aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_interfaces_edit.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata/suricata_interfaces_edit.php')
-rw-r--r--config/suricata/suricata_interfaces_edit.php440
1 files changed, 363 insertions, 77 deletions
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index dcf6fe3f..c4a1775a 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -59,8 +59,10 @@ if (isset($_POST['id']) && is_numericint($_POST['id']))
elseif (isset($_GET['id']) && is_numericint($_GET['id']));
$id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401);
-if (is_null($id))
- $id = 0;
+if (is_null($id)) {
+ header("Location: /suricata/suricata_interfaces.php");
+ exit;
+}
if (isset($_POST['action']))
$action = htmlspecialchars($_POST['action'], ENT_QUOTES | ENT_HTML401);
@@ -71,7 +73,7 @@ else
$pconfig = array();
if (empty($suricataglob['rule'][$id]['uuid'])) {
- /* Adding new interface, so flag rules to build. */
+ /* Adding new interface, so generate a new UUID and flag rules to build. */
$pconfig['uuid'] = suricata_generate_id();
$rebuild_rules = true;
}
@@ -87,14 +89,15 @@ $interfaces = get_configured_interface_with_descr();
// See if interface is already configured, and use its values
if (isset($id) && $a_rule[$id]) {
+ /* old options */
$pconfig = $a_rule[$id];
if (!empty($pconfig['configpassthru']))
$pconfig['configpassthru'] = base64_decode($pconfig['configpassthru']);
if (empty($pconfig['uuid']))
$pconfig['uuid'] = $suricata_uuid;
}
+// Must be a new interface, so try to pick next available physical interface to use
elseif (isset($id) && !isset($a_rule[$id])) {
- // Must be a new interface, so try to pick next available physical interface to use
$ifaces = get_configured_interface_list();
$ifrules = array();
foreach($a_rule as $r)
@@ -130,24 +133,44 @@ if (empty($pconfig['enable_http_log']))
$pconfig['enable_http_log'] = "on";
if (empty($pconfig['append_http_log']))
$pconfig['append_http_log'] = "on";
-if (empty($pconfig['enable_tls_log']))
- $pconfig['enable_tls_log'] = "off";
+if (empty($pconfig['http_log_extended']))
+ $pconfig['http_log_extended'] = "on";
if (empty($pconfig['tls_log_extended']))
$pconfig['tls_log_extended'] = "on";
-if (empty($pconfig['enable_stats_log']))
- $pconfig['enable_stats_log'] = "off";
if (empty($pconfig['stats_upd_interval']))
$pconfig['stats_upd_interval'] = "10";
-if (empty($pconfig['append_stats_log']))
- $pconfig['append_stats_log'] = "off";
+if (empty($pconfig['append_dns_log']))
+ $pconfig['append_dns_log'] = "on";
if (empty($pconfig['append_json_file_log']))
$pconfig['append_json_file_log'] = "on";
-if (empty($pconfig['enable_pcap_log']))
- $pconfig['enable_pcap_log'] = "off";
if (empty($pconfig['max_pcap_log_size']))
$pconfig['max_pcap_log_size'] = "32";
if (empty($pconfig['max_pcap_log_files']))
$pconfig['max_pcap_log_files'] = "1000";
+if (empty($pconfig['alertsystemlog_facility']))
+ $pconfig['alertsystemlog_facility'] = "local1";
+if (empty($pconfig['alertsystemlog_priority']))
+ $pconfig['alertsystemlog_priority'] = "notice";
+if (empty($pconfig['eve_output_type']))
+ $pconfig['eve_output_type'] = "file";
+if (empty($pconfig['eve_systemlog_facility']))
+ $pconfig['eve_systemlog_facility'] = "local1";
+if (empty($pconfig['eve_systemlog_priority']))
+ $pconfig['eve_systemlog_priority'] = "notice";
+if (empty($pconfig['eve_log_alerts']))
+ $pconfig['eve_log_alerts'] = "on";
+if (empty($pconfig['eve_log_http']))
+ $pconfig['eve_log_http'] = "on";
+if (empty($pconfig['eve_log_dns']))
+ $pconfig['eve_log_dns'] = "on";
+if (empty($pconfig['eve_log_tls']))
+ $pconfig['eve_log_tls'] = "on";
+if (empty($pconfig['eve_log_files']))
+ $pconfig['eve_log_files'] = "on";
+if (empty($pconfig['eve_log_ssh']))
+ $pconfig['eve_log_ssh'] = "on";
+if (empty($pconfig['intf_promisc_mode']))
+ $pconfig['intf_promisc_mode'] = "on";
// See if creating a new interface by duplicating an existing one
if (strcasecmp($action, 'dup') == 0) {
@@ -180,35 +203,37 @@ if (strcasecmp($action, 'dup') == 0) {
}
if ($_POST["save"] && !$input_errors) {
- // If the interface is not enabled, stop any running Suricata
- // instance on it, save the new state and exit.
