aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/suricata/suricata_alerts.php12
-rw-r--r--config/suricata/suricata_app_parsers.php145
-rw-r--r--config/suricata/suricata_download_updates.php18
-rw-r--r--config/suricata/suricata_flow_stream.php144
-rw-r--r--config/suricata/suricata_global.php12
-rw-r--r--config/suricata/suricata_import_aliases.php191
-rw-r--r--config/suricata/suricata_interfaces_edit.php43
-rw-r--r--config/suricata/suricata_libhtp_policy_engine.php12
-rw-r--r--config/suricata/suricata_os_policy_engine.php12
-rw-r--r--config/suricata/suricata_rules.php228
-rw-r--r--config/suricata/suricata_rulesets.php60
11 files changed, 408 insertions, 469 deletions
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 2f23260b..3fc39f36 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -208,9 +208,11 @@ if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsu
exit;
}
- /* Add the new entry to the Suppress List */
- if (suricata_add_supplist_entry($suppress))
+ /* Add the new entry to the Suppress List and signal Suricata to reload config */
+ if (suricata_add_supplist_entry($suppress)) {
+ suricata_reload_config($a_instance[$instanceid]);
$savemsg = $success;
+ }
else
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
}
@@ -547,11 +549,11 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
<td class='listr' align='center'>{$alert_priority}</td>
<td class='listr' align='center'>{$alert_proto}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td>
- <td class='listr' align='center'>{$alert_ip_src}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[9]}'>{$alert_ip_src}</td>
<td class='listr' align='center'>{$alert_src_p}</td>
- <td class='listr' align='center'>{$alert_ip_dst}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[11]}'>{$alert_ip_dst}</td>
<td class='listr' align='center'>{$alert_dst_p}</td>
- <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[3]}'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td>
</tr>\n";
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 0be45c32..1706f04a 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -37,10 +36,8 @@ global $g, $rebuild_rules;
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id = 0;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
@@ -51,10 +48,21 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item']))
$config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array();
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
$a_nat = &$config['installedpackages']['suricata']['rule'];
$libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']);
+// Build a lookup array of currently used engine 'bind_to' Aliases
+// so we can screen matching Alias names from the list.
+$used = array();
+foreach ($a_nat[$id]['host_os_policy']['item'] as $v)
+ $used[$v['bind_to']] = true;
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* Get current values from config for page form fields */
@@ -78,29 +86,32 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy'];
}
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+// Check for "import alias mode" and set flag if TRUE
+if ($_POST['import_alias']) {
+ $importalias = true;
+ $title = "HTTP Server Policy";
}
+else
+ $importalias = false;
-if ($_GET['act'] && isset($_GET['eng_id'])) {
-
+if ($_POST['add_libhtp_policy']) {
+ header("Location: suricata_libhtp_policy_engine.php?id={$id}&eng_id={$libhtp_engine_next_id}");
+ exit;
+}
+elseif ($_POST['del_libhtp_policy']) {
$natent = array();
$natent = $pconfig;
- if ($_GET['act'] == "del_libhtp_policy")
- unset($natent['libhtp_policy']['item'][$_GET['eng_id']]);
-
+ if ($_POST['eng_id'] != "") {
+ unset($natent['libhtp_policy']['item'][$_POST['eng_id']]);
+ $pconfig = $natent;
+ }
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
-
- header("Location: /suricata/suricata_app_parsers.php?id=$id");
- exit;
}
-
-if ($_POST['ResetAll']) {
+elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
$pconfig['asn1_max_frames'] = "256";
@@ -108,7 +119,57 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+elseif ($_POST['save_import_alias']) {
+ $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
+ }
+
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ }
+}
+elseif ($_POST['cancel_import_alias']) {
+ $importalias = false;
+}
+elseif ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -149,29 +210,19 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
-
+<?php include("fbegin.inc");
+ /* Display error or save message */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
-
if ($savemsg) {
print_info_box($savemsg);
}
-
?>
-<script type="text/javascript" src="/javascript/autosuggest.js">
-</script>
-<script type="text/javascript" src="/javascript/suggestions.js">
-</script>
-
-<form action="suricata_app_parsers.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
+<form action="suricata_app_parsers.php" method="post"name="iform" id="iform">
+<input name="id" type="hidden" value="<?=$id;?>"/>
+<input type="hidden" name="eng_id" id="eng_id" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -179,7 +230,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
display_top_tabs($tab_array);
@@ -198,6 +249,11 @@ include_once("head.inc");
?>
</td></tr>
<tr><td><div id="mainarea">
+
+<?php if ($importalias) : ?>
+ <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); ?>
+<?php else: ?>
+
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
@@ -231,11 +287,9 @@ include_once("head.inc");
<tr>
<th class="listhdrr" axis="string"><?php echo gettext("Name");?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
- <th class="list" align="right"><a href="suricata_import_aliases.php?id=<?=$id?>&eng=libhtp_policy">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"></a>
- <a href="suricata_libhtp_policy_engine.php?id=<?=$id?>&eng_id=<?=$libhtp_engine_next_id?>">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ <th class="list" align="right"><input type="image" name="import_alias[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import server configuration from existing Aliases");?>"/>
+ <input type="image" name="add_libhtp_policy[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
height="17" border="0" title="<?php echo gettext("Add a new server configuration");?>"></a></th>
</tr>
</thead>
@@ -247,8 +301,8 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="suricata_app_parsers.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_libhtp_policy" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ <input type="image" name="del_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
title="<?=gettext("Delete this server configuration");?>"></a>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
@@ -263,9 +317,9 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save flow and stream settings"); ?>">
- <input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
+ &nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
gettext("Reset all settings to defaults") . "\" onclick=\"return confirm('" .
