diff options
-rw-r--r-- | config/suricata/suricata_app_parsers.php | 294 | ||||
-rw-r--r-- | config/suricata/suricata_flow_stream.php | 262 | ||||
-rw-r--r-- | config/suricata/suricata_import_aliases.php | 18 | ||||
-rw-r--r-- | config/suricata/suricata_libhtp_policy_engine.php | 210 | ||||
-rw-r--r-- | config/suricata/suricata_os_policy_engine.php | 186 |
5 files changed, 512 insertions, 458 deletions
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index 1706f04a..eddf273d 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -60,7 +60,7 @@ $libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']); // Build a lookup array of currently used engine 'bind_to' Aliases // so we can screen matching Alias names from the list. $used = array(); -foreach ($a_nat[$id]['host_os_policy']['item'] as $v) +foreach ($a_nat[$id]['libhtp_policy']['item'] as $v) $used[$v['bind_to']] = true; $pconfig = array(); @@ -86,17 +86,125 @@ if (isset($id) && $a_nat[$id]) { $pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy']; } -// Check for "import alias mode" and set flag if TRUE +// Check for "import or select alias mode" and set flags if TRUE. +// "selectalias", when true, displays radio buttons to limit +// multiple selections. if ($_POST['import_alias']) { $importalias = true; + $selectalias = false; $title = "HTTP Server Policy"; } -else - $importalias = false; +elseif ($_POST['select_alias']) { + $importalias = true; + $selectalias = true; + $title = "HTTP Server Policy"; + + // Preserve current Libhtp Policy Engine settings + $eng_id = $_POST['eng_id']; + $eng_name = $_POST['policy_name']; + $eng_bind = $_POST['policy_bind_to']; + $eng_personality = $_POST['personality']; + $eng_req_body_limit = $_POST['req_body_limit']; + $eng_resp_body_limit = $_POST['resp_body_limit']; + $eng_enable_double_decode_path = $_POST['enable_double_decode_path']; + $eng_enable_double_decode_query = $_POST['enable_double_decode_query']; + $mode = "add_edit_libhtp_policy"; +} +if ($_POST['save_libhtp_policy']) { + if ($_POST['eng_id'] != "") { + $eng_id = $_POST['eng_id']; + + // Grab all the POST values and save in new temp array + $engine = array(); + $policy_name = trim($_POST['policy_name']); + if ($policy_name) { + $engine['name'] = $policy_name; + } + else + $input_errors[] = gettext("The 'Policy Name' value cannot be blank."); + + if ($_POST['policy_bind_to']) { + if (is_alias($_POST['policy_bind_to'])) + $engine['bind_to'] = $_POST['policy_bind_to']; + elseif (strtolower(trim($_POST['policy_bind_to'])) == "all") + $engine['bind_to'] = "all"; + else + $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value."); + } + else + $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'."); + + if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "bsd"; } + + if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0) + $engine['request-body-limit'] = $_POST['req_body_limit']; + else + $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero."); + + if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0) + $engine['response-body-limit'] = $_POST['resp_body_limit']; + else + $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero."); -if ($_POST['add_libhtp_policy']) { - header("Location: suricata_libhtp_policy_engine.php?id={$id}&eng_id={$libhtp_engine_next_id}"); - exit; + if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; } + if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; } + + // Can only have one "all" Bind_To address + if ($engine['bind_to'] == "all" && $engine['name'] <> "default") + $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses."); + + // if no errors, write new entry to conf + if (!$input_errors) { + if (isset($eng_id) && $a_nat[$id]['libhtp_policy']['item'][$eng_id]) { + $a_nat[$id]['libhtp_policy']['item'][$eng_id] = $engine; + } + else + $a_nat[$id]['libhtp_policy']['item'][] = $engine; + + /* Reorder the engine array to ensure the */ + /* 'bind_to=all' entry is at the bottom */ + /* if it contains more than one entry. */ + if (count($a_nat[$id]['libhtp_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } + } + /* Only relocate the entry if we */ + /* found it, and it's not already */ + /* at the end. */ + if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['libhtp_policy']['item'][$i]; + unset($a_nat[$id]['libhtp_policy']['item'][$i]); + $a_nat[$id]['libhtp_policy']['item'][] = $tmp; + } + } + + // Now write the new engine array to conf + write_config(); + $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item']; + } + else { + $add_edit_libhtp_policy = true; + $pengcfg = $engine; + } + } +} +elseif ($_POST['add_libhtp_policy']) { + $add_edit_libhtp_policy = true; + $pengcfg = array( "name" => "engine_{$libhtp_engine_next_id}", "bind_to" => "", "personality" => "IDS", + "request-body-limit" => "4096", "response-body-limit" => "4096", + "double-decode-path" => "no", "double-decode-query" => "no" ); + $eng_id = $libhtp_engine_next_id; +} +elseif ($_POST['edit_libhtp_policy']) { + if ($_POST['eng_id'] != "") { + $add_edit_libhtp_policy = true; + $eng_id = $_POST['eng_id']; + $pengcfg = $a_nat[$id]['libhtp_policy']['item'][$eng_id]; + } } elseif ($_POST['del_libhtp_policy']) { $natent = array(); @@ -111,6 +219,9 @@ elseif ($_POST['del_libhtp_policy']) { write_config(); } } +elseif ($_POST['cancel_libhtp_policy']) { + $add_edit_libhtp_policy = false; +} elseif ($_POST['ResetAll']) { /* Reset all the settings to defaults */ @@ -120,54 +231,108 @@ elseif ($_POST['ResetAll']) { $savemsg = gettext("All flow and stream settings have been reset to their defaults."); } elseif ($_POST['save_import_alias']) { - $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS", - "request-body-limit" => "4096", "response-body-limit" => "4096", - "double-decode-path" => "no", "double-decode-query" => "no" ); - - // See if anything was checked to import - if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) { - foreach ($_POST['aliastoimport'] as $item) { - $engine['name'] = strtolower($item); - $engine['bind_to'] = $item; - $a_nat[$id]['libhtp_policy']['item'][] = $engine; + // If saving out of "select alias" mode, + // then return to Libhtp Policy Engine edit + // page. + if ($_POST['mode'] == 'add_edit_libhtp_policy') { + $pengcfg = array(); + $eng_id = $_POST['eng_id']; + $pengcfg['name'] = $_POST['eng_name']; + $pengcfg['bind_to'] = $_POST['eng_bind']; + $pengcfg['personality'] = $_POST['eng_personality']; + $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit']; + $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit']; + $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path']; + $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query']; + $add_edit_libhtp_policy = true; + $mode = "add_edit_libhtp_policy"; + + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) { + $pengcfg['bind_to'] = $_POST['aliastoimport'][0]; + $importalias = false; + $selectalias = false; + } + else { + $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE."); + $importalias = true; + $selectalias = true; + $eng_id = $_POST['eng_id']; + $eng_name = $_POST['eng_name']; + $eng_bind = $_POST['eng_bind']; + $eng_personality = $_POST['eng_personality']; + $eng_req_body_limit = $_POST['eng_req_body_limit']; + $eng_resp_body_limit = $_POST['eng_resp_body_limit']; + $eng_enable_double_decode_path = $_POST['eng_enable_double_decode_path']; + $eng_enable_double_decode_query = $_POST['eng_enable_double_decode_query']; } } else { - $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); - $importalias = true; - } + $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS", + "request-body-limit" => "4096", "response-body-limit" => "4096", + "double-decode-path" => "no", "double-decode-query" => "no" ); + + // See if anything was checked to import + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) { + foreach ($_POST['aliastoimport'] as $item) { + $engine['name'] = strtolower($item); + $engine['bind_to'] = $item; + $a_nat[$id]['libhtp_policy']['item'][] = $engine; + } + } + else { + $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); + $importalias = true; + } - // if no errors, write new entry to conf - if (!$input_errors) { - // Reorder the engine array to ensure the - // 'bind_to=all' entry is at the bottom if - // the array contains more than one entry. - if (count($a_nat[$id]['libhtp_policy']['item']) > 1) { - $i = -1; - foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) { - if ($v['bind_to'] == "all") { - $i = $f; - break; + // if no errors, write new entry to conf + if (!$input_errors) { + // Reorder the engine array to ensure the + // 'bind_to=all' entry is at the bottom if + // the array contains more than one entry. + if (count($a_nat[$id]['libhtp_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } } + // Only relocate the entry if we + // found it, and it's not already + // at the end. + if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['libhtp_policy']['item'][$i]; + unset($a_nat[$id]['libhtp_policy']['item'][$i]); + $a_nat[$id]['libhtp_policy']['item'][] = $tmp; + } + $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item']; } - // Only relocate the entry if we - // found it, and it's not already - // at the end. - if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) { - $tmp = $a_nat[$id]['libhtp_policy']['item'][$i]; - unset($a_nat[$id]['libhtp_policy']['item'][$i]); - $a_nat[$id]['libhtp_policy']['item'][] = $tmp; - } - $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item']; - } - // Write the new engine array to config file - write_config(); - $importalias = false; + // Write the new engine array to config file + write_config(); + $importalias = false; + } } } elseif ($_POST['cancel_import_alias']) { $importalias = false; + $selectalias = false; + $eng_id = $_POST['eng_id']; + + // If cancelling out of "select alias" mode, + // then return to Libhtp Policy Engine edit + // page. + if ($_POST['mode'] == 'add_edit_libhtp_policy') { + $pengcfg = array(); + $pengcfg['name'] = $_POST['eng_name']; + $pengcfg['bind_to'] = $_POST['eng_bind']; + $pengcfg['personality'] = $_POST['eng_personality']; + $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit']; + $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit']; + $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path']; + $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query']; + $add_edit_libhtp_policy = true; + } } elseif ($_POST['save']) { $natent = array(); @@ -222,7 +387,7 @@ include_once("head.inc"); <form action="suricata_app_parsers.php" method="post"name="iform" id="iform"> <input name="id" type="hidden" value="<?=$id;?>"/> -<input type="hidden" name="eng_id" id="eng_id" value=""/> +<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -251,7 +416,21 @@ include_once("head.inc"); <tr><td><div id="mainarea"> <?php if ($importalias) : ?> - <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); ?> + <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); + if ($selectalias) { + echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>'; + echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>'; + echo '<input type="hidden" name="eng_personality" value="' . $eng_personality . '"/>'; + echo '<input type="hidden" name="eng_req_body_limit" value="' . $eng_req_body_limit . '"/>'; + echo '<input type="hidden" name="eng_resp_body_limit" value="' . $eng_resp_body_limit . '"/>'; + echo '<input type="hidden" name="eng_enable_double_decode_path" value="' . $eng_enable_double_decode_path . '"/>'; + echo '<input type="hidden" name="eng_enable_double_decode_query" value="' . $eng_enable_double_decode_query . '"/>'; + } + ?