aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata.inc52
-rw-r--r--config/suricata/suricata.priv.inc4
-rw-r--r--config/suricata/suricata.xml22
-rw-r--r--config/suricata/suricata_alerts.js92
-rw-r--r--config/suricata/suricata_alerts.php233
-rw-r--r--config/suricata/suricata_alerts.widget.php213
-rw-r--r--config/suricata/suricata_app_parsers.php362
-rw-r--r--config/suricata/suricata_barnyard.php161
-rw-r--r--config/suricata/suricata_check_cron_misc.inc2
-rw-r--r--config/suricata/suricata_check_for_rule_updates.php71
-rw-r--r--config/suricata/suricata_define_vars.php2
-rw-r--r--config/suricata/suricata_download_updates.php130
-rw-r--r--config/suricata/suricata_flow_stream.php327
-rw-r--r--config/suricata/suricata_global.php78
-rw-r--r--config/suricata/suricata_import_aliases.php199
-rw-r--r--config/suricata/suricata_interfaces.php153
-rw-r--r--config/suricata/suricata_interfaces_edit.php102
-rw-r--r--config/suricata/suricata_libhtp_policy_engine.php212
-rw-r--r--config/suricata/suricata_logs_browser.php2
-rw-r--r--config/suricata/suricata_os_policy_engine.php188
-rw-r--r--config/suricata/suricata_post_install.php19
-rw-r--r--config/suricata/suricata_rules.php274
-rw-r--r--config/suricata/suricata_rules_edit.php23
-rw-r--r--config/suricata/suricata_rules_flowbits.php90
-rw-r--r--config/suricata/suricata_rulesets.php88
-rw-r--r--config/suricata/suricata_select_alias.php226
-rw-r--r--config/suricata/suricata_suppress.php141
-rw-r--r--config/suricata/suricata_uninstall.php30
-rw-r--r--config/suricata/widget-suricata.inc8
29 files changed, 1896 insertions, 1608 deletions
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc
index b87e2f6a..1b6f5eb3 100644
--- a/config/suricata/suricata.inc
+++ b/config/suricata/suricata.inc
@@ -39,6 +39,10 @@ global $g, $config;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
+// Define the binary and package build versions
+define('SURICATA_VER', '1.4.6');
+define('SURICATA_PKG_VER', 'v0.2-BETA');
+
// Create some other useful defines
define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/');
define('SURICATALOGDIR', '/var/log/suricata/');
@@ -76,9 +80,9 @@ function suricata_is_running($suricata_uuid, $if_real, $type = 'suricata') {
global $config, $g;
if (isvalidpid("{$g['varrun_path']}/{$type}_{$if_real}{$suricata_uuid}.pid"))
- return 'yes';
+ return true;
else
- return 'no';
+ return false;
}
function suricata_barnyard_stop($suricatacfg, $if_real) {
@@ -154,7 +158,7 @@ function suricata_reload_config($suricatacfg, $signal="USR2") {
$suricatadir = SURICATADIR;
$suricata_uuid = $suricatacfg['uuid'];
- $if_real = suricata_get_real_interface($suricatacfg['interface']);
+ $if_real = get_real_interface($suricatacfg['interface']);
/******************************************************/
/* Only send the SIGUSR2 if Suricata is running and */
@@ -183,7 +187,7 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") {
$suricatadir = SURICATADIR;
$suricata_uuid = $suricatacfg['uuid'];
- $if_real = suricata_get_real_interface($suricatacfg['interface']);
+ $if_real = get_real_interface($suricatacfg['interface']);
/******************************************************/
/* Only send the SIGHUP if Barnyard2 is running and */
@@ -196,22 +200,6 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") {
}
}
-function suricata_get_friendly_interface($interface) {
-
- // Pass this directly to the system for now.
- // Later, this wrapper will be removed and all
- // the Suricata code changed to use the system call.
- return convert_friendly_interface_to_friendly_descr($interface);
-}
-
-function suricata_get_real_interface($interface) {
-
- // Pass this directly to the system for now.
- // Later, this wrapper will be removed and all
- // the Suricata code changed to use the system call.
- return get_real_interface($interface);
-}
-
function suricata_get_blocked_ips() {
// This is a placeholder function for later use.
@@ -517,7 +505,7 @@ function sync_suricata_package_config() {
$suricataconf = $config['installedpackages']['suricata']['rule'];
foreach ($suricataconf as $value) {
- $if_real = suricata_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
// create a suricata.yaml file for interface
suricata_generate_yaml($value);
@@ -669,7 +657,7 @@ function suricata_post_delete_logs($suricata_uuid = 0) {
foreach ($config['installedpackages']['suricata']['rule'] as $value) {
if ($value['uuid'] != $suricata_uuid)
continue;
- $if_real = suricata_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
$suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
if ($if_real != '') {
@@ -1508,7 +1496,7 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) {
return;
// Log a message for rules rebuild in progress
- log_error(gettext("[Suricata] Updating rules configuration for: " . suricata_get_friendly_interface($suricatacfg['interface']) . " ..."));
+ log_error(gettext("[Suricata] Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " ..."));
// Only rebuild rules if some are selected or an IPS Policy is enabled
if (!empty($suricatacfg['rulesets']) || $suricatacfg['ips_policy_enable'] == 'on') {
@@ -1581,7 +1569,7 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) {
// If auto-flowbit resolution is enabled, generate the dependent flowbits rules file.
if ($suricatacfg['autoflowbitrules'] == 'on') {
- log_error('[Suricata] Enabling any flowbit-required rules for: ' . suricata_get_friendly_interface($suricatacfg['interface']) . '...');
+ log_error('[Suricata] Enabling any flowbit-required rules for: ' . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . '...');
$fbits = suricata_resolve_flowbits($all_rules, $enabled_rules);
// Check for and disable any flowbit-required rules the user has
@@ -1606,11 +1594,11 @@ function suricata_prepare_rule_files($suricatacfg, $suricatacfgdir) {
// Log a warning if the interface has no rules defined or enabled
if ($no_rules_defined)
- log_error(gettext("[Suricata] Warning - no text rules selected for: " . suricata_get_friendly_interface($suricatacfg['interface']) . " ..."));
+ log_error(gettext("[Suricata] Warning - no text rules selected for: " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " ..."));
// Build a new sid-msg.map file from the enabled
// rules and copy it to the interface directory.
- log_error(gettext("[Suricata] Building new sig-msg.map file for " . suricata_get_friendly_interface($suricatacfg['interface']) . "..."));
+ log_error(gettext("[Suricata] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "..."));
suricata_build_sid_msg_map("{$suricatacfgdir}/rules/", "{$suricatacfgdir}/sid-msg.map");
}
@@ -1695,7 +1683,7 @@ function suricata_create_rc() {
// the shell script.
foreach ($suricataconf as $value) {
$suricata_uuid = $value['uuid'];
- $if_real = suricata_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
$start_barnyard = <<<EOE
@@ -1914,13 +1902,17 @@ function suricata_generate_barnyard2_conf($suricatacfg, $if_real) {
$suricatabarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\n";
$suricatabarnyardlog_output_plugins .= "output alert_syslog_full: sensor_name {$suricatabarnyardlog_hostname_info_chk}, ";
if ($suricatacfg['barnyard_syslog_local'] == 'on')
- $suricatabarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n";
+ $suricatabarnyardlog_output_plugins .= "local, log_facility LOG_AUTH, log_priority LOG_INFO\n\n";
else {
$suricatabarnyardlog_output_plugins .= "server {$suricatacfg['barnyard_syslog_rhost']}, protocol {$suricatacfg['barnyard_syslog_proto']}, ";
$suricatabarnyardlog_output_plugins .= "port {$suricatacfg['barnyard_syslog_dport']}, operation_mode {$suricatacfg['barnyard_syslog_opmode']}, ";
- $suricatabarnyardlog_output_plugins .= "log_facility {$suricatacfg['barnyard_syslog_facility']}, log_priority {$suricatacfg['barnyard_syslog_priority']}\n";
+ $suricatabarnyardlog_output_plugins .= "log_facility {$suricatacfg['barnyard_syslog_facility']}, log_priority {$suricatacfg['barnyard_syslog_priority']}\n\n";
}
}
+ if ($suricatacfg['barnyard_bro_ids_enable'] == 'on') {
+ $suricatabarnyardlog_output_plugins .= "# alert_bro: log to a Bro-IDS receiver\n";
+ $suricatabarnyardlog_output_plugins .= "output alert_bro: {$suricatacfg['barnyard_bro_ids_rhost']}:{$suricatacfg['barnyard_bro_ids_dport']}\n";
+ }
// Trim leading and trailing newlines and spaces
$suricatabarnyardlog_output_plugins = rtrim($suricatabarnyardlog_output_plugins, "\n");
@@ -1986,7 +1978,7 @@ function suricata_generate_yaml($suricatacfg) {
$suricatalogdir = SURICATALOGDIR;
$flowbit_rules_file = FLOWBITS_FILENAME;
$suricata_enforcing_rules_file = ENFORCING_RULES_FILENAME;
- $if_real = suricata_get_real_interface($suricatacfg['interface']);
+ $if_real = get_real_interface($suricatacfg['interface']);
$suricata_uuid = $suricatacfg['uuid'];
$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc
index 7f5f1825..a17a307b 100644
--- a/config/suricata/suricata.priv.inc
+++ b/config/suricata/suricata.priv.inc
@@ -41,5 +41,7 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata.inc*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_uninstall.php*";
$priv_list['page-services-suricata']['match'][] = "suricata/suricata_generate_yaml.php*";
-
+$priv_list['page-services-suricata']['match'][] = "widgets/javascript/suricata_alerts.js*";
+$priv_list['page-services-suricata']['match'][] = "widgets/widgets/suricata_alerts.widget.php*";
+$priv_list['page-services-suricata']['match'][] = "widgets/include/widget-suricata.inc*";
?> \ No newline at end of file
diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml
index 4760149d..46baa50c 100644
--- a/config/suricata/suricata.xml
+++ b/config/suricata/suricata.xml
@@ -42,7 +42,7 @@
<description>Suricata IDS/IPS Package</description>
<requirements>None</requirements>
<name>suricata</name>
- <version>1.4.6 pkg v0.1-BETA</version>
+ <version>1.4.6 pkg v0.2-BETA</version>
<title>Services: Suricata IDS</title>
<include_file>/usr/local/pkg/suricata/suricata.inc</include_file>
<menu>
@@ -153,11 +153,6 @@
<chmod>0755</chmod>
</additional_files_needed>
<additional_files_needed>
- <item>http://www.pfsense.com/packages/config/suricata/suricata_select_alias.php</item>
- <prefix>/usr/local/www/suricata/</prefix>
- <chmod>0755</chmod>
- </additional_files_needed>
- <additional_files_needed>
<item>http://www.pfsense.com/packages/config/suricata/suricata_suppress.php</item>
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
@@ -212,6 +207,21 @@
<prefix>/usr/local/www/suricata/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/javascript/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/suricata/suricata_alerts.js</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/widgets/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/suricata/suricata_alerts.widget.php</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/include/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/suricata/widget-suricata.inc</item>
+ </additional_files_needed>
<!-- configpath gets expanded out automatically and config items will be stored in that location -->
<configpath>['installedpackages']['suricata']</configpath>
<tabs>
diff --git a/config/suricata/suricata_alerts.js b/config/suricata/suricata_alerts.js
new file mode 100644
index 00000000..7678656d
--- /dev/null
+++ b/config/suricata/suricata_alerts.js
@@ -0,0 +1,92 @@
+
+var suricatalines = Array();
+var suricatatimer;
+var suricataisBusy = false;
+var suricataisPaused = false;
+
+function suricata_alerts_fetch_new_rules() {
+
+ //get new alerts from suricata_alerts.widget.php
+ url = "/widgets/widgets/suricata_alerts.widget.php?getNewAlerts=1" + new Date().getTime();
+
+ jQuery.ajax(url, {
+ type: 'GET',
+ success: function(callback_data) {
+ var data_split;
+ var new_data_to_add = Array();
+ var data = callback_data;
+
+ data_split = data.split("\n");
+
+ // Loop through rows and generate replacement HTML
+ for(var x=0; x<data_split.length-1; x++) {
+ row_split = data_split[x].split("||");
+ var line = '';
+ line = '<td width="22%" class="listMRr" nowrap>' + row_split[0] + '<br/>' + row_split[1] + '</td>';
+ line += '<td width="39%" class="listMRr">' + row_split[2] + '<br/>' + row_split[3] + '</td>';
+ line += '<td width="39%" class="listMRr">' + 'Priority: ' + row_split[4] + '<br/>' + row_split[5] + '</td>';
+ new_data_to_add[new_data_to_add.length] = line;
+ }
+ suricata_alerts_update_div_rows(new_data_to_add);
+ suricataisBusy = false;
+ }
+ });
+}
+function suricata_alerts_update_div_rows(data) {
+ if(suricataisPaused)
+ return;
+
+ var isIE = navigator.appName.indexOf('Microsoft') != -1;
+ var isSafari = navigator.userAgent.indexOf('Safari') != -1;
+ var isOpera = navigator.userAgent.indexOf('Opera') != -1;
+
+ var rows = jQuery('#suricata-alert-entries>tr');
+
+ // Number of rows to move by
+ var move = rows.length + data.length - nentries;
+ if (move < 0)
+ move = 0;
+
+ for (var i = move; i < rows.length; i++) {
+ jQuery(rows[i - move]).html(jQuery(rows[i]).html());
+ }
+
+ var tbody = jQuery('#suricata-alert-entries');
+ for (var i = 0; i < data.length; i++) {
+ var rowIndex = rows.length - move + i;
+ if (rowIndex < rows.length) {
+ jQuery(rows[rowIndex]).html(data[i]);
+ } else {
+ jQuery(tbody).append('<tr>' + data[i] + '</tr>');
+ }
+ }
+
+ // Add the even/odd class to each of the rows now
+ // they have all been added.
+ rows = jQuery('#suricata-alert-entries>tr');
+ for (var i = 0; i < rows.length; i++) {
+ rows[i].className = i % 2 == 0 ? 'listMRodd' : 'listMReven';
+ }
+}
+
+function fetch_new_surialerts() {
+ if(suricataisPaused)
+ return;
+ if(suricataisBusy)
+ return;
+
+ //get new alerts from suricata_alerts.widget.php
+ suricataisBusy = true;
+ suricata_alerts_fetch_new_rules();
+}
+
+function suricata_alerts_toggle_pause() {
+ if(suricataisPaused) {
+ suricataisPaused = false;
+ fetch_new_surialerts();
+ } else {
+ suricataisPaused = true;
+ }
+}
+/* start local AJAX engine */
+suricatatimer = setInterval('fetch_new_surialerts()', suricataupdateDelay);
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index c36c0dd7..75f21333 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -121,10 +121,11 @@ function suricata_add_supplist_entry($suppress) {
return false;
}
-if ($_GET['instance'])
- $instanceid = $_GET['instance'];
if ($_POST['instance'])
$instanceid = $_POST['instance'];
+// This is for the auto-refresh so wecan stay on the same interface
+if (is_numeric($_GET['instance']))
+ $instanceid = $_GET['instance'];
if (empty($instanceid))
$instanceid = 0;
@@ -163,63 +164,63 @@ if ($_POST['save']) {
exit;
}
-//if ($_POST['todelete'] || $_GET['todelete']) {
-// $ip = "";
-// if($_POST['todelete'])
-// $ip = $_POST['todelete'];
-// else if($_GET['todelete'])
-// $ip = $_GET['todelete'];
-// if (is_ipaddr($ip)) {
-// exec("/sbin/pfctl -t snort2c -T delete {$ip}");
-// $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table.");
+//if ($_POST['unblock'] && $_POST['ip']) {
+// if (is_ipaddr($_POST['ip'])) {
+// exec("/sbin/pfctl -t snort2c -T delete {$_POST['ip']}");
+// $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table.");
// }
//}
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
-
- /* Add the new entry to the Suppress List */
- if (suricata_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
- else
- $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
-}
-
-if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip") && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if ($_GET['act'] == "addsuppress_srcip")
+if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ if ($_POST['addsuppress_srcip'])
$method = "by_src";
- else
+ elseif ($_POST['addsuppress_dstip'])
$method = "by_dst";
-
- /* Check for valid IP addresses, exit if not valid */
- if (is_ipaddr($_GET['ip']) || is_ipaddrv6($_GET['ip'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- }
- else {
- header("Location: /suricata/suricata_alerts.php?instance={$instanceid}");
- exit;
+ else
+ $method ="all";
+
+ // See which kind of Suppress Entry to create
+ switch ($method) {
+ case "all":
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
+ break;
+ case "by_src":
+ case "by_dst":
+ // Check for valid IP addresses, exit if not valid
+ if (is_ipaddr($_POST['ip']) || is_ipaddrv6($_POST['ip'])) {
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}' has been added to the Suppress List.");
+ }
+ else {
+ header("Location: /suricata/suricata_alerts.php");
+ exit;
+ }
+ break;
+ default:
+ header("Location: /suricata/suricata_alerts.php");
+ exit;
}
- /* Add the new entry to the Suppress List */
- if (suricata_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.");
+ /* Add the new entry to the Suppress List and signal Suricata to reload config */
+ if (suricata_add_supplist_entry($suppress)) {
+ suricata_reload_config($a_instance[$instanceid]);
+ $savemsg = $success;
+ }
else
- /* We did not find the defined list, so notify the user with an error */
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
}
-if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gen_id'];
-
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['sidid'];
+if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ // Get the GID and SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gen_id'];
+ $sid= $_POST['sidid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it if present.
@@ -272,17 +273,14 @@ if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GE
$savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 30 secs for the process to complete before toggling additional rules.");
}
-if ($_GET['action'] == "clear" || $_POST['delete']) {
- conf_mount_rw();
+if ($_POST['delete']) {
suricata_post_delete_logs($suricata_uuid);
$fd = @fopen("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/alerts.log", "w+");
if ($fd)
fclose($fd);
- conf_mount_ro();
/* XXX: This is needed if suricata is run as suricata user */
mwexec('/bin/chmod 660 {$suricatalogdir}*', true);
- if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"))
- mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid -a");
+ sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", "HUP");
header("Location: /suricata/suricata_alerts.php?instance={$instanceid}");
exit;
}
@@ -332,16 +330,21 @@ if ($pconfig['arefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/suricata/suricata_alerts.php?instance={$instanceid}\" />\n";
?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
- if ($savemsg) {
- print_info_box($savemsg);
- }
+<?php
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<form action="/suricata/suricata_alerts.php" method="post" id="formalert">
+<input type="hidden" name="sidid" id="sidid" value=""/>
+<input type="hidden" name="gen_id" id="gen_id" value=""/>
+<input type="hidden" name="ip" id="ip" value=""/>
+<input type="hidden" name="descr" id="descr" value=""/>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -349,7 +352,7 @@ if ($pconfig['arefresh'] == 'on')
$tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
display_top_tabs($tab_array);
@@ -364,13 +367,13 @@ if ($pconfig['arefresh'] == 'on')
<tr>
<td width="22%" class="vncell"><?php echo gettext('Instance to Inspect'); ?></td>
<td width="78%" class="vtable">
- <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='get';document.getElementById('formalert').submit()">
+ <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='post';document.getElementById('formalert').submit()">
<?php
foreach ($a_instance as $id => $instance) {
$selected = "";
if ($id == $instanceid)
$selected = "selected";
- echo "<option value='{$id}' {$selected}> (" . suricata_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . "){$instance['descr']}</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which instance alerts you want to inspect.'); ?>
@@ -379,9 +382,9 @@ if ($pconfig['arefresh'] == 'on')
<td width="22%" class="vncell"><?php echo gettext('Save or Remove Logs'); ?></td>
<td width="78%" class="vtable">
<input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' .
- 'log files will be saved.'); ?>&nbsp;&nbsp;<a href="/suricata/suricata_alerts.php?action=clear&instance=<?=$instanceid;?>">
+ 'log files will be saved.'); ?>&nbsp;&nbsp;
<input name="delete" type="submit" class="formbtns" value="Clear"
- onclick="return confirm('Do you really want to remove all instance logs?')"></a>
+ onclick="return confirm('Do you really want to remove all instance logs?');">
<span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
</td>
</tr>
@@ -434,21 +437,30 @@ if ($pconfig['arefresh'] == 'on')
/* make sure alert file exists */
if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) {
- exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_{$suricata_uuid}");
- if (file_exists("/tmp/alerts_{$suricata_uuid}")) {
+ exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_suricata{$suricata_uuid}");
+ if (file_exists("/tmp/alerts_suricata{$suricata_uuid}")) {
$tmpblocked = array_flip(suricata_get_blocked_ips());
$counter = 0;
/* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
/* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */
- $fd = fopen("/tmp/alerts_{$suricata_uuid}", "r");
+ $fd = fopen("/tmp/alerts_suricata{$suricata_uuid}", "r");
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
if(count($fields) < 12)
continue;
+ // Create a DateTime object from the event timestamp that
+ // we can use to easily manipulate output formats.
+ $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]);
+
+ // Check the 'CATEGORY' field for the text "(null)" and
+ // substitute "Not Assigned".