gettext("WARNING: This will reset ALL App Parsers settings to their defaults. Click OK to continue or CANCEL to quit.") .
@@ -278,6 +332,9 @@ include_once("head.inc");
<?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td>
</tr>
</table>
+
+<?php endif; ?>
+
</div>
</td></tr></table>
</form>
diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php
index ecfd5f8b..200bc834 100644
--- a/config/suricata/suricata_download_updates.php
+++ b/config/suricata/suricata_download_updates.php
@@ -91,6 +91,9 @@ if ($_POST['view']&& $suricata_rules_upd_log_chk == 'yes') {
$input_errors[] = gettext("Unable to read log file: {$suricata_rules_upd_log}");
}
+if ($_POST['hide'])
+ $contents = "";
+
$pgtitle = gettext("Suricata: Update Rules Set Files");
include_once("head.inc");
?>
@@ -174,15 +177,20 @@ include_once("head.inc");
<td align="center" valign="middle" class="vexpl">
<?php if ($suricata_rules_upd_log_chk == 'yes'): ?>
<br/>
+ <?php if (!empty($contents)): ?>
+ <input type="submit" value="<?php echo gettext("Hide Log"); ?>" name="hide" id="hide" class="formbtn"
+ title="<?php echo gettext("Hide rules update log"); ?>"/>
+ <?php else: ?>
<input type="submit" value="<?php echo gettext("View Log"); ?>" name="view" id="view" class="formbtn"
- title="<?php echo gettext("View rules update log contents"); ?>"/>
- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+ title="<?php echo gettext("View rules update log"); ?>"/>
+ <?php endif; ?>
+ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type="submit" value="<?php echo gettext("Clear Log"); ?>" name="clear" id="clear" class="formbtn"
- title="<?php echo gettext("Clear rules update log contents"); ?>" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/>
+ title="<?php echo gettext("Clear rules update log"); ?>" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/>
<br/>
<?php else: ?>
<br/>
- <button disabled='disabled'><?php echo gettext("View Log"); ?></button>&nbsp;&nbsp;&nbsp;<?php echo gettext("Log is empty."); ?><br/>
+ <button disabled='disabled'><?php echo gettext("View Log"); ?></button><br/><?php echo gettext("Log is empty."); ?><br/>
<?php endif; ?>
<br/><?php echo gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); ?><br/><br/>
</td>
@@ -201,7 +209,7 @@ include_once("head.inc");
<?php endif; ?>
<tr>
<td align="center">
- <span class="vexpl"><br/><br/>
+ <span class="vexpl"><br/>
<span class="red"><b><?php echo gettext("NOTE:"); ?></b></span>
&nbsp;&nbsp;<a href="http://www.snort.org/" target="_blank"><?php echo gettext("Snort.org") . "</a>" .
gettext(" and ") . "<a href=\"http://www.emergingthreats.net/\" target=\"_blank\">" . gettext("EmergingThreats.net") . "</a>" .
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index 3a677d3a..6d5134c3 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -37,16 +36,19 @@ global $g, $rebuild_rules;
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id=0;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
// Initialize Host-OS Policy engine arrays if necessary
if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item']))
$config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array();
@@ -55,6 +57,12 @@ $a_nat = &$config['installedpackages']['suricata']['rule'];
$host_os_policy_engine_next_id = count($a_nat[$id]['host_os_policy']['item']);
+// Build a lookup array of currently used engine 'bind_to' Aliases
+// so we can screen matching Alias names from the list.
