aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata_alerts.php2
-rw-r--r--config/suricata/suricata_barnyard.php4
-rw-r--r--config/suricata/suricata_global.php2
-rw-r--r--config/suricata/suricata_interfaces.php15
-rw-r--r--config/suricata/suricata_interfaces_edit.php4
-rw-r--r--config/suricata/suricata_logs_mgmt.php4
-rw-r--r--config/suricata/suricata_migrate_config.php6
-rw-r--r--config/suricata/suricata_passlist.php2
-rw-r--r--config/suricata/suricata_passlist_edit.php2
-rw-r--r--config/suricata/suricata_rules_flowbits.php2
-rw-r--r--config/suricata/suricata_suppress.php2
11 files changed, 31 insertions, 14 deletions
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 432cd02f..595d96a9 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -128,7 +128,9 @@ function suricata_add_supplist_entry($suppress) {
/* and return true; otherwise return false. */
if ($found_list) {
write_config();
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
return true;
}
else
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index 21611ba8..24aa1653 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -100,7 +100,9 @@ if ($_POST['save']) {
// No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -192,7 +194,9 @@ if ($_POST['save']) {
// No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
// If disabling Barnyard2 on the interface, stop any
// currently running instance. If an instance is
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index 5f01a660..f2a24fcf 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -154,7 +154,9 @@ if (!$input_errors) {
$retval = 0;
/* create passlist and homenet file, then sync files */
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
write_config("Suricata pkg: modified global settings.");
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 0a3b7eba..3c2e1d6a 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -81,16 +81,9 @@ if ($_POST['del_x']) {
write_config("Suricata pkg: deleted one or more Suricata interfaces.");
sleep(2);
- /* if there are no ifaces remaining do not create suricata.sh */
- if (!empty($config['installedpackages']['suricata']['rule']))
- suricata_create_rc();
- else {
- conf_mount_rw();
- unlink_if_exists("{$rcdir}suricata.sh");
- conf_mount_ro();
- }
-
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -110,7 +103,9 @@ if ($_POST['bartoggle']) {
if (!suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2')) {
log_error("Toggle (barnyard starting) for {$if_friendly}({$suricatacfg['descr']})...");
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
suricata_barnyard_start($suricatacfg, $if_real);
} else {
log_error("Toggle (barnyard stopping) for {$if_friendly}({$suricatacfg['descr']})...");
@@ -135,7 +130,9 @@ if ($_POST['toggle']) {
log_error("Toggle (suricata starting) for {$if_friendly}({$suricatacfg['descr']})...");
// set flag to rebuild interface rules before starting Snort
$rebuild_rules = true;
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
$rebuild_rules = false;
suricata_start($suricatacfg, $if_real);
}
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 4737dc8d..d523a8b5 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -223,7 +223,9 @@ if ($_POST["save"] && !$input_errors) {
suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface']));
write_config("Suricata pkg: disabled Suricata on " . convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']));
$rebuild_rules = false;
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -423,7 +425,9 @@ if ($_POST["save"] && !$input_errors) {
write_config("Suricata pkg: modified interface configuration for " . convert_friendly_interface_to_friendly_descr($natent['interface']));
// Update suricata.conf and suricata.sh files for this interface
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php
index fec2d149..f929675d 100644
--- a/config/suricata/suricata_logs_mgmt.php
+++ b/config/suricata/suricata_logs_mgmt.php
@@ -173,7 +173,9 @@ if ($_POST["save"] || $_POST['apply']) {
if ($_POST['enable_log_mgmt'] != 'on') {
$config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off';
write_config("Suricata pkg: saved updated configuration for LOGS MGMT.");
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
/* forces page to reload new settings */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -222,7 +224,9 @@ if ($_POST["save"] || $_POST['apply']) {
$config['installedpackages']['suricata']['config'][0]['sid_changes_log_retention'] = $_POST['sid_changes_log_retention'];
write_config("Suricata pkg: saved updated configuration for LOGS MGMT.");
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
/* forces page to reload new settings */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php
index 3d04ffa4..d5f56a62 100644
--- a/config/suricata/suricata_migrate_config.php
+++ b/config/suricata/suricata_migrate_config.php
@@ -343,12 +343,8 @@ foreach ($rule as &$r) {
unset($r);
// Write out the new configuration to disk if we changed anything
-if ($updated_cfg) {
- $config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.3";
- log_error("[Suricata] Saving configuration settings in new format...");
- write_config("Suricata pkg: migrate existing settings to new format during package upgrade.");
+if ($updated_cfg)
log_error("[Suricata] Settings successfully migrated to new configuration format...");
-}
else
log_error("[Suricata] Configuration version is current...");
diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php
index 02aa4a3d..cdfd98e8 100644
--- a/config/suricata/suricata_passlist.php
+++ b/config/suricata/suricata_passlist.php
@@ -87,7 +87,9 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) {
if (!$input_errors) {
unset($a_passlist[$_POST['list_id']]);
write_config("Suricata pkg: deleted PASS LIST.");
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
header("Location: /suricata/suricata_passlist.php");
exit;
}
diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php
index 3e1502f3..b27f69ad 100644
--- a/config/suricata/suricata_passlist_edit.php
+++ b/config/suricata/suricata_passlist_edit.php
@@ -182,7 +182,9 @@ if ($_POST['save']) {
write_config("Suricata pkg: modified PASS LIST {$p_list['name']}.");
/* create pass list and homenet file, then sync files */
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
header("Location: /suricata/suricata_passlist.php");
exit;
diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php
index b16353cb..1bb945d8 100644
--- a/config/suricata/suricata_rules_flowbits.php
+++ b/config/suricata/suricata_rules_flowbits.php
@@ -139,7 +139,9 @@ if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid
if ($found_list) {
write_config();
$rebuild_rules = false;
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
suricata_reload_config($a_nat[$id]);
$savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
}
diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php
index 80249724..b3ef6fd4 100644
--- a/config/suricata/suricata_suppress.php
+++ b/config/suricata/suricata_suppress.php
@@ -103,7 +103,9 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) {
else {
unset($a_suppress[$_POST['list_id']]);
write_config("Suricata pkg: deleted SUPPRESS LIST.");
+ conf_mount_rw();
sync_suricata_package_config();
+ conf_mount_ro();
header("Location: /suricata/suricata_suppress.php");
exit;
}