+ if ($fields[6] == "(null)")
+ $fields[6] = "Not Assigned";
+
/* Time */
- $alert_time = substr($fields[0], strpos($fields[0], '-')+1, -7);
+ $alert_time = date_format($event_tm, "H:i:s");
/* Date */
- $alert_date = trim(substr($fields[0], 0, strpos($fields[0], '-')));
+ $alert_date = date_format($event_tm, "m/d/Y");
/* Description */
$alert_descr = $fields[5];
$alert_descr_url = urlencode($fields[5]);
@@ -457,7 +469,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
/* Protocol */
$alert_proto = $fields[8];
/* IP SRC */
- $alert_ip_src = $fields[9];
+ $alert_ip_src = inet_ntop(inet_pton($fields[9]));
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_src = str_replace(":", ":&#8203;", $alert_ip_src);
/* Add Reverse DNS lookup icons */
@@ -470,24 +482,23 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
/* Add icons for auto-adding to Suppress List if appropriate */
if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) &&
!isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) {
- $alert_ip_src .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_srcip&sidid={$fields[3]}&gen_id={$fields[2]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[9])) . "'>";
- $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'></a>";
+ $alert_ip_src .= "&nbsp;&nbsp;<input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[9]}','{$alert_descr}');\" ";
+ $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'/>";
}
elseif (isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) {
$alert_ip_src .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
$alert_ip_src .= "title='" . gettext("This alert track by_src IP is already in the Suppress List") . "'/>";
}
/* Add icon for auto-removing from Blocked Table if required */
- if (isset($tmpblocked[$fields[9]])) {
- $alert_ip_src .= "&nbsp;";
- $alert_ip_src .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[9])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
- }
+// if (isset($tmpblocked[$fields[9]])) {
+// $alert_ip_src .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" ";
+// $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
+// }
/* IP SRC Port */
$alert_src_p = $fields[10];
/* IP Destination */
- $alert_ip_dst = $fields[11];
+ $alert_ip_dst = inet_ntop(inet_pton($fields[11]));
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_dst = str_replace(":", ":&#8203;", $alert_ip_dst);
/* Add Reverse DNS lookup icons */
@@ -499,29 +510,28 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
$alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
/* Add icons for auto-adding to Suppress List if appropriate */
if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) &&
- !isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[1]])) {
- $alert_ip_dst .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_dstip&sidid={$fields[3]}&gen_id={$fields[2]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[11])) . "'>";
- $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'></a>";
+ !isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) {
+ $alert_ip_dst .= "&nbsp;&nbsp;<input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[11]}','{$alert_descr}');\" ";
+ $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>";
}
elseif (isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) {
$alert_ip_dst .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
$alert_ip_dst .= "title='" . gettext("This alert track by_dst IP is already in the Suppress List") . "'/>";
}
/* Add icon for auto-removing from Blocked Table if required */
- if (isset($tmpblocked[$fields[11]])) {
- $alert_ip_dst .= "&nbsp;";
- $alert_ip_dst .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[11])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
- }
+// if (isset($tmpblocked[$fields[11]])) {
+// $alert_ip_src .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" ";
+// $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
+// }
/* IP DST Port */
$alert_dst_p = $fields[12];
/* SID */
$alert_sid_str = "{$fields[2]}:{$fields[3]}";
if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3])) {
- $sidsupplink = "<a href='?instance={$instanceid}&act=addsuppress&sidid={$fields[3]}&gen_id={$fields[2]}&descr={$alert_descr_url}'>";
- $sidsupplink .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'></a>";
+ $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','{$alert_descr}');\" ";
+ $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>";
}
else {
$sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -529,14 +539,14 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
}
/* Add icon for toggling rule state */
if (isset($disablesid[$fields[2]][$fields[3]])) {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[3]}&gen_id={$fields[2]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>";
}
else {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[3]}&gen_id={$fields[2]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>";
}
/* DESCRIPTION */
$alert_class = $fields[6];
@@ -546,18 +556,18 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
<td class='listr' align='center'>{$alert_priority}</td>
<td class='listr' align='center'>{$alert_proto}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td>
- <td class='listr' align='center'>{$alert_ip_src}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[9]}'>{$alert_ip_src}</td>
<td class='listr' align='center'>{$alert_src_p}</td>
- <td class='listr' align='center'>{$alert_ip_dst}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[11]}'>{$alert_ip_dst}</td>
<td class='listr' align='center'>{$alert_dst_p}</td>
- <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[3]}'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td>
</tr>\n";
$counter++;
}
fclose($fd);
- @unlink("/tmp/alerts_{$suricata_uuid}");
+ @unlink("/tmp/alerts_suricata{$suricata_uuid}");
}
}
?>
@@ -573,6 +583,21 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
<?php
include("fend.inc");
?>
-
+<script type="text/javascript">
+function encRuleSig(rulegid,rulesid,srcip,ruledescr) {
+
+ // This function stuffs the passed GID, SID
+ // and other values into hidden Form Fields
+ // for postback.
+ if (typeof srcipip == "undefined")
+ var srcipip = "";
+ if (typeof ruledescr == "undefined")
+ var ruledescr = "";
+ document.getElementById("sidid").value = rulesid;
+ document.getElementById("gen_id").value = rulegid;
+ document.getElementById("ip").value = srcip;
+ document.getElementById("descr").value = ruledescr;
+}
+</script>
</body>
</html>
diff --git a/config/suricata/suricata_alerts.widget.php b/config/suricata/suricata_alerts.widget.php
new file mode 100644
index 00000000..fabb9314
--- /dev/null
+++ b/config/suricata/suricata_alerts.widget.php
@@ -0,0 +1,213 @@
+<?php
+/*
+ suricata_alerts.widget.php
+ Copyright (C) 2009 Jim Pingle
+ mod 24-07-2012
+ mod 28-02-2014 for use with Suricata by Bill Meeks
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$nocsrf = true;
+
+require_once("guiconfig.inc");
+require_once("/usr/local/www/widgets/include/widget-suricata.inc");
+
+global $config, $g;
+
+/* Retrieve Suricata configuration */
+if (!is_array($config['installedpackages']['suricata']['rule']))
+ $config['installedpackages']['suricata']['rule'] = array();
+$a_instance = &$config['installedpackages']['suricata']['rule'];
+
+/* array sorting */
+function sksort(&$array, $subkey="id", $sort_ascending=false) {
+ /* an empty array causes sksort to fail - this test alleviates the error */
+ if(empty($array))
+ return false;
+ if (count($array)){
+ $temp_array[key($array)] = array_shift($array);
+ };
+ foreach ($array as $key => $val){
+ $offset = 0;
+ $found = false;
+ foreach ($temp_array as $tmp_key => $tmp_val) {
+ if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) {
+ $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset));
+ $found = true;
+ };
+ $offset++;
+ };
+ if (!$found) $temp_array = array_merge($temp_array, array($key => $val));
+ };
+
+ if ($sort_ascending) {
+ $array = array_reverse($temp_array);
+ } else $array = $temp_array;
+ /* below is the complement for empty array test */
+ return true;
+};
+
+/* check if firewall widget variable is set */
+$nentries = $config['widgets']['widget_suricata_display_lines'];
+if (!isset($nentries) || $nentries < 0)
+ $nentries = 5;
+
+// Called by Ajax to update alerts table contents
+if (isset($_GET['getNewAlerts'])) {
+ $response = "";
+ $suri_alerts = suricata_widget_get_alerts();
+ $counter = 0;
+ foreach ($suri_alerts as $a) {
+ $response .= $a['instanceid'] . " " . $a['dateonly'] . "||" . $a['timeonly'] . "||" . $a['src'] . ":" . $a['srcport'] . "||";
+ $response .= $a['dst'] . ":" . $a['dstport'] . "||" . $a['priority'] . "||" . $a['category'] . "\n";
+ $counter++;
+ if($counter >= $nentries)
+ break;
+ }
+ echo $response;
+ return;
+}
+
+if(isset($_POST['widget_suricata_display_lines'])) {
+ $config['widgets']['widget_suricata_display_lines'] = $_POST['widget_suricata_display_lines'];
+ write_config("Saved Suricata Alerts Widget Displayed Lines Parameter via Dashboard");
+ header("Location: ../../index.php");
+}
+
+// Read "$nentries" worth of alerts from the top of the alerts.log file
+function suricata_widget_get_alerts() {
+
+ global $config, $a_instance, $nentries;
+ $suricata_alerts = array();
+
+ /* read log file(s) */
+ $counter=0;
+ foreach ($a_instance as $instanceid => $instance) {
+ $suricata_uuid = $a_instance[$instanceid]['uuid'];
+ $if_real = get_real_interface($a_instance[$instanceid]['interface']);
+
+ // make sure alert file exists, then grab the most recent {$nentries} from it
+ // and write them to a temp file.
+ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) {
+ exec("tail -{$nentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/surialerts_{$suricata_uuid}");
+ if (file_exists("/tmp/surialerts_{$suricata_uuid}")) {
+
+ /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
+ /* File format: timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */
+ $fd = fopen("/tmp/surialerts_{$suricata_uuid}", "r");
+ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
+ if(count($fields) < 12)
+ continue;
+
+ // Create a DateTime object from the event timestamp that
+ // we can use to easily manipulate output formats.
+ $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]);
+
+ // Check the 'CATEGORY' field for the text "(null)" and
+ // substitute "No classtype defined".
+ if ($fields[6] == "(null)")
+ $fields[6] = "No classtype assigned";
+
+ $suricata_alerts[$counter]['instanceid'] = strtoupper($a_instance[$instanceid]['interface']);
+ $suricata_alerts[$counter]['timestamp'] = strval(date_timestamp_get($event_tm));
+ $suricata_alerts[$counter]['timeonly'] = date_format($event_tm, "H:i:s");
+ $suricata_alerts[$counter]['dateonly'] = date_format($event_tm, "M d");
+ $suricata_alerts[$counter]['src'] = inet_ntop(inet_pton($fields[9]));
+ $suricata_alerts[$counter]['srcport'] = $fields[10];
+ $suricata_alerts[$counter]['dst'] = inet_ntop(inet_pton($fields[11]));
+ $suricata_alerts[$counter]['dstport'] = $fields[12];
+ $suricata_alerts[$counter]['priority'] = $fields[7];
+ $suricata_alerts[$counter]['category'] = $fields[6];
+ $counter++;
+ };
+ fclose($fd);
+ @unlink("/tmp/surialerts_{$suricata_uuid}");
+ };
+ };
+ };
+
+ // Sort the alerts in descending order
+ sksort($suricata_alerts, 'timestamp', false);
+
+ return $suricata_alerts;
+}
+
+/* display the result */
+?>
+
+<script type="text/javascript">
+//<![CDATA[
+var suricataupdateDelay = 20000;
+var isBusy = false;
+var isPaused = false;
+var nentries = <?php echo $nentries; ?>;
+//]]>
+</script>
+
+<input type="hidden" id="suricata_alerts-config" name="suricata_alerts-config" value=""/>
+<div id="suricata_alerts-settings" class="widgetconfigdiv" style="display:none;">
+ <form action="/widgets/widgets/suricata_alerts.widget.php" method="post" name="iformd">
+ Enter number of recent alerts to display (default is 5)<br/>
+ <input type="text" size="5" name="widget_suricata_display_lines" class="formfld unknown" id="widget_suricata_display_lines" value="<?= $config['widgets']['widget_suricata_display_lines'] ?>" />
+ &nbsp;&nbsp;<input id="submitd" name="submitd" type="submit" class="formbtn" value="Save" />
+ </form>
+</div>
+
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+ <thead>
+ <tr class="suricata-alert-header">
+ <td width="22%" class="widgetsubheader" align="center">IF/Date</td>
+ <td width="39%" class="widgetsubheader" align="center">Src/Dst</td>
+ <td width="39%" class="widgetsubheader" align="center">Details</td>
+ </tr>
+ </thead>
+ <tbody id="suricata-alert-entries">
+ <?php
+ $suricata_alerts = suricata_widget_get_alerts($nentries);
+ $counter=0;
+ if (is_array($suricata_alerts)) {
+ foreach ($suricata_alerts as $alert) {
+ $evenRowClass = $counter % 2 ? " listMReven" : " listMRodd";
+ echo(" <tr class='" . $evenRowClass . "'>
+ <td width='22%' class='listMRr' nowrap>" . $alert['instanceid'] . " " . $alert['dateonly'] . "<br/>" . $alert['timeonly'] . "</td>
+ <td width='39%' class='listMRr'>" . $alert['src'] . ":" . $alert['srcport'] . "<br>" . $alert['dst'] . ":" . $alert['dstport'] . "</td>
+ <td width='39%' class='listMRr'>Priority: " . $alert['priority'] . "<br/>" . $alert['category'] . "</td></tr>");
+ $counter++;
+ if($counter >= $nentries)
+ break;
+ }
+ }
+ ?>
+ </tbody>
+</table>
+
+<!-- needed to display the widget settings menu -->
+<script type="text/javascript">
+//<![CDATA[
+ selectIntLink = "suricata_alerts-configure";
+ textlink = document.getElementById(selectIntLink);
+ textlink.style.display = "inline";
+//]]>
+
+</script>
+
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 0be45c32..e8f20226 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -37,10 +36,8 @@ global $g, $rebuild_rules;
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id = 0;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
@@ -51,10 +48,21 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item']))
$config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array();
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
$a_nat = &$config['installedpackages']['suricata']['rule'];
$libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']);
+// Build a lookup array of currently used engine 'bind_to' Aliases
+// so we can screen matching Alias names from the list.
+$used = array();
+foreach ($a_nat[$id]['libhtp_policy']['item'] as $v)
+ $used[$v['bind_to']] = true;
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* Get current values from config for page form fields */
@@ -78,29 +86,143 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy'];
}
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+// Check for "import or select alias mode" and set flags if TRUE.
+// "selectalias", when true, displays radio buttons to limit
+// multiple selections.
+if ($_POST['import_alias']) {
+ $importalias = true;
+ $selectalias = false;
+ $title = "HTTP Server Policy";
}
-
-if ($_GET['act'] && isset($_GET['eng_id'])) {
-
+elseif ($_POST['select_alias']) {
+ $importalias = true;
+ $selectalias = true;
+ $title = "HTTP Server Policy";
+
+ // Preserve current Libhtp Policy Engine settings
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['policy_name'];
+ $eng_bind = $_POST['policy_bind_to'];
+ $eng_personality = $_POST['personality'];
+ $eng_req_body_limit = $_POST['req_body_limit'];
+ $eng_resp_body_limit = $_POST['resp_body_limit'];
+ $eng_enable_double_decode_path = $_POST['enable_double_decode_path'];
+ $eng_enable_double_decode_query = $_POST['enable_double_decode_query'];
+ $mode = "add_edit_libhtp_policy";
+}
+if ($_POST['save_libhtp_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $eng_id = $_POST['eng_id'];
+
+ // Grab all the POST values and save in new temp array
+ $engine = array();
+ $policy_name = trim($_POST['policy_name']);
+ if ($policy_name) {
+ $engine['name'] = $policy_name;
+ }
+ else
+ $input_errors[] = gettext("The 'Policy Name' value cannot be blank.");
+
+ if ($_POST['policy_bind_to']) {
+ if (is_alias($_POST['policy_bind_to']))
+ $engine['bind_to'] = $_POST['policy_bind_to'];
+ elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
+ $engine['bind_to'] = "all";
+ else
+ $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
+ }
+ else
+ $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
+
+ if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "bsd"; }
+
+ if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0)
+ $engine['request-body-limit'] = $_POST['req_body_limit'];
+ else
+ $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero.");
+
+ if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0)
+ $engine['response-body-limit'] = $_POST['resp_body_limit'];
+ else
+ $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero.");
+
+ if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; }
+ if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; }
+
+ // Can only have one "all" Bind_To address
+ if ($engine['bind_to'] == "all" && $engine['name'] <> "default")
+ $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ if (isset($eng_id) && $a_nat[$id]['libhtp_policy']['item'][$eng_id]) {
+ $a_nat[$id]['libhtp_policy']['item'][$eng_id] = $engine;
+ }
+ else
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+
+ /* Reorder the engine array to ensure the */
+ /* 'bind_to=all' entry is at the bottom */
+ /* if it contains more than one entry. */
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ /* Only relocate the entry if we */
+ /* found it, and it's not already */
+ /* at the end. */
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ }
+
+ // Now write the new engine array to conf
+ write_config();
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
+ }
+ else {
+ $add_edit_libhtp_policy = true;
+ $pengcfg = $engine;
+ }
+ }
+}
+elseif ($_POST['add_libhtp_policy']) {
+ $add_edit_libhtp_policy = true;
+ $pengcfg = array( "name" => "engine_{$libhtp_engine_next_id}", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+ $eng_id = $libhtp_engine_next_id;
+}
+elseif ($_POST['edit_libhtp_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $add_edit_libhtp_policy = true;
+ $eng_id = $_POST['eng_id'];
+ $pengcfg = $a_nat[$id]['libhtp_policy']['item'][$eng_id];
+ }
+}
+elseif ($_POST['del_libhtp_policy']) {
$natent = array();
$natent = $pconfig;
- if ($_GET['act'] == "del_libhtp_policy")
- unset($natent['libhtp_policy']['item'][$_GET['eng_id']]);
-
+ if ($_POST['eng_id'] != "") {
+ unset($natent['libhtp_policy']['item'][$_POST['eng_id']]);
+ $pconfig = $natent;
+ }
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
-
- header("Location: /suricata/suricata_app_parsers.php?id=$id");
- exit;
}
-
-if ($_POST['ResetAll']) {
+elseif ($_POST['cancel_libhtp_policy']) {
+ $add_edit_libhtp_policy = false;
+}
+elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
$pconfig['asn1_max_frames'] = "256";
@@ -108,7 +230,111 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+elseif ($_POST['save_import_alias']) {
+ // If saving out of "select alias" mode,
+ // then return to Libhtp Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_libhtp_policy') {
+ $pengcfg = array();
+ $eng_id = $_POST['eng_id'];
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['personality'] = $_POST['eng_personality'];
+ $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit'];
+ $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit'];
+ $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path'];
+ $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query'];
+ $add_edit_libhtp_policy = true;
+ $mode = "add_edit_libhtp_policy";
+
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) {
+ $pengcfg['bind_to'] = $_POST['aliastoimport'][0];
+ $importalias = false;
+ $selectalias = false;
+ }
+ else {
+ $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE.");
+ $importalias = true;
+ $selectalias = true;
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['eng_name'];
+ $eng_bind = $_POST['eng_bind'];
+ $eng_personality = $_POST['eng_personality'];
+ $eng_req_body_limit = $_POST['eng_req_body_limit'];
+ $eng_resp_body_limit = $_POST['eng_resp_body_limit'];
+ $eng_enable_double_decode_path = $_POST['eng_enable_double_decode_path'];
+ $eng_enable_double_decode_query = $_POST['eng_enable_double_decode_query'];
+ }
+ }
+ else {
+ $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
+ }
+
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ }
+ }
+}
+elseif ($_POST['cancel_import_alias']) {
+ $importalias = false;
+ $selectalias = false;
+ $eng_id = $_POST['eng_id'];
+
+ // If cancelling out of "select alias" mode,
+ // then return to Libhtp Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_libhtp_policy') {
+ $pengcfg = array();
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['personality'] = $_POST['eng_personality'];
+ $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit'];
+ $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit'];
+ $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path'];
+ $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query'];
+ $add_edit_libhtp_policy = true;
+ }
+}
+elseif ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -122,15 +348,14 @@ elseif ($_POST['Submit']) {
/**************************************************/
/* If we have a valid rule ID, save configuration */
- /* then update the suricata.conf file and rebuild */
- /* the rules for this interface. */
+ /* then update the suricata.conf file for this */
+ /* interface. */
/**************************************************/
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
- $rebuild_rules = true;
- suricata_generate_yaml($natent);
$rebuild_rules = false;
+ suricata_generate_yaml($natent);
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -149,29 +374,19 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
-
+<?php include("fbegin.inc");
+ /* Display error or save message */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
-
if ($savemsg) {
print_info_box($savemsg);
}
-
?>
-<script type="text/javascript" src="/javascript/autosuggest.js">
-</script>
-<script type="text/javascript" src="/javascript/suggestions.js">
-</script>
-
-<form action="suricata_app_parsers.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="suricata_app_parsers.php" method="post" name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -179,9 +394,9 @@ include_once("head.inc");
$tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td>';
@@ -198,6 +413,25 @@ include_once("head.inc");
?>
</td></tr>
<tr><td><div id="mainarea">
+
+<?php if ($importalias) : ?>
+ <?php include("/usr/local/www/suricata/suricata_import_aliases.php");
+ if ($selectalias) {
+ echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>';
+ echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>';
+ echo '<input type="hidden" name="eng_personality" value="' . $eng_personality . '"/>';
+ echo '<input type="hidden" name="eng_req_body_limit" value="' . $eng_req_body_limit . '"/>';
+ echo '<input type="hidden" name="eng_resp_body_limit" value="' . $eng_resp_body_limit . '"/>';
+ echo '<input type="hidden" name="eng_enable_double_decode_path" value="' . $eng_enable_double_decode_path . '"/>';
+ echo '<input type="hidden" name="eng_enable_double_decode_query" value="' . $eng_enable_double_decode_query . '"/>';
+ }
+ ?>
+
+<?php elseif ($add_edit_libhtp_policy) : ?>
+ <?php include("/usr/local/www/suricata/suricata_libhtp_policy_engine.php"); ?>
+
+<?php else: ?>
+
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
@@ -231,25 +465,23 @@ include_once("head.inc");
<tr>
<th class="listhdrr" axis="string"><?php echo gettext("Name");?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
- <th class="list" align="right"><a href="suricata_import_aliases.php?id=<?=$id?>&eng=libhtp_policy">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"></a>
- <a href="suricata_libhtp_policy_engine.php?id=<?=$id?>&eng_id=<?=$libhtp_engine_next_id?>">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></a></th>
+ <th class="list" align="right"><input type="image" name="import_alias[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"/>
+ <input type="image" name="add_libhtp_policy[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></th>
</tr>
</thead>
<?php foreach ($pconfig['libhtp_policy']['item'] as $f => $v): ?>
<tr>
<td class="listlr" align="left"><?=gettext($v['name']);?></td>
<td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
- <td class="listt" align="right"><a href="suricata_libhtp_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
+ <td class="listt" align="right"><input type="image" name="edit_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"/>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="suricata_app_parsers.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_libhtp_policy" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this server configuration");?>"></a>
+ <input type="image" name="del_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this server configuration");?>">
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default server configuration cannot be deleted");?>">
@@ -263,9 +495,9 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save flow and stream settings"); ?>">
- <input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
+ &nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" .
gettext("WARNING: This will reset ALL App Parsers settings to their defaults. Click OK to continue or CANCEL to quit.") .
