diff options
Diffstat (limited to 'config/suricata/suricata_interfaces_edit.php')
| -rw-r--r-- | config/suricata/suricata_interfaces_edit.php | 271 |
1 files changed, 154 insertions, 117 deletions
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 5f644a55..3b61755c 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -2,19 +2,30 @@ /* * suricata_interfaces_edit.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -32,6 +43,9 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); global $g, $rebuild_rules; +$suricatadir = SURICATADIR; +$suricatalogdir = SURICATALOGDIR; + if (!is_array($config['installedpackages']['suricata'])) $config['installedpackages']['suricata'] = array(); $suricataglob = $config['installedpackages']['suricata']; @@ -40,13 +54,13 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); $a_rule = &$config['installedpackages']['suricata']['rule']; -$id = $_GET['id']; -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; -if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; -} +elseif (isset($_GET['id']) && is_numericint($_GET['id'])); + $id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401); + +if (is_null($id)) + $id = 0; $pconfig = array(); if (empty($suricataglob['rule'][$id]['uuid'])) { @@ -62,13 +76,7 @@ else { $suricata_uuid = $pconfig['uuid']; // Get the physical configured interfaces on the firewall -if (function_exists('get_configured_interface_with_descr')) - $interfaces = get_configured_interface_with_descr(); -else { - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; -} +$interfaces = get_configured_interface_with_descr(); // See if interface is already configured, and use its values if (isset($id) && $a_rule[$id]) { @@ -78,8 +86,8 @@ if (isset($id) && $a_rule[$id]) { if (empty($pconfig['uuid'])) $pconfig['uuid'] = $suricata_uuid; } -// Must be a new interface, so try to pick next available physical interface to use elseif (isset($id) && !isset($a_rule[$id])) { + // Must be a new interface, so try to pick next available physical interface to use $ifaces = get_configured_interface_list(); $ifrules = array(); foreach($a_rule as $r) @@ -87,6 +95,9 @@ elseif (isset($id) && !isset($a_rule[$id])) { foreach ($ifaces as $i) { if (!in_array($i, $ifrules)) { $pconfig['interface'] = $i; + $pconfig['enable'] = 'on'; + $pconfig['descr'] = strtoupper($i); + $pconfig['inspect_recursion_limit'] = '3000'; break; } } @@ -97,16 +108,11 @@ elseif (isset($id) && !isset($a_rule[$id])) { } } -if (isset($_GET['dup'])) - unset($id); - // Set defaults for any empty key parameters if (empty($pconfig['blockoffendersip'])) $pconfig['blockoffendersip'] = "both"; if (empty($pconfig['max_pending_packets'])) $pconfig['max_pending_packets'] = "1024"; -if (empty($pconfig['inspect_recursion_limit'])) - $pconfig['inspect_recursion_limit'] = "3000"; if (empty($pconfig['detect_eng_profile'])) $pconfig['detect_eng_profile'] = "medium"; if (empty($pconfig['mpm_algo'])) @@ -136,18 +142,60 @@ if (empty($pconfig['max_pcap_log_size'])) if (empty($pconfig['max_pcap_log_files'])) $pconfig['max_pcap_log_files'] = "1000"; -if ($_POST["Submit"]) { - if (!$_POST['interface']) +if ($_POST["save"]) { + // If the interface is not enabled, stop any running Suricata + // instance on it, save the new state and exit. + if (!isset($_POST['enable'])) { + if (isset($id) && $a_rule[$id]) { + $a_rule[$id]['enable'] = 'off'; + $a_rule[$id]['interface'] = htmlspecialchars($_POST['interface']); + $a_rule[$id]['descr'] = htmlspecialchars($_POST['descr']); + suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); + + // Save configuration changes + write_config(); + + // Update suricata.conf and suricata.sh files for this interface + sync_suricata_package_config(); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_interfaces.php"); + exit; + } + } + + // Validate inputs + if (!isset($_POST['interface'])) $input_errors[] = gettext("Choosing an Interface is mandatory!"); - if ($_POST['max_pending_packets'] < 1 || $_POST['max_pending_packets'] > 65535) - $input_errors[] = gettext("The value for Maximum-Pending-Packets must be between 1 and 65,535!"); + if (isset($_POST['stats_upd_interval']) && !is_numericint($_POST['stats_upd_interval'])) + $input_errors[] = gettext("The value for Stats Update Interval must contain only digits and evaluate to an integer."); + + if ($_POST['max_pending_packets'] < 