> + +<?php elseif ($add_edit_libhtp_policy) : ?> + <?php include("/usr/local/www/suricata/suricata_libhtp_policy_engine.php"); ?> + <?php else: ?> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> @@ -297,9 +476,9 @@ include_once("head.inc"); <tr> <td class="listlr" align="left"><?=gettext($v['name']);?></td> <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td> - <td class="listt" align="right"><a href="suricata_libhtp_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a> + <td class="listt" align="right"><input type="image" name="edit_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'" + src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"/> <?php if ($v['bind_to'] <> "all") : ?> <input type="image" name="del_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');" src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" @@ -338,23 +517,6 @@ include_once("head.inc"); </div> </td></tr></table> </form> -<script type="text/javascript"> -function wopen(url, name, w, h) -{ - // Fudge factors for window decoration space. - // In my tests these work well on all platforms & browsers. - w += 32; - h += 96; - var win = window.open(url, - name, - 'width=' + w + ', height=' + h + ', ' + - 'location=no, menubar=no, ' + - 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); - win.resizeTo(w, h); - win.focus(); -} - -</script> <?php include("fend.inc"); ?> </body> </html> diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index 6d5134c3..6c081fa8 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -84,17 +84,111 @@ if (isset($id) && $a_nat[$id]) { $pconfig['host_os_policy'] = $a_nat[$id]['host_os_policy']; } -// Check for "import alias mode" and set flag if TRUE +// Check for "import or select alias mode" and set flags if TRUE. +// "selectalias", when true, displays radio buttons to limit +// multiple selections. if ($_POST['import_alias']) { $importalias = true; + $selectalias = false; $title = "Host Operating System Policy"; } -else - $importalias = false; +elseif ($_POST['select_alias']) { + $importalias = true; + $selectalias = true; + $title = "Host Operating System Policy"; + + // Preserve current OS Policy Engine settings + $eng_id = $_POST['eng_id']; + $eng_name = $_POST['policy_name']; + $eng_bind = $_POST['policy_bind_to']; + $eng_policy = $_POST['policy']; + $mode = "add_edit_os_policy"; +} + +if ($_POST['save_os_policy']) { + if ($_POST['eng_id'] != "") { + $eng_id = $_POST['eng_id']; + + // Grab all the POST values and save in new temp array + $engine = array(); + $policy_name = trim($_POST['policy_name']); + if ($policy_name) { + $engine['name'] = $policy_name; + } + else { + $input_errors[] = gettext("The 'Policy Name' value cannot be blank."); + $add_edit_os_policy = true; + } + if ($_POST['policy_bind_to']) { + if (is_alias($_POST['policy_bind_to'])) + $engine['bind_to'] = $_POST['policy_bind_to']; + elseif (strtolower(trim($_POST['policy_bind_to'])) == "all") + $engine['bind_to'] = "all"; + else { + $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value."); + $add_edit_os_policy = true; + } + } + else { + $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'."); + $add_edit_os_policy = true; + } + + if ($_POST['policy']) { $engine['policy'] = $_POST['policy']; } else { $engine['policy'] = "bsd"; } + + // Can only have one "all" Bind_To address + if ($engine['bind_to'] == "all" && $engine['name'] <> "default") { + $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses."); + $add_edit_os_policy = true; + $pengcfg = $engine; + } + + // if no errors, write new entry to conf + if (!$input_errors) { + if (isset($eng_id) && $a_nat[$id]['host_os_policy']['item'][$eng_id]) { + $a_nat[$id]['host_os_policy']['item'][$eng_id] = $engine; + } + else + $a_nat[$id]['host_os_policy']['item'][] = $engine; + + /* Reorder the engine array to ensure the */ + /* 'bind_to=all' entry is at the bottom */ + /* if it contains more than one entry. */ + if (count($a_nat[$id]['host_os_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } + } + /* Only relocate the entry if we */ + /* found it, and it's not already */ + /* at the end. */ + if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['host_os_policy']['item'][$i]; + unset($a_nat[$id]['host_os_policy']['item'][$i]); + $a_nat[$id]['host_os_policy']['item'][] = $tmp; + } + } -if ($_POST['add_os_policy']) { - header("Location: suricata_os_policy_engine.php?id={$id}&eng_id={$host_os_policy_engine_next_id}"); - exit; + // Now write the new engine array to conf + write_config(); + $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item']; + } + } +} +elseif ($_POST['add_os_policy']) { + $add_edit_os_policy = true; + $pengcfg = array( "name" => "engine_{$host_os_policy_engine_next_id}", "bind_to" => "", "policy" => "bsd" ); + $eng_id = $host_os_policy_engine_next_id; +} +elseif ($_POST['edit_os_policy']) { + if ($_POST['eng_id'] != "") { + $add_edit_os_policy = true; + $eng_id = $_POST['eng_id']; + $pengcfg = $a_nat[$id]['host_os_policy']['item'][$eng_id]; + } } elseif ($_POST['del_os_policy']) { $natent = array(); @@ -109,6 +203,9 @@ elseif ($_POST['del_os_policy']) { write_config(); } } +elseif ($_POST['cancel_os_policy']) { + $add_edit_os_policy = false; +} elseif ($_POST['ResetAll']) { /* Reset all the settings to defaults */ @@ -223,52 +320,97 @@ elseif ($_POST['save']) { } } elseif ($_POST['save_import_alias']) { - $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" ); - - // See if anything was checked to import - if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) { - foreach ($_POST['aliastoimport'] as $item) { - $engine['name'] = strtolower($item); - $engine['bind_to'] = $item; - $a_nat[$id]['host_os_policy']['item'][] = $engine; + // If saving out of "select alias" mode, + // then return to Host OS Policy Engine edit + // page. + if ($_POST['mode'] =='add_edit_os_policy') { + $pengcfg = array(); + $eng_id = $_POST['eng_id']; + $pengcfg['name'] = $_POST['eng_name']; + $pengcfg['bind_to'] = $_POST['eng_bind']; + $pengcfg['policy'] = $_POST['eng_policy']; + $add_edit_os_policy = true; + $mode = "add_edit_os_policy"; + + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) { + $pengcfg['bind_to'] = $_POST['aliastoimport'][0]; + $importalias = false; + $selectalias = false; + } + else { + $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE."); + $importalias = true; + $selectalias = true; + $eng_id = $_POST['eng_id']; + $eng_name = $_POST['eng_name']; + $eng_bind = $_POST['eng_bind']; + $eng_policy = $_POST['eng_policy']; } } else { - $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); - $importalias = true; - } + // Assume we are importing one or more aliases + // for use in new Host OS Policy engines. + $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" ); + + // See if anything was checked to import + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) { + foreach ($_POST['aliastoimport'] as $item) { + $engine['name'] = strtolower($item); + $engine['bind_to'] = $item; + $a_nat[$id]['host_os_policy']['item'][] = $engine; + } + } + else { + $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); + $importalias = true; + } - // if no errors, write new entry to conf - if (!$input_errors) { - // Reorder the engine array to ensure the - // 'bind_to=all' entry is at the bottom if - // the array contains more than one entry. - if (count($a_nat[$id]['host_os_policy']['item']) > 1) { - $i = -1; - foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) { - if ($v['bind_to'] == "all") { - $i = $f; - break; + // if no errors, write new entry to conf + if (!$input_errors) { + // Reorder the engine array to ensure the + // 'bind_to=all' entry is at the bottom if + // the array contains more than one entry. + if (count($a_nat[$id]['host_os_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } } + // Only relocate the entry if we + // found it, and it's not already + // at the end. + if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['host_os_policy']['item'][$i]; + unset($a_nat[$id]['host_os_policy']['item'][$i]); + $a_nat[$id]['host_os_policy']['item'][] = $tmp; + } + $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item']; } - // Only relocate the entry if we - // found it, and it's not already - // at the end. - if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) { - $tmp = $a_nat[$id]['host_os_policy']['item'][$i]; - unset($a_nat[$id]['host_os_policy']['item'][$i]); - $a_nat[$id]['host_os_policy']['item'][] = $tmp; - } - $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item']; - } - // Write the new engine array to config file - write_config(); - $importalias = false; + // Write the new engine array to config file + write_config(); + $importalias = false; + $selectalias = false; + } } } elseif ($_POST['cancel_import_alias']) { $importalias = false; + $selectalias = false; + $eng_id = $_POST['eng_id']; + + // If cancelling out of "select alias" mode, + // then return to Host OS Policy Engine edit + // page. + if ($_POST['mode'] == 'add_edit_os_policy') { + $pengcfg = array(); + $pengcfg['name'] = $_POST['eng_name']; + $pengcfg['bind_to'] = $_POST['eng_bind']; + $pengcfg['policy'] = $_POST['eng_policy']; + $add_edit_os_policy = true; + } } $if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); @@ -289,7 +431,7 @@ include_once("head.inc"); ?> <form action="suricata_flow_stream.php" method="post" name="iform" id="iform"> -<input type="hidden" name="eng_id" id="eng_id" value=""/> +<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/> <input type="hidden" name="id" id="id" value="<?=$id;?>"/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -320,7 +462,17 @@ include_once("head.inc"); <tr><td><div id="mainarea"> <?php if ($importalias) : ?> - <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); ?> + <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); + if ($selectalias) { + echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>'; + echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>'; + echo '<input type="hidden" name="eng_policy" value="' . $eng_policy . '"/>'; + } + ?> + +<?php elseif ($add_edit_os_policy) : ?> + <?php include("/usr/local/www/suricata/suricata_os_policy_engine.php"); ?> + <?php else: ?> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> @@ -350,9 +502,9 @@ include_once("head.inc"); <tr> <td class="listlr" align="left"><?=gettext($v['name']);?></td> <td class="listbg" align="center"><?=gettext($v['bind_to']);?></td> - <td class="listt" align="right"><a href="suricata_os_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>"> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"></a> + <td class="listt" align="right"><input type="image" name="edit_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'" + src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" + width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"/> <?php if ($v['bind_to'] <> "all") : ?