@@ -278,26 +510,12 @@ include_once("head.inc");
<?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td>
</tr>
</table>
+
+<?php endif; ?>
+
</div>
</td></tr></table>
</form>
-<script type="text/javascript">
-function wopen(url, name, w, h)
-{
- // Fudge factors for window decoration space.
- // In my tests these work well on all platforms & browsers.
- w += 32;
- h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
index f0bdbd17..e1ae892e 100644
--- a/config/suricata/suricata_barnyard.php
+++ b/config/suricata/suricata_barnyard.php
@@ -46,8 +46,8 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
$a_nat = &$config['installedpackages']['suricata']['rule'];
$pconfig = array();
+
if (isset($id) && $a_nat[$id]) {
- /* old options */
$pconfig = $a_nat[$id];
if (!empty($a_nat[$id]['barnconfigpassthru']))
$pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
@@ -69,28 +69,20 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['barnyard_syslog_facility'] = "LOG_USER";
if (empty($a_nat[$id]['barnyard_syslog_priority']))
$pconfig['barnyard_syslog_priority'] = "LOG_INFO";
+ if (empty($a_nat[$id]['barnyard_bro_ids_dport']))
+ $pconfig['barnyard_bro_ids_dport'] = "47760";
if (empty($a_nat[$id]['barnyard_sensor_name']))
$pconfig['barnyard_sensor_name'] = php_uname("n");
}
-if (isset($_GET['dup']))
- unset($id);
-
-if ($_POST) {
-
- foreach ($a_nat as $natent) {
- if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
- continue;
- if ($natent['interface'] != $_POST['interface'])
- $input_error[] = "This interface has already an instance defined";
- }
-
+if ($_POST['save']) {
// Check that at least one output plugin is enabled
- if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on')
+ if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' &&
+ $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on")
$input_errors[] = gettext("You must enable at least one output option when using Barnyard2.");
// Validate inputs if MySQL database loggging enabled
- if ($_POST['barnyard_mysql_enable'] == 'on') {
+ if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
if (empty($_POST['barnyard_dbhost']))
$input_errors[] = gettext("Please provide a valid hostname or IP address for the MySQL database host.");
if (empty($_POST['barnyard_dbname']))
@@ -100,13 +92,22 @@ if ($_POST) {
}
// Validate inputs if syslog output enabled
- if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_syslog_local'] <> 'on') {
+ if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_syslog_local'] <> 'on' &&
+ $_POST['barnyard_enable'] == "on") {
if (empty($_POST['barnyard_syslog_dport']) || !is_numeric($_POST['barnyard_syslog_dport']))
$input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Syslog Remote Port.");
if (empty($_POST['barnyard_syslog_rhost']))
$input_errors[] = gettext("Please provide a valid hostname or IP address for the Syslog Remote Host.");
}
+ // Validate inputs if Bro-IDS output enabled
+ if ($_POST['barnyard_bro_ids_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_bro_ids_dport']) || !is_numeric($_POST['barnyard_bro_ids_dport']))
+ $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Bro-IDS Remote Port.");
+ if (empty($_POST['barnyard_bro_ids_rhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the Bro-IDS Remote Host.");
+ }
+
// if no errors write to conf
if (!$input_errors) {
$natent = array();
@@ -121,6 +122,7 @@ if ($_POST) {
$natent['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'] ? 'on' : 'off';
$natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off';
$natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off';
+ $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off';
$natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
$natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
@@ -133,23 +135,30 @@ if ($_POST) {
if ($_POST['barnyard_syslog_dport']) $natent['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; else $natent['barnyard_syslog_dport'] = '514';
if ($_POST['barnyard_syslog_facility']) $natent['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; else $natent['barnyard_syslog_facility'] = 'LOG_USER';
if ($_POST['barnyard_syslog_priority']) $natent['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; else $natent['barnyard_syslog_priority'] = 'LOG_INFO';
+ if ($_POST['barnyard_bro_ids_rhost']) $natent['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; else unset($natent['barnyard_bro_ids_rhost']);
+ if ($_POST['barnyard_bro_ids_dport']) $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; else $natent['barnyard_bro_ids_dport'] = '47760';
if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']);
- if (isset($id) && $a_nat[$id])
- $a_nat[$id] = $natent;
- else {
- $a_nat[] = $natent;
- }
-
+ $a_nat[$id] = $natent;
write_config();
- // No need to rebuild rules if just toggling Barnyard2 on or off
+ // No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
sync_suricata_package_config();
- // Signal any running barnyard2 instance on this interface to
- // reload its configuration to pick up any changes made.
- suricata_barnyard_reload_config($a_nat[$id], "HUP");
+ // If disabling Barnyard2 on the interface, stop any
+ // currently running instance. If an instance is
+ // running, signal it to reload the configuration.
+ // If Barnyard2 is enabled but not running, start it.
+ if ($a_nat[$id]['barnyard_enable'] == "off") {
+ suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
+ }
+ elseif ($a_nat[$id]['barnyard_enable'] == "on") {
+ if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2"))
+ suricata_barnyard_reload_config($a_nat[$id], "HUP");
+ else
+ suricata_barnyard_start($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
+ }
// after click go to this page
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -160,6 +169,33 @@ if ($_POST) {
header("Location: suricata_barnyard.php?id=$id");
exit;
}
+ else {
+ // We had errors, so save incoming field data to prevent retyping
+ $pconfig['barnyard_enable'] = $_POST['barnyard_enable'];
+ $pconfig['barnyard_show_year'] = $_POST['barnyard_show_year'];
+ $pconfig['barnyard_archive_enable'] = $_POST['barnyard_archive_enable'];
+ $pconfig['barnyard_dump_payload'] = $_POST['barnyard_dump_payload'];
+ $pconfig['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip'];
+ $pconfig['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'];
+ $pconfig['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'];
+ $pconfig['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'];
+ $pconfig['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
+ $pconfig['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
+ $pconfig['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'];
+
+ $pconfig['barnyard_sensor_name'] = $_POST['barnyard_sensor_name'];
+ $pconfig['barnyard_dbhost'] = $_POST['barnyard_dbhost'];
+ $pconfig['barnyard_dbname'] = $_POST['barnyard_dbname'];
+ $pconfig['barnyard_dbuser'] = $_POST['barnyard_dbuser'];
+ $pconfig['barnyard_dbpwd'] = $_POST['barnyard_dbpwd'];
+ $pconfig['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost'];
+ $pconfig['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport'];
+ $pconfig['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility'];
+ $pconfig['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority'];
+ $pconfig['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost'];
+ $pconfig['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport'];
+ $pconfig['barnconfigpassthru'] = $_POST['barnconfigpassthru'];
+ }
}
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
@@ -169,10 +205,8 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+<?php include("fbegin.inc");
-<?php
/* Display Alert message */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
@@ -182,10 +216,9 @@ include_once("head.inc");
print_info_box($savemsg);
}
- ?>
+?>
-<form action="suricata_barnyard.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="suricata_barnyard.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -195,7 +228,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -261,7 +294,6 @@ include_once("head.inc");
&nbsp;<?php echo gettext("Unique name to use for this sensor."); ?>
</td>
</tr>
- </tr>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Database Output Settings"); ?></td>
</tr>
@@ -272,6 +304,7 @@ include_once("head.inc");
onClick="toggle_mySQL()"/><?php echo gettext("Enable logging of alerts to a MySQL database instance"); ?><br/>
<?php echo gettext("You will also have to provide the database credentials in the fields below."); ?></td>
</tr>
+ <tbody id="mysql_config_rows">
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Database Host"); ?></td>
<td width="78%" class="vtable">
@@ -304,6 +337,7 @@ include_once("head.inc");
&nbsp;<?php echo gettext("Password for the MySQL database user"); ?>
</td>
</tr>
+ </tbody>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td>
</tr>
@@ -315,6 +349,7 @@ include_once("head.inc");
<?php echo gettext("Enable logging of alerts to a syslog receiver"); ?><br/>
<?php echo gettext("This will send alert data to either a local or remote syslog receiver."); ?></td>
</tr>
+ <tbody id="syslog_config_rows">
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Operation Mode"); ?></td>
<td width="78%" class="vtable">
@@ -395,6 +430,36 @@ include_once("head.inc");
<?php echo gettext("Select Syslog Priority (Level) to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?>
</td>
</tr>
+ </tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Bro-IDS Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Bro-IDS"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_bro_ids_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_bro_ids()"/>
+ <?php echo gettext("Enable logging of alerts to a Bro-IDS receiver"); ?><br/>
+ <?php echo gettext("This will send alert data to either a local or remote Bro-IDS receiver."); ?></td>
+ </tr>
+ <tbody id="bro_ids_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_rhost" type="text" class="formfld host"
+ id="barnyard_bro_ids_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_rhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of remote Bro-IDS host"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_dport" type="text" class="formfld unknown"
+ id="barnyard_bro_ids_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_dport']);?>"/>
+ &nbsp;<?php echo gettext("Port number for Bro-IDS instance on remote host. Default is ") . "<strong>" . gettext("47760") . "</strong>."; ?>
+ </td>
+ </tr>
+ </tbody>
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Advanced Settings"); ?></td>
</tr>
@@ -410,7 +475,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save">
+ <input name="save" type="submit" class="formbtn" value="Save">
<input name="id" type="hidden" value="<?=$id;?>"> </td>
</tr>
<tr>
@@ -435,6 +500,11 @@ function toggle_mySQL() {
document.iform.barnyard_dbname.disabled = endis;
document.iform.barnyard_dbuser.disabled = endis;
document.iform.barnyard_dbpwd.disabled = endis;
+
+ if (endis)
+ document.getElementById("mysql_config_rows").style.display = "none";
+ else
+ document.getElementById("mysql_config_rows").style.display = "";
}
function toggle_syslog() {
@@ -449,6 +519,11 @@ function toggle_syslog() {
document.iform.barnyard_syslog_proto_tcp.disabled = endis;
document.iform.barnyard_syslog_facility.disabled = endis;
document.iform.barnyard_syslog_priority.disabled = endis;
+
+ if (endis)
+ document.getElementById("syslog_config_rows").style.display = "none";
+ else
+ document.getElementById("syslog_config_rows").style.display = "";
}
function toggle_local_syslog() {
@@ -464,6 +539,18 @@ function toggle_local_syslog() {
}
}
+function toggle_bro_ids() {
+ var endis = !document.iform.barnyard_bro_ids_enable.checked;
+
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
+
+ if (endis)
+ document.getElementById("bro_ids_config_rows").style.display = "none";
+ else
+ document.getElementById("bro_ids_config_rows").style.display = "";
+}
+
function enable_change(enable_change) {
endis = !(document.iform.barnyard_enable.checked || enable_change);
// make sure a default answer is called if this is invoked.
@@ -488,6 +575,9 @@ function enable_change(enable_change) {
document.iform.barnyard_syslog_proto_tcp.disabled = endis;
document.iform.barnyard_syslog_facility.disabled = endis;
document.iform.barnyard_syslog_priority.disabled = endis;
+ document.iform.barnyard_bro_ids_enable.disabled = endis;
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
document.iform.barnconfigpassthru.disabled = endis;
}
@@ -495,6 +585,7 @@ enable_change(false);
toggle_mySQL();
toggle_syslog();
toggle_local_syslog();
+toggle_bro_ids();
</script>
diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc
index 88dfd5ff..2fdc7832 100644
--- a/config/suricata/suricata_check_cron_misc.inc
+++ b/config/suricata/suricata_check_cron_misc.inc
@@ -68,7 +68,7 @@ if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB
/* Clean-up the logs for each configured Suricata instance */
foreach ($config['installedpackages']['suricata']['rule'] as $value) {
- $if_real = suricata_get_real_interface($value['interface']);
+ $if_real = get_real_interface($value['interface']);
$suricata_uuid = $value['uuid'];
$suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})..."));
diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php
index 9aa14f6e..3cf6b84b 100644
--- a/config/suricata/suricata_check_for_rule_updates.php
+++ b/config/suricata/suricata_check_for_rule_updates.php
@@ -431,17 +431,27 @@ if ($emergingthreats == 'on') {
array_map('unlink', glob("{$suricatadir}rules/{$eto_prefix}*ips.txt"));
array_map('unlink', glob("{$suricatadir}rules/{$etpro_prefix}*ips.txt"));
- // The code below renames ET-Pro files with a prefix, so we
+ // The code below renames ET files with a prefix, so we
// skip renaming the Suricata default events rule files
- // that are also bundled in the ET-Pro rules.
- $default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules" );
+ // that are also bundled in the ET rules.
+ $default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" );
$files = glob("{$tmpfname}/emerging/rules/*.rules");
+ // Determine the correct prefix to use based on which
+ // Emerging Threats rules package is enabled.
+ if ($etpro == "on")
+ $prefix = ET_PRO_FILE_PREFIX;
+ else
+ $prefix = ET_OPEN_FILE_PREFIX;
foreach ($files as $file) {
$newfile = basename($file);
- if ($etpro == "on" && !in_array($newfile, $default_rules))
- @copy($file, "{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "{$newfile}");
- else
+ if (in_array($newfile, $default_rules))
@copy($file, "{$suricatadir}rules/{$newfile}");
+ else {
+ if (strpos($newfile, $prefix) === FALSE)
+ @copy($file, "{$suricatadir}rules/{$prefix}{$newfile}");
+ else
+ @copy($file, "{$suricatadir}rules/{$newfile}");
+ }
}
/* IP lists for Emerging Threats rules */
$files = glob("{$tmpfname}/emerging/rules/*ips.txt");
@@ -646,17 +656,38 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
$rebuild_rules = false;
/* Restart Suricata if already running and we are not rebooting to pick up the new rules. */
- if (is_process_running("suricata") && !$g['booting']) {
- if ($pkg_interface <> "console") {
- update_status(gettext('Restarting Suricata to activate the new set of rules...'));
- update_output_window(gettext("Please wait ... restarting Suricata will take some time..."));
+ if (is_process_running("suricata") && !$g['booting'] &&
+ !empty($config['installedpackages']['suricata']['rule'])) {
+
+ // See if "Live Reload" is configured and signal each Suricata instance
+ // if enabled, else just do a hard restart of all the instances.
+ if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates'] == 'on') {
+ if ($pkg_interface <> "console") {
+ update_status(gettext('Signalling Suricata to live-load the new set of rules...'));
+ update_output_window(gettext("Please wait ... the process should complete in a few seconds..."));
+ }
+ log_error(gettext("[Suricata] Live-Reload of rules from auto-update is enabled..."));
+ error_log(gettext("\tLive-Reload of updated rules is enabled...\n"), 3, $suricata_rules_upd_log);
+ foreach ($config['installedpackages']['suricata']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ suricata_reload_config($value);
+ error_log(gettext("\tLive swap of updated rules requested for " . convert_friendly_interface_to_friendly_descr($value['interface']) . ".\n"), 3, $suricata_rules_upd_log);
+ }
+ log_error(gettext("[Suricata] Live-Reload of updated rules completed..."));
+ error_log(gettext("\tLive-Reload of the updated rules is complete.\n"), 3, $suricata_rules_upd_log);
+ }
+ else {
+ if ($pkg_interface <> "console") {
+ update_status(gettext('Restarting Suricata to activate the new set of rules...'));
+ update_output_window(gettext("Please wait ... restarting Suricata will take some time..."));
+ }
+ error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, $suricata_rules_upd_log);
+ restart_service("suricata");
+ if ($pkg_interface <> "console")
+ update_output_window(gettext("Suricata has restarted with your new set of rules..."));
+ log_error(gettext("[Suricata] Suricata has restarted with your new set of rules..."));
+ error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, $suricata_rules_upd_log);
}
- error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, $suricata_rules_upd_log);
- restart_service("suricata");
- if ($pkg_interface <> "console")
- update_output_window(gettext("Suricata has restarted with your new set of rules..."));
- log_error(gettext("[Suricata] Suricata has restarted with your new set of rules..."));
- error_log(gettext("\tSuricata has restarted with your new set of rules.\n"), 3, $suricata_rules_upd_log);
}
else {
if ($pkg_interface <> "console")
@@ -666,13 +697,17 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules =
// Remove old $tmpfname files
if (is_dir("{$tmpfname}")) {
- if ($pkg_interface <> "console")
+ if ($pkg_interface <> "console") {
update_status(gettext("Cleaning up after rules extraction..."));
+ update_output_window(gettext("Removing {$tmpfname} directory..."));
+ }
exec("/bin/rm -r {$tmpfname}");
}
-if ($pkg_interface <> "console")
+if ($pkg_interface <> "console") {
update_status(gettext("The Rules update has finished..."));
+ update_output_window("");
+}
log_error(gettext("[Suricata] The Rules update has finished."));
error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, $suricata_rules_upd_log);
conf_mount_ro();
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index b1cbfee9..e130e555 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -162,7 +162,7 @@ if ($savemsg)
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php
index ecfd5f8b..6cc585c6 100644
--- a/config/suricata/suricata_download_updates.php
+++ b/config/suricata/suricata_download_updates.php
@@ -35,9 +35,6 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
$suricatadir = SURICATADIR;
$suricata_rules_upd_log = RULES_UPD_LOGFILE;
-/* load only javascript that is needed */
-$suricata_load_jquery = 'yes';
-$suricata_load_jquery_colorbox = 'yes';
$snortdownload = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'];
$emergingthreats = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'];
$etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'];
@@ -52,21 +49,48 @@ if ($etpro == "on") {
}
else {
$emergingthreats_filename = ET_DNLD_FILENAME;
- $et_name = "EMERGING THREATS RULES";
+ $et_name = "EMERGING THREATS OPEN RULES";
}
/* quick md5 chk of downloaded rules */
-$snort_org_sig_chk_local = 'N/A';
-if (file_exists("{$suricatadir}{$snort_rules_file}.md5"))
+if ($snortdownload == 'on') {
+ $snort_org_sig_chk_local = 'Not Downloaded';
+ $snort_org_sig_date = 'Not Downloaded';
+}
+else {
+ $snort_org_sig_chk_local = 'Not Enabled';
+ $snort_org_sig_date = 'Not Enabled';
+}
+if (file_exists("{$suricatadir}{$snort_rules_file}.md5")){
$snort_org_sig_chk_local = file_get_contents("{$suricatadir}{$snort_rules_file}.md5");
+ $snort_org_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$snort_rules_file}.md5"));
+}
-$emergingt_net_sig_chk_local = 'N/A';
-if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5"))
+if ($etpro == "on" || $emergingthreats == "on") {
+ $emergingt_net_sig_chk_local = 'Not Downloaded';
+ $emergingt_net_sig_date = 'Not Downloaded';
+}
+else {
+ $emergingt_net_sig_chk_local = 'Not Enabled';
+ $emergingt_net_sig_date = 'Not Enabled';
+}
+if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5")) {
$emergingt_net_sig_chk_local = file_get_contents("{$suricatadir}{$emergingthreats_filename}.md5");
+ $emergingt_net_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$emergingthreats_filename}.md5"));
+}
-$snort_community_sig_chk_local = 'N/A';
-if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5"))
+if ($snortcommunityrules == 'on') {
+ $snort_community_sig_chk_local = 'Not Downloaded';
+ $snort_community_sig_sig_date = 'Not Downloaded';
+}
+else {
+ $snort_community_sig_chk_local = 'Not Enabled';
+ $snort_community_sig_sig_date = 'Not Enabled';
+}
+if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5")) {
$snort_community_sig_chk_local = file_get_contents("{$suricatadir}{$snort_community_rules_filename}.md5");
+ $snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$suricatadir}{$snort_community_rules_filename}.md5"));
+}
/* Check for postback to see if we should clear the update log file. */
if ($_POST['clear']) {
@@ -74,7 +98,28 @@ if ($_POST['clear']) {
mwexec("/bin/rm -f {$suricata_rules_upd_log}");
}
-if ($_POST['update']) {
+if ($_POST['check']) {
+ // Go see if new updates for rule sets are available
+ header("Location: /suricata/suricata_download_rules.php");
+ exit;
+}
+
+if ($_POST['force']) {
+ // Mount file system R/W since we need to remove files
+ conf_mount_rw();
+
+ // Remove the existing MD5 signature files to force a download
+ if (file_exists("{$suricatadir}{$emergingthreats_filename}.md5"))
+ @unlink("{$suricatadir}{$emergingthreats_filename}.md5");
+ if (file_exists("{$suricatadir}{$snort_community_rules_filename}.md5"))
+ @unlink("{$suricatadir}{$snort_community_rules_filename}.md5");
+ if (file_exists("{$suricatadir}{$snort_rules_file}.md5"))
+ @unlink("{$suricatadir}{$snort_rules_file}.md5");
+
+ // Revert file system to R/O.
