aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_interfaces_edit.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata/suricata_interfaces_edit.php')
-rw-r--r--config/suricata/suricata_interfaces_edit.php123
1 files changed, 79 insertions, 44 deletions
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index fbb78aa2..3b61755c 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -2,19 +2,30 @@
/*
* suricata_interfaces_edit.php
*
+ * Significant portions of this code are based on original work done
+ * for the Snort package for pfSense from the following contributors:
+ *
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * All rights reserved.
+ *
+ * Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -32,6 +43,9 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
+$suricatadir = SURICATADIR;
+$suricatalogdir = SURICATALOGDIR;
+
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
$suricataglob = $config['installedpackages']['suricata'];
@@ -173,6 +187,16 @@ if ($_POST["save"]) {
if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit']))
$input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0.");
+ /* See if assigned interface is already in use */
+ if (isset($_POST['interface'])) {
+ foreach ($a_rule as $k => $v) {
+ if (($v['interface'] == $_POST['interface']) && ($id <> $k)) {
+ $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance.");
+ break;
+ }
+ }
+ }
+
// if no errors write to suricata.yaml
if (!$input_errors) {
$natent = $a_rule[$id];
@@ -204,23 +228,30 @@ if ($_POST["save"]) {
if ($_POST['blockoffenders'] == "on") $natent['blockoffenders'] = 'on'; else $natent['blockoffenders'] = 'off';
if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']);
if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']);
- if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']);
+ if ($_POST['passlistname']) $natent['passlistname'] = $_POST['passlistname']; else unset($natent['passlistname']);
if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']);
if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']);
if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']);
if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; }
+ if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; }
if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']);
$if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id]) {
+ // See if moving an existing Suricata instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
- suricata_stop($a_rule[$id], $oif_real);
- exec("rm -r /var/log/suricata_{$oif_real}" . $a_rule[$id]['uuid']);
- exec("mv -f {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ if (suricata_is_running($a_rule[$id]['uuid'], $oif_real)) {
+ suricata_stop($a_rule[$id], $oif_real);
+ $suricata_start = true;
+ }
+ else
+ $suricata_start = false;
+ exec("mv -f {$suricatalogdir}suricata_{$oif_real}" . $a_rule[$id]['uuid'] . " {$suricatalogdir}suricata_{$if_real}" . $a_rule[$id]['uuid']);
+ conf_mount_rw();
+ exec("mv -f {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}");
+ conf_mount_ro();
}
- // Edits don't require a rules rebuild, so turn it "off"
- $rebuild_rules = false;
$a_rule[$id] = $natent;
} else {
// Adding new interface, so set interface configuration parameter defaults
@@ -262,6 +293,7 @@ if ($_POST["save"]) {
$natent['reassembly_to_client_chunk'] = '2560';
$natent['enable_midstream_sessions'] = 'off';
$natent['enable_async_sessions'] = 'off';
+ $natent['delayed_detect'] = 'off';
$natent['asn1_max_frames'] = '256';
@@ -330,14 +362,16 @@ if ($savemsg) {
<tr><td>
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+ $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
$tab_array = array();
@@ -349,7 +383,7 @@ if ($savemsg) {
$tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}");
- display_top_tabs($tab_array);
+ display_top_tabs($tab_array, true);
?>
</td></tr>
<tr><td><div id="mainarea">
@@ -490,8 +524,6 @@ if ($savemsg) {
<?php echo gettext("Enter maximum number of packet log files to maintain. Default is ") . "<strong>" .
gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td>
</tr>
-
-<!-- ### Blocking not yet enabled, so hide the controls ###
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
</tr>
@@ -527,9 +559,6 @@ if ($savemsg) {
<span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td>
</td>
</tr>
- ### End of Blocking controls ###
--->
-
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Detection Engine Settings"); ?></td>
</tr>
@@ -606,6 +635,14 @@ if ($savemsg) {
gettext("3000") . "</strong>."; ?><br/><br/><?php echo gettext("When set to 0 an internal default is used. When left blank there is no recursion limit.") ?></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Delayed Detect"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="delayed_detect" id="delayed_detect" type="checkbox" value="on"
+ <?php if ($pconfig['delayed_detect'] == "on") echo " checked"; ?>/>
+ <?php echo gettext("Suricata will build list of signatures after packet capture threads have started. Default is ") .
