aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_app_parsers.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata/suricata_app_parsers.php')
-rw-r--r--config/suricata/suricata_app_parsers.php362
1 files changed, 290 insertions, 72 deletions
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 0be45c32..e8f20226 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -37,10 +36,8 @@ global $g, $rebuild_rules;
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id = 0;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
@@ -51,10 +48,21 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item']))
$config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array();
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
$a_nat = &$config['installedpackages']['suricata']['rule'];
$libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']);
+// Build a lookup array of currently used engine 'bind_to' Aliases
+// so we can screen matching Alias names from the list.
+$used = array();
+foreach ($a_nat[$id]['libhtp_policy']['item'] as $v)
+ $used[$v['bind_to']] = true;
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* Get current values from config for page form fields */
@@ -78,29 +86,143 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy'];
}
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+// Check for "import or select alias mode" and set flags if TRUE.
+// "selectalias", when true, displays radio buttons to limit
+// multiple selections.
+if ($_POST['import_alias']) {
+ $importalias = true;
+ $selectalias = false;
+ $title = "HTTP Server Policy";
}
-
-if ($_GET['act'] && isset($_GET['eng_id'])) {
-
+elseif ($_POST['select_alias']) {
+ $importalias = true;
+ $selectalias = true;
+ $title = "HTTP Server Policy";
+
+ // Preserve current Libhtp Policy Engine settings
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['policy_name'];
+ $eng_bind = $_POST['policy_bind_to'];
+ $eng_personality = $_POST['personality'];
+ $eng_req_body_limit = $_POST['req_body_limit'];
+ $eng_resp_body_limit = $_POST['resp_body_limit'];
+ $eng_enable_double_decode_path = $_POST['enable_double_decode_path'];
+ $eng_enable_double_decode_query = $_POST['enable_double_decode_query'];
+ $mode = "add_edit_libhtp_policy";
+}
+if ($_POST['save_libhtp_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $eng_id = $_POST['eng_id'];
+
+ // Grab all the POST values and save in new temp array
+ $engine = array();
+ $policy_name = trim($_POST['policy_name']);
+ if ($policy_name) {
+ $engine['name'] = $policy_name;
+ }
+ else
+ $input_errors[] = gettext("The 'Policy Name' value cannot be blank.");
+
+ if ($_POST['policy_bind_to']) {
+ if (is_alias($_POST['policy_bind_to']))
+ $engine['bind_to'] = $_POST['policy_bind_to'];
+ elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
+ $engine['bind_to'] = "all";
+ else
+ $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
+ }
+ else
+ $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
+
+ if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "bsd"; }
+
+ if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0)
+ $engine['request-body-limit'] = $_POST['req_body_limit'];
+ else
+ $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero.");
+
+ if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0)
+ $engine['response-body-limit'] = $_POST['resp_body_limit'];
+ else
+ $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero.");
+
+ if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; }
+ if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; }
+
+ // Can only have one "all" Bind_To address
+ if ($engine['bind_to'] == "all" && $engine['name'] <> "default")
+ $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ if (isset($eng_id) && $a_nat[$id]['libhtp_policy']['item'][$eng_id]) {
+ $a_nat[$id]['libhtp_policy']['item'][$eng_id] = $engine;
+ }
+ else
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+
+ /* Reorder the engine array to ensure the */
+ /* 'bind_to=all' entry is at the bottom */
+ /* if it contains more than one entry. */
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ /* Only relocate the entry if we */
+ /* found it, and it's not already */
+ /* at the end. */
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ }
+
+ // Now write the new engine array to conf
+ write_config();
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
+ }
+ else {
+ $add_edit_libhtp_policy = true;
+ $pengcfg = $engine;
+ }
+ }
+}
+elseif ($_POST['add_libhtp_policy']) {
+ $add_edit_libhtp_policy = true;
+ $pengcfg = array( "name" => "engine_{$libhtp_engine_next_id}", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+ $eng_id = $libhtp_engine_next_id;
+}
+elseif ($_POST['edit_libhtp_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $add_edit_libhtp_policy = true;
+ $eng_id = $_POST['eng_id'];
+ $pengcfg = $a_nat[$id]['libhtp_policy']['item'][$eng_id];
+ }
+}
+elseif ($_POST['del_libhtp_policy']) {
$natent = array();
$natent = $pconfig;
- if ($_GET['act'] == "del_libhtp_policy")
- unset($natent['libhtp_policy']['item'][$_GET['eng_id']]);
-
+ if ($_POST['eng_id'] != "") {
+ unset($natent['libhtp_policy']['item'][$_POST['eng_id']]);
+ $pconfig = $natent;
+ }
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
-
- header("Location: /suricata/suricata_app_parsers.php?id=$id");
- exit;
}
-
-if ($_POST['ResetAll']) {
+elseif ($_POST['cancel_libhtp_policy']) {
+ $add_edit_libhtp_policy = false;
+}
+elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
$pconfig['asn1_max_frames'] = "256";
@@ -108,7 +230,111 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+elseif ($_POST['save_import_alias']) {
+ // If saving out of "select alias" mode,
+ // then return to Libhtp Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_libhtp_policy') {
+ $pengcfg = array();
+ $eng_id = $_POST['eng_id'];
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['personality'] = $_POST['eng_personality'];
+ $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit'];
+ $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit'];
+ $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path'];
+ $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query'];
+ $add_edit_libhtp_policy = true;
+ $mode = "add_edit_libhtp_policy";
+