+$used = array();
+foreach ($a_nat[$id]['host_os_policy']['item'] as $v)
+ $used[$v['bind_to']] = true;
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* Get current values from config for page form fields */
@@ -76,29 +84,32 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['host_os_policy'] = $a_nat[$id]['host_os_policy'];
}
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+// Check for "import alias mode" and set flag if TRUE
+if ($_POST['import_alias']) {
+ $importalias = true;
+ $title = "Host Operating System Policy";
}
+else
+ $importalias = false;
-if ($_GET['act'] && isset($_GET['eng_id'])) {
-
+if ($_POST['add_os_policy']) {
+ header("Location: suricata_os_policy_engine.php?id={$id}&eng_id={$host_os_policy_engine_next_id}");
+ exit;
+}
+elseif ($_POST['del_os_policy']) {
$natent = array();
$natent = $pconfig;
- if ($_GET['act'] == "del_host_os_policy")
- unset($natent['host_os_policy']['item'][$_GET['eng_id']]);
-
+ if ($_POST['eng_id'] != "") {
+ unset($natent['host_os_policy']['item'][$_POST['eng_id']]);
+ $pconfig = $natent;
+ }
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
-
- header("Location: /suricata/suricata_flow_stream.php?id=$id");
- exit;
}
-
-if ($_POST['ResetAll']) {
+elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
$pconfig['ip_max_frags'] = "65535";
@@ -143,7 +154,7 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+elseif ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -211,6 +222,54 @@ elseif ($_POST['Submit']) {
exit;
}
}
+elseif ($_POST['save_import_alias']) {
+ $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['host_os_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['host_os_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['host_os_policy']['item'][$i];
+ unset($a_nat[$id]['host_os_policy']['item'][$i]);
+ $a_nat[$id]['host_os_policy']['item'][] = $tmp;
+ }
+ $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item'];
+ }
+
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ }
+}
+elseif ($_POST['cancel_import_alias']) {
+ $importalias = false;
+}
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Flow and Stream");
@@ -218,29 +277,21 @@ include_once("head.inc");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-
- /* Display Alert message */
+<?php include("fbegin.inc");
+ /* Display error or save message */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
-
if ($savemsg) {
print_info_box($savemsg);
}
-
?>
-<script type="text/javascript" src="/javascript/autosuggest.js">
-</script>
-<script type="text/javascript" src="/javascript/suggestions.js">
-</script>
+<form action="suricata_flow_stream.php" method="post" name="iform" id="iform">
+<input type="hidden" name="eng_id" id="eng_id" value=""/>
+<input type="hidden" name="id" id="id" value="<?=$id;?>"/>
-<form action="suricata_flow_stream.php" method="post"
- enctype="multipart/form-data" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -248,7 +299,7 @@ include_once("head.inc");
$tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
display_top_tabs($tab_array);
@@ -267,6 +318,11 @@ include_once("head.inc");
?>
</td></tr>
<tr><td><div id="mainarea">
+
+<?php if ($importalias) : ?>
+ <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); ?>
+<?php else: ?>
+
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Host-Specific Defrag and Stream Settings"); ?></td>
@@ -284,12 +340,10 @@ include_once("head.inc");
<tr>
<th class="listhdrr" axis="string"><?php echo gettext("Name");?></th>
<th class="listhdrr" axis="string"><?php echo gettext("Bind-To Address Alias");?></th>
- <th class="list" align="right"><a href="suricata_import_aliases.php?id=<?=$id?>&eng=host_os_policy">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Import policy configuration from existing Aliases");?>"></a>
- <a href="suricata_os_policy_engine.php?id=<?=$id?>&eng_id=<?=$host_os_policy_engine_next_id?>">
- <img src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
- height="17" border="0" title="<?php echo gettext("Add a new policy configuration");?>"></a></th>
+ <th class="list" align="right"><input type="image" name="import_alias[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_import_alias.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Import policy configuration from existing Aliases");?>"/>
+ <input type="image" name="add_os_policy[]" src="../themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" width="17"
+ height="17" border="0" title="<?php echo gettext("Add a new policy configuration");?>"/></th>
</tr>
</thead>
<?php foreach ($pconfig['host_os_policy']['item'] as $f => $v): ?>
@@ -300,9 +354,9 @@ include_once("head.inc");
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"></a>
<?php if ($v['bind_to'] <> "all") : ?>
- <a href="suricata_flow_stream.php?id=<?=$id;?>&eng_id=<?=$f;?>&act=del_host_os_policy" onclick="return confirm('Are you sure you want to delete this entry?');">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
- title="<?=gettext("Delete this policy configuration");?>"></a>