> <input type="image" name="del_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');" src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0" @@ -677,24 +829,6 @@ include_once("head.inc"); </div> </td></tr></table> </form> -<script type="text/javascript"> - -function wopen(url, name, w, h) -{ - // Fudge factors for window decoration space. - // In my tests these work well on all platforms & browsers. - w += 32; - h += 96; - var win = window.open(url, - name, - 'width=' + w + ', height=' + h + ', ' + - 'location=no, menubar=no, ' + - 'status=no, toolbar=no, scrollbars=yes, resizable=yes'); - win.resizeTo(w, h); - win.focus(); -} - -</script> <?php include("fend.inc"); ?> </body> </html> diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php index a93d2d64..ccaaf29d 100644 --- a/config/suricata/suricata_import_aliases.php +++ b/config/suricata/suricata_import_aliases.php @@ -39,6 +39,8 @@ $a_aliases --> $config['aliases']['alias'] array $title --> title string for import alias engine type $used --> array of currently used engine 'bind_to' Alias names + $selectalias --> boolean to display radio buttons instead of checkboxes + $mode --> string value to indicate current operation mode Information is returned from this page via the following form fields: @@ -51,11 +53,21 @@ <?php $selectablealias = false; if (!is_array($a_aliases)) $a_aliases = array(); + if ($mode <> "") + echo '<input type="hidden" name="mode" id="mode" value="' . $mode . '"/>'; + if ($selectalias == true) { + $fieldtype = "radio"; + $header = gettext("Select an Alias to use as {$title} target from the list below."); + } + else { + $fieldtype = "checkbox"; + $header = gettext("Select one or more Aliases to use as {$title} targets from the list below."); + } ?> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td class="listtopic" align="center"><?=gettext("Select one or more Aliases to use as {$title} targets from the list below.");?> - </td> + <td class="listtopic" align="center"><?=$header;?></td> </tr> <tr> <td> @@ -99,7 +111,7 @@ <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/> <?php else: ?> <tr> - <td class="listlr" align="center"><input type="checkbox" name="aliastoimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td> + <td class="listlr" align="center"><input type="<?=$fieldtype;?>" name="aliastoimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td> <?php endif; ?> <td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td> <td class="listr" align="left"> diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php index ec00bbb2..01f6b9e8 100644 --- a/config/suricata/suricata_libhtp_policy_engine.php +++ b/config/suricata/suricata_libhtp_policy_engine.php @@ -26,160 +26,33 @@ * POSSIBILITY OF SUCH DAMAGE. */ -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/suricata/suricata.inc"); - -global $g; - -// Grab the incoming QUERY STRING or POST variables -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (isset($_POST['eng_id'])) - $eng_id = $_POST['eng_id']; - -if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; -} -if (is_null($eng_id)) { - header("Location: /suricata/suricata_app_parsers.php?id={$id}"); - exit; -} - -if (!is_array($config['installedpackages']['suricata']['rule'])) - $config['installedpackages']['suricata']['rule'] = array(); -if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'])) - $config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array(); -$a_nat = &$config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item']; - -$pconfig = array(); -if (empty($a_nat[$eng_id])) { - $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "personality" => "IDS", - "request-body-limit" => "4096", "response-body-limit" => "4096", - "double-decode-path" => "no", "double-decode-query" => "no" ); - - // See if this is initial entry and set to "default" if true - if ($eng_id < 1) { - $def['name'] = "default"; - $def['bind_to'] = "all"; - } - $pconfig = $def; -} -else { - $pconfig = $a_nat[$eng_id]; - - // Check for any empty values and set sensible defaults - if (empty($pconfig['personality'])) - $pconfig['personality'] = "IDS"; -} - -if ($_POST['cancel']) { - header("Location: /suricata/suricata_app_parsers.php?id={$id}"); - exit; -} - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import") { - if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue'])) - $pconfig[$_GET['varname']] = $_GET['varvalue']; -} - -if ($_POST['save']) { - - /* Grab all the POST values and save in new temp array */ - $engine = array(); - if ($_POST['policy_name']) { $engine['name'] = trim($_POST['policy_name']); } else { $engine['name'] = "default"; } - if ($_POST['policy_bind_to']) { - if (is_alias($_POST['policy_bind_to'])) - $engine['bind_to'] = $_POST['policy_bind_to']; - elseif (strtolower(trim($_POST['policy_bind_to'])) == "all") - $engine['bind_to'] = "all"; - else - $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value."); - } - else { - $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'."); - } - - if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "IDS"; } - if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0) - $engine['request-body-limit'] = $_POST['req_body_limit']; - else - $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero."); - - if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0) - $engine['response-body-limit'] = $_POST['resp_body_limit']; - else - $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero."); - - if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; } - if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; } - - /* Can only have one "all" Bind_To address */ - if ($engine['bind_to'] == "all" && $engine['name'] <> "default") { - $input_errors[] = gettext("Only one default HTTP Server Policy Engine can be bound to all addresses."); - $pconfig = $engine; - } - - /* if no errors, write new entry to conf */ - if (!