aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_alerts.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata/suricata_alerts.php')
-rw-r--r--config/suricata/suricata_alerts.php57
1 files changed, 35 insertions, 22 deletions
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 01d4daeb..07e4eb1f 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -3,19 +3,30 @@
* suricata_alerts.php
* part of pfSense
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -32,6 +43,7 @@ require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
$supplist = array();
+$suri_pf_table = SURICATA_PF_TABLE;
function suricata_is_alert_globally_suppressed($list, $gid, $sid) {
@@ -109,12 +121,11 @@ function suricata_add_supplist_entry($suppress) {
}
}
- /* If we created a new list or updated an existing one, save the change, */
- /* tell Snort to load it, and return true; otherwise return false. */
+ /* If we created a new list or updated an existing one, save the change */
+ /* and return true; otherwise return false. */
if ($found_list) {
write_config();
sync_suricata_package_config();
- suricata_reload_config($a_instance[$instanceid]);
return true;
}
else
@@ -165,12 +176,12 @@ if ($_POST['save']) {
exit;
}
-//if ($_POST['unblock'] && $_POST['ip']) {
-// if (is_ipaddr($_POST['ip'])) {
-// exec("/sbin/pfctl -t snort2c -T delete {$_POST['ip']}");
-// $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table.");
-// }
-//}
+if ($_POST['unblock'] && $_POST['ip']) {
+ if (is_ipaddr($_POST['ip'])) {
+ exec("/sbin/pfctl -t {$suri_pf_table} -T delete {$_POST['ip']}");
+ $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table.");
+ }
+}
if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
if ($_POST['addsuppress_srcip'])
@@ -355,10 +366,12 @@ if ($savemsg) {
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr>
@@ -495,10 +508,10 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
$alert_ip_src .= "title='" . gettext("This alert track by_src IP is already in the Suppress List") . "'/>";
}
/* Add icon for auto-removing from Blocked Table if required */
-// if (isset($tmpblocked[$fields[9]])) {
-// $alert_ip_src .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" ";
-// $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
-// }
+ if (isset($tmpblocked[$fields[9]])) {
+ $alert_ip_src .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" ";
+ $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
+ }
/* IP SRC Port */
$alert_src_p = $fields[10];
/* IP Destination */
@@ -524,10 +537,10 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
$alert_ip_dst .= "title='" . gettext("This alert track by_dst IP is already in the Suppress List") . "'/>";
}
/* Add icon for auto-removing from Blocked Table if required */
-// if (isset($tmpblocked[$fields[11]])) {
-// $alert_ip_dst .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" ";
-// $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
-// }
+ if (isset($tmpblocked[$fields[11]])) {
+ $alert_ip_dst .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" ";
+ $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
+ }
/* IP DST Port */
$alert_dst_p = $fields[12];
/* SID */