+ "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
+ </tr>
+ <tr>
<td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td>
</tr>
<tr>
@@ -666,17 +703,16 @@ if ($savemsg) {
"setting at default. Create an Alias for custom External Net settings."); ?><br/>
</td>
</tr>
-<!--
<tr>
- <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td>
<td width="78%" class="vtable">
- <select name="whitelistname" class="formselect" id="whitelistname">
+ <select name="passlistname" class="formselect" id="passlistname">
<?php
- /* find whitelist names and filter by type, make sure to track by uuid */
+ /* find passlist names and filter by type, make sure to track by uuid */
echo "<option value='default' >default</option>\n";
- if (is_array($suricataglob['whitelist']['item'])) {
- foreach ($suricataglob['whitelist']['item'] as $value) {
- if ($value['name'] == $pconfig['whitelistname'])
+ if (is_array($suricataglob['passlist']['item'])) {
+ foreach ($suricataglob['passlist']['item'] as $value) {
+ if ($value['name'] == $pconfig['passlistname'])
echo "<option value='{$value['name']}' selected>";
else
echo "<option value='{$value['name']}'>";
@@ -685,17 +721,15 @@ if ($savemsg) {
}
?>
</select>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')"
- id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','passlistname','passlist')"
+ id="btnPasslist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/>
<br/>
- <?php echo gettext("Choose the whitelist you want this interface to " .
- "use."); ?> <br/><br/>
+ <?php echo gettext("Choose the Pass List you want this interface to use."); ?> <br/><br/>
<span class="red"><?php echo gettext("Note:"); ?></span>&nbsp;<?php echo gettext("This option will only be used when block offenders is on."); ?><br/>
<span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("Default " .
- "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
+ "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
</td>
</tr>
--->
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Suppression and Filtering"); ?></td>
</tr>
@@ -756,11 +790,11 @@ if ($savemsg) {
<script language="JavaScript">
function enable_blockoffenders() {
-// var endis = !(document.iform.blockoffenders.checked);
-// document.iform.blockoffenderskill.disabled=endis;
-// document.iform.blockoffendersip.disabled=endis;
-// document.iform.whitelistname.disabled=endis;
-// document.iform.btnWhitelist.disabled=endis;
+ var endis = !(document.iform.blockoffenders.checked);
+ document.iform.blockoffenderskill.disabled=endis;
+ document.iform.blockoffendersip.disabled=endis;
+ document.iform.passlistname.disabled=endis;
+ document.iform.btnPasslist.disabled=endis;
}
function toggle_stats_log() {
@@ -855,19 +889,20 @@ function enable_change(enable_change) {
document.iform.mpm_algo.disabled = endis;
document.iform.sgh_mpm_context.disabled = endis;
document.iform.inspect_recursion_limit.disabled = endis;
-// document.iform.blockoffenders.disabled = endis;
-// document.iform.blockoffendersip.disabled=endis;
-// document.iform.blockoffenderskill.disabled=endis;
+ document.iform.blockoffenders.disabled = endis;
+ document.iform.blockoffendersip.disabled=endis;
+ document.iform.blockoffenderskill.disabled=endis;
document.iform.alertsystemlog.disabled = endis;
document.iform.externallistname.disabled = endis;
document.iform.homelistname.disabled = endis;
-// document.iform.whitelistname.disabled=endis;
+ document.iform.passlistname.disabled=endis;
document.iform.suppresslistname.disabled = endis;
document.iform.configpassthru.disabled = endis;
document.iform.btnHomeNet.disabled=endis;
-// document.iform.btnWhitelist.disabled=endis;
+ document.iform.btnPasslist.disabled=endis;
document.iform.btnSuppressList.disabled=endis;
-}
+} document.iform.delayed_detect.disabled=endis;
+
function wopen(url, name, w, h) {
// Fudge factors for window decoration space.
@@ -890,12 +925,12 @@ function getSelectedValue(elemID) {
function viewList(id, elemID, elemType) {
if (typeof elemType == "undefined") {
- elemType = "whitelist";
+ elemType = "passlist";
}
var url = "suricata_list_view.php?id=" + id + "&wlist=";
url = url + getSelectedValue(elemID) + "&type=" + elemType;
url = url + "&time=" + new Date().getTime();
- wopen(url, 'WhitelistViewer', 640, 480);
+ wopen(url, 'PassListViewer', 640, 480);
}
enable_change(false);