diff options
Diffstat (limited to 'config/suricata/suricata_rulesets.php')
-rw-r--r-- | config/suricata/suricata_rulesets.php | 88 |
1 files changed, 38 insertions, 50 deletions
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php index a1609d6c..4365de4b 100644 --- a/config/suricata/suricata_rulesets.php +++ b/config/suricata/suricata_rulesets.php @@ -35,6 +35,10 @@ global $g, $rebuild_rules; $suricatadir = SURICATADIR; $flowbit_rules_file = FLOWBITS_FILENAME; +// Array of default events rules for Suricata +$default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", + "smtp-events.rules", "stream-events.rules", "tls-events.rules" ); + if (!is_array($config['installedpackages']['suricata']['rule'])) { $config['installedpackages']['suricata']['rule'] = array(); } @@ -43,10 +47,8 @@ $a_nat = &$config['installedpackages']['suricata']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; -if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; -} +if (is_null($id)) + $id = 0; if (isset($id) && $a_nat[$id]) { $pconfig['enable'] = $a_nat[$id]['enable']; @@ -89,17 +91,6 @@ if (!file_exists("{$suricatadir}rules/" . GPL_FILE_PREFIX . "community.rules")) if (($snortdownload != 'on') || ($a_nat[$id]['ips_policy_enable'] != 'on')) $policy_select_disable = "disabled"; -if ($a_nat[$id]['autoflowbitrules'] == 'on') { - if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && - filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { - $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; - } - else - $btn_view_flowb_rules = " disabled"; -} -else - $btn_view_flowb_rules = " disabled"; - // If a Snort VRT policy is enabled and selected, remove all Snort VRT // rules from the configured rule sets to allow automatic selection. if ($a_nat[$id]['ips_policy_enable'] == 'on') { @@ -117,9 +108,7 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') { else $disable_vrt_rules = ""; -/* alert file */ -if ($_POST["Submit"]) { - +if ($_POST["save"]) { if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; @@ -129,11 +118,12 @@ if ($_POST["Submit"]) { unset($a_nat[$id]['ips_policy']); } - $enabled_items = ""; + // Always start with the default events and files rules + $enabled_items = implode("||", $default_rules); if (is_array($_POST['toenable'])) - $enabled_items = implode("||", $_POST['toenable']); + $enabled_items .= "||" . implode("||", $_POST['toenable']); else - $enabled_items = $_POST['toenable']; + $enabled_items .= "||{$_POST['toenable']}"; $a_nat[$id]['rulesets'] = $enabled_items; @@ -155,12 +145,12 @@ if ($_POST["Submit"]) { suricata_generate_yaml($a_nat[$id]); $rebuild_rules = false; - header("Location: /suricata/suricata_rulesets.php?id=$id"); - exit; + /* Signal Suricata to "live reload" the rules */ + suricata_reload_config($a_nat[$id]); } - -if ($_POST['unselectall']) { - $a_nat[$id]['rulesets'] = ""; +elseif ($_POST['unselectall']) { + // Remove all but the default events and files rules + $a_nat[$id]['rulesets'] = implode("||", $default_rules); if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; @@ -173,13 +163,10 @@ if ($_POST['unselectall']) { write_config(); sync_suricata_package_config(); - - header("Location: /suricata/suricata_rulesets.php?id=$id"); - exit; } - -if ($_POST['selectall']) { - $rulesets = array(); +elseif ($_POST['selectall']) { + // Start with the required default events and files rules + $rulesets = $default_rules; if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; @@ -218,10 +205,20 @@ if ($_POST['selectall']) { write_config(); sync_suricata_package_config(); +} - header("Location: /suricata/suricata_rulesets.php?id=$id"); - exit; +// See if we have any Auto-Flowbit rules and enable +// the VIEW button if we do. +if ($a_nat[$id]['autoflowbitrules'] == 'on') { + if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") && + filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) { + $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; + } + else + $btn_view_flowb_rules = " disabled"; } +else + $btn_view_flowb_rules = " disabled"; $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); @@ -234,7 +231,6 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} /* Display message */ if ($input_errors) { @@ -258,7 +254,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); - $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); display_top_tabs($tab_array); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; @@ -282,9 +278,8 @@ if ($savemsg) { $isrulesfolderempty = glob("{$suricatadir}rules/*.rules"); $iscfgdirempty = array(); if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules")) - $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"); - if (empty($isrulesfolderempty)): -?> + $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"); ?> +<?php if (empty($isrulesfolderempty)): ?> <tr> <td class="vexpl"><br/> <?php printf(gettext("# The rules directory is empty: %s%srules%s"), '<strong>',$suricatadir,'</strong>'); ?> <br/><br/> @@ -294,14 +289,7 @@ if ($savemsg) { '</strong></a>' . gettext(" tab."); ?> </td> </tr> -<?php else: - $colspan = 4; - if ($emergingdownload != 'on') - $colspan -= 2; - if ($snortdownload != 'on') - $colspan -= 2; - -?> +<?php else: ?> <tr> <td> <table width="100%" border="0" @@ -393,7 +381,7 @@ if ($savemsg) { <tr height="45px"> <td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td> <td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td> - <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> + <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td> <td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td> </tr> </table> @@ -531,7 +519,7 @@ if ($savemsg) { </tr> <tr> <td colspan="4" align="center" valign="middle"> - <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td> + <input value="Save" type="submit" name="save" id="save" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td> </tr> <?php endif; ?> </table> @@ -581,7 +569,7 @@ function enable_change() for (var i = 0; i < document.iform.elements.length; i++) { if (document.iform.elements[i].type == 'checkbox') { var str = document.iform.elements[i].value; - if (str.substr(0,6) == "suricata_") + if (str.substr(0,6) == "snort_") document.iform.elements[i].disabled = !(endis); } } |