+ conf_mount_ro();
+
+ // Go download the updates
header("Location: /suricata/suricata_download_rules.php");
exit;
}
@@ -91,6 +136,9 @@ if ($_POST['view']&& $suricata_rules_upd_log_chk == 'yes') {
$input_errors[] = gettext("Unable to read log file: {$suricata_rules_upd_log}");
}
+if ($_POST['hide'])
+ $contents = "";
+
$pgtitle = gettext("Suricata: Update Rules Set Files");
include_once("head.inc");
?>
@@ -128,21 +176,32 @@ include_once("head.inc");
<div id="mainarea">
<table id="maintable4" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURES");?></td>
+ <td valign="top" class="listtopic" align="center"><?php echo gettext("INSTALLED RULE SET MD5 SIGNATURE");?></td>
</tr>
<tr>
<td align="center"><br/>
- <table width="100%" border="0" cellpadding="2" cellspacing="2">
+ <table width="95%" border="0" cellpadding="2" cellspacing="2">
+ <thead>
+ <tr>
+ <th class="listhdrr"><?=gettext("Rule Set Name/Vendor");?></th>
+ <th class="listhdrr"><?=gettext("MD5 Signature Hash");?></th>
+ <th class="listhdrr"><?=gettext("MD5 Signature Date");?></th>
+ </tr>
+ </thead>
<tr>
<td align="right" class="vexpl"><b><?=$et_name;?>&nbsp;&nbsp;---></b></td>
- <td class="vexpl"><? echo $emergingt_net_sig_chk_local; ?></td>
+ <td class="vexpl"><? echo trim($emergingt_net_sig_chk_local);?></td>
+ <td class="vexpl"><?php echo gettext($emergingt_net_sig_date);?></td>
</tr>
<tr>
<td align="right" class="vexpl"><b>SNORT VRT RULES&nbsp;&nbsp;---></b></td>
- <td class="vexpl"><? echo $snort_org_sig_chk_local; ?></td>
+ <td class="vexpl"><? echo trim($snort_org_sig_chk_local);?></td>
+ <td class="vexpl"><?php echo gettext($snort_org_sig_date);?></td>
</tr>
+ <tr>
<td align="right" class="vexpl"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;---></b></td>
- <td class="vexpl"><? echo $snort_community_sig_chk_local; ?></td>
+ <td class="vexpl"><? echo trim($snort_community_sig_chk_local);?></td>
+ <td class="vexpl"><?php echo gettext($snort_community_sig_sig_date);?></td>
</tr>
</table><br/>
</td>
@@ -153,16 +212,22 @@ include_once("head.inc");
<tr>
<td align="center">
<?php if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on'): ?>
- <br/><button disabled="disabled"><?php echo gettext("Update Rules"); ?></button><br/>
- <p style="text-align:left;">
- <font color="red" size="2px"><b><?php echo gettext("WARNING:");?></b></font><font size="1px" color="#000000">&nbsp;&nbsp;
+ <br/><button disabled="disabled"><?=gettext("Check");?></button>&nbsp;&nbsp;&nbsp;&nbsp;
+ <button disabled="disabled"><?=gettext("Force");?></button>
+ <br/>
+ <p style="text-align:center;" class="vexpl">
+ <font class="red"><b><?php echo gettext("WARNING:");?></b></font>&nbsp;
<?php echo gettext('No rule types have been selected for download. ') .
gettext('Visit the ') . '<a href="/suricata/suricata_global.php">Global Settings Tab</a>' . gettext(' to select rule types.'); ?>
- </font><br/></p>
+ <br/></p>
<?php else: ?>
<br/>
- <input type="submit" value="<?php echo gettext(" Update "); ?>" name="update" id="submit" class="formbtn"
- title="<?php echo gettext("Check for new updates to configured rulesets"); ?>"/><br/><br/>
+ <input type="submit" value="<?=gettext("Check");?>" name="check" id="check" class="formbtn"
+ title="<?php echo gettext("Check for new updates to enabled rule sets"); ?>"/>&nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" value="<?=gettext("Force");?>" name="force" id="force" class="formbtn"
+ title="<?=gettext("Force an update of enabled rule sets");?>"
+ onclick="return confirm('<?=gettext("This will zero-out the MD5 hashes to force a fresh download of enabled rule sets. Click OK to continue or CANCEL to quit");?>');"/>
+ <br/><br/>
<?php endif; ?>
</td>
</tr>
@@ -174,15 +239,20 @@ include_once("head.inc");
<td align="center" valign="middle" class="vexpl">
<?php if ($suricata_rules_upd_log_chk == 'yes'): ?>
<br/>
- <input type="submit" value="<?php echo gettext("View Log"); ?>" name="view" id="view" class="formbtn"
- title="<?php echo gettext("View rules update log contents"); ?>"/>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
- <input type="submit" value="<?php echo gettext("Clear Log"); ?>" name="clear" id="clear" class="formbtn"
- title="<?php echo gettext("Clear rules update log contents"); ?>" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/>
+ <?php if (!empty($contents)): ?>
+ <input type="submit" value="<?php echo gettext("Hide"); ?>" name="hide" id="hide" class="formbtn"
+ title="<?php echo gettext("Hide rules update log"); ?>"/>
+ <?php else: ?>
+ <input type="submit" value="<?php echo gettext("View"); ?>" name="view" id="view" class="formbtn"
+ title="<?php echo gettext("View rules update log"); ?>"/>
+ <?php endif; ?>
+ &nbsp;&nbsp;&nbsp;&nbsp;
+ <input type="submit" value="<?php echo gettext("Clear"); ?>" name="clear" id="clear" class="formbtn"
+ title="<?php echo gettext("Clear rules update log"); ?>" onClick="return confirm('Are you sure you want to delete the log contents?\nOK to confirm, or CANCEL to quit');"/>
<br/>
<?php else: ?>
<br/>
- <button disabled='disabled'><?php echo gettext("View Log"); ?></button>&nbsp;&nbsp;&nbsp;<?php echo gettext("Log is empty."); ?><br/>
+ <button disabled='disabled'><?php echo gettext("View Log"); ?></button><br/><?php echo gettext("Log is empty."); ?><br/>
<?php endif; ?>
<br/><?php echo gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); ?><br/><br/>
</td>
@@ -201,9 +271,9 @@ include_once("head.inc");
<?php endif; ?>
<tr>
<td align="center">
- <span class="vexpl"><br/><br/>
+ <span class="vexpl"><br/>
<span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
- &nbsp;&nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
+ &nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" .
gettext(" will go down from time to time. Please be patient."); ?></span><br/>
</td>
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index 3a677d3a..1a65ddfd 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -37,16 +36,19 @@ global $g, $rebuild_rules;
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id=0;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
// Initialize Host-OS Policy engine arrays if necessary
if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item']))
$config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array();
@@ -55,6 +57,12 @@ $a_nat = &$config['installedpackages']['suricata']['rule'];
$host_os_policy_engine_next_id = count($a_nat[$id]['host_os_policy']['item']);
+// Build a lookup array of currently used engine 'bind_to' Aliases
+// so we can screen matching Alias names from the list.
+$used = array();
+foreach ($a_nat[$id]['host_os_policy']['item'] as $v)
+ $used[$v['bind_to']] = true;
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* Get current values from config for page form fields */
@@ -76,29 +84,129 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['host_os_policy'] = $a_nat[$id]['host_os_policy'];
}
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+// Check for "import or select alias mode" and set flags if TRUE.
+// "selectalias", when true, displays radio buttons to limit
+// multiple selections.
+if ($_POST['import_alias']) {
+ $importalias = true;
+ $selectalias = false;
+ $title = "Host Operating System Policy";
}
+elseif ($_POST['select_alias']) {
+ $importalias = true;
+ $selectalias = true;
+ $title = "Host Operating System Policy";
+
+ // Preserve current OS Policy Engine settings
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['policy_name'];
+ $eng_bind = $_POST['policy_bind_to'];
+ $eng_policy = $_POST['policy'];
+ $mode = "add_edit_os_policy";
+}
+
+if ($_POST['save_os_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $eng_id = $_POST['eng_id'];
-if ($_GET['act'] && isset($_GET['eng_id'])) {
+ // Grab all the POST values and save in new temp array
+ $engine = array();
+ $policy_name = trim($_POST['policy_name']);
+ if ($policy_name) {
+ $engine['name'] = $policy_name;
+ }
+ else {
+ $input_errors[] = gettext("The 'Policy Name' value cannot be blank.");
+ $add_edit_os_policy = true;
+ }
+ if ($_POST['policy_bind_to']) {
+ if (is_alias($_POST['policy_bind_to']))
+ $engine['bind_to'] = $_POST['policy_bind_to'];
+ elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
+ $engine['bind_to'] = "all";
+ else {
+ $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
+ $add_edit_os_policy = true;
+ }
+ }
+ else {
+ $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
+ $add_edit_os_policy = true;
+ }
+
+ if ($_POST['policy']) { $engine['policy'] = $_POST['policy']; } else { $engine['policy'] = "bsd"; }
+
+ // Can only have one "all" Bind_To address
+ if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
+ $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
+ $add_edit_os_policy = true;
+ $pengcfg = $engine;
+ }
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ if (isset($eng_id) && $a_nat[$id]['host_os_policy']['item'][$eng_id]) {
+ $a_nat[$id]['host_os_policy']['item'][$eng_id] = $engine;
+ }
+ else
+ $a_nat[$id]['host_os_policy']['item'][] = $engine;
+
+ /* Reorder the engine array to ensure the */
+ /* 'bind_to=all' entry is at the bottom */
+ /* if it contains more than one entry. */
+ if (count($a_nat[$id]['host_os_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ /* Only relocate the entry if we */
+ /* found it, and it's not already */
+ /* at the end. */
+ if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['host_os_policy']['item'][$i];
+ unset($a_nat[$id]['host_os_policy']['item'][$i]);
+ $a_nat[$id]['host_os_policy']['item'][] = $tmp;
+ }
+ }
+
+ // Now write the new engine array to conf
+ write_config();
+ $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item'];
+ }
+ }
+}
+elseif ($_POST['add_os_policy']) {
+ $add_edit_os_policy = true;
+ $pengcfg = array( "name" => "engine_{$host_os_policy_engine_next_id}", "bind_to" => "", "policy" => "bsd" );
+ $eng_id = $host_os_policy_engine_next_id;
+}
+elseif ($_POST['edit_os_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $add_edit_os_policy = true;
+ $eng_id = $_POST['eng_id'];
+ $pengcfg = $a_nat[$id]['host_os_policy']['item'][$eng_id];
+ }
+}
+elseif ($_POST['del_os_policy']) {
$natent = array();
$natent = $pconfig;
- if ($_GET['act'] == "del_host_os_policy")
- unset($natent['host_os_policy']['item'][$_GET['eng_id']]);
-
+ if ($_POST['eng_id'] != "") {
+ unset($natent['host_os_policy']['item'][$_POST['eng_id']]);
+ $pconfig = $natent;
+ }
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
-
- header("Location: /suricata/suricata_flow_stream.php?id=$id");
- exit;
}
-
-if ($_POST['ResetAll']) {
+elseif ($_POST['cancel_os_policy']) {
+ $add_edit_os_policy = false;
+}
+elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
$pconfig['ip_max_frags'] = "65535";
@@ -143,7 +251,7 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+elseif ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -191,15 +299,14 @@ elseif ($_POST['Submit']) {
/**************************************************/
/* If we have a valid rule ID, save configuration */
- /* then update the suricata.conf file and rebuild */
- /* the rules for this interface. */
+ /* then update the suricata.conf file for this */
+ /* interface. */
/**************************************************/
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
- $rebuild_rules = true;
- suricata_generate_yaml($natent);
$rebuild_rules = false;
+ suricata_generate_yaml($natent);
}
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -211,6 +318,99 @@ elseif ($_POST['Submit']) {
exit;
}
}
+elseif ($_POST['save_import_alias']) {
+ // If saving out of "select alias" mode,
+ // then return to Host OS Policy Engine edit
+ // page.
+ if ($_POST['mode'] =='add_edit_os_policy') {
+ $pengcfg = array();
+ $eng_id = $_POST['eng_id'];
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['policy'] = $_POST['eng_policy'];
+ $add_edit_os_policy = true;
+ $mode = "add_edit_os_policy";
+
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) {
+ $pengcfg['bind_to'] = $_POST['aliastoimport'][0];
+ $importalias = false;
+ $selectalias = false;
+ }
+ else {
+ $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE.");
+ $importalias = true;
+ $selectalias = true;
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['eng_name'];
+ $eng_bind = $_POST['eng_bind'];
+ $eng_policy = $_POST['eng_policy'];
+ }
+ }
+ else {
+ // Assume we are importing one or more aliases
+ // for use in new Host OS Policy engines.
+ $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['host_os_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['host_os_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['host_os_policy']['item'][$i];
+ unset($a_nat[$id]['host_os_policy']['item'][$i]);
+ $a_nat[$id]['host_os_policy']['item'][] = $tmp;
+ }
+ $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item'];
+ }
+
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ $selectalias = false;
+ }
+ }
+}
+elseif ($_POST['cancel_import_alias']) {
+ $importalias = false;
+ $selectalias = false;
+ $eng_id = $_POST['eng_id'];
+
+ // If cancelling out of "select alias" mode,
+ // then return to Host OS Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_os_policy') {
+ $pengcfg = array();
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['policy'] = $_POST['eng_policy'];
+ $add_edit_os_policy = true;
+ }
+}
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Flow and Stream");
@@ -218,29 +418,21 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
+<?php include("fbegin.inc");
+ /* Display error or save message */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
-
if ($savemsg) {
print_info_box($savemsg);
}
-
?>
-<script type="text/javascript" src="/javascript/autosuggest.js">
-</script>
-<script type="text/javascript" src="/javascript/suggestions.js">
-</script>
+<form action="suricata_flow_stream.php" method="post" name="iform" id="iform">
+<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/>
+<input type="hidden" name="id" id="id" value="<?=$id;?>"/>
-<form action="suricata_flow_stream.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -248,9 +440,9 @@ include_once("head.inc");
$tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td>';
@@ -267,6 +459,21 @@ include_once("head.inc");
?>
</td></tr>
<tr><td><div id="mainarea">
+
+<?php if ($importalias) : ?>
+ <?php include("/usr/local/www/suricata/suricata_import_aliases.php");
+ if ($selectalias) {
+ echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>';
+ echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>';
+ echo '<input type="hidden" name="eng_policy" value="' . $eng_policy . '"/>';
+ }
+ ?>
+
+<?php elseif ($add_edit_os_policy) : ?>
+ <?php include("/usr/local/www/suricata/suricata_os_policy_engine.php"); ?>
+
+<?php else: ?>
+
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host-Specific Defrag and Stream Settings"); ?></td>
@@ -284,25 +491,23 @@ include_once("head.inc");
<tr>
<th class="listhdrr" axis="string"><?php echo gettext("Name");?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
- <th class="list" align="right"><a href="suricata_import_aliases.php?id=<?=$id?>&eng=host_os_policy">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Import policy configuration from existing Aliases");?>"></a>
- <a href="suricata_os_policy_engine.php?id=<?=$id?>&eng_id=<?=$host_os_policy_engine_next_id?>">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Add a new policy configuration");?>"></a></th>
+ <th class="list" align="right"><input type="image" name="import_alias[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import policy configuration from existing Aliases");?>"/>
+ <input type="image" name="add_os_policy[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new policy configuration");?>"/></th>
</tr>
</thead>
<?php foreach ($pconfig['host_os_policy']['item'] as $f => $v): ?>
<tr>
<td class="listlr" align="left"><?=gettext($v['name']);?></td>
<td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
- <td class="listt" align="right"><a href="suricata_os_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"></a>
+ <td class="listt" align="right"><input type="image" name="edit_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"/>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="suricata_flow_stream.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_host_os_policy" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this policy configuration");?>"></a>
+ <input type="image" name="del_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this policy configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default policy configuration cannot be deleted");?>">
@@ -314,7 +519,6 @@ include_once("head.inc");
</td>
</tr>
<tr>
-
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Defragmentation"); ?></td>
</tr>
<tr>
@@ -603,7 +807,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save flow and stream settings"); ?>">
<input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
@@ -618,27 +822,12 @@ include_once("head.inc");
<?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td>
</tr>
</table>
+
+<?php endif; ?>
+
</div>
</td></tr></table>
</form>
-<script type="text/javascript">
-
-function wopen(url, name, w, h)
-{
- // Fudge factors for window decoration space.
- // In my tests these work well on all platforms & browsers.
- w += 32;
- h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index f6b5d83d..99abc49b 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -46,6 +45,7 @@ $pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'
$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
$pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate'];
$pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'];
+$pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates'];
$pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'];
$pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs'];
$pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'];
@@ -59,7 +59,6 @@ if (empty($pconfig['suricataloglimitsize']))
// Set limit to 20% of slice that is unused */
$pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024);
-
if ($_POST['autoruleupdatetime']) {
if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime']))
$input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'.";
@@ -73,7 +72,7 @@ if ($_POST['enable_etpro_rules'] == "on" && empty($_POST['etprocode']))
/* if no errors move foward with save */
if (!$input_errors) {
- if ($_POST["Submit"]) {
+ if ($_POST["save"]) {
$config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] = $_POST['enable_vrt_rules'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
@@ -139,6 +138,7 @@ if (!$input_errors) {
}
$config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT);
$config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off';
+ $config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
@@ -187,7 +187,7 @@ if ($input_errors)
$tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
display_top_tabs($tab_array);
@@ -206,13 +206,13 @@ if ($input_errors)
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td valign="top" width="8%"><input name="enable_etopen_rules" type="checkbox" value="on" onclick="enable_et_rules();"
- <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>></td>
+ <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>/></td>
<td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " .
"is more limited than ETPro."); ?></span></td>
</tr>
<tr>
<td valign="top" width="8%"><input name="enable_etpro_rules" type="checkbox" value="on" onclick="enable_pro_rules();"
- <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']=="on") echo "checked"; ?>></td>
+ <?php if ($config['installedpackages']['suricata']['config'][0]['enable_etpro_rules']=="on") echo "checked"; ?>/></td>
<td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td>
</tr>
<tr>
@@ -234,9 +234,8 @@ if ($input_errors)
</tr>
<tr>
<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
- <td><input name="etprocode" type="text"
- class="formfld unknown" id="etprocode" size="52"
- value="<?=htmlspecialchars($pconfig['etprocode']);?>"><br/>
+ <td><input name="etprocode" type="text" class="formfld unknown" id="etprocode" size="52"
+ value="<?=htmlspecialchars($pconfig['etprocode']);?>"/><br/>
<?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td>
</tr>
</table>
@@ -248,7 +247,7 @@ if ($input_errors)
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td><input name="enable_vrt_rules" type="checkbox" id="enable_vrt_rules" value="on" onclick="enable_snort_vrt();"
- <?php if($pconfig['enable_vrt_rules']=='on') echo 'checked'; ?>></td>
+ <?php if($pconfig['enable_vrt_rules']=='on') echo 'checked'; ?>/></td>
<td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td>
<tr>
<td>&nbsp;</td>
@@ -266,9 +265,8 @@ if ($input_errors)
</tr>
<tr>
<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
- <td><input name="oinkcode" type="text"
- class="formfld unknown" id="oinkcode" size="52"
- value="<?=htmlspecialchars($pconfig['oinkcode']);?>"><br/>
+ <td><input name="oinkcode" type="text" class="formfld unknown" id="oinkcode" size="52"
+ value="<?=htmlspecialchars($pconfig['oinkcode']);?>"/><br/>
<?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td>
</tr>
</table>
@@ -279,7 +277,7 @@ if ($input_errors)
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on"
- <?php if ($config['installedpackages']['suricata']['config'][0]['snortcommunityrules']=="on") echo "checked";?> ></td>
+ <?php if ($config['installedpackages']['suricata']['config'][0]['snortcommunityrules']=="on") echo " checked";?>/></td>
<td class="vexpl"><?php echo gettext("The Snort Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge " .
"without any VRT License restrictions. This ruleset is updated daily and is a subset of the subscriber ruleset.");?>
<br/><br/><?php echo "<span class=\"red\"><strong>" . gettext("Note: ") . "</strong></span>" .
@@ -302,20 +300,27 @@ if ($input_errors)
<?php if ($iface3 == $pconfig['autoruleupdate']) echo "selected"; ?>>
<?=htmlspecialchars($ifacename3);?></option>
<?php endforeach; ?>
- </select><span class="vexpl">&nbsp;&nbsp;<?php echo gettext("Please select the interval for rule updates. Choosing ") .
+ </select>&nbsp;&nbsp;<?php echo gettext("Please select the interval for rule updates. Choosing ") .
"<strong>" . gettext("NEVER") . "</strong>" . gettext(" disables auto-updates."); ?><br/><br/>
- <?php echo "<span class=\"red\"><strong>" . gettext("Hint: ") . "</strong></span>" . gettext("in most cases, every 12 hours is a good choice."); ?></span></td>
+ <?php echo "<span class=\"red\"><strong>" . gettext("Hint: ") . "</strong></span>" . gettext("in most cases, every 12 hours is a good choice."); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Update Start Time"); ?></td>
<td width="78%" class="vtable"><input type="text" class="formfld time" name="autoruleupdatetime" id="autoruleupdatetime" size="4"
- maxlength="5" value="<?=$pconfig['autoruleupdatetime'];?>" <?php if ($pconfig['autoruleupdate'] == "never_up") {echo "disabled";} ?>><span class="vexpl">&nbsp;&nbsp;
- <?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). ") . "<strong>" .
- gettext("Default") . "&nbsp;</strong>" . gettext("is ") . "<strong>" . gettext("00:03") . "</strong></span>"; ?>.<br/><br/>
+ maxlength="5" value="<?=$pconfig['autoruleupdatetime'];?>" <?php if ($pconfig['autoruleupdate'] == "never_up") {echo "disabled";} ?>/>&nbsp;&nbsp;
+ <?php echo gettext("Enter the rule update start time in 24-hour format (HH:MM). Default is ") . "<strong>" . gettext("00:03") . "</strong>"; ?>.<br/><br/>
<?php echo gettext("Rules will update at the interval chosen above starting at the time specified here. For example, using the default " .
"start time of 00:03 and choosing 12 Hours for the interval, the rules will update at 00:03 and 12:03 each day."); ?></td>
</tr>
<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Live Rule Swap on Update"); ?></td>
+ <td width="78%" class="vtable"><input name="live_swap_updates" id="live_swap_updates" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates']=="on") echo " checked"; ?>/>
+ &nbsp;<?php echo gettext("Enable \"Live Swap\" reload of rules after downloading an update. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/><br/>
+ <?php echo gettext("When enabled, Suricata will perform a live load of the new rules following an update instead of a hard restart. " .
+ "If issues are encountered with live load, uncheck this option to perform a hard restart of all Suricata instances following an update."); ?></td>
+</tr>
+<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
</tr>
<tr>
@@ -330,12 +335,12 @@ if ($input_errors)
<table cellpadding="0" cellspacing="0">
<tr>
<td colspan="2"><input name="suricataloglimit" type="radio" id="suricataloglimit" value="on"
- <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?>><span class="vexpl">
+ <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?>/><span class="vexpl">
<strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</span></td>
</tr>
<tr>
<td colspan="2"><input name="suricataloglimit" type="radio" id="suricataloglimit" value="off"
- <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?>> <span class="vexpl"><strong><?php echo gettext("Disable"); ?></strong>
+ <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?>/> <span class="vexpl"><strong><?php echo gettext("Disable"); ?></strong>
<?php echo gettext("directory size limit"); ?></span><br/>
<br/>
<span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("Nanobsd " .