1 || $_POST['max_pending_packets'] > 65000) + $input_errors[] = gettext("The value for Maximum-Pending-Packets must be between 1 and 65,000!"); - if (!empty($_POST['max_pcap_log_size']) && !is_numeric($_POST['max_pcap_log_size'])) + if (isset($_POST['max_pcap_log_size']) && !is_numeric($_POST['max_pcap_log_size'])) $input_errors[] = gettext("The value for 'Max Packet Log Size' must be numbers only. Do not include any alphabetic characters."); - if (!empty($_POST['max_pcap_log_files']) && !is_numeric($_POST['max_pcap_log_files'])) - $input_errors[] = gettext("The value for 'Max Packet Log Files' must be numbers only."); + if (isset($_POST['max_pcap_log_files']) && !is_numeric($_POST['max_pcap_log_files'])) + $input_errors[] = gettext("The value for 'Max Packet Log Files' must be numbers only."); + + if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit'])) + $input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0."); + + /* See if assigned interface is already in use */ + if (isset($_POST['interface'])) { + foreach ($a_rule as $k => $v) { + if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { + $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance."); + break; + } + } + } // if no errors write to suricata.yaml if (!$input_errors) { @@ -156,21 +204,12 @@ if ($_POST["Submit"]) { $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; $natent['uuid'] = $pconfig['uuid']; - // See if the HOME_NET, EXTERNAL_NET, or SUPPRESS LIST values were changed - $suricata_reload = false; - if ($_POST['homelistname'] && ($_POST['homelistname'] <> $natent['homelistname'])) - $suricata_reload = true; - if ($_POST['externallistname'] && ($_POST['externallistname'] <> $natent['externallistname'])) - $suricata_reload = true; - if ($_POST['suppresslistname'] && ($_POST['suppresslistname'] <> $natent['suppresslistname'])) - $suricata_reload = true; - - if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = strtoupper($natent['interface']); + if ($_POST['descr']) $natent['descr'] = htmlspecialchars($_POST['descr']); else $natent['descr'] = strtoupper($natent['interface']); if ($_POST['max_pcap_log_size']) $natent['max_pcap_log_size'] = $_POST['max_pcap_log_size']; else unset($natent['max_pcap_log_size']); if ($_POST['max_pcap_log_files']) $natent['max_pcap_log_files'] = $_POST['max_pcap_log_files']; else unset($natent['max_pcap_log_files']); if ($_POST['enable_stats_log'] == "on") { $natent['enable_stats_log'] = 'on'; }else{ $natent['enable_stats_log'] = 'off'; } if ($_POST['append_stats_log'] == "on") { $natent['append_stats_log'] = 'on'; }else{ $natent['append_stats_log'] = 'off'; } - if ($_POST['stats_upd_interval']) $natent['stats_upd_interval'] = $_POST['stats_upd_interval']; else $natent['stats_upd_interval'] = "10"; + if ($_POST['stats_upd_interval'] >= 1) $natent['stats_upd_interval'] = $_POST['stats_upd_interval']; else $natent['stats_upd_interval'] = "10"; if ($_POST['enable_http_log'] == "on") { $natent['enable_http_log'] = 'on'; }else{ $natent['enable_http_log'] = 'off'; } if ($_POST['append_http_log'] == "on") { $natent['append_http_log'] = 'on'; }else{ $natent['append_http_log'] = 'off'; } if ($_POST['enable_tls_log'] == "on") { $natent['enable_tls_log'] = 'on'; }else{ $natent['enable_tls_log'] = 'off'; } @@ -182,30 +221,37 @@ if ($_POST["Submit"]) { if ($_POST['enable_tracked_files_md5'] == "on") { $natent['enable_tracked_files_md5'] = 'on'; }else{ $natent['enable_tracked_files_md5'] = 'off'; } if ($_POST['enable_file_store'] == "on") { $natent['enable_file_store'] = 'on'; }else{ $natent['enable_file_store'] = 'off'; } if ($_POST['max_pending_packets']) $natent['max_pending_packets'] = $_POST['max_pending_packets']; else unset($natent['max_pending_packets']); - if ($_POST['inspect_recursion_limit']) $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']); + if ($_POST['inspect_recursion_limit'] >= '0') $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']); if ($_POST['detect_eng_profile']) $natent['detect_eng_profile'] = $_POST['detect_eng_profile']; else unset($natent['detect_eng_profile']); if ($_POST['mpm_algo']) $natent['mpm_algo'] = $_POST['mpm_algo']; else unset($natent['mpm_algo']); if ($_POST['sgh_mpm_context']) $natent['sgh_mpm_context'] = $_POST['sgh_mpm_context']; else unset($natent['sgh_mpm_context']); if ($_POST['blockoffenders'] == "on") $natent['blockoffenders'] = 