffendersip'] == 'src') + $suri_blockip = 'SRC'; +elseif ($suricatacfg['blockoffendersip'] == 'dst') + $suri_blockip = 'DST'; +else + $suri_blockip = 'BOTH'; + +$suri_pf_table = SURICATA_PF_TABLE; + // Add interface-specific logging settings if ($suricatacfg['alertsystemlog'] == 'on') $alert_syslog = "yes"; diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php index 938d6a97..9c932222 100644 --- a/config/suricata/suricata_global.php +++ b/config/suricata/suricata_global.php @@ -3,12 +3,23 @@ * suricata_global.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -124,7 +135,7 @@ if (!$input_errors) { $retval = 0; - /* create whitelist and homenet file, then sync files */ + /* create passlist and homenet file, then sync files */ sync_suricata_package_config(); write_config(); @@ -168,10 +179,12 @@ if ($input_errors) $tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -304,18 +317,18 @@ if ($input_errors) <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> </tr> -<tr style="display:none;"> +<tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts Interval"); ?></td> <td width="78%" class="vtable"> <select name="rm_blocked" class="formselect" id="rm_blocked"> <?php $interfaces3 = array('never_b' => gettext('NEVER'), '15m_b' => gettext('15 MINS'), '30m_b' => gettext('30 MINS'), '1h_b' => gettext('1 HOUR'), '3h_b' => gettext('3 HOURS'), '6h_b' => gettext('6 HOURS'), '12h_b' => gettext('12 HOURS'), '1d_b' => gettext('1 DAY'), '4d_b' => gettext('4 DAYS'), '7d_b' => gettext('7 DAYS'), '28d_b' => gettext('28 DAYS')); foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?></option> - <?php endforeach; ?> - </select> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select> <?php echo gettext("Please select the amount of time you would like hosts to be blocked."); ?><br/><br/> <?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td> </tr> diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php index e8125986..26d57b71 100644 --- a/config/suricata/suricata_interfaces.php +++ b/config/suricata/suricata_interfaces.php @@ -2,19 +2,30 @@ /* * suricata_interfaces.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -134,9 +145,8 @@ if ($_POST['toggle']) { header("Location: /suricata/suricata_interfaces.php"); exit; } -$suri_bin_ver = SURICATA_VER; $suri_pkg_ver = SURICATA_PKG_VER; -$pgtitle = "Services: Suricata {$suri_bin_ver} pkg {$suri_pkg_ver} - Intrusion Detection System"; +$pgtitle = "Services: {$suri_pkg_ver} - Intrusion Detection System"; include_once("head.inc"); ?> @@ -164,10 +174,12 @@ include_once("head.inc"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td> </tr> diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index fbb78aa2..3b61755c 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -2,19 +2,30 @@ /* * suricata_interfaces_edit.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -32,6 +43,9 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); global $g, $rebuild_rules; +$suricatadir = SURICATADIR; +$suricatalogdir = SURICATALOGDIR; + if (!is_array($config['installedpackages']['suricata'])) $config['installedpackages']['suricata'] = array(); $suricataglob = $config['installedpackages']['suricata']; @@ -173,6 +187,16 @@ if ($_POST["save"]) { if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit'])) $input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0."); + /* See if assigned interface is already in use */ + if (isset($_POST['interface'])) { + foreach ($a_rule as $k => $v) { + if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { + $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance."); + break; + } + } + } + // if no errors write to suricata.yaml if (!$input_errors) { $natent = $a_rule[$id]; @@ -204,23 +228,30 @@ if ($_POST["save"]) { if ($_POST['blockoffenders'] == "on") $natent['blockoffenders'] = 'on'; else $natent['blockoffenders'] = 'off'; if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); - if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); + if ($_POST['passlistname']) $natent['passlistname'] = $_POST['passlistname']; else unset($natent['passlistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { + // See if moving an existing Suricata instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); - suricata_stop($a_rule[$id], $oif_real); - exec("rm -r /var/log/suricata_{$oif_real}" . $a_rule[$id]['uuid']); - exec("mv -f {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + if (suricata_is_running($a_rule[$id]['uuid'], $oif_real)) { + suricata_stop($a_rule[$id], $oif_real); + $suricata_start = true; + } + else + $suricata_start = false; + exec("mv -f {$suricatalogdir}suricata_{$oif_real}" . $a_rule[$id]['uuid'] . " {$suricatalogdir}suricata_{$if_real}" . $a_rule[$id]['uuid']); + conf_mount_rw(); + exec("mv -f {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + conf_mount_ro(); } - // Edits don't require a rules rebuild, so turn it "off" - $rebuild_rules = false; $a_rule[$id] = $natent; } else { // Adding new interface, so set interface configuration parameter defaults @@ -262,6 +293,7 @@ if ($_POST["save"]) { $natent['reassembly_to_client_chunk'] = '2560'; $natent['enable_midstream_sessions'] = 'off'; $natent['enable_async_sessions'] = 'off'; + $natent['delayed_detect'] = 'off'; $natent['asn1_max_frames'] = '256'; @@ -330,14 +362,16 @@ if ($savemsg) { <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); @@ -349,7 +383,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -490,8 +524,6 @@ if ($savemsg) { <?php echo gettext("Enter maximum number of packet log files to maintain. Default is ") . "<strong>" . gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td> </tr> - -<!-- ### Blocking not yet enabled, so hide the controls ### <tr> <td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> </tr> @@ -527,9 +559,6 @@ if ($savemsg) { <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td> </td> </tr> - ### End of Blocking controls ### ---> - <tr> <td colspan="2" class="listtopic"><?php echo gettext("Detection Engine Settings"); ?></td> </tr> @@ -606,6 +635,14 @@ if ($savemsg) { gettext("3000") . "</strong>."; ?><br/><br/><?php echo gettext("When set to 0 an internal default is used. When left blank there is no recursion limit.") ?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Delayed Detect"); ?></td> + <td width="78%" class="vtable"> + <input name="delayed_detect" id="delayed_detect" type="checkbox" value="on" + <?php if ($pconfig['delayed_detect'] == "on") echo " checked"; ?>/> + <?php echo gettext("Suricata will build list of signatures after packet capture threads have started. Default is ") . + "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr> <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td> </tr> <tr> @@ -666,17 +703,16 @@ if ($savemsg) { "setting at default. Create an Alias for custom External Net settings."); ?><br/> </td> </tr> -<!-- <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td> <td width="78%" class="vtable"> - <select name="whitelistname" class="formselect" id="whitelistname"> + <select name="passlistname" class="formselect" id="passlistname"> <?php - /* find whitelist names and filter by type, make sure to track by uuid */ + /* find passlist names and filter by type, make sure to track by uuid */ echo "<option value='default' >default</option>\n"; - if (is_array($suricataglob['whitelist']['item'])) { - foreach ($suricataglob['whitelist']['item'] as $value) { - if ($value['name'] == $pconfig['whitelistname']) + if (is_array($suricataglob['passlist']['item'])) { + foreach ($suricataglob['passlist']['item'] as $value) { + if ($value['name'] == $pconfig['passlistname']) echo "<option value='{$value['name']}' selected>"; else echo "<option value='{$value['name']}'>"; @@ -685,17 +721,15 @@ if ($savemsg) { } ?> </select> - <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')" - id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/> + <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','passlistname','passlist')" + id="btnPasslist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/> <br/> - <?php echo gettext("Choose the whitelist you want this interface to " . - "use."); ?> <br/><br/> + <?php echo gettext("Choose the Pass List you want this interface to use."); ?> <br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("This option will only be used when block offenders is on."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Default " . - "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> + "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> </td> </tr> ---> <tr> <td colspan="2" class="listtopic"><?php echo gettext("Alert Suppression and Filtering"); ?></td> </tr> @@ -756,11 +790,11 @@ if ($savemsg) { <script language="JavaScript"> function enable_blockoffenders() { -// var endis = !(document.iform.blockoffenders.checked); -// document.iform.blockoffenderskill.disabled=endis; -// document.iform.blockoffendersip.disabled=endis; -// document.iform.whitelistname.disabled=endis; -// document.iform.btnWhitelist.disabled=endis; + var endis = !(document.iform.blockoffenders.checked); + document.iform.blockoffenderskill.disabled=endis; + document.iform.blockoffendersip.disabled=endis; + document.iform.passlistname.disabled=endis; + document.iform.btnPasslist.disabled=endis; } function toggle_stats_log() { @@ -855,19 +889,20 @@ function enable_change(enable_change) { document.iform.mpm_algo.disabled = endis; document.iform.sgh_mpm_context.disabled = endis; document.iform.inspect_recursion_limit.disabled = endis; -// document.iform.blockoffenders.disabled = endis; -// document.iform.blockoffendersip.disabled=endis; -// document.iform.blockoffenderskill.disabled=endis; + document.iform.blockoffenders.disabled = endis; + document.iform.blockoffendersip.disabled=endis; + document.iform.blockoffenderskill.disabled=endis; document.iform.alertsystemlog.disabled = endis; document.iform.externallistname.disabled = endis; document.iform.homelistname.disabled = endis; -// document.iform.whitelistname.disabled=endis; + document.iform.passlistname.disabled=endis; document.iform.suppresslistname.disabled = endis; document.iform.configpassthru.disabled = endis; document.iform.btnHomeNet.disabled=endis; -// document.iform.btnWhitelist.disabled=endis; + document.iform.btnPasslist.disabled=endis; document.iform.btnSuppressList.disabled=endis; -} +} document.iform.delayed_detect.disabled=endis; + function wopen(url, name, w, h) { // Fudge factors for window decoration space. @@ -890,12 +925,12 @@ function getSelectedValue(elemID) { function viewList(id, elemID, elemType) { if (typeof elemType == "undefined") { - elemType = "whitelist"; + elemType = "passlist"; } var url = "suricata_list_view.php?id=" + id + "&wlist="; url = url + getSelectedValue(elemID) + "&type=" + elemType; url = url + "&time=" + new Date().getTime(); - wopen(url, 'WhitelistViewer', 640, 480); + wopen(url, 'PassListViewer', 640, 480); } enable_change(false); diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php index 1a3c7455..7e6ffd6d 100644 --- a/config/suricata/suricata_libhtp_policy_engine.php +++ b/config/suricata/suricata_libhtp_policy_engine.php @@ -1,12 +1,24 @@ <?php /* * suricata_libhtp_policy_engine.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php index b6616909..722bf47a 100644 --- a/config/suricata/suricata_list_view.php +++ b/config/suricata/suricata_list_view.php @@ -2,29 +2,29 @@ /* * suricata_list_view.php * - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -39,20 +39,24 @@ if (isset($_GET['id']) && is_numericint($_GET['id'])) $wlist = htmlspecialchars($_GET['wlist']); $type = htmlspecialchars($_GET['type']); +$title = "List"; if (isset($id) && isset($wlist)) { - $a_rule = $config['installedpackages']['suricata']['rule'][$id]; + $a_rule = $config['installedpackages']['suricataglobal']['rule'][$id]; if ($type == "homenet") { $list = suricata_build_list($a_rule, $wlist); $contents = implode("\n", $list); + $title = "HOME_NET"; } - elseif ($type == "whitelist") { + elseif ($type == "passlist") { $list = suricata_build_list($a_rule, $wlist, true); $contents = implode("\n", $list); + $title = "Pass List"; } elseif ($type == "suppress") { $list = suricata_find_list($wlist, $type); $contents = str_replace("\r", "", base64_decode($list['suppresspassthru'])); + $title = "Suppress List"; } else $contents = gettext("\n\nERROR -- Requested List Type entity is not valid!"); @@ -60,29 +64,26 @@ if (isset($id) && isset($wlist)) { else $contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!"); -$pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer")); +$pgtitle = array(gettext("Suricata"), gettext($title . " Viewer")); ?> <?php include("head.inc");?> <body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php // include("fbegin.inc");?> -<form action="suricata_list_view.php" method="post"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> <tr> - <td class="pgtitle" colspan="2">Suricata: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td> + <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td> </tr> <tr> <td align="left" width="20%"> <input type="button" class="formbtn" value="Return" onclick="window.close()"> </td> <td align="right"> - <b><?php echo gettext(ucfirst($type) . ": ") . '</b> ' . $_GET['wlist']; ?> + <b><?php echo gettext($title . ": ") . '</b> ' . htmlspecialchars($_GET['wlist']); ?> </td> </tr> <tr> @@ -96,7 +97,5 @@ $pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer")); </td> </tr> </table> -</form> -<?php // include("fend.inc");?> </body> </html> diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php index 53530881..04edf373 100644 --- a/config/suricata/suricata_logs_browser.php +++ b/config/suricata/suricata_logs_browser.php @@ -1,30 +1,41 @@ <?php /* - suricata_logs_browser.php - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata_logs_browser.