@@ -345,7 +350,7 @@ if ($input_errors)
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?>&nbsp;
- <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>">
+ <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>"/>
&nbsp;<?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td>
</tr>
</table>
@@ -368,34 +373,27 @@ if ($input_errors)
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Log to System Log"); ?></td>
- <td width="78%" class="vtable"><input name="log_to_systemlog"
- id="log_to_systemlog" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog']=="on") echo "checked"; ?>
- >&nbsp;<?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td>
+ <td width="78%" class="vtable"><input name="log_to_systemlog" id="log_to_systemlog" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Suricata Log Files After Deinstall"); ?></td>
- <td width="78%" class="vtable"><input name="clearlogs"
- id="clearlogs" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo "checked"; ?>
- >&nbsp;<?php echo gettext("Suricata log files will be removed during package deinstallation."); ?></td>
+ <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("Suricata log files will be removed during package deinstallation."); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Suricata Settings After Deinstall"); ?></td>
- <td width="78%" class="vtable"><input name="forcekeepsettings"
- id="forcekeepsettings" type="checkbox" value="yes"
- <?php if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings']=="on") echo "checked"; ?>
- >&nbsp;<?php echo gettext("Settings will not be removed during package deinstallation."); ?></td>
+ <td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("Settings will not be removed during package deinstallation."); ?></td>
</tr>
<tr>
- <td width="22%" valign="top">
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" >
- </td>
+ <td colspan="2" align="center"><input name="save" type="submit" class="formbtn" value="Save"/></td>
</tr>
<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%" class="vexpl"><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
+ <td colspan="2" class="vexpl" align="center"><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
</span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td>
</tr>
</table>
diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php
index c16ac65d..ccaaf29d 100644
--- a/config/suricata/suricata_import_aliases.php
+++ b/config/suricata/suricata_import_aliases.php
@@ -1,5 +1,4 @@
<?php
-/* $Id$ */
/*
suricata_import_aliases.php
Copyright (C) 2014 Bill Meeks
@@ -27,160 +26,51 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-require("guiconfig.inc");
-require_once("functions.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
+/************************************************************************************
+ This file contains code for selecting and importing an existing Alias.
+ It is included and injected inline from other Suricata PHP pages that
+ use the Import Alias functionality.
-// Retrieve any passed QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng = $_GET['eng'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (isset($_POST['eng']))
- $eng = $_POST['eng'];
+ The following variables are assumed to exist and must be initialized
+ as necessary in order to utilize this page.
-// Make sure we have a valid rule ID and ENGINE name, or
-// else bail out to top-level menu.
-if (is_null($id) || is_null($eng)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+ $g --> system global variables array
+ $config --> global variable pointing to configuration information
+ $a_aliases --> $config['aliases']['alias'] array
+ $title --> title string for import alias engine type
+ $used --> array of currently used engine 'bind_to' Alias names
+ $selectalias --> boolean to display radio buttons instead of checkboxes
+ $mode --> string value to indicate current operation mode
-// Used to track if any selectable Aliases are found
-$selectablealias = false;
+ Information is returned from this page via the following form fields:
-// Initialize required array variables as necessary
-if (!is_array($config['aliases']['alias']))
- $config['aliases']['alias'] = array();
-$a_aliases = $config['aliases']['alias'];
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-
-// The $eng variable points to the specific Suricata config section
-// engine we are importing values into. Initialize the config.xml
-// array if necessary.
-if (!is_array($config['installedpackages']['suricata']['rule'][$id][$eng]['item']))
- $config['installedpackages']['suricata']['rule'][$id][$eng]['item'] = array();
-
-// Initialize a pointer to the Suricata config section engine we are
-// importing values into.
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id][$eng]['item'];
-
-// Build a lookup array of currently used engine 'bind_to' Aliases
-// so we can screen matching Alias names from the list.
-$used = array();
-foreach ($a_nat as $v)
- $used[$v['bind_to']] = true;
-
-// Construct the correct return URL based on the Suricata config section
-// engine we were called with. This lets us return to the page we were
-// called from.
-switch ($eng) {
- case "host_os_policy":
- $returl = "/suricata/suricata_flow_stream.php";
- $multi_ip = true;
- $title = "Host Operating System Policy";
- break;
- case "libhtp_policy":
- $returl = "/suricata/suricata_app_parsers.php";
- $multi_ip = true;
- $title = "HTTP Server Policy";
- break;
- default:
- $returl = "/suricata/suricata_interface_edit";
- $multi_ip = true;
- $title = "";
-}
-
-if ($_POST['cancel']) {
- header("Location: {$returl}?id={$id}");
- exit;
-}
-
-if ($_POST['save']) {
-
- // Define default engine configurations for each of the supported engines.
- $def_os_policy = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
-
- $def_libhtp_policy = array( "name" => "default", "bind_to" => "all", "personality" => "IDS",
- "request-body-limit" => 4096, "response-body-limit" => 4096,
- "double-decode-path" => "no", "double-decode-query" => "no" );
-
- // Figure out which engine type we are importing and set up default engine array
- $engine = array();
- switch ($eng) {
- case "host_os_policy":
- $engine = $def_os_policy;
- break;
- case "libhtp_policy":
- $engine = $def_libhtp_policy;
- break;
- default:
- $engine = "";
- $input_errors[] = gettext("Invalid ENGINE TYPE passed in query string. Aborting operation.");
- }
+ aliastoimport[] --> checkbox array containing selected alias names
+ save_import_alias --> Submit button for save operation and exit
+ cancel_import_alias --> Submit button to cancel operation and exit
+ ************************************************************************************/
+?>
- // See if anything was checked to import
- if (is_array($_POST['toimport']) && count($_POST['toimport']) > 0) {
- foreach ($_POST['toimport'] as $item) {
- $engine['name'] = strtolower($item);
- $engine['bind_to'] = $item;
- $a_nat[] = $engine;
- }
+<?php $selectablealias = false;
+ if (!is_array($a_aliases))
+ $a_aliases = array();
+ if ($mode <> "")
+ echo '<input type="hidden" name="mode" id="mode" value="' . $mode . '"/>';
+ if ($selectalias == true) {
+ $fieldtype = "radio";
+ $header = gettext("Select an Alias to use as {$title} target from the list below.");
}
- else
- $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
-
- // if no errors, write new entry to conf
- if (!$input_errors) {
- // Reorder the engine array to ensure the
- // 'bind_to=all' entry is at the bottom if
- // the array contains more than one entry.
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- // Only relocate the entry if we
- // found it, and it's not already
- // at the end.
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- // Now write the new engine array to conf and return
- write_config();
-
- header("Location: {$returl}?id={$id}");
- exit;
+ else {
+ $fieldtype = "checkbox";
+ $header = gettext("Select one or more Aliases to use as {$title} targets from the list below.");
}
-}
-
-$pgtitle = gettext("Suricata: Import Host/Network Alias for {$title}");
-include("head.inc");
-
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<form action="suricata_import_aliases.php" method="post">
-<input type="hidden" name="id" value="<?=$id;?>">
-<input type="hidden" name="eng" value="<?=$eng;?>">
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td class="tabcont"><strong><?=gettext("Select one or more Aliases to use as {$title} targets from the list below.");?></strong><br/>
- </td>
+ <td class="listtopic" align="center"><?=$header;?></td>
</tr>
<tr>
- <td class="tabcont">
+ <td>
<table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
<colgroup>
<col width="5%" align="center">
@@ -221,7 +111,7 @@ include("head.inc");
<td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
<?php else: ?>
<tr>
- <td class="listlr" align="center"><input type="checkbox" name="toimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
+ <td class="listlr" align="center"><input type="<?=$fieldtype;?>" name="aliastoimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
<?php endif; ?>
<td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td>
<td class="listr" align="left">
@@ -244,29 +134,26 @@ include("head.inc");
</tr>
<?php if (!$selectablealias): ?>
<tr>
- <td class="tabcont" align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for import.");?></b></td>
+ <td align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for import.");?></b></td>
</tr>
<tr>
- <td class="tabcont" align="center">
- <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+ <td align="center" valign="middle">
+ <input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
</td>
</tr>
<?php else: ?>
<tr>
- <td class="tabcont" align="center">
- <input type="Submit" name="save" value="Save" id="save" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;&nbsp;
- <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+ <td align="center" valign="middle">
+ <input type="Submit" name="save_import_alias" value="Save" id="save_import_alias" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;
+ <input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
</td>
</tr>
<?php endif; ?>
<tr>
- <td class="tabcont">
+ <td>
<span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br></strong></span><?=gettext("Fully-Qualified Domain Name (FQDN) host Aliases cannot be used as Suricata configuration parameters. Aliases resolving to a single FQDN value are disabled in the list above. In the case of nested Aliases where one or more of the nested values is a FQDN host, the FQDN host will not be included in the {$title} configuration.");?></span>
</td>
</tr>
</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
+
+
diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php
index 26ccada3..50ca99c1 100644
--- a/config/suricata/suricata_interfaces.php
+++ b/config/suricata/suricata_interfaces.php
@@ -27,7 +27,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-$nocsrf = true;
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -37,42 +36,26 @@ $suricatadir = SURICATADIR;
$suricatalogdir = SURICATALOGDIR;
$rcdir = RCFILEPREFIX;
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if ($_POST['id'])
$id = $_POST['id'];
+else
+ $id = 0;
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_nat = &$config['installedpackages']['suricata']['rule'];
$id_gen = count($config['installedpackages']['suricata']['rule']);
-if (isset($_POST['del_x'])) {
- /* delete selected rules */
+if ($_POST['del_x']) {
+ /* delete selected interfaces */
if (is_array($_POST['rule'])) {
conf_mount_rw();
foreach ($_POST['rule'] as $rulei) {
- /* convert fake interfaces to real */
$if_real = get_real_interface($a_nat[$rulei]['interface']);
$suricata_uuid = $a_nat[$rulei]['uuid'];
suricata_stop($a_nat[$rulei], $if_real);
exec("/bin/rm -r {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}");
exec("/bin/rm -r {$suricatadir}suricata_{$suricata_uuid}_{$if_real}");
-
- // If interface had auto-generated Suppress List, then
- // delete that along with the interface
- $autolist = "{$a_nat[$rulei]['interface']}" . "suppress";
- if (is_array($config['installedpackages']['suricata']['suppress']) &&
- is_array($config['installedpackages']['suricata']['suppress']['item'])) {
- $a_suppress = &$config['installedpackages']['suricata']['suppress']['item'];
- foreach ($a_suppress as $k => $i) {
- if ($i['name'] == $autolist) {
- unset($config['installedpackages']['suricata']['suppress']['item'][$k]);
- break;
- }
- }
- }
-
- // Finally delete the interface's config entry entirely
unset($a_nat[$rulei]);
}
conf_mount_ro();
@@ -103,16 +86,15 @@ if (isset($_POST['del_x'])) {
header("Location: /suricata/suricata_interfaces.php");
exit;
}
-
}
/* start/stop Barnyard2 */
-if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
+if ($_POST['bartoggle']) {
$suricatacfg = $config['installedpackages']['suricata']['rule'][$id];
$if_real = get_real_interface($suricatacfg['interface']);
$if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']);
- if (suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2') == 'no') {
+ if (!suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2')) {
log_error("Toggle (barnyard starting) for {$if_friendly}({$suricatacfg['descr']})...");
sync_suricata_package_config();
suricata_barnyard_start($suricatacfg, $if_real);
@@ -127,12 +109,12 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) {
}
/* start/stop Suricata */
-if ($_GET['act'] == 'toggle' && is_numeric($id)) {
+if ($_POST['toggle']) {
$suricatacfg = $config['installedpackages']['suricata']['rule'][$id];
$if_real = get_real_interface($suricatacfg['interface']);
$if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']);
- if (suricata_is_running($suricatacfg['uuid'], $if_real) == 'yes') {
+ if (suricata_is_running($suricatacfg['uuid'], $if_real)) {
log_error("Toggle (suricata stopping) for {$if_friendly}({$suricatacfg['descr']})...");
suricata_stop($suricatacfg, $if_real);
} else {
@@ -152,24 +134,22 @@ if ($_GET['act'] == 'toggle' && is_numeric($id)) {
header("Location: /suricata/suricata_interfaces.php");
exit;
}
-
-$pgtitle = "Services: Suricata Intrusion Detection System";
+$suri_bin_ver = SURICATA_VER;
+$suri_pkg_ver = SURICATA_PKG_VER;
+$pgtitle = "Services: Suricata {$suri_bin_ver} pkg {$suri_pkg_ver} - Intrusion Detection System";
include_once("head.inc");
?>
<body link="#000000" vlink="#000000" alink="#000000">
-<?php
-include_once("fbegin.inc");
-if ($pfsense_stable == 'yes')
- echo '<p class="pgtitle">' . $pgtitle . '</p>';
-?>
+<?php include_once("fbegin.inc"); ?>
<form action="suricata_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<input type="hidden" name="id" id="id" value="">
<?php
/* Display Alert message */
if ($input_errors)
- print_input_errors($input_errors); // TODO: add checks
+ print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
@@ -194,25 +174,32 @@ if ($pfsense_stable == 'yes')
<td>
<div id="mainarea">
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+
+ <colgroup>
+ <col width="3%" align="center">
+ <col width="12%">
+ <col width="14%">
+ <col width="120" align="center">
+ <col width="65" align="center">
+ <col width="14%">
+ <col>
+ <col width="20" align="center">
+ </colgroup>
+ <thead>
<tr id="frheader">
- <td width="3%" class="list">&nbsp;</td>
- <td width="10%" class="listhdrr"><?php echo gettext("Interface"); ?></td>
- <td width="13%" class="listhdrr"><?php echo gettext("Suricata"); ?></td>
- <td width="10%" class="listhdrr"><?php echo gettext("Pattern Match"); ?></td>
- <td width="10%" class="listhdrr"><?php echo gettext("Block"); ?></td>
- <td width="12%" class="listhdrr"><?php echo gettext("Barnyard2"); ?></td>
- <td width="30%" class="listhdr"><?php echo gettext("Description"); ?></td>
- <td width="3%" class="list">
- <table border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td></td>
- <td align="center" valign="middle"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a></td>
- </tr>
- </table>
- </td>
+ <th class="list">&nbsp;</th>
+ <th class="listhdrr"><?php echo gettext("Interface"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Suricata"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Pattern Matcher"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Block"); ?></th>
+ <th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th>
+ <th class="listhdr"><?php echo gettext("Description"); ?></th>
+ <th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>">
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a>
+ </th>
</tr>
+ </thead>
<?php $nnats = $i = 0;
// Turn on buffering to speed up rendering
@@ -237,7 +224,7 @@ if ($pfsense_stable == 'yes')
$if_real = get_real_interface($natent['interface']);
$natend_friendly= convert_friendly_interface_to_friendly_descr($natent['interface']);
$suricata_uuid = $natent['uuid'];
- if (suricata_is_running($suricata_uuid, $if_real) == 'no'){
+ if (!suricata_is_running($suricata_uuid, $if_real)){
$iconfn = 'block';
$iconfn_msg1 = 'Suricata is not running on ';
$iconfn_msg2 = '. Click to start.';
@@ -247,7 +234,7 @@ if ($pfsense_stable == 'yes')
$iconfn_msg1 = 'Suricata is running on ';
$iconfn_msg2 = '. Click to stop.';
}
- if (suricata_is_running($suricata_uuid, $if_real, 'barnyard2') == 'no'){
+ if (!suricata_is_running($suricata_uuid, $if_real, 'barnyard2')){
$biconfn = 'block';
$biconfn_msg1 = 'Barnyard2 is not running on ';
$biconfn_msg2 = '. Click to start.';
@@ -275,31 +262,30 @@ if ($pfsense_stable == 'yes')
<td class="listt">
<input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;">
</td>
- <td class="listr"
- id="frd<?=$nnats;?>" valign="middle"
+ <td class="listr" valign="middle"
+ id="frd<?=$nnats;?>"
ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
echo $natend_friendly;
?>
</td>
- <td class="listr"
+ <td class="listr" valign="middle"
id="frd<?=$nnats;?>"
ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
$check_suricata_info = $config['installedpackages']['suricata']['rule'][$nnats]['enable'];
if ($check_suricata_info == "on") {
- echo gettext("ENABLED");
- echo "<a href='?act=toggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" ";
+ echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>";
echo ($no_rules) ? "&nbsp;<img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : "";
} else
echo gettext("DISABLED");
?>
</td>
<td class="listr"
- id="frd<?=$nnats;?>" valign="middle"
+ id="frd<?=$nnats;?>" valign="middle" align="center"
ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
$check_performance_info = $config['installedpackages']['suricata']['rule'][$nnats]['mpm_algo'];
@@ -311,7 +297,7 @@ if ($pfsense_stable == 'yes')
?> <?=strtoupper($check_performance);?>
</td>
<td class="listr"
- id="frd<?=$nnats;?>" valign="middle"
+ id="frd<?=$nnats;?>" valign="middle" align="center"
ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';">
<?php
$check_blockoffenders_info = $config['installedpackages']['suricata']['rule'][$nnats]['blockoffenders'];
@@ -329,11 +315,9 @@ if ($pfsense_stable == 'yes')
<?php
$check_suricatabarnyardlog_info = $config['installedpackages']['suricata']['rule'][$nnats]['barnyard_enable'];
if ($check_suricatabarnyardlog_info == "on") {
- echo gettext("ENABLED");
- echo "<a href='?act=bartoggle&id={$i}'>
- <img src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif'
- width='13' height='13' border='0'
- title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'></a>";
+ echo gettext("ENABLED") . "&nbsp;";
+ echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' ";
+ echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>";
} else
echo gettext("DISABLED");
?>
@@ -343,14 +327,9 @@ if ($pfsense_stable == 'yes')
<font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?>&nbsp;</font>
</td>
<td valign="middle" class="list" nowrap>
- <table border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td><a href="suricata_interfaces_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a>
- </td>
- </tr>
- </table>
+ <a href="suricata_interfaces_edit.php?id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a>
</td>
</tr>
<?php $i++; $nnats++; endforeach; ob_end_flush(); ?>
@@ -363,19 +342,13 @@ if ($pfsense_stable == 'yes')
<?php endif; ?>
</td>
<td class="list" valign="middle" nowrap>
- <table border="0" cellspacing="0" cellpadding="0">
- <tr>
- <td><?php if ($nnats == 0): ?><img
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif"
- width="17" height="17" " border="0">
- <?php else: ?>
- <input name="del" type="image"
- src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>"
- onclick="return intf_del()">
- <?php endif; ?></td>
- </tr>
- </table>
+ <?php if ($nnats == 0): ?>
+ <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0">
+ <?php else: ?>
+ <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
+ width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>"
+ onclick="return intf_del()">
+ <?php endif; ?>
</td>
</tr>
<tr>
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 5f644a55..d7b5a8cb 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -40,13 +40,12 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_rule = &$config['installedpackages']['suricata']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if ($_GET['id']);
+ $id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401);
+if ($_POST['id'])
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id = 0;
$pconfig = array();
if (empty($suricataglob['rule'][$id]['uuid'])) {
@@ -62,13 +61,7 @@ else {
$suricata_uuid = $pconfig['uuid'];
// Get the physical configured interfaces on the firewall
-if (function_exists('get_configured_interface_with_descr'))
- $interfaces = get_configured_interface_with_descr();
-else {
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
-}
+$interfaces = get_configured_interface_with_descr();
// See if interface is already configured, and use its values
if (isset($id) && $a_rule[$id]) {
@@ -97,9 +90,6 @@ elseif (isset($id) && !isset($a_rule[$id])) {
}
}
-if (isset($_GET['dup']))
- unset($id);
-
// Set defaults for any empty key parameters
if (empty($pconfig['blockoffendersip']))
$pconfig['blockoffendersip'] = "both";
@@ -136,12 +126,12 @@ if (empty($pconfig['max_pcap_log_size']))
if (empty($pconfig['max_pcap_log_files']))
$pconfig['max_pcap_log_files'] = "1000";
-if ($_POST["Submit"]) {
+if ($_POST["save"]) {
if (!$_POST['interface'])
$input_errors[] = gettext("Choosing an Interface is mandatory!");
- if ($_POST['max_pending_packets'] < 1 || $_POST['max_pending_packets'] > 65535)
- $input_errors[] = gettext("The value for Maximum-Pending-Packets must be between 1 and 65,535!");
+ if ($_POST['max_pending_packets'] < 1 || $_POST['max_pending_packets'] > 65000)
+ $input_errors[] = gettext("The value for Maximum-Pending-Packets must be between 1 and 65,000!");
if (!empty($_POST['max_pcap_log_size']) && !is_numeric($_POST['max_pcap_log_size']))
$input_errors[] = gettext("The value for 'Max Packet Log Size' must be numbers only. Do not include any alphabetic characters.");
@@ -156,15 +146,6 @@ if ($_POST["Submit"]) {
$natent['enable'] = $_POST['enable'] ? 'on' : 'off';
$natent['uuid'] = $pconfig['uuid'];
- // See if the HOME_NET, EXTERNAL_NET, or SUPPRESS LIST values were changed
- $suricata_reload = false;
- if ($_POST['homelistname'] && ($_POST['homelistname'] <> $natent['homelistname']))
- $suricata_reload = true;
- if ($_POST['externallistname'] && ($_POST['externallistname'] <> $natent['externallistname']))
- $suricata_reload = true;
- if ($_POST['suppresslistname'] && ($_POST['suppresslistname'] <> $natent['suppresslistname']))
- $suricata_reload = true;
-
if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = strtoupper($natent['interface']);
if ($_POST['max_pcap_log_size']) $natent['max_pcap_log_size'] = $_POST['max_pcap_log_size']; else unset($natent['max_pcap_log_size']);
if ($_POST['max_pcap_log_files']) $natent['max_pcap_log_files'] = $_POST['max_pcap_log_files']; else unset($natent['max_pcap_log_files']);
@@ -263,7 +244,7 @@ if ($_POST["Submit"]) {
$natent['libhtp_policy']['item'][] = $default;
// Enable the basic default rules for the interface
- $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules";
+ $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules";
// Adding a new interface, so set flag to build new rules
$rebuild_rules = true;
@@ -282,15 +263,6 @@ if ($_POST["Submit"]) {
// Update suricata.conf and suricata.sh files for this interface
sync_suricata_package_config();
- /*******************************************************/
- /* Signal Suricata to reload configuration if we changed */
- /* HOME_NET, EXTERNAL_NET or Suppress list values. */
- /* The function only signals a running Suricata instance */
- /* to safely reload these parameters. */
- /*******************************************************/
- if ($suricata_reload == true)
- suricata_reload_config($natent, "USR2");
-
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
@@ -309,19 +281,14 @@ include_once("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors);
- }
-
- if ($savemsg) {
- print_info_box($savemsg);
- }
+<?php include("fbegin.inc");
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform">
@@ -334,7 +301,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -374,7 +341,7 @@ include_once("head.inc");
<?php endforeach; ?>
</select>&nbsp;&nbsp;
<span class="vexpl"><?php echo gettext("Choose which interface this Suricata instance applies to."); ?><br/>
- <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("In most cases, you'll want to use WAN here."); ?></span><br/></td>
+ <span class="red"><?php echo gettext("Hint:"); ?></span>&nbsp;<?php echo gettext("In most cases, you'll want to use WAN here if this is the first Suricata-configured interface."); ?></span><br/></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?php echo gettext("Description"); ?></td>
@@ -390,7 +357,6 @@ include_once("head.inc");
<td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/>
<?php echo gettext("Suricata will send Alerts to the firewall's system log."); ?></td>
</tr>
-
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Stats Log"); ?></td>
<td width="78%" class="vtable"><input name="enable_stats_log" type="checkbox" value="on" <?php if ($pconfig['enable_stats_log'] == "on") echo "checked"; ?>
@@ -466,8 +432,6 @@ include_once("head.inc");
gettext("This will consume a significant amount of disk space on a busy network when enabled!"); ?></div>
</td>
</tr>
-
-
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Packet Log"); ?></td>
<td width="78%" class="vtable"><input name="enable_pcap_log" id="enable_pcap_log" type="checkbox" value="on" <?php if ($pconfig['enable_pcap_log'] == "on") echo "checked"; ?>
@@ -484,7 +448,6 @@ include_once("head.inc");
<?php echo gettext("Enter maximum size in ") . "<strong>" . gettext("MB") . "</strong>" . gettext(" for a packet log file. Default is ") . "<strong>" .