+ <input type="image" name="del_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
+ title="<?=gettext("Delete this policy configuration");?>"/>
<?php else : ?>
<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x_d.gif" width="17" height="17" border="0"
title="<?=gettext("Default policy configuration cannot be deleted");?>">
@@ -314,7 +368,6 @@ include_once("head.inc");
</td>
</tr>
<tr>
-
<td colspan="2" valign="top" class="listtopic"><?php echo gettext("IP Defragmentation"); ?></td>
</tr>
<tr>
@@ -603,7 +656,7 @@ include_once("head.inc");
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Save flow and stream settings"); ?>">
<input name="id" type="hidden" value="<?=$id;?>">&nbsp;&nbsp;&nbsp;&nbsp;
<input name="ResetAll" type="submit" class="formbtn" value="Reset" title="<?php echo
@@ -618,6 +671,9 @@ include_once("head.inc");
<?php echo gettext("may take several seconds. Suricata must also be restarted to activate any changes made on this screen."); ?></td>
</tr>
</table>
+
+<?php endif; ?>
+
</div>
</td></tr></table>
</form>
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index f6b5d83d..3ba84736 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -59,7 +58,6 @@ if (empty($pconfig['suricataloglimitsize']))
// Set limit to 20% of slice that is unused */
$pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024);
-
if ($_POST['autoruleupdatetime']) {
if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime']))
$input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'.";
@@ -73,7 +71,7 @@ if ($_POST['enable_etpro_rules'] == "on" && empty($_POST['etprocode']))
/* if no errors move foward with save */
if (!$input_errors) {
- if ($_POST["Submit"]) {
+ if ($_POST["save"]) {
$config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] = $_POST['enable_vrt_rules'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
@@ -388,14 +386,10 @@ if ($input_errors)
>&nbsp;<?php echo gettext("Settings will not be removed during package deinstallation."); ?></td>
</tr>
<tr>
- <td width="22%" valign="top">
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" >
- </td>
+ <td colspan="2" align="center"><input name="save" type="submit" class="formbtn" value="Save"/></td>
</tr>
<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%" class="vexpl"><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
+ <td colspan="2" class="vexpl" align="center"><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
</span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td>
</tr>
</table>
diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php
index c16ac65d..a93d2d64 100644
--- a/config/suricata/suricata_import_aliases.php
+++ b/config/suricata/suricata_import_aliases.php
@@ -1,5 +1,4 @@
<?php
-/* $Id$ */
/*
suricata_import_aliases.php
Copyright (C) 2014 Bill Meeks
@@ -27,160 +26,39 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-require("guiconfig.inc");
-require_once("functions.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
+/************************************************************************************
+ This file contains code for selecting and importing an existing Alias.
+ It is included and injected inline from other Suricata PHP pages that
+ use the Import Alias functionality.
-// Retrieve any passed QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng = $_GET['eng'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (isset($_POST['eng']))
- $eng = $_POST['eng'];
+ The following variables are assumed to exist and must be initialized
+ as necessary in order to utilize this page.
-// Make sure we have a valid rule ID and ENGINE name, or
-// else bail out to top-level menu.
-if (is_null($id) || is_null($eng)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+ $g --> system global variables array
+ $config --> global variable pointing to configuration information
+ $a_aliases --> $config['aliases']['alias'] array
+ $title --> title string for import alias engine type
+ $used --> array of currently used engine 'bind_to' Alias names
-// Used to track if any selectable Aliases are found
-$selectablealias = false;
-
-// Initialize required array variables as necessary
-if (!is_array($config['aliases']['alias']))
- $config['aliases']['alias'] = array();
-$a_aliases = $config['aliases']['alias'];
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-
-// The $eng variable points to the specific Suricata config section
-// engine we are importing values into. Initialize the config.xml
-// array if necessary.
-if (!is_array($config['installedpackages']['suricata']['rule'][$id][$eng]['item']))
- $config['installedpackages']['suricata']['rule'][$id][$eng]['item'] = array();
-
-// Initialize a pointer to the Suricata config section engine we are
-// importing values into.
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id][$eng]['item'];
-
-// Build a lookup array of currently used engine 'bind_to' Aliases
-// so we can screen matching Alias names from the list.