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -129,10 +140,12 @@ if ($input_errors) { $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), true, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td> </tr> @@ -162,7 +175,7 @@ if ($input_errors) { <td width="78%" class="vtable"> <select name="logFile" id="logFile" class="formselect" onChange="loadFile();"> <?php - $logs = array( "alerts.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" ); + $logs = array( "alerts.log", "block.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" ); foreach ($logs as $log) { $selected = ""; if ($log == basename($logfile)) diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php index 7418dd80..16376c5b 100644 --- a/config/suricata/suricata_logs_mgmt.php +++ b/config/suricata/suricata_logs_mgmt.php @@ -1,14 +1,24 @@ <?php /* * suricata_logs_mgmt.php - * part of pfSense * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -44,6 +54,8 @@ $pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config' $pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']; $pconfig['alert_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size']; $pconfig['alert_log_retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention']; +$pconfig['block_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['block_log_limit_size']; +$pconfig['block_log_retention'] = $config['installedpackages']['suricata']['config'][0]['block_log_retention']; $pconfig['files_json_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size']; $pconfig['files_json_log_retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention']; $pconfig['http_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size']; @@ -54,6 +66,7 @@ $pconfig['tls_log_limit_size'] = $config['installedpackages']['suricata']['confi $pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention']; $pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit']; $pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention']; +$pconfig['file_store_retention'] = $config['installedpackages']['suricata']['config'][0]['file_store_retention']; // Load up some arrays with selection values (we use these later). // The keys in the $retentions array are the retention period @@ -77,6 +90,8 @@ if (empty($pconfig['suricataloglimitsize'])) { // Set default retention periods for rotated logs if (empty($pconfig['alert_log_retention'])) $pconfig['alert_log_retention'] = "336"; +if (empty($pconfig['block_log_retention'])) + $pconfig['block_log_retention'] = "336"; if (empty($pconfig['files_json_log_retention'])) $pconfig['files_json_log_retention'] = "168"; if (empty($pconfig['http_log_retention'])) @@ -87,10 +102,14 @@ if (empty($pconfig['tls_log_retention'])) $pconfig['tls_log_retention'] = "336"; if (empty($pconfig['u2_archive_log_retention'])) $pconfig['u2_archive_log_retention'] = "168"; +if (empty($pconfig['file_store_retention'])) + $pconfig['file_store_retention'] = "168"; // Set default log file size limits if (empty($pconfig['alert_log_limit_size'])) $pconfig['alert_log_limit_size'] = "500"; +if (empty($pconfig['block_log_limit_size'])) + $pconfig['block_log_limit_size'] = "500"; if (empty($pconfig['files_json_log_limit_size'])) $pconfig['files_json_log_limit_size'] = "1000"; if (empty($pconfig['http_log_limit_size'])) @@ -119,6 +138,8 @@ if ($_POST["save"]) { $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize']; $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'] = $_POST['alert_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['alert_log_retention'] = $_POST['alert_log_retention']; + $config['installedpackages']['suricata']['config'][0]['block_log_limit_size'] = $_POST['block_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['block_log_retention'] = $_POST['block_log_retention']; $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'] = $_POST['files_json_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'] = $_POST['files_json_log_retention']; $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'] = $_POST['http_log_limit_size']; @@ -129,6 +150,7 @@ if ($_POST["save"]) { $config['installedpackages']['suricata']['config'][0]['tls_log_retention'] = $_POST['tls_log_retention']; $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit']; $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention']; + $config['installedpackages']['suricata']['config'][0]['file_store_retention'] = $_POST['file_store_retention']; write_config(); sync_suricata_package_config(); @@ -169,10 +191,12 @@ if ($input_errors) $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -276,6 +300,26 @@ if ($input_errors) <td class="listbg"><?=gettext("Suricata alerts and event details");?></td> </tr> <tr> + <td class="listbg">block</td> + <td class="listr" align="center"><select name="block_log_limit_size" class="formselect" id="block_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['block_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="block_log_retention" class="formselect" id="block_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['block_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Suricata blocked IPs and event details");?></td> + </tr> + <tr> <td class="listbg">files-json</td> <td class="listr" align="center"><select name="files_json_log_limit_size" class="formselect" id="files_json_log_limit_size"> <?php foreach ($log_sizes as $k => $l): ?> @@ -386,6 +430,19 @@ if ($input_errors) </td> </tr> <tr> + <td class="vncell" width="22%" valign="top"><?=gettext("Captured Files Retention Period");?></td> + <td width="78%" class="vtable"><select name="file_store_retention" class="formselect" id="file_store_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['file_store_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> <?=gettext("Choose retention period for captured files in File Store. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/> + <?=gettext("When file capture and store is enabled, Suricata captures downloaded files from HTTP sessions and stores them, along with metadata, ") . + gettext("for later analysis. This setting determines how long files remain in the File Store folder before they are automatically deleted.");?> + </td> +</tr> +<tr> <td width="22%"></td> <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/><br/> <br/><span class="red"><strong><?php echo gettext("Note:");?></strong> @@ -402,6 +459,8 @@ function enable_change() { var endis = !(document.iform.enable_log_mgmt.checked); document.iform.alert_log_limit_size.disabled = endis; document.iform.alert_log_retention.disabled = endis; + document.iform.block_log_limit_size.disabled = endis; + document.iform.block_log_retention.disabled = endis; document.iform.files_json_log_limit_size.disabled = endis; document.iform.files_json_log_retention.disabled = endis; document.iform.http_log_limit_size.disabled = endis; @@ -412,6 +471,7 @@ function enable_change() { document.iform.tls_log_retention.disabled = endis; document.iform.unified2_log_limit.disabled = endis; document.iform.u2_archive_log_retention.disabled = endis; + document.iform.file_store_retention.disabled = endis; } function enable_change_dirSize() { diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php index c9360901..869d940c 100644 --- a/config/suricata/suricata_os_policy_engine.php +++ b/config/suricata/suricata_os_policy_engine.php @@ -1,12 +1,24 @@ <?php /* * suricata_os_policy_engine.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php new file mode 100644 index 00000000..fc7c60e2 --- /dev/null +++ b/config/suricata/suricata_passlist.php @@ -0,0 +1,206 @@ +<?php +/* + * suricata_passlist.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +if (!is_array($config['installedpackages']['suricata']['passlist'])) + $config['installedpackages']['suricata']['passlist'] = array(); +if (!is_array($config['installedpackages']['suricata']['passlist']['item'])) + $config['installedpackages']['suricata']['passlist']['item'] = array(); +$a_passlist = &$config['installedpackages']['suricata']['passlist']['item']; + +// Calculate the next Pass List index ID +if (isset($config['installedpackages']['suricata']['passlist']['item'])) + $id_gen = count($config['installedpackages']['suricata']['passlist']['item']); +else + $id_gen = '0'; + +function suricata_is_passlist_used($list) { + + /********************************************** + * This function tests the provided Pass List * + * to determine if it is assigned to an * + * interface. * + * * + * On Entry: $list -> Pass List name to test * + * * + * Returns: TRUE if Pass List is in use or * + * FALSE if not in use * + **********************************************/ + + global $config; + + if (!is_array($config['installedpackages']['suricata']['rule'])) + return FALSE; + + foreach($config['installedpackages']['suricata']['rule'] as $v) { + if (isset($v['passlistname']) && $v['passlistname'] == $list) + return TRUE; + } + return FALSE; +} + +if ($_POST['del'] && is_numericint($_POST['list_id'])) { + if ($a_passlist[$_POST['list_id']]) { + /* make sure list is not being referenced by any interface */ + if (suricata_is_passlist_used($a_passlist[$_POST['list_id']]['name'])) { + $input_errors[] = gettext("This Pass List is currently assigned to a Suricata interface and cannot be deleted. Unassign it from all Suricata interfaces first."); + } + if (!$input_errors) { + unset($a_passlist[$_POST['list_id']]); + write_config("Suricata pkg: deleted PASS LIST."); + sync_suricata_package_config(); + header("Location: /suricata/suricata_passlist.php"); + exit; + } + } +} + +$pgtitle = gettext("Suricata: Pass Lists"); +include_once("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include_once("fbegin.inc"); + +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); +} +if ($savemsg) { + print_info_box($savemsg); +} +?> + +<form action="/suricata/suricata_passlist.php" method="post"> +<input type="hidden" name="list_id" id="list_id" value=""/> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array, true); + ?> + </td> +</tr> +<tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr">List Name</td> + <td width="30%" class="listhdrr">Assigned Alias</td> + <td class="listhdr">Description</td> + <td width="40px" class="list"></td> + </tr> + <?php foreach ($a_passlist as $i => $list): ?> + <tr> + <td class="listlr" + ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?></td> + <td class="listr" + ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';" + title="<?=filter_expand_alias($list['address']);?>"> + <?php echo gettext($list['address']);?></td> + <td class="listbg" + ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> + </td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="suricata_passlist_edit.php?id=<?=$i;?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit pass list"); ?>"></a> + </td> + <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this pass list? Click OK to continue or CANCEL to quit.)!");?>');" + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete pass list"); ?>"/> + </td> + </tr> + </table> + </td> + </tr> + <?php endforeach; ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a href="suricata_passlist_edit.php?id=<?php echo $id_gen;?> "> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext("add a new pass list"); ?>"/></a> + </td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +<br> +<table width="100%" border="0" cellpadding="1" + cellspacing="1"> + <tr> + <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span> + <p><?php echo gettext("1. Here you can create Pass List files for your Suricata package rules. Hosts on a Pass List are never blocked by Suricata."); ?><br/> + <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Suricata block decisions."); ?><br/> + <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/> + <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td> + </tr> + <tr> + <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Suricata on the interface for changes to take effect!"); ?></span></td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php new file mode 100644 index 00000000..35c7b66e --- /dev/null +++ b/config/suricata/suricata_passlist_edit.php @@ -0,0 +1,329 @@ +<?php +/* + * suricata_passlist_edit.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +if ($_POST['cancel']) { + header("Location: /suricata/suricata_passlist.php"); + exit; +} + +if (!is_array($config['installedpackages']['suricata']['passlist'])) + $config['installedpackages']['suricata']['passlist'] = array(); +if (!is_array($config['installedpackages']['suricata']['passlist']['item'])) + $config['installedpackages']['suricata']['passlist']['item'] = array(); +$a_passlist = &$config['installedpackages']['suricata']['passlist']['item']; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +/* Should never be called without identifying list index, so bail */ +if (is_null($id)) { + header("Location: /suricata/suricata_interfaces_passlist.php"); + exit; +} + +/* If no entry for this passlist, then create a UUID and treat it like a new list */ +if (!isset($a_passlist[$id]['uuid'])) { + $passlist_uuid = 0; + while ($passlist_uuid > 65535 || $passlist_uuid == 0) { + $passlist_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $passlist_uuid; + $pconfig['name'] = "passlist_{$passlist_uuid}"; + } +} else + $passlist_uuid = $a_passlist[$id]['uuid']; + +/* returns true if $name is a valid name for a pass list file name or ip */ +function is_validpasslistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\_\.