aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_rulesets.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata/suricata_rulesets.php')
-rw-r--r--config/suricata/suricata_rulesets.php88
1 files changed, 38 insertions, 50 deletions
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index a1609d6c..4365de4b 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -35,6 +35,10 @@ global $g, $rebuild_rules;
$suricatadir = SURICATADIR;
$flowbit_rules_file = FLOWBITS_FILENAME;
+// Array of default events rules for Suricata
+$default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules",
+ "smtp-events.rules", "stream-events.rules", "tls-events.rules" );
+
if (!is_array($config['installedpackages']['suricata']['rule'])) {
$config['installedpackages']['suricata']['rule'] = array();
}
@@ -43,10 +47,8 @@ $a_nat = &$config['installedpackages']['suricata']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id = 0;
if (isset($id) && $a_nat[$id]) {
$pconfig['enable'] = $a_nat[$id]['enable'];
@@ -89,17 +91,6 @@ if (!file_exists("{$suricatadir}rules/" . GPL_FILE_PREFIX . "community.rules"))
if (($snortdownload != 'on') || ($a_nat[$id]['ips_policy_enable'] != 'on'))
$policy_select_disable = "disabled";
-if ($a_nat[$id]['autoflowbitrules'] == 'on') {
- if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") &&
- filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) {
- $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\"";
- }
- else
- $btn_view_flowb_rules = " disabled";
-}
-else
- $btn_view_flowb_rules = " disabled";
-
// If a Snort VRT policy is enabled and selected, remove all Snort VRT
// rules from the configured rule sets to allow automatic selection.
if ($a_nat[$id]['ips_policy_enable'] == 'on') {
@@ -117,9 +108,7 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') {
else
$disable_vrt_rules = "";
-/* alert file */
-if ($_POST["Submit"]) {
-
+if ($_POST["save"]) {
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
$a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
@@ -129,11 +118,12 @@ if ($_POST["Submit"]) {
unset($a_nat[$id]['ips_policy']);
}
- $enabled_items = "";
+ // Always start with the default events and files rules
+ $enabled_items = implode("||", $default_rules);
if (is_array($_POST['toenable']))
- $enabled_items = implode("||", $_POST['toenable']);
+ $enabled_items .= "||" . implode("||", $_POST['toenable']);
else
- $enabled_items = $_POST['toenable'];
+ $enabled_items .= "||{$_POST['toenable']}";
$a_nat[$id]['rulesets'] = $enabled_items;
@@ -155,12 +145,12 @@ if ($_POST["Submit"]) {
suricata_generate_yaml($a_nat[$id]);
$rebuild_rules = false;
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
+ /* Signal Suricata to "live reload" the rules */
+ suricata_reload_config($a_nat[$id]);
}
-
-if ($_POST['unselectall']) {
- $a_nat[$id]['rulesets'] = "";
+elseif ($_POST['unselectall']) {
+ // Remove all but the default events and files rules
+ $a_nat[$id]['rulesets'] = implode("||", $default_rules);
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -173,13 +163,10 @@ if ($_POST['unselectall']) {
write_config();
sync_suricata_package_config();
-
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
}
-
-if ($_POST['selectall']) {
- $rulesets = array();
+elseif ($_POST['selectall']) {
+ // Start with the required default events and files rules
+ $rulesets = $default_rules;
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -218,10 +205,20 @@ if ($_POST['selectall']) {
write_config();
sync_suricata_package_config();
+}
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
+// See if we have any Auto-Flowbit rules and enable
+// the VIEW button if we do.
+if ($a_nat[$id]['autoflowbitrules'] == 'on') {
+ if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") &&
+ filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) {
+ $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\"";
+ }
+ else
+ $btn_view_flowb_rules = " disabled";
}
+else
+ $btn_view_flowb_rules = " disabled";
$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
@@ -234,7 +231,6 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
@@ -258,7 +254,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -282,9 +278,8 @@ if ($savemsg) {
$isrulesfolderempty = glob("{$suricatadir}rules/*.rules");
$iscfgdirempty = array();
if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"))
- $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules");
- if (empty($isrulesfolderempty)):
-?>
+ $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"); ?>
+<?php if (empty($isrulesfolderempty)): ?>
<tr>
<td class="vexpl"><br/>
<?php printf(gettext("# The rules directory is empty: %s%srules%s"), '<strong>',$suricatadir,'</strong>'); ?> <br/><br/>
@@ -294,14 +289,7 @@ if ($savemsg) {
'</strong></a>' . gettext(" tab."); ?>
</td>
</tr>
-<?php else:
- $colspan = 4;
- if ($emergingdownload != 'on')
- $colspan -= 2;
- if ($snortdownload != 'on')
- $colspan -= 2;
-
-?>
+<?php else: ?>
<tr>
<td>
<table width="100%" border="0"
@@ -393,7 +381,7 @@ if ($savemsg) {
<tr height="45px">
<td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td>
<td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td>
- <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
+ <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
<td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td>
</tr>
</table>
@@ -531,7 +519,7 @@ if ($savemsg) {
</tr>
<tr>
<td colspan="4" align="center" valign="middle">
- <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
+ <input value="Save" type="submit" name="save" id="save" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
</tr>
<?php endif; ?>
</table>
@@ -581,7 +569,7 @@ function enable_change()
for (var i = 0; i < document.iform.elements.length; i++) {
if (document.iform.elements[i].type == 'checkbox') {
var str = document.iform.elements[i].value;
- if (str.substr(0,6) == "suricata_")
+ if (str.substr(0,6) == "snort_")
document.iform.elements[i].disabled = !(endis);
}
}