- if (!isset($_POST['enable'])) {
- if (isset($id) && $a_rule[$id]) {
- $a_rule[$id]['enable'] = 'off';
- $a_rule[$id]['interface'] = htmlspecialchars($_POST['interface']);
- $a_rule[$id]['descr'] = htmlspecialchars($_POST['descr']);
- suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface']));
-
- // Save configuration changes
- write_config();
-
- // Update suricata.conf and suricata.sh files for this interface
- sync_suricata_package_config();
-
- header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
- header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
- header( 'Cache-Control: no-store, no-cache, must-revalidate' );
- header( 'Cache-Control: post-check=0, pre-check=0', false );
- header( 'Pragma: no-cache' );
- header("Location: /suricata/suricata_interfaces.php");
- exit;
+ if (!isset($_POST['interface']))
+ $input_errors[] = gettext("Choosing an Interface is mandatory!");
+
+ /* See if assigned interface is already in use */
+ if (isset($_POST['interface'])) {
+ foreach ($a_rule as $k => $v) {
+ if (($v['interface'] == $_POST['interface']) && ($id <> $k)) {
+ $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance.");
+ break;
+ }
}
}
- // Validate inputs
- if (!isset($_POST['interface']))
- $input_errors[] = gettext("Choosing an Interface is mandatory!");
+ // If Suricata is disabled on this interface, stop any running instance,
+ // save the change and exit.
+ if ($_POST['enable'] != 'on') {
+ $a_rule[$id]['enable'] = $_POST['enable'] ? 'on' : 'off';
+ suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface']));
+ write_config("Suricata pkg: disabled Suricata on " . convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']));
+ $rebuild_rules = false;
+ sync_suricata_package_config();
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /suricata/suricata_interfaces.php");
+ exit;
+ }
+ // Validate inputs
if (isset($_POST['stats_upd_interval']) && !is_numericint($_POST['stats_upd_interval']))
$input_errors[] = gettext("The value for Stats Update Interval must contain only digits and evaluate to an integer.");
@@ -224,16 +249,6 @@ if ($_POST["save"] && !$input_errors) {
if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit']))
$input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0.");
- /* See if assigned interface is already in use */
- if (isset($_POST['interface'])) {
- foreach ($a_rule as $k => $v) {
- if (($v['interface'] == $_POST['interface']) && ($id <> $k)) {
- $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance.");
- break;
- }
- }
- }
-
// if no errors write to suricata.yaml
if (!$input_errors) {
$natent = $a_rule[$id];
@@ -250,6 +265,7 @@ if ($_POST["save"] && !$input_errors) {
if ($_POST['enable_http_log'] == "on") { $natent['enable_http_log'] = 'on'; }else{ $natent['enable_http_log'] = 'off'; }
if ($_POST['append_http_log'] == "on") { $natent['append_http_log'] = 'on'; }else{ $natent['append_http_log'] = 'off'; }
if ($_POST['enable_tls_log'] == "on") { $natent['enable_tls_log'] = 'on'; }else{ $natent['enable_tls_log'] = 'off'; }
+ if ($_POST['http_log_extended'] == "on") { $natent['http_log_extended'] = 'on'; }else{ $natent['http_log_extended'] = 'off'; }
if ($_POST['tls_log_extended'] == "on") { $natent['tls_log_extended'] = 'on'; }else{ $natent['tls_log_extended'] = 'off'; }
if ($_POST['enable_pcap_log'] == "on") { $natent['enable_pcap_log'] = 'on'; }else{ $natent['enable_pcap_log'] = 'off'; }
if ($_POST['enable_json_file_log'] == "on") { $natent['enable_json_file_log'] = 'on'; }else{ $natent['enable_json_file_log'] = 'off'; }
@@ -257,6 +273,7 @@ if ($_POST["save"] && !$input_errors) {
if ($_POST['enable_tracked_files_magic'] == "on") { $natent['enable_tracked_files_magic'] = 'on'; }else{ $natent['enable_tracked_files_magic'] = 'off'; }
if ($_POST['enable_tracked_files_md5'] == "on") { $natent['enable_tracked_files_md5'] = 'on'; }else{ $natent['enable_tracked_files_md5'] = 'off'; }
if ($_POST['enable_file_store'] == "on") { $natent['enable_file_store'] = 'on'; }else{ $natent['enable_file_store'] = 'off'; }
+ if ($_POST['enable_eve_log'] == "on") { $natent['enable_eve_log'] = 'on'; }else{ $natent['enable_eve_log'] = 'off'; }
if ($_POST['max_pending_packets']) $natent['max_pending_packets'] = $_POST['max_pending_packets']; else unset($natent['max_pending_packets']);