\/]/", $name)) + return true; + + return false; +} + +if (isset($id) && $a_passlist[$id]) { + /* old settings */ + $pconfig = array(); + $pconfig['name'] = $a_passlist[$id]['name']; + $pconfig['uuid'] = $a_passlist[$id]['uuid']; + $pconfig['detail'] = $a_passlist[$id]['detail']; + $pconfig['address'] = $a_passlist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); + $pconfig['localnets'] = $a_passlist[$id]['localnets']; + $pconfig['wanips'] = $a_passlist[$id]['wanips']; + $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; + $pconfig['vips'] = $a_passlist[$id]['vips']; + $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; +} + +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import") { + if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); +} + +if ($_POST['save']) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "name"); + $reqdfieldsn = explode(",", "Name"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultpasslist") + $input_errors[] = gettext("Pass List file names may not be named defaultpasslist."); + + if (is_validpasslistname($_POST['name']) == false) + $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); + + /* check for name conflicts */ + foreach ($a_passlist as $w_list) { + if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list)) + continue; + + if ($w_list['name'] == $_POST['name']) { + $input_errors[] = gettext("A Pass List file name with this name already exists."); + break; + } + } + + if ($_POST['address']) + if (!is_alias($_POST['address'])) + $input_errors[] = gettext("A valid alias must be provided"); + + if (!$input_errors) { + $w_list = array(); + /* post user input */ + $w_list['name'] = $_POST['name']; + $w_list['uuid'] = $passlist_uuid; + $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; + $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; + $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; + $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; + $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; + $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; + + $w_list['address'] = $_POST['address']; + $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $w_list['detail'] = $final_address_details; + + if (isset($id) && $a_passlist[$id]) + $a_passlist[$id] = $w_list; + else + $a_passlist[] = $w_list; + + write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); + + /* create pass list and homenet file, then sync files */ + sync_suricata_package_config(); + + header("Location: /suricata/suricata_passlist.php"); + exit; + } +} + +$pgtitle = gettext("Suricata: Pass List Edit - {$pconfig['name']}"); +include_once("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" > + +<?php +include("fbegin.inc"); +if ($input_errors) + print_input_errors($input_errors); +if ($savemsg) + print_info_box($savemsg); +?> +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> +<form action="suricata_passlist_edit.php" method="post" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>" /> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array, true); +?> + </td> +</tr> +<tr><td><div id="mainarea"> +<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add the name and " . + "description of the file."); ?></td> + </tr> + <tr> + <td valign="top" class="vncellreq"><?php echo gettext("Name"); ?></td> + <td class="vtable"><input name="name" type="text" id="name" class="formfld unknown" + size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> + <span class="vexpl"> <?php echo gettext("The list name may only consist of the " . + "characters \"a-z, A-Z, 0-9 and _\"."); ?> <span class="red"><?php echo gettext("Note:"); ?> </span> + <?php echo gettext("No Spaces or dashes."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Description"); ?></td> + <td width="78%" class="vtable"><input name="descr" type="text" class="formfld unknown" + id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> + <span class="vexpl"> <?php echo gettext("You may enter a description here for your " . + "reference (not parsed)."); ?> </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add auto-generated IP Addresses."); ?></td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Networks"); ?></td> + <td width="78%" class="vtable"><input name="localnets" type="checkbox" + id="localnets" size="40" value="yes" + <?php if($pconfig['localnets'] == 'yes'){ echo "checked";} if($pconfig['localnets'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add firewall Local Networks to the list (excluding WAN)."); ?> </span></td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN IPs"); ?></td> + <td width="78%" class="vtable"><input name="wanips" type="checkbox" + id="wanips" size="40" value="yes" + <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add WAN interface IPs to the list."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN Gateways"); ?></td> + <td width="78%" class="vtable"><input name="wangateips" + type="checkbox" id="wangateips" size="40" value="yes" + <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add WAN Gateways to the list."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN DNS servers"); ?></td> + <td width="78%" class="vtable"><input name="wandnsips" + type="checkbox" id="wandnsips" size="40" value="yes" + <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add WAN DNS servers to the list."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Virtual IP Addresses"); ?></td> + <td width="78%" class="vtable"><input name="vips" type="checkbox" + id="vips" size="40" value="yes" + <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add Virtual IP Addresses to the list."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("VPNs"); ?></td> + <td width="78%" class="vtable"><input name="vpnips" type="checkbox" + id="vpnips" size="40" value="yes" + <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add VPN Addresses to the list."); ?> </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add custom IP Addresses from configured Aliases."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> + <?php echo gettext("Assigned Aliases:"); ?> + </td> + <td width="78%" class="vtable"> + <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" + title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> + <input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + title="<?php echo gettext("Select an existing IP alias");?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="save" name="save" type="submit" class="formbtn" value="Save" /> + <input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" /> + </td> + </tr> +</table> +</div> +</td></tr> +</table> +</form> +<script type="text/javascript"> +<?php + $isfirst = 0; + $aliases = ""; + $addrisfirst = 0; + $aliasesaddr = ""; + if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) + foreach($config['aliases']['alias'] as $alias_name) { + if ($alias_name['type'] != "host" && $alias_name['type'] != "network") + continue; + if($addrisfirst == 1) $aliasesaddr .= ","; + $aliasesaddr .= "'" . $alias_name['name'] . "'"; + $addrisfirst = 1; + } +?> + var addressarray=new Array(<?php echo $aliasesaddr; ?>); + +function createAutoSuggest() { +<?php + echo "objAlias = new AutoSuggestControl(document.getElementById('address'), new StateSuggestions(addressarray));\n"; +?> +} + +setTimeout("createAutoSuggest();", 500); + +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 4d5454d5..c44b392f 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -2,13 +2,23 @@ /* * suricata_post_install.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks - * part of pfSense * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -110,8 +120,8 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = suricata_create_rc(); // Set Log Limit, Block Hosts Time and Rules Update Time - suricata_loglimit_install_cron(); -// suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); + suricata_loglimit_install_cron(true); + suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false); // Add the recurring jobs created above to crontab @@ -138,7 +148,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = } // Update Suricata package version in configuration -$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v0.3-BETA"; +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.1"; write_config(); // Done with post-install, so clear flag diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index 5883ed8e..82bb33eb 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -2,19 +2,30 @@ /* * suricata_rules.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -385,14 +396,16 @@ if ($savemsg) { <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");; @@ -404,7 +417,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> diff --git a/config/suricata/suricata_rules_edit.php b/config/suricata/suricata_rules_edit.php index b61c2f3a..0a4bd62a 100644 --- a/config/suricata/suricata_rules_edit.php +++ b/config/suricata/suricata_rules_edit.php @@ -2,19 +2,30 @@ /* * suricata_rules_edit.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php index 1907cbeb..c5193a8b 100644 --- a/config/suricata/suricata_rules_flowbits.php +++ b/config/suricata/suricata_rules_flowbits.php @@ -1,19 +1,31 @@ <?php /* * suricata_rules_flowbits.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php index e607acc1..c939ef25 100644 --- a/config/suricata/suricata_rulesets.php +++ b/config/suricata/suricata_rulesets.php @@ -2,19 +2,30 @@ /* * suricata_rulesets.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -250,14 +261,16 @@ if ($savemsg) { <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); @@ -269,7 +282,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> diff --git a/config/suricata/suricata_select_alias.php b/config/suricata/suricata_select_alias.php new file mode 100644 index 00000000..527412d1 --- /dev/null +++ b/config/suricata/suricata_select_alias.php @@ -0,0 +1,241 @@ +<?php +/* $Id$ */ +/* + suricata_select_alias.php + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require_once("functions.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +// Need to keep track of who called us so we can return to the correct page +// when the SAVE button is clicked. On initial entry, a GET variable is +// passed with the referrer's URL encoded within. That value is saved and +// used when SAVE or CANCEL is clicked to return to the referring page. +// + +// Retrieve the QUERY STRING of the original referrer so we can return it. +// On the initial pass, we will save it in a hidden POST field so we won't +// overwrite it on subsequent POST-BACKs to this page. +if (!isset($_POST['org_querystr'])) + $querystr = $_SERVER['QUERY_STRING']; +else + $querystr = $_POST['org_querystr']; + +// Retrieve any passed QUERY STRING or POST variables +if (isset($_POST['type'])) + $type = $_POST['type']; +elseif (isset($_GET['type'])) + $type = htmlspecialchars($_GET['type']); + +if (isset($_POST['varname'])) + $varname = $_POST['varname']; +elseif (isset($_GET['varname'])) + $varname = htmlspecialchars($_GET['varname']); + +if (isset($_POST['multi_ip'])) + $multi_ip = $_POST['multi_ip']; +elseif (isset($_GET['multi_ip'])) + $multi_ip = htmlspecialchars($_GET['multi_ip']); + +if (isset($_POST['returl'])) + $referrer = urldecode($_POST['returl']); +elseif (isset($_GET['returl'])) + $referrer = urldecode($_GET['returl']); + +// Make sure we have a valid VARIABLE name +// and ALIAS TYPE, or else bail out. +if (is_null($type) || is_null($varname)) { + header("Location: http://{$referrer}?{$querystr}"); + exit; +} + +// Used to track if any selectable Aliases are found +$selectablealias = false; + +// Initialize required array variables as necessary +if (!is_array($config['aliases']['alias'])) + $config['aliases']['alias'] = array(); +$a_aliases = $config['aliases']['alias']; + +// Create an array consisting of the Alias types the +// caller wants to select from. +$a_types = array(); +$a_types = explode('|', strtolower($type)); + +// Create a proper title based on the Alias types +$title = "a"; +switch (count($a_types)) { + case 1: + $title .= " " . ucfirst($a_types[0]); + break; + + case 2: + $title .= " " . ucfirst($a_types[0]) . " or " . ucfirst($a_types[1]); + break; + + case 3: + $title .= " " . ucfirst($a_types[0]) . ", " . ucfirst($a_types[1]) . " or " . ucfirst($a_types[2]); + + default: + $title = "n"; +} + +if ($_POST['cancel']) { + header("Location: {$referrer}?{$querystr}"); + exit; +} + +if ($_POST['save']) { + if(empty($_POST['alias'])) + $input_errors[] = gettext("No alias is selected. Please select an alias before saving."); + + // if no errors, write new entry to conf + if (!$input_errors) { + $selection = $_POST['alias']; + header("Location: {$referrer}?{$querystr}&varvalue={$selection}"); + exit; + } +} + +$pgtitle = gettext("Suricata: Select {$title} Alias"); +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="suricata_select_alias.php" method="post"> +<input type="hidden" name="varname" value="<?=$varname;?>"/> +<input type="hidden" name="type" value="<?=$type;?>"/> +<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/> +<input type="hidden" name="returl" value="<?=$referrer;?>"/> +<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<div id="boxarea"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td class="tabcont"><strong><?=gettext("Select an Alias to use from the list below.");?></strong><br/> + </td> +</tr> +<tr> + <td class="tabcont"> + <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="5%" align="center"> + <col width="25%" align="left" axis="string"> + <col width="35%" align="left" axis="string"> + <col width="35%" align="left" axis="string"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"></th> + <th class="listhdrr" axis="string"><?=gettext("Alias Name"); ?></th> + <th class="listhdrr" axis="string"><?=gettext("Values"); ?></th> + <th class="listhdrr" axis="string"><?