$input_errors) { - if (isset($eng_id) && $a_nat[$eng_id]) { - $a_nat[$eng_id] = $engine; - } - else - $a_nat[] = $engine; - - /* Reorder the engine array to ensure the */ - /* 'bind_to=all' entry is at the bottom */ - /* if it contains more than one entry. */ - if (count($a_nat) > 1) { - $i = -1; - foreach ($a_nat as $f => $v) { - if ($v['bind_to'] == "all") { - $i = $f; - break; - } - } - /* Only relocate the entry if we */ - /* found it, and it's not already */ - /* at the end. */ - if ($i > -1 && ($i < (count($a_nat) - 1))) { - $tmp = $a_nat[$i]; - unset($a_nat[$i]); - $a_nat[] = $tmp; - } - } - - /* Now write the new engine array to conf */ - write_config(); - - header("Location: /suricata/suricata_app_parsers.php?id={$id}"); - exit; - } -} - -$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['suricata']['rule'][$id]['interface']); -$pgtitle = gettext("Suricata: Interface {$if_friendly} HTTP Server Policy Engine"); -include_once("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" > - -<?php -include("fbegin.inc"); -if ($input_errors) print_input_errors($input_errors); -if ($savemsg) - print_info_box($savemsg); +/************************************************************************************** + This file contains code for adding/editing an existing Libhtp Policy Engine. + It is included and injected inline as needed into the suricata_app_parsers.php + page to provide the edit functionality for Host OS Policy Engines. + + The following variables are assumed to exist and must be initialized + as necessary in order to utilize this page. + + $g --> system global variables array + $config --> global variable pointing to configuration information + $pengcfg --> array containing current Libhtp Policy engine configuration + + Information is returned from this page via the following form fields: + + policy_name --> Unique Name for the Libhtp Policy Engine + policy_bind_to --> Alias name representing "bind_to" IP address for engine + personality --> Operating system chosen for engine policy + select_alias --> Submit button for select alias operation + req_body_limit --> Request Body Limit size + resp_body_limit --> Response Body Limit size + enable_double_decode_path --> double-decode path part of URI + enable_double_decode_query --> double-decode query string part of URI + save_libhtp_policy --> Submit button for save operation and exit + cancel_libhtp_policy --> Submit button to cancel operation and exit + **************************************************************************************/ ?> -<form action="suricata_libhtp_policy_engine.php" method="post" name="iform" id="iform"> -<input name="id" type="hidden" value="<?=$id?>"> -<input name="eng_id" type="hidden" value="<?=$eng_id?>"> -<div id="boxarea"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> @@ -190,8 +63,8 @@ if ($savemsg) <td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td> <td class="vtable"> <input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25" - value="<?=htmlspecialchars($pconfig['name']);?>"<?php if (htmlspecialchars($pconfig['name']) == "default") echo "readonly";?>> - <?php if (htmlspecialchars($pconfig['name']) <> "default") + value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>> + <?php if (htmlspecialchars($pengcfg['name']) <> "default") echo gettext("Name or description for this engine. (Max 25 characters)"); else echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/> @@ -202,13 +75,13 @@ if ($savemsg) <tr> <td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td> <td class="vtable"> - <?php if ($pconfig['name'] <> "default") : ?> + <?php if ($pengcfg['name'] <> "default") : ?> <table width="95%" border="0" cellpadding="2" cellspacing="0"> <tr> <td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" - value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> + value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off"> <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -218,7 +91,7 @@ if ($savemsg) <br/><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?> <?php else : ?> <input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" - value="<?=htmlspecialchars($pconfig['bind_to']);?>" autocomplete="off" readonly> + value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly> <?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/> <?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/> <?php endif ?> @@ -232,7 +105,7 @@ if ($savemsg) $profile = array( 'Apache', 'Apache_2_2', 'Generic', 'IDS', 'IIS_4_0', 'IIS_5_0', 'IIS_5_1', 'IIS_6_0', 'IIS_7_0', 'IIS_7_5', 'Minimal' ); foreach ($profile as $val): ?> <option value="<?=$val;?>" - <?php if ($val == $pconfig['personality']) echo "selected"; ?>> + <?php if ($val == $pengcfg['personality']) echo "selected"; ?>> <?=gettext($val);?></option> <?php endforeach; ?> </select> <?php echo gettext("Choose the web server personality appropriate for the protected hosts. The default is ") . @@ -247,7 +120,7 @@ if ($savemsg) <td width="22%" valign="top" class="vncell"><?php echo gettext("Request Body Limit"); ?></td> <td width="78%" class="vtable"> <input name="req_body_limit" type="text" class="formfld unknown" id="req_body_limit" size="9" - value="<?=htmlspecialchars($pconfig['request-body-limit']);?>"> + value="<?=htmlspecialchars($pengcfg['request-body-limit']);?