if ($_POST['inspect_recursion_limit'] >= '0') $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']);
if ($_POST['detect_eng_profile']) $natent['detect_eng_profile'] = $_POST['detect_eng_profile']; else unset($natent['detect_eng_profile']);
@@ -270,8 +287,23 @@ if ($_POST["save"] && !$input_errors) {
if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']);
if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']);
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
+ if ($_POST['alertsystemlog_facility']) $natent['alertsystemlog_facility'] = $_POST['alertsystemlog_facility'];
+ if ($_POST['alertsystemlog_priority']) $natent['alertsystemlog_priority'] = $_POST['alertsystemlog_priority'];
+ if ($_POST['enable_dns_log'] == "on") { $natent['enable_dns_log'] = 'on'; }else{ $natent['enable_dns_log'] = 'off'; }
+ if ($_POST['append_dns_log'] == "on") { $natent['append_dns_log'] = 'on'; }else{ $natent['append_dns_log'] = 'off'; }
+ if ($_POST['enable_eve_log'] == "on") { $natent['enable_eve_log'] = 'on'; }else{ $natent['enable_eve_log'] = 'off'; }
+ if ($_POST['eve_output_type']) $natent['eve_output_type'] = $_POST['eve_output_type'];
+ if ($_POST['eve_systemlog_facility']) $natent['eve_systemlog_facility'] = $_POST['eve_systemlog_facility'];
+ if ($_POST['eve_systemlog_priority']) $natent['eve_systemlog_priority'] = $_POST['eve_systemlog_priority'];
+ if ($_POST['eve_log_alerts'] == "on") { $natent['eve_log_alerts'] = 'on'; }else{ $natent['eve_log_alerts'] = 'off'; }
+ if ($_POST['eve_log_http'] == "on") { $natent['eve_log_http'] = 'on'; }else{ $natent['eve_log_http'] = 'off'; }
+ if ($_POST['eve_log_dns'] == "on") { $natent['eve_log_dns'] = 'on'; }else{ $natent['eve_log_dns'] = 'off'; }
+ if ($_POST['eve_log_tls'] == "on") { $natent['eve_log_tls'] = 'on'; }else{ $natent['eve_log_tls'] = 'off'; }
+ if ($_POST['eve_log_files'] == "on") { $natent['eve_log_files'] = 'on'; }else{ $natent['eve_log_files'] = 'off'; }
+ if ($_POST['eve_log_ssh'] == "on") { $natent['eve_log_ssh'] = 'on'; }else{ $natent['eve_log_ssh'] = 'off'; }
if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; }
- if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']);
+ if ($_POST['intf_promisc_mode'] == "on") { $natent['intf_promisc_mode'] = 'on'; }else{ $natent['intf_promisc_mode'] = 'off'; }
+ if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['configpassthru'])); else unset($natent['configpassthru']);
$if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id] && $action == '') {
@@ -292,9 +324,12 @@ if ($_POST["save"] && !$input_errors) {
$a_rule[$id] = $natent;
}
elseif (strcasecmp($action, 'dup') == 0) {
- // Duplicating a new interface, so set flag to build new rules
+ // Duplicating an existing interface to a new interface, so set flag to build new rules
$rebuild_rules = true;
+ // Duplicating an interface, so need to generate a new UUID for the cloned interface
+ $natent['uuid'] = suricata_generate_id();
+
// Add the new duplicated interface configuration to the [rule] array in config
$a_rule[] = $natent;
}
@@ -330,7 +365,6 @@ if ($_POST["save"] && !$input_errors) {
$natent['flow_icmp_emerg_established_timeout'] = '100';
$natent['stream_memcap'] = '33554432';
- $natent['stream_max_sessions'] = '262144';
$natent['stream_prealloc_sessions'] = '32768';
$natent['reassembly_memcap'] = '67108864';
$natent['reassembly_depth'] = '1048576';
@@ -339,8 +373,24 @@ if ($_POST["save"] && !$input_errors) {
$natent['enable_midstream_sessions'] = 'off';
$natent['enable_async_sessions'] = 'off';
$natent['delayed_detect'] = 'off';
+ $natent['intf_promisc_mode'] = 'on';
$natent['asn1_max_frames'] = '256';
+ $natent['dns_global_memcap'] = "16777216";
+ $natent['dns_state_memcap'] = "524288";
+ $natent['dns_request_flood_limit'] = "500";
+ $natent['http_parser_memcap'] = "67108864";
+ $natent['dns_parser_udp'] = "yes";
+ $natent['dns_parser_tcp'] = "yes";
+ $natent['http_parser'] = "yes";
+ $natent['tls_parser'] = "yes";
+ $natent['smtp_parser'] = "yes";
+ $natent['imap_parser'] = "detection-only";
+ $natent['ssh_parser'] = "yes";
+ $natent['ftp_parser'] = "yes";
+ $natent['dcerpc_parser'] = "yes";
+ $natent['smb_parser'] = "yes";
+ $natent['msn_parser'] = "detection-only";
$default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd" );
if (!is_array($natent['host_os_policy']['item']))