=gettext("Description"); ?></th> + </tr> + </thead> + <tbody> + <?php $i = 0; foreach ($a_aliases as $alias): ?> + <?php if (!in_array($alias['type'], $a_types)) + continue; + if ( ($alias['type'] == "network" || $alias['type'] == "host") && + $multi_ip != "yes" && + !suricata_is_single_addr_alias($alias['name'])) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $disable = true; + $tooltip = gettext("Aliases resolving to multiple address entries cannot be used with the destination target."); + } + elseif (($alias['type'] == "network" || $alias['type'] == "host") && + trim(filter_expand_alias($alias['name'])) == "") { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $disable = true; + $tooltip = gettext("Aliases representing a FQDN host cannot be used in Suricata configurations."); + } + else { + $textss = ""; + $textse = ""; + $disable = ""; + $selectablealias = true; + $tooltip = gettext("Selected entry will be imported. Click to toggle selection."); + } + ?> + <?php if ($disable): ?> + <tr title="<?=$tooltip;?>"> + <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/> + <?php else: ?> + <tr> + <td class="listlr" align="center"><input type="radio" name="alias" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td> + <?php endif; ?> + <td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td> + <td class="listr" align="left"> + <?php + $tmpaddr = explode(" ", $alias['address']); + $addresses = implode(", ", array_slice($tmpaddr, 0, 10)); + echo "{$textss}{$addresses}{$textse}"; + if(count($tmpaddr) > 10) { + echo "..."; + } + ?> + </td> + <td class="listbg" align="left"> + <?=$textss . htmlspecialchars($alias['descr']) . $textse;?> + </td> + </tr> + <?php $i++; endforeach; ?> + </table> + </td> +</tr> +<?php if (!$selectablealias): ?> +<tr> + <td class="tabcont" align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for selection.");?></b></td> +</tr> +<tr> + <td class="tabcont" align="center"> + <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/> + </td> +</tr> +<?php else: ?> +<tr> + <td class="tabcont" align="center"> + <input type="Submit" name="save" value="Save" id="save" class="formbtn" title="<?=gettext("Import selected item and return");?>"/> + <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/> + </td> +</tr> +<?php endif; ?> +<tr> + <td class="tabcont"> + <span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br></strong></span><?=gettext("Fully-Qualified Domain Name (FQDN) host Aliases cannot be used as Suricata configuration parameters. Aliases resolving to a single FQDN value are disabled in the list above. In the case of nested Aliases where one or more of the nested values is a FQDN host, the FQDN host will not be included in the {$title} configuration.");?></span> + </td> +</tr> +</table> +</div> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php index 1b833276..4f2e8d0d 100644 --- a/config/suricata/suricata_suppress.php +++ b/config/suricata/suricata_suppress.php @@ -1,30 +1,41 @@ <?php /* - suricata_suppress.php - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata_suppress.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -123,10 +134,12 @@ if ($input_errors) { $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td> </tr> diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php index aad67a95..a46e9e99 100644 --- a/config/suricata/suricata_suppress_edit.php +++ b/config/suricata/suricata_suppress_edit.php @@ -1,29 +1,41 @@ <?php /* * suricata_suppress_edit.php - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -144,10 +156,12 @@ if ($savemsg) $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php index b8ea6097..2317578e 100644 --- a/config/suricata/suricata_uninstall.php +++ b/config/suricata/suricata_uninstall.php @@ -1,30 +1,41 @@ <?php /* - suricata_uninstall.php - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata_uninstall.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("/usr/local/pkg/suricata/suricata.inc"); @@ -35,6 +46,7 @@ $suricatadir = SURICATADIR; $suricatalogdir = SURICATALOGDIR; $rcdir = RCFILEPREFIX; $suricata_rules_upd_log = RULES_UPD_LOGFILE; +$suri_pf_table = SURICATA_PF_TABLE; log_error(gettext("[Suricata] Suricata package uninstall in progress...")); @@ -64,6 +76,7 @@ mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true); /* Remove the Suricata cron jobs. */ install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false); install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false); +install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false); /* See if we are to keep Suricata log files on uninstall */ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc index 07ada36e..c20ca8db 100644 --- a/config/suricata/suricata_yaml_template.inc +++ b/config/suricata/suricata_yaml_template.inc @@ -29,6 +29,14 @@ default-log-dir: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} # Configure the type of alert (and other) logging. outputs: + # alert_pf blocking plugin + - alert-pf: + enabled: {$suri_blockoffenders} + kill-state: {$suri_killstates} + pass-list: {$suri_passlist} + block-ip: {$suri_blockip} + pf-table: {$suri_pf_table} + # a line based alerts log similar to Snort's fast.log - fast: enabled: yes @@ -99,7 +107,7 @@ outputs: force-md5: {$json_log_md5} # Magic file. The extension .mgc is added to the value here. -magic-file: {$suricatacfgdir}/magic +magic-file: /usr/share/misc/magic # Specify a threshold config file threshold-file: {$suricatacfgdir}/threshold.config @@ -109,7 +117,7 @@ detect-engine: - sgh-mpm-context: {$sgh_mpm_ctx} - inspection-recursion-limit: {$inspection_recursion_limit} - rule-reload: true - - delayed-detect: yes + - delayed-detect: {$delayed_detect} # Suricata is multi-threaded. Here the threading can be influenced. threading: diff --git a/config/systempatches/system_patches.php b/config/systempatches/system_patches.php index 7fe860bd..793448d7 100644 --- a/config/systempatches/system_patches.php +++ b/config/systempatches/system_patches.php @@ -67,7 +67,7 @@ if ($_GET['act'] == "del") { } if (($_GET['act'] == "fetch") && ($a_patches[$_GET['id']])) { - $savemsg = patch_fetch(& $a_patches[$_GET['id']]) ? gettext("Patch Fetched Successfully") : gettext("Patch Fetch Failed"); + $savemsg = patch_fetch($a_patches[$_GET['id']]) ? gettext("Patch Fetched Successfully") : gettext("Patch Fetch Failed"); } if (($_GET['act'] == "test") && ($a_patches[$_GET['id']])) { $savemsg = patch_test_apply($a_patches[$_GET['id']]) ? gettext("Patch can be applied cleanly") : gettext("Patch can NOT be applied cleanly"); diff --git a/config/systempatches/system_patches_edit.php b/config/systempatches/system_patches_edit.php index ffa2fe13..0d45ce92 100644 --- a/config/systempatches/system_patches_edit.php +++ b/config/systempatches/system_patches_edit.php @@ -86,7 +86,11 @@ if ($_POST) { $reqdfieldsn = array(gettext("Description"),gettext("URL/Commit ID")); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (!empty($_POST['location']) && !is_commit_id($_POST['location']) && !is_URL($_POST['location'])) { $input_errors[] = gettext("The supplied commit ID/URL appears to be invalid."); diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 2a986710..4883af15 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -41,7 +41,7 @@ else define('VARNISH_LOCALBASE','/usr/local'); -function varnish_settings_post_validate($post, $input_errors) { +function varnish_settings_post_validate($post, &$input_errors) { if( !is_numeric($post['storagesize'])) $input_errors[] = "A valid number is required for the field 'Storage size'"; if($post['listeningport'] && !is_numeric($post['listeningport'])) @@ -64,7 +64,7 @@ function varnish_settings_post_validate($post, $input_errors) { } -function varnish_lb_directors_post_validate($post, $input_errors) { +function varnish_lb_directors_post_validate($post, &$input_errors) { if (preg_match("/[^a-zA-Z0-9]/", $post['directorname'])){ $input_errors[] = "The directorname name must only contain the characters a-Z or 0-9"; } @@ -78,7 +78,7 @@ function varnish_lb_directors_post_validate($post, $input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'Req grace'"; } -function varnish_backends_post_validate($post, $input_errors) { +function varnish_backends_post_validate($post, &$input_errors) { if (!$post['backendname'] || preg_match("/[^a-zA-Z0-9]/", $post['backendname'])) $input_errors[] = "The backend name must only contain the characters a-Z or 0-9"; if(!is_ipaddr($post['ipaddress'])) diff --git a/config/varnish3/varnish_backends.xml b/config/varnish3/varnish_backends.xml index b2214772..1bcb822c 100644 --- a/config/varnish3/varnish_backends.xml +++ b/config/varnish3/varnish_backends.xml @@ -305,6 +305,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_backends_post_validate($_POST, &$input_errors); + varnish_backends_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml index b2a19ac3..1946860c 100644 --- a/config/varnish3/varnish_lb_directors.xml +++ b/config/varnish3/varnish_lb_directors.xml @@ -273,6 +273,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_lb_directors_post_validate($_POST, &$input_errors); + varnish_lb_directors_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml index bbb8d321..a5ff5ef9 100644 --- a/config/varnish3/varnish_settings.xml +++ b/config/varnish3/varnish_settings.xml @@ -280,6 +280,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_settings_post_validate($_POST, &$input_errors); + varnish_settings_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui>
\ No newline at end of file diff --git a/config/varnish64/varnish.inc b/config/varnish64/varnish.inc index ec7ef0c4..88ad32fa 100644 --- a/config/varnish64/varnish.inc +++ b/config/varnish64/varnish.inc @@ -33,7 +33,7 @@ */ /* ========================================================================== */ -function varnish_settings_post_validate($post, $input_errors) { +function varnish_settings_post_validate($post, &$input_errors) { if($post['storagesize'] && !is_numeric($post['storagesize'])) $input_errors[] = "A valid number is required for the field 'Storage size'"; if($post['listeningport'] && !is_numeric($post['listeningport'])) @@ -56,7 +56,7 @@ function varnish_settings_post_validate($post, $input_errors) { } -function varnish_lb_directors_post_validate($post, $input_errors) { +function varnish_lb_directors_post_validate($post, &$input_errors) { if (preg_match("/[^a-zA-Z0-9]/", $post['directorname'])) $input_errors[] = "The directorname name must only contain the characters a-Z or 0-9"; if(stristr($post['directorurl'], 'http')) @@ -65,7 +65,7 @@ function varnish_lb_directors_post_validate($post, $input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'Req grace'"; } -function varnish_backends_post_validate($post, $input_errors) { +function varnish_backends_post_validate($post, &$input_errors) { if (!$post['backendname'] || preg_match("/[^a-zA-Z0-9]/", $post['backendname'])) $input_errors[] = "The backend name must only contain the characters a-Z or 0-9"; if(!is_ipaddr($post['ipaddress'])) diff --git a/config/varnish64/varnish_backends.xml b/config/varnish64/varnish_backends.xml index fa549063..1684727c 100644 --- a/config/varnish64/varnish_backends.xml +++ b/config/varnish64/varnish_backends.xml @@ -281,6 +281,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_backends_post_validate($_POST, &$input_errors); + varnish_backends_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/varnish64/varnish_lb_directors.xml b/config/varnish64/varnish_lb_directors.xml index e7a442ab..f61d66cb 100644 --- a/config/varnish64/varnish_lb_directors.xml +++ b/config/varnish64/varnish_lb_directors.xml @@ -275,6 +275,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_lb_directors_post_validate($_POST, &$input_errors); + varnish_lb_directors_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui>
\ No newline at end of file diff --git a/config/varnish64/varnish_settings.xml b/config/varnish64/varnish_settings.xml index 0576caad..f5a8bdcd 100644 --- a/config/varnish64/varnish_settings.xml +++ b/config/varnish64/varnish_settings.xml @@ -279,6 +279,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_settings_post_validate($_POST, &$input_errors); + varnish_settings_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui>