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) {
+ $pengcfg['bind_to'] = $_POST['aliastoimport'][0];
+ $importalias = false;
+ $selectalias = false;
+ }
+ else {
+ $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE.");
+ $importalias = true;
+ $selectalias = true;
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['eng_name'];
+ $eng_bind = $_POST['eng_bind'];
+ $eng_personality = $_POST['eng_personality'];
+ $eng_req_body_limit = $_POST['eng_req_body_limit'];
+ $eng_resp_body_limit = $_POST['eng_resp_body_limit'];
+ $eng_enable_double_decode_path = $_POST['eng_enable_double_decode_path'];
+ $eng_enable_double_decode_query = $_POST['eng_enable_double_decode_query'];
+ }
+ }
+ else {
+ $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
+ }
+
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ }
+ }
+}
+elseif ($_POST['cancel_import_alias']) {
+ $importalias = false;
+ $selectalias = false;
+ $eng_id = $_POST['eng_id'];
+
+ // If cancelling out of "select alias" mode,
+ // then return to Libhtp Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_libhtp_policy') {
+ $pengcfg = array();
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['personality'] = $_POST['eng_personality'];
+ $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit'];
+ $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit'];
+ $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path'];
+ $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query'];
+ $add_edit_libhtp_policy = true;
+ }
+}
+elseif ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -122,15 +348,14 @@ elseif ($_POST['Submit']) {
/**************************************************/
/* If we have a valid rule ID, save configuration */
- /* then update the suricata.conf file and rebuild */
- /* the rules for this interface. */
+ /* then update the suricata.conf file for this */
+ /* interface. */
/**************************************************/
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
- $rebuild_rules = true;
- suricata_generate_yaml($natent);
$rebuild_rules = false;
+ suricata_generate_yaml($natent);
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -149,29 +374,19 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
-
+<?php include("fbegin.inc");
+ /* Display error or save message */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
-
if ($savemsg) {
print_info_box($savemsg);
}
-
?>
-<script type="text/javascript" src="/javascript/autosuggest.js">
-</script>
-<script type="text/javascript" src="/javascript/suggestions.js">
-</script>
-
-<form action="suricata_app_parsers.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="suricata_app_parsers.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -179,9 +394,9 @@ include_once("head.inc");
$tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td>';
@@ -198,6 +413,25 @@ include_once("head.inc");
?>
</td></tr>
<tr><td><div id="mainarea">
+
+<?php if ($importalias) : ?>
+ <?php include("/usr/local/www/suricata/suricata_import_aliases.php");
+ if ($selectalias) {
+ echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>';
+ echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>';
+ echo '<input type="hidden" name="eng_personality" value="' . $eng_personality . '"/>';
+ echo '<input type="hidden" name="eng_req_body_limit" value="' . $eng_req_body_limit . '"/>';
+ echo '<input type="hidden" name="eng_resp_body_limit" value="' . $eng_resp_body_limit . '"/>';
+ echo '<input type="hidden" name="eng_enable_double_decode_path" value="' . $eng_enable_double_decode_path . '"/>';
+ echo '<input type="hidden" name="eng_enable_double_decode_query" value="' . $eng_enable_double_decode_query . '"/>';
+ }
+ ?>
+
+<?php elseif ($add_edit_libhtp_policy) : ?>
+ <?php include("/usr/local/www/suricata/suricata_libhtp_policy_engine.php"); ?>
+
+<?php else: ?>
+
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
@@ -231,25 +465,23 @@ include_once("head.inc");
<tr>
<th class="listhdrr" axis="string"><?php echo gettext("Name");?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
- <th class="list" align="right"><a href="suricata_import_aliases.php?id=<?=$id?>&eng=libhtp_policy">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"></a>
- <a href="suricata_libhtp_policy_engine.php?id=<?=$id?>&eng_id=<?=$libhtp_engine_next_id?>">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></a></th>
+ <th class="list" align="right"><input type="image" name="import_alias[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"/>
+ <input type="image" name="add_libhtp_policy[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></th>
</tr>
</thead>
<?php foreach ($pconfig['libhtp_policy']['item'] as $f => $v): ?>
<tr>
<td class="listlr" align="left"><?=gettext($v['name']);?></td>
<td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
- <td class="listt" align="right"><a href="suricata_libhtp_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
+ <td class="listt" align="right"><input type="image" name="edit_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"/>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="suricata_app_parsers.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_libhtp_policy" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this server configuration");?>"></a>
+ <input type="image" name="del_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this server configuration");?>">
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -263,9 +495,9 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save flow and stream settings"); ?>">
- <input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
+ &nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" .
gettext("WARNING: This will reset ALL App Parsers settings to their defaults. Click OK to continue or CANCEL to quit.") .
@@ -278,26 +510,12 @@ include_once("head.inc");
<?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td>
</tr>
</table>
+
+<?php endif; ?>
+
</div>
</td></tr></table>
</form>
-<script type="text/javascript">
-function wopen(url, name, w, h)
-{
- // Fudge factors for window decoration space.
- // In my tests these work well on all platforms & browsers.
- w += 32;
- h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
<?php include("fend.inc"); ?>
</body>
</html>