@@ -349,13 +399,14 @@ if ($_POST["save"] && !$input_errors) {
$default = array( "name" => "default", "bind_to" => "all", "personality" => "IDS",
"request-body-limit" => 4096, "response-body-limit" => 4096,
- "double-decode-path" => "no", "double-decode-query" => "no" );
+ "double-decode-path" => "no", "double-decode-query" => "no",
+ "uri-include-all" => "no" );
if (!is_array($natent['libhtp_policy']['item']))
$natent['libhtp_policy']['item'] = array();
$natent['libhtp_policy']['item'][] = $default;
// Enable the basic default rules for the interface
- $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules";
+ $natent['rulesets'] = "decoder-events.rules||dns-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules";
// Adding a new interface, so set flag to build new rules
$rebuild_rules = true;
@@ -369,7 +420,7 @@ if ($_POST["save"] && !$input_errors) {
suricata_stop($natent, $if_real);
// Save configuration changes
- write_config();
+ write_config("Suricata pkg: modified interface configuration for " . convert_friendly_interface_to_friendly_descr($natent['interface']));
// Update suricata.conf and suricata.sh files for this interface
sync_suricata_package_config();
@@ -407,18 +458,21 @@ if ($savemsg) {
<input name="action" type="hidden" value="<?=$action;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tbody>
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Interfaces"), true, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
- $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
- $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php");
$tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ $tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
+ $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
+ $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -436,6 +490,7 @@ if ($savemsg) {
</td></tr>
<tr><td><div id="mainarea">
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tbody>
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("General Settings"); ?></td>
</tr>
@@ -471,9 +526,57 @@ if ($savemsg) {
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Log"); ?></td>
- <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/>
- <?php echo gettext("Suricata will send Alerts to the firewall's system log."); ?></td>
+ <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" onclick="toggle_system_log();" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Suricata will send Alerts from this interface to the firewall's system log."); ?></td>
+ </tr>
+ <tbody id="alertsystemlog_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="alertsystemlog_facility" id="alertsystemlog_facility" class="formselect">
+ <?php
+ $log_facility = array( "auth", "authpriv", "daemon", "kern", "security", "syslog", "user", "local0",
+ "local1", "local2", "local3", "local4", "local5", "local6", "local7" );
+ foreach ($log_facility as $facility) {
+ $selected = "";
+ if ($facility == $pconfig['alertsystemlog_facility'])
+ $selected = " selected";
+ echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select system log Facility to use for reporting. Default is ") . "<strong>" . gettext("local1") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Priority"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="alertsystemlog_priority" id="alertsystemlog_priority" class="formselect">
+ <?php
+ $log_priority = array( "emerg", "crit", "alert", "err", "warning", "notice", "info" );
+ foreach ($log_priority as $priority) {
+ $selected = "";
+ if ($priority == $pconfig['alertsystemlog_priority'])
+ $selected = " selected";
+ echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select system log Priority (Level) to use for reporting. Default is ") . "<strong>" . gettext("notice") . "</strong>."; ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable DNS Log"); ?></td>
+ <td width="78%" class="vtable"><input name="enable_dns_log" type="checkbox" value="on" <?php if ($pconfig['enable_dns_log'] == "on") echo "checked"; ?>
+ onClick="toggle_dns_log();" id="enable_dns_log"/>
+ <?php echo gettext("Suricata will log DNS requests and replies for the interface. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr id="dns_log_append_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Append DNS Log"); ?></td>