\ No newline at end of file diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index 24b7bd01..57ef7be3 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -41,7 +41,7 @@ <name>zabbixagent</name> <title>Services: Zabbix-2 Agent</title> <category>Monitoring</category> - <version>0.8_1</version> + <version>0.8.1</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Agent has been created/modified.</addedit_string> <delete_string>Zabbix Agent has been deleted.</delete_string> @@ -172,7 +172,7 @@ <custom_php_command_before_form></custom_php_command_before_form> <custom_php_after_head_command></custom_php_after_head_command> <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix2($_POST, &$input_errors);</custom_php_validation_command> + <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command> <custom_add_php_command></custom_add_php_command> <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command> <custom_php_deinstall_command>php_deinstall_zabbix2_agent();</custom_php_deinstall_command> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index ebcb5bb0..b51d1d6b 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -41,7 +41,7 @@ <name>zabbixproxy</name> <title>Services: Zabbix-2 Proxy</title> <category>Monitoring</category> - <version>0.8_1</version> + <version>0.8.1</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> <delete_string>Zabbix Proxy has been deleted.</delete_string> @@ -143,7 +143,7 @@ <custom_php_command_before_form></custom_php_command_before_form> <custom_php_after_head_command></custom_php_after_head_command> <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix2($_POST, &$input_errors);</custom_php_validation_command> + <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command> <custom_add_php_command></custom_add_php_command> <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command> <custom_php_deinstall_command>php_deinstall_zabbix2_proxy();</custom_php_deinstall_command> diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2.inc index bf9c6606..c2ff4244 100644 --- a/config/zabbix2/zabbix2.inc +++ b/config/zabbix2/zabbix2.inc @@ -99,7 +99,7 @@ function php_deinstall_zabbix2_proxy(){ conf_mount_ro(); } -function validate_input_zabbix2($post,&$input_errors){ +function validate_input_zabbix2($post, &$input_errors){ if (isset($post['proxyenabled'])){ if (!is_numericint($post['serverport'])) { diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 0128ece6..9f87d704 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -35,11 +35,11 @@ <descr><![CDATA[Asterisk is an open source framework for building communications applications.<br />Asterisk turns an ordinary computer into a communications server.]]></descr> <website>http://www.asterisk.org/</website> <category>Services</category> - <version>1.8 pkg v0.3.1</version> + <version>1.8.26.1_1 pkg v0.3.1</version> <status>Beta</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/asterisk/asterisk.xml</config_file> - <depends_on_package_pbi>asterisk-1.8.25.0-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>asterisk-1.8.26.1_1-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <port>net/asterisk</port> </build_pbi> @@ -53,12 +53,12 @@ <descr><![CDATA[The most widely used name server software]]></descr> <website>http://www.isc.org/downloads/BIND/</website> <category>Services</category> - <version>9.9.5_5 pkg v 0.3.2</version> + <version>9.9.5_12 pkg v 0.3.2</version> <status>RC</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/bind/bind.xml</config_file> <configurationfile>bind.xml</configurationfile> - <depends_on_package_pbi>bind-9.9.5_5-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>bind-9.9.5_12-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <custom_name>bind</custom_name> <port>dns/bind99</port> @@ -187,12 +187,12 @@ Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5-dev22 pkg v 0.7</version> + <version>1.5-dev24 pkg v 0.7</version> <status>Release</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> - <depends_on_package_pbi>haproxy-devel-1.5-dev22-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>haproxy-devel-1.5-dev24-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>security/openssl</ports_before> <custom_name>haproxy-devel</custom_name> @@ -207,13 +207,13 @@ <descr><![CDATA[ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.<br> It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br> In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> - <b>Backup your location config before updating form 0.2.x to 0.3 package version.</b>]]></descr> + <b>Backup your location config before updating from 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> - <version>2.4.6 pkg v0.3</version> + <version>2.4.9_2kg v0.3</version> <status>ALPHA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> - <depends_on_package_pbi>proxy_mod_security-2.4.6_1-##ARCH##.pbi git-1.9.0-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.4.9_2-##ARCH##.pbi git-1.9.2-##ARCH##.pbi</depends_on_package_pbi> <configurationfile>apache_virtualhost.xml</configurationfile> <build_pbi> <custom_name>proxy_mod_security</custom_name> @@ -230,11 +230,11 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.1.3</version> + <version>0.1.5</version> <status>ALPHA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.xml</config_file> - <depends_on_package_pbi>proxy_mod_security-2.2.26-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.2.27_2-##ARCH##.pbi</depends_on_package_pbi> <configurationfile>apache_mod_security.xml</configurationfile> <build_pbi> <custom_name>proxy_mod_security</custom_name> @@ -256,7 +256,7 @@ <port>net/avahi</port> </build_pbi> <depends_on_package_pbi>avahi-0.6.31-##ARCH##.pbi</depends_on_package_pbi> - <version>0.6.29 pkg v1.02</version> + <version>0.6.31 pkg v1.02</version> <status>ALPHA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> @@ -268,13 +268,13 @@ <website>http://www.ntop.org/</website> <descr>ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.</descr> <category>Network Management</category> - <depends_on_package_pbi>ntop-5.0.1-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>ntop-5.0.1_1-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>databases/gdbm net/GeoIP x11-fonts/font-util x11-fonts/webfonts graphics/graphviz</ports_before> <port>net/ntop</port> </build_pbi> <build_options>WITH_PCAP_PORT=true;WITH_XMLDUMP=true;WITHOUT_JUMBO_FRAMES=true;WITH_MAKO=true;WITHOUT_DEJAVU=true;WITH_JSON=true;WITH_MMAP=true;WITHOUT_PERL_MODULE=true;WITHOUT_PYTHON_MODULE=true;WITHOUT_RUBY_MODULE=true;WITHOUT_EXAMPLES=true;WITHOUT_FPECTL=true;WITH_IPV6=true;WITH_NLS=true;WITHOUT_PTH=true;WITH_PYMALLOC=true;WITHOUT_SEM=true;WITH_THREADS=true;WITHOUT_UCS2=true;WITH_UCS4=true;WITH_FONTCONFIG=true;WITH_ICONV=true;WITHOUT_XPM=true;WITHOUT_DAG=true;WITHOUT_DIGCOLA=true;WITHOUT_IPSEPCOLA=true;WITHOUT_PANGOCAIRO=true;WITHOUT_GTK=true;WITHOUT_XCB=true</build_options> - <version>5.0.1 v2.3</version> + <version>5.0.1_1 v2.3</version> <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/ntop2/ntop.xml</config_file> @@ -371,7 +371,7 @@ </build_pbi> <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP;snort_SET=TARGETBASED PERFPROFILE SOURCEFIRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;snort_UNSET=PULLEDPORK;perl_SET=THREADS;NOPORTDOCS=true</build_options> <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> - <version>2.9.6.0 pkg v3.0.5</version> + <version>2.9.6.0 pkg v3.0.9</version> <required_version>2.2</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -453,7 +453,7 @@ <config_file>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.xml</config_file> <pkginfolink>https://forum.pfsense.org/index.php/topic,43786.0.html</pkginfolink> <depends_on_package_pbi>dansguardian-2.12.0.3_2-##ARCH##.pbi</depends_on_package_pbi> - <version>2.12.0.3_2 pkg v.0.1.8</version> + <version>2.12.0.3_2 pkg v.0.1.9</version> <status>beta</status> <required_version>2.2</required_version> <configurationfile>dansguardian.xml</configurationfile> @@ -466,7 +466,7 @@ <!-- NOTE: Distfile must be fetched manually from http://dansguardian.org/downloads/2/Alpha/dansguardian-2.12.0.0.tar.gz --> </package> <package> - <name>mailscanner</name> + <name>jailscanner</name> <internal_name>mailscanner</internal_name> <website>www.mailscanner.info</website> <descr><![CDATA[MailScanner is an e-mail security and anti-spam package for e-mail gateway systems.<br /> @@ -475,7 +475,7 @@ <config_file>https://packages.pfsense.org/packages/config/mailscanner/mailscanner.xml</config_file> <pkginfolink>https://forum.pfsense.org/index.php/topic,43687.0.html</pkginfolink> <depends_on_package_pbi>mailscanner-4.84.6-##ARCH##.pbi</depends_on_package_pbi> - <version>4.84.6 pkg v.0.2.4</version> + <version>4.84.6 pkg v.0.2.5</version> <status>beta</status> <required_version>2.2</required_version> <configurationfile>mailscanner.xml</configurationfile> @@ -496,7 +496,7 @@ <build_pbi> <port>net/siproxd</port> </build_pbi> - <version>0.8.0_2</version> + <version>0.8.0_2 pkg v1.0.1</version> <status>Beta</status> <required_version>2.2</required_version> <configurationfile>siproxd.xml</configurationfile> @@ -662,7 +662,7 @@ <build_pbi> <port>emulators/open-vm-tools-nox11</port> </build_pbi> - <depends_on_package_pbi>open-vm-tools-nox11-1280544_4-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>open-vm-tools-1280544_4-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>AutoConfigBackup</name> @@ -670,7 +670,7 @@ <descr>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org</descr> <website>https://portal.pfsense.org</website> <category>Services</category> - <version>1.23</version> + <version>1.24</version> <status>Stable</status> <required_version>2.2</required_version> <pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> @@ -698,9 +698,9 @@ <maintainer>jimp@pfsense.org</maintainer> <descr>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</descr> <category>Security</category> - <depends_on_package_pbi>nmap-6.40_2-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>nmap-6.46-##ARCH##.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> - <version>nmap-6.40_2 pkg v1.2</version> + <version>nmap-6.46 pkg v1.2.1</version> <status>Stable</status> <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> <required_version>2.2</required_version> @@ -732,7 +732,7 @@ <descr>Network UPS Tools</descr> <website>http://www.networkupstools.org/</website> <category>Network Management</category> - <version>2.6.4 pkg 2.0</version> + <version>2.6.5_1 pkg 2.0.1</version> <status>BETA</status> <required_version>2.2</required_version> <maintainer>rswagoner@gmail.com</maintainer> @@ -779,7 +779,7 @@ <category>Network Management</category> <config_file>https://packages.pfsense.org/packages/config/pfflowd.xml</config_file> <depends_on_package_pbi>pfflowd-0.8-##ARCH##.pbi</depends_on_package_pbi> - <version>0.8.3</version> + <version>0.8.3 pkg v1.0.1</version> <status>Stable</status> <required_version>2.2</required_version> <configurationfile>pfflowd.xml</configurationfile> @@ -814,11 +814,11 @@ On pfSense docs there is a how-to which could help you on porting users.]]></descr> <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <category>System</category> - <version>2.1.12_1/2.2.0 pkg v1.6.7_2</version> + <version>2.1.12_1/2.2.5 pkg v1.6.7_2</version> <status>RC1</status> <required_version>2.2</required_version> <maintainer>nachtfalkeaw@web.de</maintainer> - <depends_on_package_pbi>freeradius-2.2.3_1-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>freeradius-2.2.5-##ARCH##.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/freeradius2/freeradius.xml</config_file> <configurationfile>freeradius.xml</configurationfile> <after_install_info>Please visit Services: FreeRADIUS</after_install_info> @@ -901,7 +901,7 @@ <website>http://www.bitwizard.nl/mtr/</website> <category>Network Management</category> <depends_on_package_pbi>mtr-0.85_1-##ARCH##.pbi</depends_on_package_pbi> - <version>0.82</version> + <version>0.85_1</version> <status>Stable</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/mtr-nox11.xml</config_file> @@ -1042,7 +1042,7 @@ <version>1.4_4 pkg v.1.9.5</version> <status>Beta</status> <required_version>2.2</required_version> - <depends_on_package_pbi>squidguard-1.4_4-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>squidguard-1.4_7-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>databases/db41 security/cyrus-sasl2</ports_before> <port>www/squidguard</port> @@ -1057,7 +1057,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>gugabsd@mundounix.com.br</maintainer> <category>Network Management</category> - <version>1.5_1 beta</version> + <version>1.5_3 beta</version> <status>Beta</status> <required_version>2.2</required_version> <depends_on_package_pbi>squidguard-devel-1.5_1-##ARCH##.pbi</depends_on_package_pbi> @@ -1096,7 +1096,7 @@ <depends_on_package_pbi>zip-3.0-##ARCH##.pbi p7zip-9.20.1_2-##ARCH##.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.6</version> + <version>1.2.9</version> <status>RELEASE</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1113,7 +1113,7 @@ <port>www/havp</port> </build_pbi> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <version>0.91_1 pkg v1.01</version> + <version>0.91_1 pkg v1.02</version> <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> @@ -1151,7 +1151,7 @@ <name>blinkled</name> <descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.4</version> + <version>0.4.1</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.2</required_version> @@ -1168,7 +1168,7 @@ <name>gwled</name> <descr>Allows you to use LEDs for gateway status on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.2</version> + <version>0.2.1</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.2</required_version> @@ -1271,7 +1271,7 @@ <name>mailreport</name> <descr>Allows you to setup periodic e-mail reports containing command output, log file contents, and RRD graphs.</descr> <category>Network Management</category> - <version>2.0.9</version> + <version>2.0.11</version> <status>Stable</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/mailreport/mailreport.xml</config_file> @@ -1283,7 +1283,7 @@ This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.]]> </descr> <category>Services</category> - <version>1.0</version> + <version>1.2</version> <status>BETA</status> <website>www.winton.org.uk/zebedee/</website> <maintainer>jorgelustosa@gmail.com marcellocoutinho@gmail.com</maintainer> @@ -1315,7 +1315,7 @@ <name>System Patches</name> <descr>A package to apply and maintain custom system patches.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.0</version> + <version>1.0.1</version> <category>System</category> <status>RELEASE</status> <config_file>https://packages.pfsense.org/packages/config/systempatches/systempatches.xml</config_file> @@ -1329,7 +1329,7 @@ <descr><![CDATA[Bacula is a set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds.]]