gettext("32") . "</strong>."; ?><br/><br/><?php echo gettext("When the packet log file size reaches the set limit, it will be rotated and a new one created.") ?></td>
</tr>
- </tr>
<tr id="pcap_log_max_row">
<td width="22%" valign="top" class="vncell"><?php echo gettext("Max Packet Log Files"); ?></td>
<td width="78%" class="vtable"><input name="max_pcap_log_files" type="text"
@@ -493,7 +456,7 @@ include_once("head.inc");
gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td>
</tr>
-<!--
+<!-- ### Blocking not yet enabled, so hide the controls ###
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td>
</tr>
@@ -529,6 +492,7 @@ include_once("head.inc");
<span class="red"><?php echo gettext("Hint:") . "</span>&nbsp;" . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td>
</td>
</tr>
+ ### End of Blocking controls ###
-->
<tr>
@@ -539,7 +503,9 @@ include_once("head.inc");
<td width="78%" class="vtable"><input name="max_pending_packets" type="text"
class="formfld unknown" id="max_pending_packets" size="8" value="<?=htmlspecialchars($pconfig['max_pending_packets']); ?>"/>&nbsp;
<?php echo gettext("Enter number of simultaneous packets to process. Default is ") . "<strong>" .
- gettext("1024") . "</strong>."; ?><br/><br/><?php echo gettext("Minimum value is 1 and the maximum value is 65,535.") ?></td>
+ gettext("1024") . "</strong>."; ?><br/><br/><?php echo gettext("This controls the number simultaneous packets the engine can handle. ") .
+ gettext("Setting this higher generally keeps the threads more busy. The minimum value is 1 and the maximum value is 65,000. ") . "<br/><span class='red'><strong>" .
+ gettext("Warning: ") . "</strong></span>" . gettext("Setting this too high can lead to degradation and a possible system crash by exhausting available memory.") ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Detect-Engine Profile"); ?></td>
@@ -575,7 +541,7 @@ include_once("head.inc");
</select>&nbsp;&nbsp;
<?php echo gettext("Choose a multi-pattern matcher (MPM) algorithm. ") . "<strong>" . gettext("Default") .
"</strong>" . gettext(" is ") . "<strong>" . gettext("AC") . "</strong>"; ?>.<br/><br/>
- <?php echo gettext("AC is recommended for most systems. "); ?>
+ <?php echo gettext("AC is the default, and is the best choice for almost all systems."); ?>
<br/></td>
</tr>
<tr>
@@ -605,7 +571,7 @@ include_once("head.inc");
gettext("3000") . "</strong>."; ?><br/><br/><?php echo gettext("When set to 0 an internal default is used. When left blank there is no recursion limit.") ?></td>
</tr>
<tr>
- <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Whitelist"); ?></td>
+ <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Home Net"); ?></td>
@@ -665,6 +631,7 @@ include_once("head.inc");
"setting at default. Create an Alias for custom External Net settings."); ?><br/>
</td>
</tr>
+<!--
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td>
<td width="78%" class="vtable">
@@ -693,6 +660,7 @@ include_once("head.inc");
"whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
</td>
</tr>
+-->
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Suppression and Filtering"); ?></td>
</tr>
@@ -734,15 +702,13 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td width="22%" valign="top"></td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Click to save settings and exit"); ?>"/>
<input name="id" type="hidden" value="<?=$id;?>"/>
</td>
</tr>
<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
+ <td colspan="2" align="center" valign="middle"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
gettext("Please save your settings before you attempt to start Suricata."); ?>
</td>
</tr>
@@ -860,11 +826,11 @@ function enable_change(enable_change) {
document.iform.alertsystemlog.disabled = endis;
document.iform.externallistname.disabled = endis;
document.iform.homelistname.disabled = endis;
- document.iform.whitelistname.disabled=endis;
+// document.iform.whitelistname.disabled=endis;
document.iform.suppresslistname.disabled = endis;
document.iform.configpassthru.disabled = endis;
document.iform.btnHomeNet.disabled=endis;
- document.iform.btnWhitelist.disabled=endis;
+// document.iform.btnWhitelist.disabled=endis;
document.iform.btnSuppressList.disabled=endis;
}
@@ -897,7 +863,7 @@ function viewList(id, elemID, elemType) {
}
enable_change(false);
-enable_blockoffenders();
+//enable_blockoffenders();
toggle_stats_log();
toggle_http_log();
toggle_tls_log();
diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php
index e7cf4135..1a3c7455 100644
--- a/config/suricata/suricata_libhtp_policy_engine.php
+++ b/config/suricata/suricata_libhtp_policy_engine.php
@@ -26,159 +26,34 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
-
-global $g;
-
-// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (isset($_POST['eng_id']))
- $eng_id = $_POST['eng_id'];
-
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
-
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item']))
- $config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array();
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'];
-
-$pconfig = array();
-if (empty($a_nat[$eng_id])) {
- $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "personality" => "IDS",
- "request-body-limit" => "4096", "response-body-limit" => "4096",
- "double-decode-path" => "no", "double-decode-query" => "no" );
-
- // See if this is initial entry and set to "default" if true
- if ($eng_id < 1) {
- $def['name'] = "default";
- $def['bind_to'] = "all";
- }
- $pconfig = $def;
-}
-else {
- $pconfig = $a_nat[$eng_id];
-
- // Check for any empty values and set sensible defaults
- if (empty($pconfig['personality']))
- $pconfig['personality'] = "IDS";
-}
-
-if ($_POST['Cancel']) {
- header("Location: /suricata/suricata_app_parsers.php?id={$id}");
- exit;
-}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
-}
-
-if ($_POST['Submit']) {
-
- /* Grab all the POST values and save in new temp array */
- $engine = array();
- if ($_POST['policy_name']) { $engine['name'] = trim($_POST['policy_name']); } else { $engine['name'] = "default"; }
- if ($_POST['policy_bind_to']) {
- if (is_alias($_POST['policy_bind_to']))
- $engine['bind_to'] = $_POST['policy_bind_to'];
- elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
- $engine['bind_to'] = "all";
- else
- $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
- }
- else {
- $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
- }
-
- if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "IDS"; }
- if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0)
- $engine['request-body-limit'] = $_POST['req_body_limit'];
- else
- $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero.");
-
- if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0)
- $engine['response-body-limit'] = $_POST['resp_body_limit'];
- else
- $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero.");
-
- if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; }
- if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; }
-
- /* Can only have one "all" Bind_To address */
- if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
- $input_errors[] = gettext("Only one default HTTP Server Policy Engine can be bound to all addresses.");
- $pconfig = $engine;
- }
-
- /* if no errors, write new entry to conf */
- if (!$input_errors) {
- if (isset($eng_id) && $a_nat[$eng_id]) {
- $a_nat[$eng_id] = $engine;
- }
- else
- $a_nat[] = $engine;
-
- /* Reorder the engine array to ensure the */
- /* 'bind_to=all' entry is at the bottom */
- /* if it contains more than one entry. */
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- /* Only relocate the entry if we */
- /* found it, and it's not already */
- /* at the end. */
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- /* Now write the new engine array to conf */
- write_config();
-
- header("Location: /suricata/suricata_app_parsers.php?id={$id}");
- exit;
- }
-}
-
-$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['suricata']['rule'][$id]['interface']);
-$pgtitle = gettext("Suricata: Interface {$if_friendly} HTTP Server Policy Engine");
-include_once("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
-
-<?php
-include("fbegin.inc");
-if ($input_errors) print_input_errors($input_errors);
-if ($savemsg)
- print_info_box($savemsg);
+/**************************************************************************************
+ This file contains code for adding/editing an existing Libhtp Policy Engine.
+ It is included and injected inline as needed into the suricata_app_parsers.php
+ page to provide the edit functionality for Host OS Policy Engines.
+
+ The following variables are assumed to exist and must be initialized
+ as necessary in order to utilize this page.
+
+ $g --> system global variables array
+ $config --> global variable pointing to configuration information
+ $pengcfg --> array containing current Libhtp Policy engine configuration
+
+ Information is returned from this page via the following form fields:
+
+ policy_name --> Unique Name for the Libhtp Policy Engine
+ policy_bind_to --> Alias name representing "bind_to" IP address for engine
+ personality --> Operating system chosen for engine policy
+ select_alias --> Submit button for select alias operation
+ req_body_limit --> Request Body Limit size
+ resp_body_limit --> Response Body Limit size
+ enable_double_decode_path --> double-decode path part of URI
+ enable_double_decode_query --> double-decode query string part of URI
+ save_libhtp_policy --> Submit button for save operation and exit
+ cancel_libhtp_policy --> Submit button to cancel operation and exit
+ **************************************************************************************/
?>
-<form action="suricata_libhtp_policy_engine.php" method="post" name="iform" id="iform">
-<input name="id" type="hidden" value="<?=$id?>">
-<input name="eng_id" type="hidden" value="<?=$eng_id?>">
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
-<td class="tabcont">
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
+<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="middle" class="listtopic"><?php echo gettext("Suricata Target-Based HTTP Server Policy Configuration"); ?></td>
</tr>
@@ -186,8 +61,8 @@ if ($savemsg)
<td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td>
<td class="vtable">
<input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25"
- value="<?=htmlspecialchars($pconfig['name']);?>"<?php if (htmlspecialchars($pconfig['name']) == "default") echo "readonly";?>>&nbsp;
- <?php if (htmlspecialchars($pconfig['name']) <> "default")
+ value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>>&nbsp;
+ <?php if (htmlspecialchars($pengcfg['name']) <> "default")
echo gettext("Name or description for this engine. (Max 25 characters)");
else
echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/>
@@ -198,13 +73,13 @@ if ($savemsg)
<tr>
<td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td>
<td class="vtable">
- <?php if ($pconfig['name'] <> "default") : ?>
+ <?php if ($pengcfg['name'] <> "default") : ?>
<table width="95%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off">&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -214,7 +89,7 @@ if ($savemsg)
<br/><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?>
<?php else : ?>
<input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" autocomplete="off" readonly>&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly>&nbsp;
<?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/>
<?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/>
<?php endif ?>
@@ -228,7 +103,7 @@ if ($savemsg)
$profile = array( 'Apache', 'Apache_2_2', 'Generic', 'IDS', 'IIS_4_0', 'IIS_5_0', 'IIS_5_1', 'IIS_6_0', 'IIS_7_0', 'IIS_7_5', 'Minimal' );
foreach ($profile as $val): ?>
<option value="<?=$val;?>"
- <?php if ($val == $pconfig['personality']) echo "selected"; ?>>
+ <?php if ($val == $pengcfg['personality']) echo "selected"; ?>>
<?=gettext($val);?></option>
<?php endforeach; ?>
</select>&nbsp;&nbsp;<?php echo gettext("Choose the web server personality appropriate for the protected hosts. The default is ") .
@@ -243,7 +118,7 @@ if ($savemsg)
<td width="22%" valign="top" class="vncell"><?php echo gettext("Request Body Limit"); ?></td>
<td width="78%" class="vtable">
<input name="req_body_limit" type="text" class="formfld unknown" id="req_body_limit" size="9"
- value="<?=htmlspecialchars($pconfig['request-body-limit']);?>">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['request-body-limit']);?>">&nbsp;
<?php echo gettext("Maximum number of HTTP request body bytes to inspect. Default is ") .
"<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/>
<?php echo gettext("HTTP request bodies are often big, so they take a lot of time to process which has a significant impact ") .
@@ -255,7 +130,7 @@ if ($savemsg)
<td width="22%" valign="top" class="vncell"><?php echo gettext("Response Body Limit"); ?></td>
<td width="78%" class="vtable">
<input name="resp_body_limit" type="text" class="formfld unknown" id="resp_body_limit" size="9"
- value="<?=htmlspecialchars($pconfig['response-body-limit']);?>">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['response-body-limit']);?>">&nbsp;
<?php echo gettext("Maximum number of HTTP response body bytes to inspect. Default is ") .
"<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/>
<?php echo gettext("HTTP response bodies are often big, so they take a lot of time to process which has a significant impact ") .
@@ -268,31 +143,25 @@ if ($savemsg)
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Path"); ?></td>
- <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="on" <?php if ($pconfig['double-decode-path'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-path'] == "yes") echo "checked"; ?>>
<?php echo gettext("Suricata will double-decode path section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Query"); ?></td>
- <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="on" <?php if ($pconfig['double-decode-query'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-query'] == "yes") echo "checked"; ?>>
<?php echo gettext("Suricata will double-decode query string section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
</tr>
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save_libhtp_policy" id="save_libhtp_policy" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save web server policy engine settings and return to App Parsers tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
- <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
+ <input name="cancel_libhtp_policy" id="cancel_libhtp_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo
gettext("Cancel changes and return to App Parsers tab"); ?>"></td>
</tr>
</table>
-</td>
-</tr>
-</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
+
<script type="text/javascript" src="/javascript/autosuggest.js">
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
@@ -311,4 +180,3 @@ setTimeout("createAutoSuggest();", 500);
</script>
-</html>
diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php
index 38310b9f..9fc24927 100644
--- a/config/suricata/suricata_logs_browser.php
+++ b/config/suricata/suricata_logs_browser.php
@@ -32,6 +32,8 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
if ($_POST['instance'])
$instanceid = $_POST['instance'];
+if ($_GET['instance'])
+ $instanceid = $_GET['instance'];
if (empty($instanceid))
$instanceid = 0;
diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php
index 61918e65..c9360901 100644
--- a/config/suricata/suricata_os_policy_engine.php
+++ b/config/suricata/suricata_os_policy_engine.php
@@ -26,153 +26,39 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
-
-global $g;
-
-// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (isset($_POST['eng_id']))
- $eng_id = $_POST['eng_id'];
-
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
-
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item']))
- $config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array();
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'];
-
-$pconfig = array();
-if (empty($a_nat[$eng_id])) {
- $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "policy" => "bsd" );
- // See if this is initial entry and set to "default" if true
- if ($eng_id < 1) {
- $def['name'] = "default";
- $def['bind_to'] = "all";
- }
- $pconfig = $def;
-}
-else {
- $pconfig = $a_nat[$eng_id];
-
- // Check for any empty values and set sensible defaults
- if (empty($pconfig['policy']))
- $pconfig['policy'] = "bsd";
-}
-
-if ($_POST['Cancel']) {
- header("Location: /suricata/suricata_flow_stream.php?id={$id}");
- exit;
-}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
-}
-
-if ($_POST['Submit']) {
-
- /* Grab all the POST values and save in new temp array */
- $engine = array();
- if ($_POST['policy_name']) { $engine['name'] = trim($_POST['policy_name']); } else { $engine['name'] = "default"; }
- if ($_POST['policy_bind_to']) {
- if (is_alias($_POST['policy_bind_to']))
- $engine['bind_to'] = $_POST['policy_bind_to'];
- elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
- $engine['bind_to'] = "all";
- else
- $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
- }
- else {
- $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
- }
-
- if ($_POST['policy']) { $engine['policy'] = $_POST['policy']; } else { $engine['policy'] = "bsd"; }
-
- /* Can only have one "all" Bind_To address */
- if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
- $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
- $pconfig = $engine;
- }
-
- /* if no errors, write new entry to conf */
- if (!$input_errors) {
- if (isset($eng_id) && $a_nat[$eng_id]) {
- $a_nat[$eng_id] = $engine;
- }
- else
- $a_nat[] = $engine;
-
- /* Reorder the engine array to ensure the */
- /* 'bind_to=all' entry is at the bottom */
- /* if it contains more than one entry. */
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- /* Only relocate the entry if we */
- /* found it, and it's not already */
- /* at the end. */
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- /* Now write the new engine array to conf */
- write_config();
-
- header("Location: /suricata/suricata_flow_stream.php?id={$id}");
- exit;
- }
-}
-
-$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['suricata']['rule'][$id]['interface']);
-$pgtitle = gettext("Suricata: Interface {$if_friendly} Operating System Policy Engine");
-include_once("head.inc");
-
+/**************************************************************************************
+ This file contains code for adding/editing an existing Host OS Policy Engine.
+ It is included and injected inline as needed into the suricata_stream_flow.php
+ page to provide the edit functionality for Host OS Policy Engines.
+
+ The following variables are assumed to exist and must be initialized
+ as necessary in order to utilize this page.
+
+ $g --> system global variables array
+ $config --> global variable pointing to configuration information
+ $pengcfg --> array containing current Host OS Policy engine configuration
+
+ Information is returned from this page via the following form fields:
+
+ policy_name --> Unique Name for the Host OS Policy Engine
+ policy_bind_to --> Alias name representing "bind_to" IP address for engine
+ policy --> Operating system chosen for engine policy
+ select_alias --> Submit button for select alias operation
+ save_os_policy --> Submit button for save operation and exit
+ cancel_os_policy --> Submit button to cancel operation and exit
+ **************************************************************************************/
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
-
-<?php
-include("fbegin.inc");
-if ($input_errors) print_input_errors($input_errors);
-if ($savemsg)
- print_info_box($savemsg);
-?>
-
-<form action="suricata_os_policy_engine.php" method="post" name="iform" id="iform">
-<input name="id" type="hidden" value="<?=$id?>">
-<input name="eng_id" type="hidden" value="<?=$eng_id?>">
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
-<td class="tabcont">
-<table width="100%" border="0" cellpadding="6" cellspacing="0">
+<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td colspan="2" valign="middle" class="listtopic"><?php echo gettext("Suricata Target-Based OS Policy Engine Configuration"); ?></td>
+ <td colspan="2" align="center" class="listtopic"><?php echo gettext("Suricata Target-Based Host OS Policy Engine Configuration"); ?></td>
</tr>
<tr>
- <td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td>
+ <td valign="top" class="vncell"><?php echo gettext("Policy Name"); ?></td>
<td class="vtable">
<input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25"
- value="<?=htmlspecialchars($pconfig['name']);?>"<?php if (htmlspecialchars($pconfig['name']) == "default") echo "readonly";?>>&nbsp;
- <?php if (htmlspecialchars($pconfig['name']) <> "default")
+ value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>/>&nbsp;
+ <?php if (htmlspecialchars($pengcfg['name']) <> "default")
echo gettext("Name or description for this engine. (Max 25 characters)");
else
echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/>
@@ -183,13 +69,13 @@ if ($savemsg)
<tr>
<td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td>
<td class="vtable">
- <?php if ($pconfig['name'] <> "default") : ?>
+ <?php if ($pengcfg['name'] <> "default") : ?>
<table width="95%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off"/>&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -200,7 +86,7 @@ if ($savemsg)
&nbsp;&nbsp;&nbsp;&nbsp;
<?php else : ?>
<input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" autocomplete="off" readonly>&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly>&nbsp;
<?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/>
<?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/>
<?php endif ?>
@@ -214,7 +100,7 @@ if ($savemsg)
$profile = array( 'BSD', 'BSD-Right', 'HPUX10', 'HPUX11', 'Irix', 'Linux', 'Mac-OS', 'Old-Linux', 'Old-Solaris', 'Solaris', 'Vista', 'Windows', 'Windows2k3' );
foreach ($profile as $val): ?>
<option value="<?=strtolower($val);?>"
- <?php if (strtolower($val) == $pconfig['policy']) echo "selected"; ?>>
+ <?php if (strtolower($val) == $pengcfg['policy']) echo "selected"; ?>>
<?=gettext($val);?></option>
<?php endforeach; ?>
</select>&nbsp;&nbsp;<?php echo gettext("Choose the OS target policy appropriate for the protected hosts. The default is ") .