'on'; else $natent['blockoffenders'] = 'off'; if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); - if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); + if ($_POST['passlistname']) $natent['passlistname'] = $_POST['passlistname']; else unset($natent['passlistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { + // See if moving an existing Suricata instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); - suricata_stop($a_rule[$id], $oif_real); - exec("rm -r /var/log/suricata_{$oif_real}" . $a_rule[$id]['uuid']); - exec("mv -f {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + if (suricata_is_running($a_rule[$id]['uuid'], $oif_real)) { + suricata_stop($a_rule[$id], $oif_real); + $suricata_start = true; + } + else + $suricata_start = false; + exec("mv -f {$suricatalogdir}suricata_{$oif_real}" . $a_rule[$id]['uuid'] . " {$suricatalogdir}suricata_{$if_real}" . $a_rule[$id]['uuid']); + conf_mount_rw(); + exec("mv -f {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + conf_mount_ro(); } - // Edits don't require a rules rebuild, so turn it "off" - $rebuild_rules = false; $a_rule[$id] = $natent; } else { // Adding new interface, so set interface configuration parameter defaults @@ -247,6 +293,7 @@ if ($_POST["Submit"]) { $natent['reassembly_to_client_chunk'] = '2560'; $natent['enable_midstream_sessions'] = 'off'; $natent['enable_async_sessions'] = 'off'; + $natent['delayed_detect'] = 'off'; $natent['asn1_max_frames'] = '256'; @@ -263,7 +310,7 @@ if ($_POST["Submit"]) { $natent['libhtp_policy']['item'][] = $default; // Enable the basic default rules for the interface - $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules"; + $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules"; // Adding a new interface, so set flag to build new rules $rebuild_rules = true; @@ -282,15 +329,6 @@ if ($_POST["Submit"]) { // Update suricata.conf and suricata.sh files for this interface sync_suricata_package_config(); - /*******************************************************/ - /* Signal Suricata to reload configuration if we changed */ - /* HOME_NET, EXTERNAL_NET or Suppress list values. */ - /* The function only signals a running Suricata instance */ - /* to safely reload these parameters. */ - /*******************************************************/ - if ($suricata_reload == true) - suricata_reload_config($natent, "USR2"); - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -309,19 +347,14 @@ include_once("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> - -<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?> - -<?php - /* Display Alert message */ - if ($input_errors) { - print_input_errors($input_errors); - } - - if ($savemsg) { - print_info_box($savemsg); - } +<?php include("fbegin.inc"); +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); +} +if ($savemsg) { + print_info_box($savemsg); +} ?> <form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform"> @@ -329,13 +362,16 @@ include_once("head.inc"); <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); - display_top_tabs($tab_array); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); @@ -347,7 +383,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -374,13 +410,13 @@ include_once("head.inc"); <?php endforeach; ?> </select> <span class="vexpl"><?php echo gettext("Choose which interface this Suricata instance applies to."); ?><br/> - <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("In most cases, you'll want to use WAN here."); ?></span><br/></td> + <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("In most cases, you'll want to use WAN here if this is the first Suricata-configured interface."); ?></span><br/></td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td> <td width="78%" class="vtable"><input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']); ?>"/> <br/> - <span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference."); ?></span><br/></td> + <span class="vexpl"><?php echo gettext("Enter a meaningful description here for your reference. The default is the interface name."); ?></span><br/></td> </tr> <tr> <td colspan="2" class="listtopic"><?php echo gettext("Logging Settings"); ?></td> @@ -390,7 +426,6 @@ include_once("head.inc"); <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/> <?php echo gettext("Suricata will send Alerts to the firewall's system log."); ?