></descr> <website>http://www.bacula.org/</website> <category>Services</category> - <version>5.2.12_3 pkg v 1.0.1</version> + <version>5.2.12_3 pkg v 1.0.2</version> <status>Stable</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> @@ -1382,7 +1382,7 @@ <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[GIT Source Code Management (console/shell only)]]></descr> <category>Services</category> - <version>1.9.0</version> + <version>1.9.2</version> <status>Beta</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/git/git.xml</config_file> @@ -1392,19 +1392,19 @@ <build_pbi> <port>devel/git</port> </build_pbi> - <depends_on_package_pbi>git-1.9.0-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>git-1.9.2-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>tinc</name> <website>http://www.tinc-vpn.org/</website> <descr>tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private mesh network between hosts on the Internet.</descr> <category>Network Management</category> - <depends_on_package_pbi>tinc-1.0.22-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>tinc-1.0.23-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <port>security/tinc</port> </build_pbi> <build_options></build_options> - <version>1.0.22 v1.1</version> + <version>1.0.23 v1.1</version> <status>ALPHA</status> <pkginfolink>https://doc.pfsense.org/index.php/tinc_package</pkginfolink> <required_version>2.2</required_version> @@ -1421,10 +1421,10 @@ <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> <category>Services</category> - <version>3.4.7_1</version> + <version>3.5.4.1</version> <status>ALPHA</status> <required_version>2.2</required_version> - <depends_on_package_pbi>syslog-ng-3.4.7_1-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>syslog-ng-3.5.4.1-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>sysutils/logrotate</ports_before> <port>sysutils/syslog-ng</port> @@ -1439,7 +1439,7 @@ <descr>Monitoring agent.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> - <version>zabbix2-agent-2.2.2 pkg v0.8_1</version> + <version>zabbix2-agent-2.2.2_1 pkg v0.8.1</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>zabbix2-agent.xml</configurationfile> @@ -1448,14 +1448,14 @@ <custom_name>zabbix22-agent</custom_name> <port>net-mgmt/zabbix22-agent</port> </build_pbi> - <depends_on_package_pbi>zabbix22-agent-2.2.2-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>zabbix22-agent-2.2.2_1-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <name>Zabbix-2 Proxy</name> <descr>Monitoring agent proxy.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> - <version>zabbix2-proxy-2.2.2 pkg v0.8_1</version> + <version>zabbix2-proxy-2.2.2_1 pkg v0.8_1</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>zabbix2-proxy.xml</configurationfile> @@ -1465,7 +1465,7 @@ <port>net-mgmt/zabbix22-proxy</port> </build_pbi> <build_options>OPTIONS_SET+= SQLITE IPV6;OPTIONS_UNSET+= MYSQL JABBER GSSAPI</build_options> - <depends_on_package_pbi>zabbix22-proxy-2.2.2-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>zabbix22-proxy-2.2.2_1-##ARCH##.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> @@ -1473,7 +1473,7 @@ <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[IPMI Tools for local/remote data retrieval and control (Console only, no GUI)]]></descr> <category>Services</category> - <version>1.8.12_5</version> + <version>1.8.12_6</version> <status>Beta</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/ipmitool/ipmitool.xml</config_file> @@ -1490,7 +1490,7 @@ <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.2</version> + <version>0.2.1</version> <status>Beta</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> @@ -1505,9 +1505,9 @@ <name>Service Watchdog</name> <descr>Monitors for stopped services and restarts them.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.5</version> + <version>1.6</version> <category>Services</category> - <status>BETA</status> + <status>Release</status> <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> <pkginfolink></pkginfolink> <required_version>2.2</required_version> @@ -1520,7 +1520,7 @@ <category>Network Management</category> <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> <depends_on_package_pbi>softflowd-0.9.8_2-##ARCH##.pbi</depends_on_package_pbi> - <version>0.9.8</version> + <version>0.9.8 pkg v1.0.1</version> <status>Beta</status> <required_version>2.2</required_version> <configurationfile>softflowd.xml</configurationfile> @@ -1534,7 +1534,7 @@ <descr>Set of programs for controlling APC UPS.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>apcupsd-3.14.10_1 pkg v0.2</version> + <version>apcupsd-3.14.10_1 pkg v0.3</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>apcupsd.xml</configurationfile> @@ -1567,8 +1567,8 @@ <website>http://suricata-ids.org/</website> <descr><![CDATA[Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.]]></descr> <category>Security</category> - <version>1.4.6 pkg v0.3</version> - <status>BETA</status> + <version>1.4.6 pkg v1.0.2</version> + <status>Stable</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file> <configurationfile>suricata.xml</configurationfile> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 9840dd34..a1e3a314 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -34,14 +34,14 @@ <descr><![CDATA[Asterisk is an open source framework for building communications applications.<br />Asterisk turns an ordinary computer into a communications server.]]></descr> <website>http://www.asterisk.org/</website> <category>Services</category> - <version>1.8 pkg v0.3.2</version> + <version>1.8.26.1_1 pkg v0.3.2</version> <status>Beta</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/asterisk/asterisk.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>asterisk18-1.8.25.0.tbz</depends_on_package> <depends_on_package>openldap-client-2.4.38.tbz</depends_on_package> - <depends_on_package_pbi>asterisk-1.8.26.1-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>asterisk-1.8.26.1_1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/asterisk</build_port_path> <maintainer>marcellocoutinho@gmail.com robreg@zsurob.hu</maintainer> <configurationfile>asterisk.xml</configurationfile> @@ -53,13 +53,13 @@ <descr><![CDATA[The most widely used name server software]]></descr> <website>http://www.isc.org/downloads/BIND/</website> <category>Services</category> - <version>9.9.5 pkg v 0.3.2</version> + <version>9.9.5_12 pkg v 0.3.2</version> <status>RC</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/bind/bind.xml</config_file> <configurationfile>bind.xml</configurationfile> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>bind-9.9.5_8-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>bind-9.9.5_12-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/dns/bind99</build_port_path> <build_pbi> <custom_name>bind</custom_name> @@ -192,14 +192,14 @@ Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5-dev22 pkg v 0.8</version> + <version>1.5-dev24 pkg v 0.8</version> <status>Release</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>haproxy-1.4.22.tbz</depends_on_package> - <depends_on_package_pbi>haproxy-devel-1.5-dev22-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>haproxy-devel-1.5-dev24-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/haproxy-devel</build_port_path> <build_pbi> <ports_before>security/openssl</ports_before> @@ -215,9 +215,9 @@ <descr><![CDATA[ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.<br> It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br> In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> - <b>Backup your location config before updating form 0.2.x to 0.3 package version.</b>]]></descr> + <b>Backup your location config before updating from 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> - <version>2.4.9_1 pkg v0.3</version> + <version>2.4.9_2 pkg v0.3</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> @@ -228,7 +228,7 @@ <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.4.9_1-i386.pbi git-1.9.0_1-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.4.9_2-i386.pbi git-1.9.2-i386.pbi</depends_on_package_pbi> <configurationfile>apache_virtualhost.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -263,7 +263,7 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.1.4</version> + <version>0.1.5</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.xml</config_file> @@ -274,7 +274,7 @@ <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.2.27-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.2.27_2-i386.pbi</depends_on_package_pbi> <configurationfile>apache_mod_security.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -339,7 +339,7 @@ </build_pbi> <depends_on_package>avahi-app-0.6.29_1.tbz</depends_on_package> <depends_on_package_pbi>avahi-0.6.31-i386.pbi</depends_on_package_pbi> - <version>0.6.31 pkg v1.02</version> + <version>0.6.31 pkg v1.03</version> <status>ALPHA</status> <required_version>1.2.3</required_version> <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> @@ -352,7 +352,7 @@ <descr>ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.</descr> <category>Network Management</category> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>ntop-5.0.1-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>ntop-5.0.1_1-i386.pbi</depends_on_package_pbi> <depends_on_package>rrdtool-1.2.30_2.tbz</depends_on_package> <depends_on_package>gdbm-1.9.1.tbz</depends_on_package> <depends_on_package>perl-5.14.2_2.tbz</depends_on_package> @@ -373,7 +373,7 @@ <port>net/ntop</port> </build_pbi> <build_options>WITH_PCAP_PORT=true;WITH_XMLDUMP=true;WITHOUT_JUMBO_FRAMES=true;WITH_MAKO=true;WITHOUT_DEJAVU=true;WITH_JSON=true;WITH_MMAP=true;WITHOUT_PERL_MODULE=true;WITHOUT_PYTHON_MODULE=true;WITHOUT_RUBY_MODULE=true;WITHOUT_EXAMPLES=true;WITHOUT_FPECTL=true;WITH_IPV6=true;WITH_NLS=true;WITHOUT_PTH=true;WITH_PYMALLOC=true;WITHOUT_SEM=true;WITH_THREADS=true;WITHOUT_UCS2=true;WITH_UCS4=true;WITH_FONTCONFIG=true;WITH_ICONV=true;WITHOUT_XPM=true;WITHOUT_DAG=true;WITHOUT_DIGCOLA=true;WITHOUT_IPSEPCOLA=true;WITHOUT_PANGOCAIRO=true;WITHOUT_GTK=true;WITHOUT_XCB=true</build_options> - <version>5.0.1 v2.4</version> + <version>5.0.1_1 v2.4</version> <status>BETA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/ntop2/ntop.xml</config_file> @@ -525,7 +525,7 @@ </build_pbi> <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET=TARGETBASED PERFPROFILE SOURCEFIRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;snort_UNSET=PULLEDPORK;perl_SET=THREADS;NOPORTDOCS=true</build_options> <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> - <version>2.9.6.0 pkg v3.0.6</version> + <version>2.9.6.0 pkg v3.0.8</version> <required_version>2.0</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -611,7 +611,7 @@ <depends_on_package>dansguardian-2.12.0.3.tbz</depends_on_package> <depends_on_package>ca_root_nss-3.14.1.tbz</depends_on_package> <depends_on_package_pbi>dansguardian-2.12.0.3_2-i386.pbi</depends_on_package_pbi> - <version>2.12.0.3_2 pkg v.0.1.8</version> + <version>2.12.0.3_2 pkg v.0.1.9</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>dansguardian.xml</configurationfile> @@ -637,7 +637,7 @@ <depends_on_package>p5-IP-Country-2.28.tbz</depends_on_package> <depends_on_package>MailScanner-4.84.5_3.tbz</depends_on_package> <depends_on_package_pbi>mailscanner-4.84.6-i386.pbi</depends_on_package_pbi> - <version>4.84.6 pkg v.0.2.4</version> + <version>4.84.6 pkg v.0.2.5</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>mailscanner.xml</configurationfile> @@ -663,7 +663,7 @@ <depends_on_package_pbi>siproxd-0.8.0-i386.pbi</depends_on_package_pbi> <pkginfolink>https://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> <build_port_path>/usr/ports/net/siproxd</build_port_path> - <version>0.8.0_2</version> + <version>0.8.0_2 pkg v1.0.1</version> <status>Beta</status> <required_version>1.2.1</required_version> <configurationfile>siproxd.xml</configurationfile> @@ -779,7 +779,7 @@ <website>http://varnish-cache.org</website> <pkginfolink>https://doc.pfsense.org/index.php/Varnish_package</pkginfolink> <category>Services</category> - <version>2.1.5 pkg v.1.0</version> + <version>2.1.5 pkg v.1.0.1</version> <status>Release</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/varnish64/varnish_backends.xml</config_file> @@ -921,7 +921,7 @@ <descr>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org</descr> <website>https://portal.pfsense.org</website> <category>Services</category> - <version>1.23</version> + <version>1.24</version> <status>Stable</status> <required_version>1.2</required_version> <pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> @@ -952,9 +952,9 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>lua-5.1.5_4.tbz</depends_on_package> <depends_on_package>nmap-6.25_1.tbz</depends_on_package> - <depends_on_package_pbi>nmap-6.40_2-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>nmap-6.46-i386.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> - <version>nmap-6.40_2 pkg v1.2</version> + <version>nmap-6.46 pkg v1.2.1</version> <status>Stable</status> <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> <required_version>2.0</required_version> @@ -985,7 +985,7 @@ <descr>Network UPS Tools</descr> <website>http://www.networkupstools.org/</website> <category>Network Management</category> - <version>2.6.5_1 pkg 2.0</version> + <version>2.6.5_1 pkg 2.0.1</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>rswagoner@gmail.com</maintainer> @@ -1034,7 +1034,7 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>pfflowd-0.8.tbz</depends_on_package> <depends_on_package_pbi>pfflowd-0.8-i386.pbi</depends_on_package_pbi> - <version>0.8.3</version> + <version>0.8.3 pkg v1.0.1</version> <status>Stable</status> <required_version>2.0</required_version> <configurationfile>pfflowd.xml</configurationfile> @@ -1089,13 +1089,13 @@ On pfSense docs there is a how-to which could help you on porting users.]]