>"> <?php echo gettext("Maximum number of HTTP request body bytes to inspect. Default is ") . "<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/> <?php echo gettext("HTTP request bodies are often big, so they take a lot of time to process which has a significant impact ") . @@ -259,7 +132,7 @@ if ($savemsg) <td width="22%" valign="top" class="vncell"><?php echo gettext("Response Body Limit"); ?></td> <td width="78%" class="vtable"> <input name="resp_body_limit" type="text" class="formfld unknown" id="resp_body_limit" size="9" - value="<?=htmlspecialchars($pconfig['response-body-limit']);?>"> + value="<?=htmlspecialchars($pengcfg['response-body-limit']);?>"> <?php echo gettext("Maximum number of HTTP response body bytes to inspect. Default is ") . "<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/> <?php echo gettext("HTTP response bodies are often big, so they take a lot of time to process which has a significant impact ") . @@ -272,31 +145,27 @@ if ($savemsg) </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Path"); ?></td> - <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="on" <?php if ($pconfig['double-decode-path'] == "yes") echo "checked"; ?>> + <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-path'] == "yes") echo "checked"; ?>> <?php echo gettext("Suricata will double-decode path section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Query"); ?></td> - <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="on" <?php if ($pconfig['double-decode-query'] == "yes") echo "checked"; ?>> + <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-query'] == "yes") echo "checked"; ?>> <?php echo gettext("Suricata will double-decode query string section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> </tr> <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save_libhtp_policy" id="save_libhtp_policy" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save web server policy engine settings and return to App Parsers tab"); ?>"> - <input name="cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo + <input name="cancel_libhtp_policy" id="cancel_libhtp_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo gettext("Cancel changes and return to App Parsers tab"); ?>"></td> </tr> </table> </td> </tr> -</table> -</div> -</form> -<?php include("fend.inc"); ?> -</body> + <script type="text/javascript" src="/javascript/autosuggest.js"> </script> <script type="text/javascript" src="/javascript/suggestions.js"> @@ -315,4 +184,3 @@ setTimeout("createAutoSuggest();", 500); </script> -</html> diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php index ae5a9348..ea539e92 100644 --- a/config/suricata/suricata_os_policy_engine.php +++ b/config/suricata/suricata_os_policy_engine.php @@ -26,157 +26,41 @@ * POSSIBILITY OF SUCH DAMAGE. */ -require_once("guiconfig.inc"); -require_once("/usr/local/pkg/suricata/suricata.inc"); - -global $g; - -// Grab the incoming QUERY STRING or POST variables -$id = $_GET['id']; -$eng_id = $_GET['eng_id']; -if (isset($_POST['id'])) - $id = $_POST['id']; -if (isset($_POST['eng_id'])) - $eng_id = $_POST['eng_id']; - -if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; -} -if (is_null($eng_id)) { - header("Location: /suricata/suricata_flow_stream.php?id={$id}"); - exit; -} - -if (!is_array($config['installedpackages']['suricata']['rule'])) - $config['installedpackages']['suricata']['rule'] = array(); -if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'])) - $config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array(); -$a_nat = &$config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item']; - -$pconfig = array(); -if (empty($a_nat[$eng_id])) { - $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "policy" => "bsd" ); - // See if this is initial entry and set to "default" if true - if ($eng_id < 1) { - $def['name'] = "default"; - $def['bind_to'] = "all"; - } - $pconfig = $def; -} -else { - $pconfig = $a_nat[$eng_id]; - - // Check for any empty values and set sensible defaults - if (empty($pconfig['policy'])) - $pconfig['policy'] = "bsd"; -} - -if ($_POST['cancel']) { - header("Location: /suricata/suricata_flow_stream.php?id={$id}"); - exit; -} - -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import") { - if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue'])) - $pconfig[$_GET['varname']] = $_GET['varvalue']; -} - -if ($_POST['save']) { - - /* Grab all the POST values and save in new temp array */ - $engine = array(); - if ($_POST['policy_name']) { $engine['name'] = trim($_POST['policy_name']); } else { $engine['name'] = "default"; } - if ($_POST['policy_bind_to']) { - if (is_alias($_POST['policy_bind_to'])) - $engine['bind_to'] = $_POST['policy_bind_to']; - elseif (strtolower(trim($_POST['policy_bind_to'])) == "all") - $engine['bind_to'] = "all"; - else - $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value."); - } - else { - $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'."); - } - - if ($_POST['policy']) { $engine['policy'] = $_POST['policy']; } else { $engine['policy'] = "bsd"; } - - /* Can only have one "all" Bind_To address */ - if ($engine['bind_to'] == "all" && $engine['name'] <> "default") { - $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses."); - $pconfig = $engine; - } - - /* if no errors, write new entry to conf */ - if (!