+ <td width="78%" class="vtable"><input name="append_dns_log" type="checkbox" value="on" <?php if ($pconfig['append_dns_log'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Suricata will append-to instead of clearing DNS log file when restarting. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td>
</tr>
+
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Stats Log"); ?></td>
<td width="78%" class="vtable"><input name="enable_stats_log" type="checkbox" value="on" <?php if ($pconfig['enable_stats_log'] == "on") echo "checked"; ?>
@@ -505,6 +608,11 @@ if ($savemsg) {
<td width="78%" class="vtable"><input name="append_http_log" type="checkbox" value="on" <?php if ($pconfig['append_http_log'] == "on") echo "checked"; ?>/>
<?php echo gettext("Suricata will append-to instead of clearing HTTP log file when restarting. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td>
</tr>
+ <tr id="http_log_extended_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Extended HTTP Info"); ?></td>
+ <td width="78%" class="vtable"><input name="http_log_extended" type="checkbox" value="on" <?php if ($pconfig['http_log_extended'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Suricata will log extended HTTP information. Default is ") . "<strong>" . gettext("Checked") . "</strong>."; ?></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable TLS Log"); ?></td>
<td width="78%" class="vtable"><input name="enable_tls_log" type="checkbox" value="on" <?php if ($pconfig['enable_tls_log'] == "on") echo "checked"; ?>
@@ -572,6 +680,99 @@ if ($savemsg) {
<?php echo gettext("Enter maximum number of packet log files to maintain. Default is ") . "<strong>" .
gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE JSON Log"); ?></td>
+ <td width="78%" class="vtable"><input name="enable_eve_log" id="enable_eve_log" type="checkbox" value="on" <?php if ($pconfig['enable_eve_log'] == "on") echo "checked"; ?>
+ onClick="toggle_eve_log()"/>
+ <?php echo gettext("Suricata will output selected info in JSON format to a single file or to syslog. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?>
+ <div id="file_eve_warning" style="display: none;"><br/><span class="red"><strong><?php echo gettext("Warning: ") . "</strong></span>" .
+ gettext("This can consume a significant amount of disk space when enabled!"); ?></div>
+ </td>
+ </tr>
+ <tbody id="eve_log_option_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE Output Type"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="eve_output_type" class="formselect" id="eve_output_type" onChange="eveOutSelect();" >
+ <?php
+ foreach (array("file", "syslog") as $btype) {
+ if ($btype == $pconfig['eve_output_type'])
+ echo "<option value='{$btype}' selected>";
+ else
+ echo "<option value='{$btype}'>";
+ echo htmlspecialchars($btype) . '</option>';
+ }
+ ?>
+ </select>&nbsp;&nbsp;
+ <?php echo gettext("Select EVE log output destination."); ?><br/>
+ <span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing FILE is suggested, and it is the default value."); ?><br/>
+ </td>
+ </tr>
+ <tr id="eve_systemlog_facility_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE Syslog Facility"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="eve_systemlog_facility" id="eve_systemlog_facility" class="formselect">
+ <?php
+ $log_facility = array( "auth", "authpriv", "daemon", "kern", "security", "syslog", "user", "local0",
+ "local1", "local2", "local3", "local4", "local5", "local6", "local7" );
+ foreach ($log_facility as $facility) {
+ $selected = "";
+ if ($facility == $pconfig['eve_systemlog_facility'])
+ $selected = " selected";
+ echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select system log Facility to use for reporting by EVE. Default is ") . "<strong>" . gettext("local1") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr id="eve_systemlog_priority_row">
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE Syslog Priority"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="eve_systemlog_priority" id="eve_systemlog_priority" class="formselect">
+ <?php
+ $log_priority = array( "emerg", "crit", "alert", "err", "warning", "notice", "info" );
+ foreach ($log_priority as $priority) {
+ $selected = "";
+ if ($priority == $pconfig['eve_systemlog_priority'])
+ $selected = " selected";
+ echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select system log Priority (Level) to use for reporting by EVE. Default is ") . "<strong>" . gettext("notice") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("EVE Logged Info"); ?></td>
+ <td width="78%" class="vtable"><?php echo gettext("Choose the information to log via EVE JSON output. Default is ") . "<strong>" . gettext("All Checked") . "</strong>."; ?><br/>
+ <table width="100%" cellpadding="0" cellspacing="0" border="0">
+ <tbody>
+ <tr>
+ <td class="vexpl"><input name="eve_log_alerts" id="eve_log_alerts" type="checkbox" value="on"
+ <?php if ($pconfig['eve_log_alerts'] == "on") echo "checked"; ?>/>Alerts
+ </td>
+ <td class="vexpl"><input name="eve_log_http" id="eve_log_http" type="checkbox" value="on"
+ <?php if ($pconfig['eve_log_http'] == "on") echo "checked"; ?>/>HTTP Traffic
+ </td>
+ <td class="vexpl"><input name="eve_log_dns" id="eve_log_dns" type="checkbox" value="on"
+ <?php if ($pconfig['eve_log_dns'] == "on") echo "checked"; ?>/>DNS Requests/Replies
+ </td>
+ </tr>
+ <tr>
+ <td class="vexpl"><input name="eve_log_tls" id="eve_log_tls" type="checkbox" value="on" onClick="toggle_eve_tls();"
+ <?php if ($pconfig['eve_log_tls'] == "on") echo "checked"; ?>/>TLS Handshakes
+ </td>
+ <td class="vexpl"><input name="eve_log_files" id="eve_log_files" type="checkbox" value="on"
+ <?php if ($pconfig['eve_log_files'] == "on") echo "checked"; ?>/>Tracked Files
+ </td>
+ <td class="vexpl"><input name="eve_log_ssh" id="eve_log_ssh" type="checkbox" value="on"
+ <?php if ($pconfig['eve_log_ssh'] == "on") echo "checked"; ?>/>SSH Handshakes
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ </tbody>
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
</tr>
@@ -604,7 +805,7 @@ if ($savemsg) {
?>
</select>&nbsp;&nbsp;
<?php echo gettext("Select which IP extracted from the packet you wish to block."); ?><br/>
- <span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td>
+ <span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?><br/>
</td>
</tr>
<tr>
@@ -643,8 +844,8 @@ if ($savemsg) {
<td width="78%" class="vtable">
<select name="mpm_algo" class="formselect" id="mpm_algo">
<?php
- $interfaces2 = array('ac' => 'AC', 'ac-gfbs' => 'AC-GFBS', 'ac-bs' => 'AC-BS',
- 'b2g' => 'B2G', 'b3g' => 'B3G', 'wumanber' => 'WUMANBER');
+ $interfaces2 = array('ac' => 'AC', 'ac-gfbs' => 'AC-GFBS', 'b2g' => 'B2G',
+ 'b2gc' => 'B2GC', 'b2gm' => 'B2GM', 'b3g' => 'B3G', 'wumanber' => 'WUMANBER');
foreach ($interfaces2 as $iface2 => $ifacename2): ?>
<option value="<?=$iface2;?>"
<?php if ($iface2 == $pconfig['mpm_algo']) echo "selected"; ?>>
@@ -691,6 +892,14 @@ if ($savemsg) {
"<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Promiscuous Mode"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="intf_promisc_mode" id="intf_promisc_mode" type="checkbox" value="on"
+ <?php if ($pconfig['intf_promisc_mode'] == "on") echo " checked"; ?>/>
+ <?php echo gettext("Suricata will place the monitored interface in promiscuous mode when checked. Default is ") .
+ "<strong>" . gettext("Checked") . "</strong>."; ?></td>
+ </tr>
+ <tr>
<td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td>
</tr>
<tr>
@@ -699,9 +908,9 @@ if ($savemsg) {
<select name="homelistname" class="formselect" id="homelistname">
<?php
echo "<option value='default' >default</option>";
- /* find whitelist names and filter by type */
- if (is_array($suricataglob['whitelist']['item'])) {
- foreach ($suricataglob['whitelist']['item'] as $value) {
+ /* find Pass List names and filter by type */
+ if (is_array($suricataglob['passlist']['item'])) {
+ foreach ($suricataglob['passlist']['item'] as $value) {
$ilistname = $value['name'];
if ($ilistname == $pconfig['homelistname'])
echo "<option value='$ilistname' selected>";
@@ -716,12 +925,13 @@ if ($savemsg) {
onclick="viewList('<?=$id;?>','homelistname','homenet')" id="btnHomeNet"
title="<?php echo gettext("Click to view currently selected Home Net contents"); ?>"/>
<br/>
- <span class="vexpl"><?php echo gettext("Choose the Home Net you want this interface to use."); ?></span>
+ <span class="vexpl"><?php echo gettext("Choose the Home Net you want this interface to use. Most users should choose 'default'."); ?></span>
<br/><br/>
<span class="red"><?php echo gettext("Note:"); ?></span>&nbsp;<?php echo gettext("Default Home " .