></descr> <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <category>System</category> - <version>2.1.12_1/2.2.4_1 pkg v1.6.7_2</version> + <version>2.1.12_1/2.2.5 pkg v1.6.7_2</version> <status>RC1</status> <required_version>2.0</required_version> <maintainer>nachtfalkeaw@web.de</maintainer> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>freeradius-2.1.12_1.tbz</depends_on_package> - <depends_on_package_pbi>freeradius-2.2.4_1-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>freeradius-2.2.5-i386.pbi</depends_on_package_pbi> <depends_on_package>mysql-client-5.1.63.tbz</depends_on_package> <depends_on_package>postgresql-client-8.4.12.tbz</depends_on_package> <depends_on_package>openldap-sasl-client-2.4.23.tbz</depends_on_package> @@ -1190,7 +1190,7 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>mtr-nox11-0.82.tbz</depends_on_package> <depends_on_package_pbi>mtr-0.85_1-i386.pbi</depends_on_package_pbi> - <version>0.85_1</version> + <version>0.85_2</version> <status>Stable</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/mtr-nox11.xml</config_file> @@ -1369,7 +1369,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>gugabsd@mundounix.com.br</maintainer> <category>Network Management</category> - <version>1.5_2 beta</version> + <version>1.5_3 beta</version> <status>Beta</status> <required_version>2.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> @@ -1453,7 +1453,7 @@ <depends_on_package_pbi>zip-3.0-i386.pbi p7zip-9.20.1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.6</version> + <version>1.2.9</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1470,7 +1470,7 @@ <depends_on_package_pbi>havp-0.91_1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/havp</build_port_path> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <version>0.91_1 pkg v1.01</version> + <version>0.91_1 pkg v1.02</version> <status>BETA</status> <required_version>1.2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> @@ -1508,7 +1508,7 @@ <name>blinkled</name> <descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.4</version> + <version>0.4.1</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> @@ -1528,7 +1528,7 @@ <name>gwled</name> <descr>Allows you to use LEDs for gateway status on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.2</version> + <version>0.2.1</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.0</required_version> @@ -1571,7 +1571,7 @@ <descr>Unbound is a validating, recursive, and caching DNS resolver. This package is a drop in replacement for Services: DNS Forwarder and also supports DNSSEC extensions. Once installed please configure the Unbound service by visiting Services: Unbound DNS.</descr> <website>http://www.unbound.net/</website> <category>Services</category> - <version>1.4.22</version> + <version>1.4.22_2</version> <status>Alpha</status> <maintainer>warren@decoy.co.za</maintainer> <required_version>2.0</required_version> @@ -1591,7 +1591,7 @@ <ports_before>dns/ldns textproc/expat2 devel/libevent2</ports_before> <port>dns/unbound</port> </build_pbi> - <depends_on_package_pbi>unbound-1.4.22-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>unbound-1.4.22_2-i386.pbi</depends_on_package_pbi> <build_options>unbound_UNSET_FORCE=GOST ECDSA;unbound_SET=LIBEVENT20 THREADS</build_options> <logging> <facilityname>unbound</facilityname> @@ -1688,7 +1688,7 @@ <name>mailreport</name> <descr>Allows you to setup periodic e-mail reports containing command output, log file contents, and RRD graphs.</descr> <category>Network Management</category> - <version>2.0.9</version> + <version>2.0.11</version> <status>Stable</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/mailreport/mailreport.xml</config_file> @@ -1700,7 +1700,7 @@ This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.]]> </descr> <category>Services</category> - <version>1.1</version> + <version>1.2</version> <status>BETA</status> <website>www.winton.org.uk/zebedee/</website> <maintainer>jorgelustosa@gmail.com marcellocoutinho@gmail.com</maintainer> @@ -1742,7 +1742,7 @@ <name>System Patches</name> <descr>A package to apply and maintain custom system patches.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.0</version> + <version>1.0.1</version> <category>System</category> <status>RELEASE</status> <config_file>https://packages.pfsense.org/packages/config/systempatches/systempatches.xml</config_file> @@ -1756,7 +1756,7 @@ <descr><![CDATA[Bacula is a set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds.]]></descr> <website>http://www.bacula.org/</website> <category>Services</category> - <version>5.2.12_3 pkg v 1.0.2</version> + <version>5.2.12_4 pkg v 1.0.2</version> <status>Stable</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> @@ -1814,7 +1814,7 @@ <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[GIT Source Code Management (console/shell only)]]></descr> <category>Services</category> - <version>1.9.0_1</version> + <version>1.9.2</version> <status>Beta</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/git/git.xml</config_file> @@ -1826,7 +1826,7 @@ <port>devel/git</port> </build_pbi> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>git-1.9.0_1-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>git-1.9.2-i386.pbi</depends_on_package_pbi> </package> <package> <name>tinc</name> @@ -1839,7 +1839,7 @@ <port>security/tinc</port> </build_pbi> <build_options></build_options> - <version>1.0.23 v1.1</version> + <version>1.0.23 v1.2</version> <status>ALPHA</status> <pkginfolink>https://doc.pfsense.org/index.php/tinc_package</pkginfolink> <required_version>2.1</required_version> @@ -1856,7 +1856,7 @@ <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> <category>Services</category> - <version>3.5.4.1</version> + <version>3.5.4.1_1</version> <status>ALPHA</status> <required_version>2.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> @@ -1875,7 +1875,7 @@ <descr>Monitoring agent.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> - <version>zabbix2-agent-2.2.2 pkg v0.8_2</version> + <version>zabbix2-agent-2.2.2_1 pkg v0.8.1</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-agent.xml</configurationfile> @@ -1887,14 +1887,14 @@ </build_pbi> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>zabbix22-agent-2.2.2.tbz</depends_on_package> - <depends_on_package_pbi>zabbix22-agent-2.2.2-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>zabbix22-agent-2.2.2_1-i386.pbi</depends_on_package_pbi> </package> <package> <name>Zabbix-2 Proxy</name> <descr>Monitoring agent proxy.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> - <version>zabbix2-proxy-2.2.2 pkg v0.8_2</version> + <version>zabbix2-proxy-2.2.2_1 pkg v0.8.1</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-proxy.xml</configurationfile> @@ -1907,7 +1907,7 @@ <build_options>OPTIONS_SET+= SQLITE IPV6;OPTIONS_UNSET+= MYSQL JABBER GSSAPI</build_options> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>zabbix22-proxy-2.2.2.tbz</depends_on_package> - <depends_on_package_pbi>zabbix22-proxy-2.2.2-i386.pbi</depends_on_package_pbi> + <depends_on_package_pbi>zabbix22-proxy-2.2.2_1-i386.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> @@ -1915,7 +1915,7 @@ <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[IPMI Tools for local/remote data retrieval and control (Console only, no GUI)]]></descr> <category>Services</category> - <version>1.8.12_5</version> + <version>1.8.12_6</version> <status>Beta</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/ipmitool/ipmitool.xml</config_file> @@ -1933,7 +1933,7 @@ <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.2</version> + <version>0.2.1</version> <status>Beta</status> <required_version>2.0.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> @@ -1951,9 +1951,9 @@ <name>Service Watchdog</name> <descr>Monitors for stopped services and restarts them.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.5</version> + <version>1.6</version> <category>Services</category> - <status>BETA</status> + <status>Release</status> <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> <pkginfolink></pkginfolink> <required_version>2.1</required_version> @@ -1967,7 +1967,7 @@ <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>softflowd-0.9.8_2-i386.pbi</depends_on_package_pbi> - <version>0.9.8</version> + <version>0.9.8 pkg v1.0.1</version> <status>Beta</status> <required_version>2.1</required_version> <configurationfile>softflowd.xml</configurationfile> @@ -1981,7 +1981,7 @@ <descr>Set of programs for controlling APC UPS.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>apcupsd-3.14.10_1 pkg v0.2</version> + <version>apcupsd-3.14.10_1 pkg v0.3</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>apcupsd.xml</configurationfile> @@ -2016,8 +2016,8 @@ <website>http://suricata-ids.org/</website> <descr><![CDATA[Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.]]></descr> <category>Security</category> - <version>1.4.6 pkg v0.3</version> - <status>BETA</status> + <version>1.4.6 pkg v1.0.1</version> + <status>Stable</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file> <configurationfile>suricata.xml</configurationfile> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index cf82721e..cfb08654 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -34,14 +34,14 @@ <descr><![CDATA[Asterisk is an open source framework for building communications applications.<br />Asterisk turns an ordinary computer into a communications server.]]></descr> <website>http://www.asterisk.org/</website> <category>Services</category> - <version>1.8 pkg v0.3.2</version> + <version>1.8.26.1_1 pkg v0.3.2</version> <status>Beta</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/asterisk/asterisk.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>asterisk18-1.8.25.0.tbz</depends_on_package> <depends_on_package>openldap-client-2.4.38.tbz</depends_on_package> - <depends_on_package_pbi>asterisk-1.8.26.1-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>asterisk-1.8.26.1_1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/asterisk</build_port_path> <maintainer>marcellocoutinho@gmail.com robreg@zsurob.hu</maintainer> <configurationfile>asterisk.xml</configurationfile> @@ -53,13 +53,13 @@ <descr><![CDATA[The most widely used name server software]]></descr> <website>http://www.isc.org/downloads/BIND/</website> <category>Services</category> - <version>9.9.5 pkg v 0.3.2</version> + <version>9.9.5_12 pkg v 0.3.2</version> <status>RC</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/bind/bind.xml</config_file> <configurationfile>bind.xml</configurationfile> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>bind-9.9.5_8-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>bind-9.9.5_12-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/dns/bind99</build_port_path> <build_pbi> <custom_name>bind</custom_name> @@ -179,14 +179,14 @@ Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5-dev22 pkg v 0.8</version> + <version>1.5-dev24 pkg v 0.8</version> <status>Release</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>haproxy-1.4.22.tbz</depends_on_package> - <depends_on_package_pbi>haproxy-devel-1.5-dev22-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>haproxy-devel-1.5-dev24-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net/haproxy-devel</build_port_path> <build_pbi> <ports_before>security/openssl</ports_before> @@ -202,9 +202,9 @@ <descr><![CDATA[ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.<br> It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br> In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> - <b>Backup your location config before updating form 0.2.x to 0.3 package version.</b>]]></descr> + <b>Backup your location config before updating from 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> - <version>2.4.9_1 pkg v0.3</version> + <version>2.4.9_2 pkg v0.3</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> @@ -215,7 +215,7 @@ <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.4.9_1-amd64.pbi git-1.9.0_1-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.4.9_2-amd64.pbi git-1.9.2-amd64.pbi</depends_on_package_pbi> <configurationfile>apache_virtualhost.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -250,7 +250,7 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.1.4</version> + <version>0.1.5</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.xml</config_file> @@ -261,7 +261,7 @@ <depends_on_package>ap22-mod_memcache-0.1.0_4.tbz</depends_on_package> <depends_on_package>apache-2.2.22_5.tbz</depends_on_package> <depends_on_package>ap22-mod_security-2.6.5_1.tbz</depends_on_package> - <depends_on_package_pbi>proxy_mod_security-2.2.27-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>proxy_mod_security-2.2.27_2-amd64.pbi</depends_on_package_pbi> <configurationfile>apache_mod_security.xml</configurationfile> <build_port_path>/usr/ports/devel/gettext</build_port_path> <build_port_path>/usr/ports/misc/help2man</build_port_path> @@ -326,7 +326,7 @@ </build_pbi> <depends_on_package>avahi-0.6.29.tbz</depends_on_package> <depends_on_package_pbi>avahi-0.6.31-amd64.pbi</depends_on_package_pbi> - <version>0.6.31 pkg v1.02</version> + <version>0.6.31 pkg v1.03</version> <status>ALPHA</status> <required_version>1.2.3</required_version> <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> @@ -339,7 +339,7 @@ <descr>ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.