></td> </tr> - <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Stats Log"); ?></td> <td width="78%" class="vtable"><input name="enable_stats_log" type="checkbox" value="on" <?php if ($pconfig['enable_stats_log'] == "on") echo "checked"; ?> @@ -466,8 +501,6 @@ include_once("head.inc"); gettext("This will consume a significant amount of disk space on a busy network when enabled!"); ?></div> </td> </tr> - - <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Packet Log"); ?></td> <td width="78%" class="vtable"><input name="enable_pcap_log" id="enable_pcap_log" type="checkbox" value="on" <?php if ($pconfig['enable_pcap_log'] == "on") echo "checked"; ?> @@ -484,7 +517,6 @@ include_once("head.inc"); <?php echo gettext("Enter maximum size in ") . "<strong>" . gettext("MB") . "</strong>" . gettext(" for a packet log file. Default is ") . "<strong>" . gettext("32") . "</strong>."; ?><br/><br/><?php echo gettext("When the packet log file size reaches the set limit, it will be rotated and a new one created.") ?></td> </tr> - </tr> <tr id="pcap_log_max_row"> <td width="22%" valign="top" class="vncell"><?php echo gettext("Max Packet Log Files"); ?></td> <td width="78%" class="vtable"><input name="max_pcap_log_files" type="text" @@ -492,8 +524,6 @@ include_once("head.inc"); <?php echo gettext("Enter maximum number of packet log files to maintain. Default is ") . "<strong>" . gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td> </tr> - -<!-- <tr> <td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> </tr> @@ -529,8 +559,6 @@ include_once("head.inc"); <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td> </td> </tr> ---> - <tr> <td colspan="2" class="listtopic"><?php echo gettext("Detection Engine Settings"); ?></td> </tr> @@ -539,7 +567,9 @@ include_once("head.inc"); <td width="78%" class="vtable"><input name="max_pending_packets" type="text" class="formfld unknown" id="max_pending_packets" size="8" value="<?=htmlspecialchars($pconfig['max_pending_packets']); ?>"/> <?php echo gettext("Enter number of simultaneous packets to process. Default is ") . "<strong>" . - gettext("1024") . "</strong>."; ?><br/><br/><?php echo gettext("Minimum value is 1 and the maximum value is 65,535.") ?></td> + gettext("1024") . "</strong>."; ?><br/><br/><?php echo gettext("This controls the number simultaneous packets the engine can handle. ") . + gettext("Setting this higher generally keeps the threads more busy. The minimum value is 1 and the maximum value is 65,000. ") . "<br/><span class='red'><strong>" . + gettext("Warning: ") . "</strong></span>" . gettext("Setting this too high can lead to degradation and a possible system crash by exhausting available memory.") ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Detect-Engine Profile"); ?></td> @@ -575,7 +605,7 @@ include_once("head.inc"); </select> <?php echo gettext("Choose a multi-pattern matcher (MPM) algorithm. ") . "<strong>" . gettext("Default") . "</strong>" . gettext(" is ") . "<strong>" . gettext("AC") . "</strong>"; ?>.<br/><br/> - <?php echo gettext("AC is recommended for most systems. "); ?> + <?php echo gettext("AC is the default, and is the best choice for almost all systems."); ?> <br/></td> </tr> <tr> @@ -605,7 +635,15 @@ include_once("head.inc"); gettext("3000") . "</strong>."; ?><br/><br/><?php echo gettext("When set to 0 an internal default is used. When left blank there is no recursion limit.") ?></td> </tr> <tr> - <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Whitelist"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Delayed Detect"); ?></td> + <td width="78%" class="vtable"> + <input name="delayed_detect" id="delayed_detect" type="checkbox" value="on" + <?php if ($pconfig['delayed_detect'] == "on") echo " checked"; ?