@@ -225,20 +111,13 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save_os_policy" id="save_os_policy" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save OS policy engine settings and return to Flow/Stream tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
- <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
+ <input name="cancel_os_policy" id="cancel_os_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo
gettext("Cancel changes and return to Flow/Stream tab"); ?>"></td>
</tr>
</table>
-</td>
-</tr>
-</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
<script type="text/javascript" src="/javascript/autosuggest.js">
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
@@ -258,4 +137,3 @@ setTimeout("createAutoSuggest();", 500);
</script>
-</html>
diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 653f47fd..72257325 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -87,6 +87,17 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
foreach ($suriconf as $value) {
$if_real = get_real_interface($value['interface']);
+ // ## BETA pkg bug fix-up -- be sure default rules enabled ##
+ $rules = explode("||", $value['rulesets']);
+ foreach (array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" ) as $r){
+ if (!in_array($r, $rules))
+ $rules[] = $r;
+ }
+ natcasesort($rules);
+ $value['rulesets'] = implode("||", $rules);
+ write_config();
+ // ## end of BETA pkg bug fix-up ##
+
// create a suricata.yaml file for interface
suricata_generate_yaml($value);
@@ -106,6 +117,12 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
// Add the recurring jobs created above to crontab
configure_cron();
+ // Restore the Dashboard Widget if it was previously enabled and saved
+ if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget']) && !empty($config['widgets']['sequence']))
+ $config['widgets']['sequence'] .= "," . $config['installedpackages']['suricata']['config'][0]['dashboard_widget'];
+ if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']) && !empty($config['widgets']))
+ $config['widgets']['widget_suricata_display_lines'] = $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows'];
+
$rebuild_rules = false;
update_output_window(gettext("Finished rebuilding Suricata configuration files..."));
log_error(gettext("[Suricata] Finished rebuilding installation from saved settings..."));
@@ -121,7 +138,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
}
// Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "0.1-BETA";
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v0.2-BETA";
write_config();
// Done with post-install, so clear flag
diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index b848b4e8..1a0c54b5 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -27,7 +27,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -35,38 +34,24 @@ global $g, $rebuild_rules;
$suricatadir = SURICATADIR;
$rules_map = array();
+$pconfig = array();
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_rule = &$config['installedpackages']['suricata']['rule'];
-$id = $_GET['id'];
-if (isset($_POST['id']))
+if ($_GET['id'])
+ $id = $_GET['id'];
+if ($_POST['id'])
$id = $_POST['id'];
if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
+ $id = 0;
}
if (isset($id) && $a_rule[$id]) {
- $pconfig['enable'] = $a_rule[$id]['enable'];
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
- if (!empty($a_rule[$id]['customrules']))
- $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
-}
-
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 2)) . "...";
- return $string;
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
}
function add_title_attribute($tag, $title) {
@@ -111,8 +96,10 @@ $etpro = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rul
$categories = explode("||", $pconfig['rulesets']);
if ($_GET['openruleset'])
- $currentruleset = $_GET['openruleset'];
-else if ($_POST['openruleset'])
+ $currentruleset = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
+elseif ($_POST['selectbox'])
+ $currentruleset = $_POST['selectbox'];
+elseif ($_POST['openruleset'])
$currentruleset = $_POST['openruleset'];
else
$currentruleset = $categories[0];
@@ -149,13 +136,11 @@ if ($currentruleset != 'custom.rules') {
$enablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_on']);
$disablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_off']);
-if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
-
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gid'];
+if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) {
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['ids'];
+ // Get the GID:SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gid'];
+ $sid = $_POST['sid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it back to default if present; otherwise,
@@ -199,11 +184,9 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
- $_GET['openruleset'] = $currentruleset;
$anchor = "rule_{$gid}_{$sid}";
}
-
-if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
+elseif ($_POST['disable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "disabled".
foreach (array_keys($rules_map) as $k1) {
@@ -240,13 +223,8 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
+elseif ($_POST['enable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "enabled".
foreach (array_keys($rules_map) as $k1) {
@@ -282,13 +260,8 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
+elseif ($_POST['resetcategory'] && !empty($rules_map)) {
// Reset any modified SIDs in the current rule category to their defaults.
foreach (array_keys($rules_map) as $k1) {
@@ -326,13 +299,8 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "resetall" && !empty($rules_map)) {
+elseif ($_POST['resetall'] && !empty($rules_map)) {
// Remove all modified SIDs from config.xml and save the changes.
unset($a_rule[$id]['rule_sid_on']);
@@ -340,46 +308,32 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_POST['clear']) {
+elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
write_config();
$rebuild_rules = true;
suricata_generate_yaml($a_rule[$id]);
$rebuild_rules = false;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ $pconfig['customrules'] = '';
}
-
-if ($_POST['customrules']) {
- $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
+elseif ($_POST['cancel']) {
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
+}
+elseif ($_POST['save']) {
+ $pconfig['customrules'] = $_POST['customrules'];
+ if ($_POST['customrules'])
+ $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
+ else
+ unset($a_rule[$id]['customrules']);
write_config();
$rebuild_rules = true;
suricata_generate_yaml($a_rule[$id]);
$rebuild_rules = false;
- $output = "";
- $retcode = "";
-// exec("/usr/local/bin/snort -T -c {$snortdir}/snort_{$snort_uuid}_{$if_real}/snort.conf 2>&1", $output, $retcode);
-// if (intval($retcode) != 0) {
-// $error = "";
-// $start = count($output);
-// $end = $start - 4;
-// for($i = $start; $i > $end; $i--)
-// $error .= $output[$i];
-// $input_errors[] = "Custom rules have errors:\n {$error}";
-// }
-// else {
-// header("Location: /snort/snort_rules.php?id={$id}&openruleset={$currentruleset}");
-// exit;
-// }
+ /* Signal Suricata to "live reload" the rules */
+ suricata_reload_config($a_rule[$id]);
}
-
-else if ($_POST['apply']) {
+elseif ($_POST['apply']) {
/* Save new configuration */
write_config();
@@ -394,16 +348,6 @@ else if ($_POST['apply']) {
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_rule[$id]);
-
- /* Return to this same page */
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
-}
-else if ($_POST['cancel']) {
-
- /* Return to this same page */
- header("Location: /suricata/suricata_rules.php?id={$id}");
- exit;
}
require_once("guiconfig.inc");
@@ -416,9 +360,7 @@ $pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
-if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-/* Display message */
+/* Display error or save messages if present */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
@@ -429,7 +371,11 @@ if ($savemsg) {
?>
-<form action="/suricata/suricata_rules.php" method="post" name="iform" id="iform">
+<form action='/suricata/suricata_rules.php' method='post' name='iform' id='iform'>
+<input type='hidden' name='id' id='id' value='<?=$id;?>'/>
+<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/>
+<input type='hidden' name='sid' id='sid' value=''/>
+<input type='hidden' name='gid' id='gid' value=''/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -439,7 +385,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -460,31 +406,31 @@ if ($savemsg) {
<tr>
<td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td>
</tr>
-
<tr>
- <td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;<select id="selectbox" name="selectbox" class="formselect" onChange="go()">
- <option value='?id=<?=$id;?>&openruleset=custom.rules'>custom.rules</option>
+ <td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;
+ <select id="selectbox" name="selectbox" class="formselect" onChange="go();">
+ <option value='custom.rules'>custom.rules</option>
<?php
- $files = explode("||", $pconfig['rulesets']);
- if ($a_rule[$id]['ips_policy_enable'] == 'on')
- $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
- if ($a_rule[$id]['autoflowbitrules'] == 'on')
- $files[] = "Auto-Flowbit Rules";
- natcasesort($files);
- foreach ($files as $value) {
- if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX)
- continue;
- if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX)
- continue;
- if ($etpro != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX)
- continue;
- if (empty($value))
- continue;
- echo "<option value='?id={$id}&openruleset={$value}' ";
- if ($value == $currentruleset)
- echo "selected";
- echo ">{$value}</option>\n";
- }
+ $files = explode("||", $pconfig['rulesets']);
+ if ($a_rule[$id]['ips_policy_enable'] == 'on')
+ $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
+ if ($a_rule[$id]['autoflowbitrules'] == 'on')
+ $files[] = "Auto-Flowbit Rules";
+ natcasesort($files);
+ foreach ($files as $value) {
+ if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX)
+ continue;
+ if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX)
+ continue;
+ if ($etpro != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX)
+ continue;
+ if (empty($value))
+ continue;
+ echo "<option value='{$value}' ";
+ if ($value == $currentruleset)
+ echo "selected";
+ echo ">{$value}</option>\n";
+ }
?>
</select>&nbsp;&nbsp;&nbsp;<?php echo gettext("Select the rule category to view"); ?>
</td>
@@ -496,15 +442,13 @@ if ($savemsg) {
</tr>
<tr>
<td valign="top" class="vtable">
- <input type='hidden' name='openruleset' value='custom.rules'>
- <input type='hidden' name='id' value='<?=$id;?>'>
<textarea wrap="soft" cols="90" rows="40" name="customrules"><?=$pconfig['customrules'];?></textarea>
</td>
</tr>
<tr>
<td>
- <input name="Submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
- <input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel changes and return to last page"); ?>"/>&nbsp;&nbsp;
+ <input name="save" type="submit" class="formbtn" id="save" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
+ <input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel all changes made prior to last save"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/>
</td>
</tr>
@@ -517,43 +461,40 @@ if ($savemsg) {
<table width="100%" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
<td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
- title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/>
- <input type='hidden' name='id' value='<?=$id;?>'/>
- <input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/><br/><br/>
+ title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/>
<span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" .
gettext("Suricata must be restarted to activate any SID enable/disable changes made on this tab."); ?></span></td>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetcategory[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'></a>"?>
+ title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove Enable/Disable changes in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetall'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetall[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'></a>"?>
+ title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove all Enable/Disable changes in all Categories"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=disable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='disable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to disable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to disable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Disable all rules in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=enable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='enable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus_mo.gif\"' border='0'
- title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to enable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Enable all rules in the current Category"); ?></td>
</tr>
-
<tr>
<td class="vexpl" valign="middle"><a href="javascript: void(0)"
onclick="wopen('suricata_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
@@ -563,7 +504,6 @@ if ($savemsg) {
title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a>
&nbsp;&nbsp;<?php echo gettext("View full file contents for the current Category"); ?></td>
</tr>
-
<?php if ($currentruleset == 'Auto-Flowbit Rules'): ?>
<tr>
<td colspan="3">&nbsp;</td>
@@ -578,7 +518,6 @@ if ($savemsg) {
</table>
</td>
</tr>
-
<tr>
<td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td>
</tr>
@@ -586,10 +525,9 @@ if ($savemsg) {
<td>
<table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="14" align="left" valign="middle">
+ <col width="20" align="left" valign="middle">
<col width="6%" align="center" axis="number">
<col width="8%" align="center" axis="number">
- <col width="54" align="center" axis="string">
<col width="52" align="center" axis="string">
<col width="12%" align="center" axis="string">
<col width="9%" align="center" axis="string">
@@ -602,7 +540,6 @@ if ($savemsg) {
<th class="list">&nbsp;</th>
<th class="listhdrr"><?php echo gettext("GID"); ?></th>
<th class="listhdrr"><?php echo gettext("SID"); ?></th>
- <th class="listhdrr"><?php echo gettext("Action"); ?></th>
<th class="listhdrr"><?php echo gettext("Proto"); ?></th>
<th class="listhdrr"><?php echo gettext("Source"); ?></th>
<th class="listhdrr"><?php echo gettext("Port"); ?></th>
@@ -653,53 +590,50 @@ if ($savemsg) {
$tmp = trim(preg_replace('/^\s*#+\s*/', '', $tmp));
$rule_content = preg_split('/[\s]+/', $tmp);
- // Create custom <span> tags for the fields we truncate so we can
+ // Create custom <span> tags for some of the fields so we can
// have a "title" attribute for tooltips to show the full string.
$srcspan = add_title_attribute($textss, $rule_content[2]);
$srcprtspan = add_title_attribute($textss, $rule_content[3]);
$dstspan = add_title_attribute($textss, $rule_content[5]);
$dstprtspan = add_title_attribute($textss, $rule_content[6]);
$protocol = $rule_content[1]; //protocol field
- $source = truncate($rule_content[2], 14); //source field
- $source_port = truncate($rule_content[3], 10); //source port field
- $destination = truncate($rule_content[5], 14); //destination field
- $destination_port = truncate($rule_content[6], 10); //destination port field
+ $source = $rule_content[2]; //source field
+ $source_port = $rule_content[3]; //source port field
+ $destination = $rule_content[5]; //destination field
+ $destination_port = $rule_content[6]; //destination port field
$message = suricata_get_msg($v['rule']);
$sid_tooltip = gettext("View the raw text for this rule");
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss}
- <a href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}'>
- <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
- width=\"11\" height=\"11\" border=\"0\"
- title='{$title}' id=\"rule_{$gid}_{$sid}\"></a>{$textse}
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/>{$textse}
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listlr\" align=\"center\" style=\"font-size: 11px;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$gid}{$textse}
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listlr\" align=\"center\" style=\"font-size: 11px;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
<a href=\"javascript: void(0)\"
- onclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&ids={$sid}&gid={$gid}','FileViewer',800,600)\"
+ onclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\"
title='{$sid_tooltip}'>{$textss}{$sid}{$textse}</a>
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
- {$textss}{$v['action']}{$textse}
- </td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listlr\" align=\"center\" style=\"font-size: 11px;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$protocol}{$textse}
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listlr ellipsis\" align=\"center\" style=\"font-size: 11px;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcspan}{$source}</span>
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listlr ellipsis\" align=\"center\" style=\"font-size: 11px;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$srcprtspan}{$source_port}</span>
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listlr ellipsis\" align=\"center\" style=\"font-size: 11px;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstspan}{$destination}</span>
</td>
- <td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
+ <td class=\"listlr ellipsis\" align=\"center\" style=\"font-size: 11px;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$dstprtspan}{$destination_port}</span>
</td>
- <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line; font-size: 10px; font-color: white;\">
+ <td class=\"listbg\" style=\"word-wrap:break-word; whitespace:pre-line; font-size: 11px; font-color: white;\" ondblclick=\"wopen('suricata_rules_edit.php?id={$id}&openruleset={$currentruleset}&sid={$sid}&gid={$gid}','FileViewer',800,600);\">
{$textss}{$message}{$textse}
</td>
</tr>";
@@ -752,15 +686,14 @@ if ($savemsg) {
</tr>
</table>
</form>
-<?php include("fend.inc"); ?>
-
<script language="javascript" type="text/javascript">
function go()
{
- var box = document.iform.selectbox;
- destination = box.options[box.selectedIndex].value;
- if (destination)
- location.href = destination;
+ var box = document.getElementById("selectbox");
+ var ruleset = box.options[box.selectedIndex].value;
+ if (ruleset)
+ document.getElementById("openruleset").value = ruleset;
+ document.getElementById("iform").submit();
}
function wopen(url, name, w, h)
@@ -784,7 +717,8 @@ function wopen(url, name, w, h)
window.scrollBy(0,-60);
<?php endif;?>
-
</script>
+<?php include("fend.inc"); ?>
+
</body>
</html>
diff --git a/config/suricata/suricata_rules_edit.php b/config/suricata/suricata_rules_edit.php
index 0dc4c57b..ad6b2986 100644
--- a/config/suricata/suricata_rules_edit.php
+++ b/config/suricata/suricata_rules_edit.php
@@ -49,12 +49,16 @@ if (isset($id) && $a_rule[$id]) {
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
}
+else {
+ header("Location: /suricata/suricata_interfaces.php");
+ exit;
+}
/* convert fake interfaces to real */
-$if_real = suricata_get_real_interface($pconfig['interface']);
+$if_real = get_real_interface($pconfig['interface']);
$suricata_uuid = $a_rule[$id]['uuid'];
$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
-$file = $_GET['openruleset'];
+$file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
$contents = '';
$wrap_flag = "off";
@@ -86,33 +90,26 @@ if (substr($file, 0, 10) == "IPS Policy") {
unset($rules_map);
}
// Is it a SID to load the rule text from?
-elseif (isset($_GET['ids'])) {
+elseif (isset($_GET['sid']) && is_numeric(trim($_GET['sid']))) {
// If flowbit rule, point to interface-specific file
if ($file == "Auto-Flowbit Rules")
$rules_map = suricata_load_rules_map("{$suricatacfgdir}rules/" . FLOWBITS_FILENAME);
else
$rules_map = suricata_load_rules_map("{$suricatadir}rules/{$file}");
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
-
// Is it our special flowbit rules file?
elseif ($file == "Auto-Flowbit Rules")
$contents = file_get_contents("{$suricatacfgdir}rules/{$flowbit_rules_file}");
// Is it a rules file in the ../rules/ directory?
elseif (file_exists("{$suricatadir}rules/{$file}"))
$contents = file_get_contents("{$suricatadir}rules/{$file}");
-// Is it a fully qualified path and file?
-elseif (file_exists($file))
- if (substr(realpath($file), 0, strlen(SURICATALOGDIR)) != SURICATALOGDIR)
- $contents = gettext("\n\nERROR -- File: {$file} can not be viewed!");
- else
- $contents = file_get_contents($file);
// It is not something we can display, so exit.
else
$input_errors[] = gettext("Unable to open file: {$displayfile}");
-$pgtitle = array(gettext("Suricata"), gettext("File Viewer"));
+$pgtitle = array(gettext("Suricata"), gettext("Rules File Viewer"));
?>
<?php include("head.inc");?>
@@ -131,7 +128,7 @@ $pgtitle = array(gettext("Suricata"), gettext("File Viewer"));
</tr>
<tr>
<td width="20%">
- <input type="button" class="formbtn" value="Return" onclick="window.close()">
+ <input type="button" class="formbtn" value="Close" onclick="window.close()"/>
</td>
<td align="right">
<b><?php echo gettext("Rules File: ") . '</b>&nbsp;' . $displayfile; ?>&nbsp;&nbsp;&nbsp;&nbsp;
diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php
index ca424344..53019894 100644
--- a/config/suricata/suricata_rules_flowbits.php
+++ b/config/suricata/suricata_rules_flowbits.php
@@ -41,34 +41,34 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) {
}
$a_nat = &$config['installedpackages']['suricata']['rule'];
-// Set who called us so we can return to the correct page with
-// the RETURN button. We will just trust this User-Agent supplied
-// string for now.
-session_start();
-if(!isset($_SESSION['org_referer']))
- $_SESSION['org_referer'] = $_SERVER['HTTP_REFERER'];
-$referrer = $_SESSION['org_referer'];
-
-if ($_POST['cancel']) {
- session_start();
- unset($_SESSION['org_referer']);
- session_write_close();
- header("Location: {$referrer}");
- exit;
-}
-
-$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
+elseif (isset($_GET['id']))
+ $id = $_GET['id'];
+
if (is_null($id)) {
- session_start();
- unset($_SESSION['org_referer']);
- session_write_close();
header("Location: /suricata/suricata_interfaces.php");
exit;
}
-$if_real = suricata_get_real_interface($a_nat[$id]['interface']);
+// Set who called us so we can return to the correct page with
+// the RETURN ('cancel') button.
+if ($_POST['referrer'])
+ $referrer = $_POST['referrer'];
+else
+ $referrer = $_SERVER['HTTP_REFERER'];
+
+// Make sure a rule index ID is appended to the return URL
+if (strpos($referrer, "?id={$id}") === FALSE)
+ $referrer .= "?id={$id}";
+
+// If RETURN button clicked, exit to original calling page
+if ($_POST['cancel']) {
+ header("Location: {$referrer}");
+ exit;
+}
+
+$if_real = get_real_interface($a_nat[$id]['interface']);
$suricata_uuid = $a_nat[$id]['uuid'];
/* We should normally never get to this page if Auto-Flowbits are disabled, but just in case... */
@@ -83,12 +83,13 @@ if ($a_nat[$id]['autoflowbitrules'] == 'on') {
else
$input_errors[] = gettext("Auto-Flowbit rule generation is disabled for this interface!");
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- $descr = suricata_get_msg($rules_map[$_GET['gen_id']][$_GET['sidid']]['rule']);
+if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid'])) {
+ $descr = suricata_get_msg($rules_map[$_POST['gid']][$_POST['sid']]['rule']);
+ $suppress = gettext("## -- This rule manually suppressed from the Auto-Flowbits list. -- ##\n");
if (empty($descr))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
+ $suppress .= "suppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
else
- $suppress = "# {$descr}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
+ $suppress .= "# {$descr}\nsuppress gen_id {$_POST['gid']}, sig_id {$_POST['sid']}\n";
if (!is_array($config['installedpackages']['suricata']['suppress']))
$config['installedpackages']['suricata']['suppress'] = array();
if (!is_array($config['installedpackages']['suricata']['suppress']['item']))
@@ -128,7 +129,7 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
$rebuild_rules = false;
sync_suricata_package_config();
suricata_reload_config($a_nat[$id]);
- $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
+ $savemsg = gettext("An entry to suppress the Alert for 'gen_id {$_POST['gid']}, sig_id {$_POST['sid']}' has been added to Suppress List '{$a_nat[$id]['suppresslistname']}'.");
}
else {
/* We did not find the defined list, so notify the user with an error */
@@ -136,23 +137,10 @@ if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_
}
}
-function truncate($string, $length) {
-
- /********************************
- * This function truncates the *
- * passed string to the length *
- * specified adding ellipsis if *
- * truncation was necessary. *
- ********************************/
- if (strlen($string) > $length)
- $string = substr($string, 0, ($length - 3)) . "...";
- return $string;
-}
-
/* Load up an array with the current Suppression List GID,SID values */
$supplist = suricata_load_suppress_sigs($a_nat[$id]);
-$if_friendly = suricata_get_friendly_interface($a_nat[$id]['interface']);
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Flowbit Rules");
include_once("head.inc");
@@ -162,12 +150,15 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
if ($input_errors) print_input_errors($input_errors);
if ($savemsg)
print_info_box($savemsg);
?>
<form action="suricata_rules_flowbits.php" method="post" name="iform" id="iform">
+<input type="hidden" name="id" value="<?=$id;?>"/>
+<input type="hidden" name="referrer" value="<?=$referrer;?>"/>
+<input type="hidden" name="sid" id="sid" value=""/>
+<input type="hidden" name="gid" id="gid" value=""/>
<div id="boxarea">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
@@ -248,18 +239,19 @@ if ($savemsg)
$rule_content = preg_split('/[\s]+/', $tmp);
$protocol = $rule_content[1]; //protocol
- $source = truncate($rule_content[2], 14); //source
- $destination = truncate($rule_content[5], 14); //destination
+ $source = $rule_content[2]; //source
+ $destination = $rule_content[5]; //destination
$message = suricata_get_msg($v['rule']);
$flowbits = implode("; ", suricata_get_flowbits($v['rule']));
if (strstr($flowbits, "noalert"))
$supplink = "";
else {
if (!isset($supplist[$gid][$sid])) {
- $supplink = "<a href=\"?id={$id}&act=addsuppress&sidid={$sid}&gen_id={$gid}\">";
- $supplink .= "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
+ $supplink = "<input type=\"image\" name=\"addsuppress[]\" onClick=\"document.getElementById('sid').value='{$sid}';";
+ $supplink .= "document.getElementById('gid').value='{$gid}';\" ";
+ $supplink .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" ";
$supplink .= "width='12' height='12' border='0' title='";
- $supplink .= gettext("Click to add to Suppress List") . "'/></a>";
+ $supplink .= gettext("Click to add to Suppress List") . "'/>";
}
else {
$supplink = "<img src=\"../themes/{$g['theme']}/images/icons/icon_plus_d.gif\" ";
@@ -270,10 +262,10 @@ if ($savemsg)
// Use "echo" to write the table HTML row-by-row.
echo "<tr>" .