</descr> <category>Network Management</category> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>ntop-5.0.1-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>ntop-5.0.1_1-amd64.pbi</depends_on_package_pbi> <depends_on_package>rrdtool-1.2.30_2.tbz</depends_on_package> <depends_on_package>gdbm-1.9.1.tbz</depends_on_package> <depends_on_package>perl-5.14.2_2.tbz</depends_on_package> @@ -360,7 +360,7 @@ <port>net/ntop</port> </build_pbi> <build_options>WITH_PCAP_PORT=true;WITH_XMLDUMP=true;WITHOUT_JUMBO_FRAMES=true;WITH_MAKO=true;WITHOUT_DEJAVU=true;WITH_JSON=true;WITH_MMAP=true;WITHOUT_PERL_MODULE=true;WITHOUT_PYTHON_MODULE=true;WITHOUT_RUBY_MODULE=true;WITHOUT_EXAMPLES=true;WITHOUT_FPECTL=true;WITH_IPV6=true;WITH_NLS=true;WITHOUT_PTH=true;WITH_PYMALLOC=true;WITHOUT_SEM=true;WITH_THREADS=true;WITHOUT_UCS2=true;WITH_UCS4=true;WITH_FONTCONFIG=true;WITH_ICONV=true;WITHOUT_XPM=true;WITHOUT_DAG=true;WITHOUT_DIGCOLA=true;WITHOUT_IPSEPCOLA=true;WITHOUT_PANGOCAIRO=true;WITHOUT_GTK=true;WITHOUT_XCB=true</build_options> - <version>5.0.1 v2.4</version> + <version>5.0.1_1 v2.4</version> <status>BETA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/ntop2/ntop.xml</config_file> @@ -512,7 +512,7 @@ </build_pbi> <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP;snort_SET=TARGETBASED PERFPROFILE SOURCEFIRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;snort_UNSET=PULLEDPORK;perl_SET=THREADS;NOPORTDOCS=true</build_options> <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> - <version>2.9.6.0 pkg v3.0.6</version> + <version>2.9.6.0 pkg v3.0.8</version> <required_version>2.0</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -598,7 +598,7 @@ <depends_on_package>dansguardian-2.12.0.3.tbz</depends_on_package> <depends_on_package>ca_root_nss-3.14.1.tbz</depends_on_package> <depends_on_package_pbi>dansguardian-2.12.0.3_2-amd64.pbi</depends_on_package_pbi> - <version>2.12.0.3_2 pkg v.0.1.8</version> + <version>2.12.0.3_2 pkg v.0.1.9</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>dansguardian.xml</configurationfile> @@ -624,7 +624,7 @@ <depends_on_package>p5-IP-Country-2.28.tbz</depends_on_package> <depends_on_package>MailScanner-4.84.5_3.tbz</depends_on_package> <depends_on_package_pbi>mailscanner-4.84.6-amd64.pbi</depends_on_package_pbi> - <version>4.84.6 pkg v.0.2.4</version> + <version>4.84.6 pkg v.0.2.5</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>mailscanner.xml</configurationfile> @@ -650,7 +650,7 @@ <depends_on_package_pbi>siproxd-0.8.0-amd64.pbi</depends_on_package_pbi> <pkginfolink>https://doc.pfsense.org/index.php/Siproxd_package</pkginfolink> <build_port_path>/usr/ports/net/siproxd</build_port_path> - <version>0.8.0_2</version> + <version>0.8.0_2 pkg v1.0.1</version> <status>Beta</status> <required_version>1.2.1</required_version> <configurationfile>siproxd.xml</configurationfile> @@ -766,7 +766,7 @@ <website>http://varnish-cache.org</website> <pkginfolink>https://doc.pfsense.org/index.php/Varnish_package</pkginfolink> <category>Services</category> - <version>2.1.5 pkg v.1.0</version> + <version>2.1.5 pkg v.1.0.1</version> <status>Release</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/varnish64/varnish_backends.xml</config_file> @@ -908,7 +908,7 @@ <descr>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org</descr> <website>https://portal.pfsense.org</website> <category>Services</category> - <version>1.23</version> + <version>1.24</version> <status>Stable</status> <required_version>1.2</required_version> <pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> @@ -939,9 +939,9 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>lua-5.1.5_4.tbz</depends_on_package> <depends_on_package>nmap-6.25_1.tbz</depends_on_package> - <depends_on_package_pbi>nmap-6.40_2-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>nmap-6.46-amd64.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> - <version>nmap-6.40_2 pkg v1.2</version> + <version>nmap-6.46 pkg v1.2.1</version> <status>Stable</status> <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> <required_version>2.0</required_version> @@ -972,7 +972,7 @@ <descr>Network UPS Tools</descr> <website>http://www.networkupstools.org/</website> <category>Network Management</category> - <version>2.6.5_1 pkg 2.0</version> + <version>2.6.5_1 pkg 2.0.1</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>rswagoner@gmail.com</maintainer> @@ -1021,7 +1021,7 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>pfflowd-0.8.tbz</depends_on_package> <depends_on_package_pbi>pfflowd-0.8-amd64.pbi</depends_on_package_pbi> - <version>0.8.3</version> + <version>0.8.3 pkg v1.0.1</version> <status>Stable</status> <required_version>2.0</required_version> <configurationfile>pfflowd.xml</configurationfile> @@ -1076,13 +1076,13 @@ On pfSense docs there is a how-to which could help you on porting users.]]></descr> <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <category>System</category> - <version>2.1.12_1/2.2.4_1 pkg v1.6.7_2</version> + <version>2.1.12_1/2.2.5 pkg v1.6.7_2</version> <status>RC1</status> <required_version>2.0</required_version> <maintainer>nachtfalkeaw@web.de</maintainer> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>freeradius-2.1.12_1.tbz</depends_on_package> - <depends_on_package_pbi>freeradius-2.2.4_1-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>freeradius-2.2.5-amd64.pbi</depends_on_package_pbi> <depends_on_package>mysql-client-5.1.63.tbz</depends_on_package> <depends_on_package>postgresql-client-9.0.8.tbz</depends_on_package> <depends_on_package>openldap-sasl-client-2.4.31_1.tbz</depends_on_package> @@ -1177,7 +1177,7 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>mtr-nox11-0.82.tbz</depends_on_package> <depends_on_package_pbi>mtr-0.85_1-amd64.pbi</depends_on_package_pbi> - <version>0.85_1</version> + <version>0.85_2</version> <status>Stable</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/mtr-nox11.xml</config_file> @@ -1356,7 +1356,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>gugabsd@mundounix.com.br</maintainer> <category>Network Management</category> - <version>1.5_2 beta</version> + <version>1.5_3 beta</version> <status>Beta</status> <required_version>2.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> @@ -1440,7 +1440,7 @@ <depends_on_package_pbi>zip-3.0-amd64.pbi p7zip-9.20.1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.2.6</version> + <version>1.2.9</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1457,7 +1457,7 @@ <depends_on_package_pbi>havp-0.91_1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/havp</build_port_path> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <version>0.91_1 pkg v1.01</version> + <version>0.91_1 pkg v1.02</version> <status>BETA</status> <required_version>1.2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> @@ -1495,7 +1495,7 @@ <name>blinkled</name> <descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.4</version> + <version>0.4.1</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> @@ -1515,7 +1515,7 @@ <name>gwled</name> <descr>Allows you to use LEDs for gateway status on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.2</version> + <version>0.2.1</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.0</required_version> @@ -1558,7 +1558,7 @@ <descr>Unbound is a validating, recursive, and caching DNS resolver. This package is a drop in replacement for Services: DNS Forwarder and also supports DNSSEC extensions. Once installed please configure the Unbound service by visiting Services: Unbound DNS.</descr> <website>http://www.unbound.net/</website> <category>Services</category> - <version>1.4.22</version> + <version>1.4.22_2</version> <status>Alpha</status> <maintainer>warren@decoy.co.za</maintainer> <required_version>2.0</required_version> @@ -1578,7 +1578,7 @@ <ports_before>dns/ldns textproc/expat2 devel/libevent2</ports_before> <port>dns/unbound</port> </build_pbi> - <depends_on_package_pbi>unbound-1.4.22-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>unbound-1.4.22_2-amd64.pbi</depends_on_package_pbi> <build_options>unbound_UNSET_FORCE=GOST ECDSA;unbound_SET=LIBEVENT20 THREADS</build_options> <logging> <facilityname>unbound</facilityname> @@ -1675,7 +1675,7 @@ <name>mailreport</name> <descr>Allows you to setup periodic e-mail reports containing command output, log file contents, and RRD graphs.</descr> <category>Network Management</category> - <version>2.0.9</version> + <version>2.0.11</version> <status>Stable</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/mailreport/mailreport.xml</config_file> @@ -1687,7 +1687,7 @@ This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.]]> </descr> <category>Services</category> - <version>1.1</version> + <version>1.2</version> <status>BETA</status> <website>www.winton.org.uk/zebedee/</website> <maintainer>jorgelustosa@gmail.com marcellocoutinho@gmail.com</maintainer> @@ -1729,7 +1729,7 @@ <name>System Patches</name> <descr>A package to apply and maintain custom system patches.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.0</version> + <version>1.0.1</version> <category>System</category> <status>RELEASE</status> <config_file>https://packages.pfsense.org/packages/config/systempatches/systempatches.xml</config_file> @@ -1743,7 +1743,7 @@ <descr><![CDATA[Bacula is a set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds.]]></descr> <website>http://www.bacula.org/</website> <category>Services</category> - <version>5.2.12_3 pkg v 1.0.2</version> + <version>5.2.12_4 pkg v 1.0.2</version> <status>Stable</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> @@ -1801,7 +1801,7 @@ <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[GIT Source Code Management (console/shell only)]]></descr> <category>Services</category> - <version>1.9.0_1</version> + <version>1.9.2</version> <status>Beta</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/git/git.xml</config_file> @@ -1813,7 +1813,7 @@ <port>devel/git</port> </build_pbi> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>git-1.9.0_1-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>git-1.9.2-amd64.pbi</depends_on_package_pbi> </package> <package> <name>tinc</name> @@ -1826,7 +1826,7 @@ <port>security/tinc</port> </build_pbi> <build_options></build_options> - <version>1.0.23 v1.1</version> + <version>1.0.23 v1.2</version> <status>ALPHA</status> <pkginfolink>https://doc.pfsense.org/index.php/tinc_package</pkginfolink> <required_version>2.1</required_version> @@ -1843,7 +1843,7 @@ <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> <category>Services</category> - <version>3.5.4.1</version> + <version>3.5.4.1_1</version> <status>ALPHA</status> <required_version>2.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> @@ -1862,7 +1862,7 @@ <descr>Monitoring agent.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> - <version>zabbix2-agent-2.2.2 pkg v0.8_2</version> + <version>zabbix2-agent-2.2.2_1 pkg v0.8.1</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-agent.xml</configurationfile> @@ -1874,14 +1874,14 @@ </build_pbi> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>zabbix22-agent-2.2.2.tbz</depends_on_package> - <depends_on_package_pbi>zabbix22-agent-2.2.2-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>zabbix22-agent-2.2.2_1-amd64.pbi</depends_on_package_pbi> </package> <package> <name>Zabbix-2 Proxy</name> <descr>Monitoring agent proxy.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> - <version>zabbix2-proxy-2.2.2 pkg v0.8_2</version> + <version>zabbix2-proxy-2.2.2_1 pkg v0.8.1</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-proxy.xml</configurationfile> @@ -1894,7 +1894,7 @@ <build_options>OPTIONS_SET+= SQLITE IPV6;OPTIONS_UNSET+= MYSQL JABBER GSSAPI</build_options> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>zabbix22-proxy-2.2.2.tbz</depends_on_package> - <depends_on_package_pbi>zabbix22-proxy-2.2.2-amd64.pbi</depends_on_package_pbi> + <depends_on_package_pbi>zabbix22-proxy-2.2.2_1-amd64.pbi</depends_on_package_pbi> </package> <package> <!-- This does not exist yet, this is here to trigger a PBI build --> @@ -1902,7 +1902,7 @@ <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr><![CDATA[IPMI Tools for local/remote data retrieval and control (Console only, no GUI)]]></descr> <category>Services</category> - <version>1.8.12_5</version> + <version>1.8.12_6</version> <status>Beta</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/ipmitool/ipmitool.xml</config_file> @@ -1920,7 +1920,7 @@ <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.2</version> + <version>0.2.1</version> <status>Beta</status> <required_version>2.0.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> @@ -1938,9 +1938,9 @@ <name>Service Watchdog</name> <descr>Monitors for stopped services and restarts them.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.5</version> + <version>1.6</version> <category>Services</category> - <status>BETA</status> + <status>Release</status> <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> <pkginfolink></pkginfolink> <required_version>2.1</required_version> @@ -1954,7 +1954,7 @@ <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>softflowd-0.9.8_2-amd64.pbi</depends_on_package_pbi> - <version>0.9.8</version> + <version>0.9.8 pkg v1.0.1</version> <status>Beta</status> <required_version>2.1</required_version> <configurationfile>softflowd.xml</configurationfile> @@ -1968,7 +1968,7 @@ <descr>Set of programs for controlling APC UPS.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>apcupsd-3.14.10_1 pkg v0.2</version> + <version>apcupsd-3.14.10_1 pkg v0.3</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>apcupsd.xml</configurationfile> @@ -2003,8 +2003,8 @@ <website>http://suricata-ids.org/</website> <descr><![CDATA[Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.]]></descr> <category>Security</category> - <version>1.4.6 pkg v0.3</version> - <status>BETA</status> + <version>1.4.6 pkg v1.0.1</version> + <status>Stable</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/suricata/suricata.xml</config_file> <configurationfile>suricata.xml</configurationfile> |