>/> + <?php echo gettext("Suricata will build list of signatures after packet capture threads have started. Default is ") . + "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td> @@ -666,15 +704,15 @@ include_once("head.inc"); </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td> <td width="78%" class="vtable"> - <select name="whitelistname" class="formselect" id="whitelistname"> + <select name="passlistname" class="formselect" id="passlistname"> <?php - /* find whitelist names and filter by type, make sure to track by uuid */ + /* find passlist names and filter by type, make sure to track by uuid */ echo "<option value='default' >default</option>\n"; - if (is_array($suricataglob['whitelist']['item'])) { - foreach ($suricataglob['whitelist']['item'] as $value) { - if ($value['name'] == $pconfig['whitelistname']) + if (is_array($suricataglob['passlist']['item'])) { + foreach ($suricataglob['passlist']['item'] as $value) { + if ($value['name'] == $pconfig['passlistname']) echo "<option value='{$value['name']}' selected>"; else echo "<option value='{$value['name']}'>"; @@ -683,14 +721,13 @@ include_once("head.inc"); } ?> </select> - <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')" - id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/> + <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','passlistname','passlist')" + id="btnPasslist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/> <br/> - <?php echo gettext("Choose the whitelist you want this interface to " . - "use."); ?> <br/><br/> + <?php echo gettext("Choose the Pass List you want this interface to use."); ?> <br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("This option will only be used when block offenders is on."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Default " . - "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> + "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> </td> </tr> <tr> @@ -734,15 +771,13 @@ include_once("head.inc"); </td> </tr> <tr> - <td width="22%" valign="top"></td> - <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo + <td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo gettext("Click to save settings and exit"); ?>"/> <input name="id" type="hidden" value="<?=$id;?>"/> </td> </tr> <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" . + <td colspan="2" align="center" valign="middle"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" . gettext("Please save your settings before you attempt to start Suricata."); ?> </td> </tr> @@ -755,11 +790,11 @@ include_once("head.inc"); <script language="JavaScript"> function enable_blockoffenders() { -// var endis = !(document.iform.blockoffenders.checked); -// document.iform.blockoffenderskill.disabled=endis; -// document.iform.blockoffendersip.disabled=endis; -// document.iform.whitelistname.disabled=endis; -// document.iform.btnWhitelist.disabled=endis; + var endis = !(document.iform.blockoffenders.checked); + document.iform.blockoffenderskill.disabled=endis; + document.iform.blockoffendersip.disabled=endis; + document.iform.passlistname.disabled=endis; + document.iform.btnPasslist.disabled=endis; } function toggle_stats_log() { @@ -854,19 +889,20 @@ function enable_change(enable_change) { document.iform.mpm_algo.disabled = endis; document.iform.sgh_mpm_context.disabled = endis; document.iform.inspect_recursion_limit.disabled = endis; -// document.iform.blockoffenders.disabled = endis; -// document.iform.blockoffendersip.disabled=endis; -// document.iform.blockoffenderskill.disabled=endis; + document.iform.blockoffenders.disabled = endis; + document.iform.blockoffendersip.disabled=endis; + document.iform.blockoffenderskill.disabled=endis; document.iform.alertsystemlog.disabled = endis; document.iform.externallistname.disabled = endis; document.iform.homelistname.disabled = endis; - document.iform.whitelistname.disabled=endis; + document.iform.passlistname.disabled=endis; document.iform.suppresslistname.disabled = endis; document.iform.configpassthru.disabled = endis; document.iform.btnHomeNet.disabled=endis; - document.iform.btnWhitelist.disabled=endis; + document.iform.btnPasslist.disabled=endis; document.iform.btnSuppressList.disabled=endis; -} +} document.iform.delayed_detect.disabled=endis; + function wopen(url, name, w, h) { // Fudge factors for window decoration space. @@ -889,15 +925,16 @@ function getSelectedValue(elemID) { function viewList(id, elemID, elemType) { if (typeof elemType == "undefined") { - elemType = "whitelist"; + elemType = "passlist"; } var url = "suricata_list_view.php?id=" + id + "&wlist="; url = url + getSelectedValue(elemID) + "&type=" + elemType; - wopen(url, 'WhitelistViewer', 640, 480); + url = url + "&time=" + new Date().getTime(); + wopen(url, 'PassListViewer', 640, 480); } enable_change(false); -enable_blockoffenders(); +//enable_blockoffenders(); toggle_stats_log(); toggle_http_log(); toggle_tls_log(); |