- "<td class=\"listr\">{$sid}&nbsp;{$supplink}</td>" .
+ "<td class=\"listr\" sorttable_customkey=\"{$sid}\">{$sid}&nbsp;{$supplink}</td>" .
"<td class=\"listr\">{$protocol}</td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
- "<td class=\"listr\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
+ "<td class=\"listr ellipsis\"><span title=\"{$rule_content[2]}\">{$source}</span></td>" .
+ "<td class=\"listr ellipsis\"><span title=\"{$rule_content[5]}\">{$destination}</span></td>" .
"<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$flowbits}</td>" .
"<td class=\"listr\" style=\"word-wrap:break-word; word-break:normal;\">{$message}</td>" .
"</tr>";
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index a1609d6c..4365de4b 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -35,6 +35,10 @@ global $g, $rebuild_rules;
$suricatadir = SURICATADIR;
$flowbit_rules_file = FLOWBITS_FILENAME;
+// Array of default events rules for Suricata
+$default_rules = array( "decoder-events.rules", "files.rules", "http-events.rules",
+ "smtp-events.rules", "stream-events.rules", "tls-events.rules" );
+
if (!is_array($config['installedpackages']['suricata']['rule'])) {
$config['installedpackages']['suricata']['rule'] = array();
}
@@ -43,10 +47,8 @@ $a_nat = &$config['installedpackages']['suricata']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id = 0;
if (isset($id) && $a_nat[$id]) {
$pconfig['enable'] = $a_nat[$id]['enable'];
@@ -89,17 +91,6 @@ if (!file_exists("{$suricatadir}rules/" . GPL_FILE_PREFIX . "community.rules"))
if (($snortdownload != 'on') || ($a_nat[$id]['ips_policy_enable'] != 'on'))
$policy_select_disable = "disabled";
-if ($a_nat[$id]['autoflowbitrules'] == 'on') {
- if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") &&
- filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) {
- $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\"";
- }
- else
- $btn_view_flowb_rules = " disabled";
-}
-else
- $btn_view_flowb_rules = " disabled";
-
// If a Snort VRT policy is enabled and selected, remove all Snort VRT
// rules from the configured rule sets to allow automatic selection.
if ($a_nat[$id]['ips_policy_enable'] == 'on') {
@@ -117,9 +108,7 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') {
else
$disable_vrt_rules = "";
-/* alert file */
-if ($_POST["Submit"]) {
-
+if ($_POST["save"]) {
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
$a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
@@ -129,11 +118,12 @@ if ($_POST["Submit"]) {
unset($a_nat[$id]['ips_policy']);
}
- $enabled_items = "";
+ // Always start with the default events and files rules
+ $enabled_items = implode("||", $default_rules);
if (is_array($_POST['toenable']))
- $enabled_items = implode("||", $_POST['toenable']);
+ $enabled_items .= "||" . implode("||", $_POST['toenable']);
else
- $enabled_items = $_POST['toenable'];
+ $enabled_items .= "||{$_POST['toenable']}";
$a_nat[$id]['rulesets'] = $enabled_items;
@@ -155,12 +145,12 @@ if ($_POST["Submit"]) {
suricata_generate_yaml($a_nat[$id]);
$rebuild_rules = false;
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
+ /* Signal Suricata to "live reload" the rules */
+ suricata_reload_config($a_nat[$id]);
}
-
-if ($_POST['unselectall']) {
- $a_nat[$id]['rulesets'] = "";
+elseif ($_POST['unselectall']) {
+ // Remove all but the default events and files rules
+ $a_nat[$id]['rulesets'] = implode("||", $default_rules);
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -173,13 +163,10 @@ if ($_POST['unselectall']) {
write_config();
sync_suricata_package_config();
-
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
}
-
-if ($_POST['selectall']) {
- $rulesets = array();
+elseif ($_POST['selectall']) {
+ // Start with the required default events and files rules
+ $rulesets = $default_rules;
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -218,10 +205,20 @@ if ($_POST['selectall']) {
write_config();
sync_suricata_package_config();
+}
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
+// See if we have any Auto-Flowbit rules and enable
+// the VIEW button if we do.
+if ($a_nat[$id]['autoflowbitrules'] == 'on') {
+ if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") &&
+ filesize("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}") > 0) {
+ $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\"";
+ }
+ else
+ $btn_view_flowb_rules = " disabled";
}
+else
+ $btn_view_flowb_rules = " disabled";
$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
@@ -234,7 +231,6 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
@@ -258,7 +254,7 @@ if ($savemsg) {
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
- $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
display_top_tabs($tab_array);
echo '</td></tr>';
echo '<tr><td class="tabnavtbl">';
@@ -282,9 +278,8 @@ if ($savemsg) {
$isrulesfolderempty = glob("{$suricatadir}rules/*.rules");
$iscfgdirempty = array();
if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"))
- $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules");
- if (empty($isrulesfolderempty)):
-?>
+ $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"); ?>
+<?php if (empty($isrulesfolderempty)): ?>
<tr>
<td class="vexpl"><br/>
<?php printf(gettext("# The rules directory is empty: %s%srules%s"), '<strong>',$suricatadir,'</strong>'); ?> <br/><br/>
@@ -294,14 +289,7 @@ if ($savemsg) {
'</strong></a>' . gettext(" tab."); ?>
</td>
</tr>
-<?php else:
- $colspan = 4;
- if ($emergingdownload != 'on')
- $colspan -= 2;
- if ($snortdownload != 'on')
- $colspan -= 2;
-
-?>
+<?php else: ?>
<tr>
<td>
<table width="100%" border="0"
@@ -393,7 +381,7 @@ if ($savemsg) {
<tr height="45px">
<td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td>
<td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td>
- <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
+ <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
<td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td>
</tr>
</table>
@@ -531,7 +519,7 @@ if ($savemsg) {
</tr>
<tr>
<td colspan="4" align="center" valign="middle">
- <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
+ <input value="Save" type="submit" name="save" id="save" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
</tr>
<?php endif; ?>
</table>
@@ -581,7 +569,7 @@ function enable_change()
for (var i = 0; i < document.iform.elements.length; i++) {
if (document.iform.elements[i].type == 'checkbox') {
var str = document.iform.elements[i].value;
- if (str.substr(0,6) == "suricata_")
+ if (str.substr(0,6) == "snort_")
document.iform.elements[i].disabled = !(endis);
}
}
diff --git a/config/suricata/suricata_select_alias.php b/config/suricata/suricata_select_alias.php
deleted file mode 100644
index f1fd4b93..00000000
--- a/config/suricata/suricata_select_alias.php
+++ /dev/null
@@ -1,226 +0,0 @@
-<?php
-/* $Id$ */
-/*
- suricata_select_alias.php
- Copyright (C) 2014 Bill Meeks
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require("guiconfig.inc");
-require_once("functions.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
-
-// Need to keep track of who called us so we can return to the correct page
-// when the SAVE button is clicked. On initial entry, a GET variable is
-// passed with the referrer's URL encoded within. That value is saved and
-// used when SAVE or CANCEL is clicked to return to the referring page.
-//
-
-// Retrieve the QUERY STRING of the original referrer so we can return it.
-// On the initial pass, we will save it in a hidden POST field so we won't
-// overwrite it on subsequent POST-BACKs to this page.
-if (!isset($_POST['org_querystr']))
- $querystr = $_SERVER['QUERY_STRING'];
-
-// Retrieve any passed QUERY STRING or POST variables
-$type = $_GET['type'];
-$varname = $_GET['varname'];
-$multi_ip = $_GET['multi_ip'];
-$referrer = urldecode($_GET['returl']);
-if (isset($_POST['type']))
- $type = $_POST['type'];
-if (isset($_POST['varname']))
- $varname = $_POST['varname'];
-if (isset($_POST['multi_ip']))
- $multi_ip = $_POST['multi_ip'];
-if (isset($_POST['returl']))
- $referrer = urldecode($_POST['returl']);
-if (isset($_POST['org_querystr']))
- $querystr = $_POST['org_querystr'];
-
-// Make sure we have a valid VARIABLE name
-// and ALIAS TYPE, or else bail out.
-if (is_null($type) || is_null($varname)) {
- header("Location: http://{$referrer}?{$querystr}");
- exit;
-}
-
-// Used to track if any selectable Aliases are found
-$selectablealias = false;
-
-// Initialize required array variables as necessary
-if (!is_array($config['aliases']['alias']))
- $config['aliases']['alias'] = array();
-$a_aliases = $config['aliases']['alias'];
-
-// Create an array consisting of the Alias types the
-// caller wants to select from.
-$a_types = array();
-$a_types = explode('|', strtolower($type));
-
-// Create a proper title based on the Alias types
-$title = "a";
-switch (count($a_types)) {
- case 1:
- $title .= " " . ucfirst($a_types[0]);
- break;
-
- case 2:
- $title .= " " . ucfirst($a_types[0]) . " or " . ucfirst($a_types[1]);
- break;
-
- case 3:
- $title .= " " . ucfirst($a_types[0]) . ", " . ucfirst($a_types[1]) . " or " . ucfirst($a_types[2]);
-
- default:
- $title = "n";
-}
-
-if ($_POST['cancel']) {
- header("Location: {$referrer}?{$querystr}");
- exit;
-}
-
-if ($_POST['save']) {
- if(empty($_POST['alias']))
- $input_errors[] = gettext("No alias is selected. Please select an alias before saving.");
-
- // if no errors, write new entry to conf
- if (!$input_errors) {
- $selection = $_POST['alias'];
- header("Location: {$referrer}?{$querystr}&varvalue={$selection}");
- exit;
- }
-}
-
-$pgtitle = gettext("Suricata: Select {$title} Alias");
-include("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<form action="suricata_select_alias.php" method="post">
-<input type="hidden" name="varname" value="<?=$varname;?>">
-<input type="hidden" name="type" value="<?=$type;?>">
-<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>">
-<input type="hidden" name="returl" value="<?=$referrer;?>">
-<input type="hidden" name="org_querystr" value="<?=$querystr;?>">
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
- <td class="tabcont"><strong><?=gettext("Select an Alias to use from the list below.");?></strong><br/>
- </td>
-</tr>
-<tr>
- <td class="tabcont">
- <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
- <colgroup>
- <col width="5%" align="center">
- <col width="25%" align="left" axis="string">
- <col width="35%" align="left" axis="string">
- <col width="35%" align="left" axis="string">
- </colgroup>
- <thead>
- <tr>
- <th class="listhdrr"></th>
- <th class="listhdrr" axis="string"><?=gettext("Alias Name"); ?></th>
- <th class="listhdrr" axis="string"><?=gettext("Values"); ?></th>
- <th class="listhdrr" axis="string"><?=gettext("Description"); ?></th>
- </tr>
- </thead>
- <tbody>
- <?php $i = 0; foreach ($a_aliases as $alias): ?>
- <?php if (!in_array($alias['type'], $a_types))
- continue;
- elseif (($alias['type'] == "network" || $alias['type'] == "host") &&
- trim(filter_expand_alias($alias['name'])) == "") {
- $textss = "<span class=\"gray\">";
- $textse = "</span>";
- $disable = true;
- $tooltip = gettext("Aliases representing a FQDN host cannot be used in Suricata configurations.");
- }
- else {
- $textss = "";
- $textse = "";
- $disable = "";
- $selectablealias = true;
- $tooltip = gettext("Selected entry will be imported. Click to toggle selection.");
- }
- ?>
- <?php if ($disable): ?>
- <tr title="<?=$tooltip;?>">
- <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
- <?php else: ?>
- <tr>
- <td class="listlr" align="center"><input type="radio" name="alias" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
- <?php endif; ?>
- <td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td>
- <td class="listr" align="left">
- <?php
- $tmpaddr = explode(" ", $alias['address']);
- $addresses = implode(", ", array_slice($tmpaddr, 0, 10));
- echo "{$textss}{$addresses}{$textse}";
- if(count($tmpaddr) > 10) {
- echo "...";
- }
- ?>
- </td>
- <td class="listbg" align="left">
- <?=$textss . htmlspecialchars($alias['descr']) . $textse;?>&nbsp;
- </td>
- </tr>
- <?php $i++; endforeach; ?>
- </table>
- </td>
-</tr>
-<?php if (!$selectablealias): ?>
-<tr>
- <td class="tabcont" align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for selection.");?></b></td>
-</tr>
-<tr>
- <td class="tabcont" align="center">
- <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
- </td>
-</tr>
-<?php else: ?>
-<tr>
- <td class="tabcont" align="center">
- <input type="Submit" name="save" value="Save" id="save" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;&nbsp;
- <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
- </td>
-</tr>
-<?php endif; ?>
-<tr>
- <td class="tabcont">
- <span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br></strong></span><?=gettext("Fully-Qualified Domain Name (FQDN) host Aliases cannot be used as Suricata configuration parameters. Aliases resolving to a single FQDN value are disabled in the list above. In the case of nested Aliases where one or more of the nested values is a FQDN host, the FQDN host will not be included in the {$title} configuration.");?></span>
- </td>
-</tr>
-</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php
index 58839dce..e97006dc 100644
--- a/config/suricata/suricata_suppress.php
+++ b/config/suricata/suricata_suppress.php
@@ -61,6 +61,28 @@ function suricata_suppresslist_used($supplist) {
return false;
}
+function suricata_find_suppresslist_interface($supplist) {
+
+ /****************************************************************/
+ /* This function finds the first (if more than one) interface */
+ /* configured to use the passed Suppress List and returns the */
+ /* index of the interface in the ['rule'] config array. */
+ /* */
+ /* Returns: index of interface in ['rule'] config array or */
+ /* FALSE if no interface found. */
+ /****************************************************************/
+
+ global $config;
+ $suricataconf = $config['installedpackages']['suricata']['rule'];
+ if (empty($suricataconf))
+ return false;
+ foreach ($suricataconf as $rule => $value) {
+ if ($value['suppresslistname'] == $supplist)
+ return $rule;
+ }
+ return false;
+}
+
if ($_GET['act'] == "del") {
if ($a_suppress[$_GET['id']]) {
// make sure list is not being referenced by any Suricata-configured interface
@@ -108,54 +130,74 @@ if ($input_errors) {
</td>
</tr>
<tr><td><div id="mainarea">
-<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
- <td width="30%" class="listhdrr"><?php echo gettext("File Name"); ?></td>
- <td width="60%" class="listhdr"><?php echo gettext("Description"); ?></td>
- <td width="10%" class="list"></td>
-</tr>
-<?php $i = 0; foreach ($a_suppress as $list): ?>
-<tr>
- <td class="listlr"
- ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($list['name']);?></td>
- <td class="listbg"
- ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;</font>
- </td>
-
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a
- href="suricata_suppress_edit.php?id=<?=$i;?>"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td>
- <td><a
- href="/suricata/suricata_suppress.php?act=del&id=<?=$i;?>"
- onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif"
- width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td>
- </tr>
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <thead>
+ <tr>
+ <th width="30%" class="listhdrr"><?php echo gettext("Suppress List Name"); ?></th>
+ <th width="60%" class="listhdr"><?php echo gettext("Description"); ?></th>
+ <th width="10%" class="list"></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php $i = 0; foreach ($a_suppress as $list): ?>
+ <?php
+ if (suricata_suppresslist_used($list['name'])) {
+ $icon = "<img src=\"/themes/{$g['theme']}/images/icons/icon_frmfld_pwd.png\" " .
+ "width=\"16\" height=\"16\" border=\"0\" title=\"" . gettext("List is in use by an instance") . "\"/>";
+ }
+ else
+ $icon = "";
+ ?>
+ <tr>
+ <td height="20px" class="listlr"
+ ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($list['name']);?>&nbsp;<?=$icon;?></td>
+ <td height="20px" class="listbg"
+ ondblclick="document.location='suricata_suppress_edit.php?id=<?=$i;?>';">
+ <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?>&nbsp;</font>
+ </td>
+ <td height="20px" valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a
+ href="suricata_suppress_edit.php?id=<?=$i;?>"><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("edit Suppress List"); ?>"></a></td>
+ <?php if (suricata_suppresslist_used($list['name'])) : ?>
+ <td><img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Assigned Suppress Lists cannot be deleted");?>"/></td>
+ <td><a href="/suricata/suricata_interfaces_edit.php?id=<?=suricata_find_suppresslist_interface($list['name']);?>">
+ <img src="/themes/<?=$g['theme'];?>/images/icons/icon_right.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("Goto first instance associated with this Suppress List");?>"/></a>
+ </td>
+ <?php else : ?>
+ <td><a href="/suricata/suricata_suppress.php?act=del&id=<?=$i;?>"
+ onclick="return confirm('<?php echo gettext("Do you really want to delete this Suppress List?"); ?>')"><img
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("delete Suppress List"); ?>"></a></td>
+ <td>&nbsp;</td>
+ <?php endif; ?>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="2"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle" width="17">&nbsp;</td>
+ <td valign="middle"><a
+ href="suricata_suppress_edit.php?id=<?php echo $id_gen;?> "><img
+ src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
+ width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </tbody>
</table>
- </td>
-</tr>
-<?php $i++; endforeach; ?>
-<tr>
- <td class="list" colspan="2"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle" width="17">&nbsp;</td>
- <td valign="middle"><a
- href="suricata_suppress_edit.php?id=<?php echo $id_gen;?> "><img
- src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif"
- width="17" height="17" border="0" title="<?php echo gettext("add a new list"); ?>"></a></td>
- </tr>
- </table>
- </td>
-</tr>
-</table>
</div>
</td></tr>
<tr>
@@ -163,7 +205,10 @@ if ($input_errors) {
<p><?php echo gettext("Here you can create event filtering and " .
"suppression for your Suricata package rules."); ?><br/><br/>
<?php echo gettext("Please note that you must restart a running Interface so that changes can " .
- "take effect."); ?></p></span></td>
+ "take effect."); ?><br/><br/>
+ <?php echo gettext("You cannot delete a Suppress List that is currently assigned to a Suricata interface (instance).") . "<br/>" .
+ gettext("You must first unassign the Suppress List on the Interface Edit tab."); ?>
+ </p></span></td>
</tr>
</table>
</form>
diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php
index 071a89a4..b8ea6097 100644
--- a/config/suricata/suricata_uninstall.php
+++ b/config/suricata/suricata_uninstall.php
@@ -73,8 +73,33 @@ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on')
}
/* Remove the Suricata GUI app directories */
-@unlink("/usr/local/pkg/suricata");
-@unlink("/usr/local/www/suricata");
+mwexec("/bin/rm -rf /usr/local/pkg/suricata");
+mwexec("/bin/rm -rf /usr/local/www/suricata");
+
+/* Remove our associated Dashboard widget config and files. */
+/* If "save settings" is enabled, then save old widget */
+/* container settings so we can restore them later. */
+$widgets = $config['widgets']['sequence'];
+if (!empty($widgets)) {
+ $widgetlist = explode(",", $widgets);
+ foreach ($widgetlist as $key => $widget) {
+ if (strstr($widget, "suricata_alerts-container")) {
+ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
+ $config['installedpackages']['suricata']['config'][0]['dashboard_widget'] = $widget;
+ if ($config['widgets']['widget_suricata_display_lines']) {
+ $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows'] = $config['widgets']['widget_suricata_display_lines'];
+ unset($config['widgets']['widget_suricata_display_lines']);
+ }
+ }
+ unset($widgetlist[$key]);
+ }
+ }
+ $config['widgets']['sequence'] = implode(",", $widgetlist);
+ write_config();
+}
+@unlink("/usr/local/www/widgets/include/widget-suricata.inc");
+@unlink("/usr/local/www/widgets/widgets/suricata_alerts.widget.php");
+@unlink("/usr/local/www/widgets/javascript/suricata_alerts.js");
/* Keep this as a last step */
if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] != 'on') {
@@ -83,7 +108,6 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] !
unset($config['installedpackages']['suricatasync']);
@unlink("{$suricata_rules_upd_log}");
mwexec("/bin/rm -rf {$suricatalogdir}");
- @unlink(SURICATALOGDIR);
log_error(gettext("[Suricata] The package has been removed from this system..."));
}
diff --git a/config/suricata/widget-suricata.inc b/config/suricata/widget-suricata.inc
new file mode 100644
index 00000000..48424588
--- /dev/null
+++ b/config/suricata/widget-suricata.inc
@@ -0,0 +1,8 @@
+<?php
+require_once("config.inc");
+
+//set variable for custom title
+$suricata_alerts_title = "Suricata Alerts";
+$suricata_alerts_title_link = "suricata/suricata_alerts.php";
+
+?>