$input_errors) { - if (isset($eng_id) && $a_nat[$eng_id]) { - $a_nat[$eng_id] = $engine; - } - else - $a_nat[] = $engine; - - /* Reorder the engine array to ensure the */ - /* 'bind_to=all' entry is at the bottom */ - /* if it contains more than one entry. */ - if (count($a_nat) > 1) { - $i = -1; - foreach ($a_nat as $f => $v) { - if ($v['bind_to'] == "all") { - $i = $f; - break; - } - } - /* Only relocate the entry if we */ - /* found it, and it's not already */ - /* at the end. */ - if ($i > -1 && ($i < (count($a_nat) - 1))) { - $tmp = $a_nat[$i]; - unset($a_nat[$i]); - $a_nat[] = $tmp; - } - } - - /* Now write the new engine array to conf */ - write_config(); - - header("Location: /suricata/suricata_flow_stream.php?id={$id}"); - exit; - } -} - -$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['suricata']['rule'][$id]['interface']); -$pgtitle = gettext("Suricata: Interface {$if_friendly} Operating System Policy Engine"); -include_once("head.inc"); - +/************************************************************************************** + This file contains code for adding/editing an existing Host OS Policy Engine. + It is included and injected inline as needed into the suricata_stream_flow.php + page to provide the edit functionality for Host OS Policy Engines. + + The following variables are assumed to exist and must be initialized + as necessary in order to utilize this page. + + $g --> system global variables array + $config --> global variable pointing to configuration information + $pengcfg --> array containing current Host OS Policy engine configuration + + Information is returned from this page via the following form fields: + + policy_name --> Unique Name for the Host OS Policy Engine + policy_bind_to --> Alias name representing "bind_to" IP address for engine + policy --> Operating system chosen for engine policy + select_alias --> Submit button for select alias operation + save_os_policy --> Submit button for save operation and exit + cancel_os_policy --> Submit button to cancel operation and exit + **************************************************************************************/ ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" > - -<?php -include("fbegin.inc"); -if ($input_errors) print_input_errors($input_errors); -if ($savemsg) - print_info_box($savemsg); -?> - -<form action="suricata_os_policy_engine.php" method="post" name="iform" id="iform"> -<input name="id" type="hidden" value="<?=$id?>"> -<input name="eng_id" type="hidden" value="<?=$eng_id?>"> -<div id="boxarea"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="middle" class="listtopic"><?php echo gettext("Suricata Target-Based OS Policy Engine Configuration"); ?></td> + <td colspan="2" align="center" class="listtopic"><?php echo gettext("Suricata Target-Based Host OS Policy Engine Configuration"); ?></td> </tr> <tr> - <td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td> + <td valign="top" class="vncell"><?php echo gettext("Policy Name"); ?></td> <td class="vtable"> <input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25" - value="<?=htmlspecialchars($pconfig['name']);?>"<?php if (htmlspecialchars($pconfig['name']) == "default") echo "readonly";?>> - <?php if (htmlspecialchars($pconfig['name']) <> "default") + value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>/> + <?php if (htmlspecialchars($pengcfg['name']) <> "default") echo gettext("Name or description for this engine. (Max 25 characters)"); else echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/> @@ -187,13 +71,13 @@ if ($savemsg) <tr> <td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td> <td class="vtable"> - <?php if ($pconfig['name'] <> "default") : ?> + <?php if ($pengcfg['name'] <> "default") : ?> <table width="95%" border="0" cellpadding="2" cellspacing="0"> <tr> <td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" - value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off"> + value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off"/> <?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td> - <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases" title="<?php echo gettext("Select an existing IP alias");?>"/></td> </tr> <tr> @@ -204,7 +88,7 @@ if ($savemsg) <?php else : ?> <input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32" - value="<?=htmlspecialchars($pconfig['bind_to']);?>" autocomplete="off" readonly> + value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly> <?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/> <?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/> <?php endif ?> @@ -218,7 +102,7 @@ if ($savemsg) $profile = array( 'BSD', 'BSD-Right', 'HPUX10', 'HPUX11', 'Irix', 'Linux', 'Mac-OS', 'Old-Linux', 'Old-Solaris', 'Solaris', 'Vista', 'Windows', 'Windows2k3' ); foreach ($profile as $val): ?> <option value="<?=strtolower($val);?>" - <?php if (strtolower($val) == $pconfig['policy']) echo "selected"; ?>> + <?php if (strtolower($val) == $pengcfg['policy']) echo "selected"; ?>> <?=gettext($val);?></option> <?php endforeach; ?> </select> <?php echo gettext("Choose the OS target policy appropriate for the protected hosts. The default is ") . @@ -229,20 +113,15 @@ if ($savemsg) <tr> <td width="22%" valign="bottom"> </td> <td width="78%" valign="bottom"> - <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo + <input name="save_os_policy" id="save_os_policy" type="submit" class="formbtn" value=" Save " title="<?php echo gettext("Save OS policy engine settings and return to Flow/Stream tab"); ?>"> - <input name="cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo + <input name="cancel_os_policy" id="cancel_os_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo gettext("Cancel changes and return to Flow/Stream tab"); ?>"></td> </tr> </table> </td> </tr> -</table> -</div> -</form> -<?php include("fend.inc"); ?> -</body> <script type="text/javascript" src="/javascript/autosuggest.js"> </script> <script type="text/javascript" src="/javascript/suggestions.js"> @@ -262,4 +141,3 @@ setTimeout("createAutoSuggest();", 500); </script> -</html> |