"Net adds only local networks, WAN IPs, Gateways, VPNs and VIPs."); ?><br/>
<span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("Create an Alias to hold a list of " .
- "friendly IPs that the firewall cannot see or to customize the default Home Net."); ?><br/>
+ "friendly IPs that the firewall cannot see or to customize the default Home Net. Assign the Alias to a Pass List, and " .
+ "then assign that Pass List to Home Net."); ?><br/>
</td>
</tr>
<tr>
@@ -730,9 +940,9 @@ if ($savemsg) {
<select name="externallistname" class="formselect" id="externallistname">
<?php
echo "<option value='default' >default</option>";
- /* find whitelist names and filter by type */
- if (is_array($suricataglob['whitelist']['item'])) {
- foreach ($suricataglob['whitelist']['item'] as $value) {
+ /* find Pass List names and filter by type */
+ if (is_array($suricataglob['passlist']['item'])) {
+ foreach ($suricataglob['passlist']['item'] as $value) {
$ilistname = $value['name'];
if ($ilistname == $pconfig['externallistname'])
echo "<option value='$ilistname' selected>";
@@ -742,7 +952,11 @@ if ($savemsg) {
}
}
?>
- </select>&nbsp;&nbsp;
+ </select>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List"
+ onclick="viewList('<?=$id;?>','externallistname','externalnet')" id="btnExternalNet"
+ title="<?php echo gettext("Click to view currently selected External Net contents"); ?>"/>
+ <br/>
<?php echo gettext("Choose the External Net you want this interface " .
"to use."); ?>&nbsp;<br/><br/>
<span class="red"><?php echo gettext("Note:"); ?></span>&nbsp;<?php echo gettext("Default " .
@@ -772,7 +986,7 @@ if ($savemsg) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','passlistname','passlist')"
id="btnPasslist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/>
<br/>
- <?php echo gettext("Choose the Pass List you want this interface to use."); ?> <br/><br/>
+ <?php echo gettext("Choose the Pass List you want this interface to use. Addresses in a Pass List are never blocked."); ?> <br/><br/>
<span class="red"><?php echo gettext("Note:"); ?></span>&nbsp;<?php echo gettext("This option will only be used when block offenders is on."); ?><br/>
<span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("Default " .
"Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
@@ -828,14 +1042,32 @@ if ($savemsg) {
gettext("Please save your settings before you attempt to start Suricata."); ?>
</td>
</tr>
+</tbody>
</table>
</div>
</td></tr>
+</tbody>
</table>
</form>
<script language="JavaScript">
+function toggle_system_log() {
+ var endis = !(document.iform.alertsystemlog.checked);
+ if (endis)
+ document.getElementById("alertsystemlog_rows").style.display="none";
+ else
+ document.getElementById("alertsystemlog_rows").style.display="";
+}
+
+function toggle_dns_log() {
+ var endis = !(document.iform.enable_dns_log.checked);
+ if (endis)
+ document.getElementById("dns_log_append_row").style.display="none";
+ else
+ document.getElementById("dns_log_append_row").style.display="table-row";
+}
+
function enable_blockoffenders() {
var endis = !(document.iform.blockoffenders.checked);
document.iform.blockoffenderskill.disabled=endis;
@@ -860,18 +1092,27 @@ function toggle_stats_log() {
function toggle_http_log() {
var endis = !(document.iform.enable_http_log.checked);
- if (endis)
+ if (endis) {
document.getElementById("http_log_append_row").style.display="none";
- else
+ document.getElementById("http_log_extended_row").style.display="none";
+ }
+ else {
document.getElementById("http_log_append_row").style.display="table-row";
+ document.getElementById("http_log_extended_row").style.display="table-row";
+ }
}
function toggle_tls_log() {
var endis = !(document.iform.enable_tls_log.checked);
if (endis)
document.getElementById("tls_log_extended_row").style.display="none";
- else
+ else {
document.getElementById("tls_log_extended_row").style.display="table-row";
+ if (document.iform.enable_eve_log.checked && document.iform.eve_log_tls.checked) {
+ alert('Only one TLS log instance permitted...removing TLS log from EVE JSON output in order to enable standalone TLS logging.');
+ document.iform.eve_log_tls.checked = false;
+ }
+ }
}
function toggle_json_file_log() {
@@ -912,6 +1153,25 @@ function toggle_pcap_log() {
}
}
+function toggle_eve_log() {
+ var endis = !(document.iform.enable_eve_log.checked);
+ if (endis) {
+ document.getElementById("eve_log_option_rows").style.display = "none";
+ }
+ else {
+ document.getElementById("eve_log_option_rows").style.display = "";
+ if (document.iform.enable_tls_log.checked)
+ document.iform.eve_log_tls.checked = false;
+ }
+}
+
+function toggle_eve_tls() {
+ if (document.iform.enable_tls_log.checked) {
+ alert('Only one TLS log instance permitted...removing standalone TLS output in order to add EVE JSON TLS output.');
+ document.iform.enable_tls_log.checked = false;
+ }
+}
+
function enable_change(enable_change) {
endis = !(document.iform.enable.checked || enable_change);
// make sure a default answer is called if this is invoked.
@@ -921,6 +1181,7 @@ function enable_change(enable_change) {
document.iform.append_stats_log.disabled = endis;
document.iform.enable_http_log.disabled = endis;
document.iform.append_http_log.disabled = endis;
+ document.iform.http_log_extended.disabled = endis;
document.iform.enable_tls_log.disabled = endis;
document.iform.tls_log_extended.disabled = endis;
document.iform.enable_json_file_log.disabled = endis;
@@ -931,6 +1192,14 @@ function enable_change(enable_change) {
document.iform.enable_pcap_log.disabled = endis;
document.iform.max_pcap_log_size.disabled = endis;
document.iform.max_pcap_log_files.disabled = endis;
+ document.iform.eve_output_type.disabled = endis;
+ document.iform.enable_eve_log.disabled = endis;
+ document.iform.eve_log_alerts.disabled = endis;
+ document.iform.eve_log_http.disabled = endis;
+ document.iform.eve_log_dns.disabled = endis;
+ document.iform.eve_log_tls.disabled = endis;
+ document.iform.eve_log_files.disabled = endis;
+ document.iform.eve_log_ssh.disabled = endis;
document.iform.max_pending_packets.disabled = endis;
document.iform.detect_eng_profile.disabled = endis;
document.iform.mpm_algo.disabled = endis;
@@ -948,8 +1217,9 @@ function enable_change(enable_change) {
document.iform.btnHomeNet.disabled=endis;
document.iform.btnPasslist.disabled=endis;
document.iform.btnSuppressList.disabled=endis;
-} document.iform.delayed_detect.disabled=endis;
-
+ document.iform.delayed_detect.disabled=endis;
+ document.iform.intf_promisc_mode.disabled=endis;
+}
function wopen(url, name, w, h) {
// Fudge factors for window decoration space.
@@ -970,6 +1240,18 @@ function getSelectedValue(elemID) {
return ctrl.options[ctrl.selectedIndex].value;
}
+function eveOutSelect() {
+ var ctrl = document.getElementById("eve_output_type");
+ if (ctrl.options[ctrl.selectedIndex].value == 'syslog') {
+ document.getElementById("eve_systemlog_facility_row").style.display = "table-row";
+ document.getElementById("eve_systemlog_priority_row").style.display = "table-row";
+ }
+ else {
+ document.getElementById("eve_systemlog_facility_row").style.display = "none";
+ document.getElementById("eve_systemlog_priority_row").style.display = "none";
+ }
+}
+
function viewList(id, elemID, elemType) {
if (typeof elemType == "undefined") {
elemType = "passlist";
@@ -982,12 +1264,16 @@ function viewList(id, elemID, elemType) {
enable_change(false);
//enable_blockoffenders();
+toggle_system_log();
+toggle_dns_log();
toggle_stats_log();
toggle_http_log();
toggle_tls_log();
toggle_json_file_log();
toggle_file_store();
toggle_pcap_log();
+toggle_eve_log();
+eveOutSelect();
</script>
<?php include("fend.inc"); ?>