-$used = array();
-foreach ($a_nat as $v)
- $used[$v['bind_to']] = true;
-
-// Construct the correct return URL based on the Suricata config section
-// engine we were called with. This lets us return to the page we were
-// called from.
-switch ($eng) {
- case "host_os_policy":
- $returl = "/suricata/suricata_flow_stream.php";
- $multi_ip = true;
- $title = "Host Operating System Policy";
- break;
- case "libhtp_policy":
- $returl = "/suricata/suricata_app_parsers.php";
- $multi_ip = true;
- $title = "HTTP Server Policy";
- break;
- default:
- $returl = "/suricata/suricata_interface_edit";
- $multi_ip = true;
- $title = "";
-}
-
-if ($_POST['cancel']) {
- header("Location: {$returl}?id={$id}");
- exit;
-}
-
-if ($_POST['save']) {
-
- // Define default engine configurations for each of the supported engines.
- $def_os_policy = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
-
- $def_libhtp_policy = array( "name" => "default", "bind_to" => "all", "personality" => "IDS",
- "request-body-limit" => 4096, "response-body-limit" => 4096,
- "double-decode-path" => "no", "double-decode-query" => "no" );
-
- // Figure out which engine type we are importing and set up default engine array
- $engine = array();
- switch ($eng) {
- case "host_os_policy":
- $engine = $def_os_policy;
- break;
- case "libhtp_policy":
- $engine = $def_libhtp_policy;
- break;
- default:
- $engine = "";
- $input_errors[] = gettext("Invalid ENGINE TYPE passed in query string. Aborting operation.");
- }
-
- // See if anything was checked to import
- if (is_array($_POST['toimport']) && count($_POST['toimport']) > 0) {
- foreach ($_POST['toimport'] as $item) {
- $engine['name'] = strtolower($item);
- $engine['bind_to'] = $item;
- $a_nat[] = $engine;
- }
- }
- else
- $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
-
- // if no errors, write new entry to conf
- if (!$input_errors) {
- // Reorder the engine array to ensure the
- // 'bind_to=all' entry is at the bottom if
- // the array contains more than one entry.
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- // Only relocate the entry if we
- // found it, and it's not already
- // at the end.
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- // Now write the new engine array to conf and return
- write_config();
-
- header("Location: {$returl}?id={$id}");
- exit;
- }
-}
-
-$pgtitle = gettext("Suricata: Import Host/Network Alias for {$title}");
-include("head.inc");
+ Information is returned from this page via the following form fields:
+ aliastoimport[] --> checkbox array containing selected alias names
+ save_import_alias --> Submit button for save operation and exit
+ cancel_import_alias --> Submit button to cancel operation and exit
+ ************************************************************************************/
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<form action="suricata_import_aliases.php" method="post">
-<input type="hidden" name="id" value="<?=$id;?>">
-<input type="hidden" name="eng" value="<?=$eng;?>">
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<?php $selectablealias = false;
+ if (!is_array($a_aliases))
+ $a_aliases = array();
+?>
+<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td class="tabcont"><strong><?=gettext("Select one or more Aliases to use as {$title} targets from the list below.");?></strong><br/>
+ <td class="listtopic" align="center"><?=gettext("Select one or more Aliases to use as {$title} targets from the list below.");?>
</td>
</tr>
<tr>
- <td class="tabcont">
+ <td>
<table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
<colgroup>
<col width="5%" align="center">
@@ -221,7 +99,7 @@ include("head.inc");
<td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
<?php else: ?>
<tr>
- <td class="listlr" align="center"><input type="checkbox" name="toimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
+ <td class="listlr" align="center"><input type="checkbox" name="aliastoimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
<?php endif; ?>
<td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td>
<td class="listr" align="left">
@@ -244,29 +122,26 @@ include("head.inc");
</tr>
<?php if (!$selectablealias): ?>
<tr>
- <td class="tabcont" align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for import.");?></b></td>
+ <td align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for import.");?></b></td>
</tr>
<tr>
- <td class="tabcont" align="center">
- <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+ <td align="center" valign="middle">
+ <input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
</td>
</tr>
<?php else: ?>
<tr>
- <td class="tabcont" align="center">
- <input type="Submit" name="save" value="Save" id="save" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;&nbsp;
- <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
+ <td align="center" valign="middle">
+ <input type="Submit" name="save_import_alias" value="Save" id="save_import_alias" class="formbtn" title="<?=gettext("Import selected item and return");?>"/>&nbsp;&nbsp;
+ <input type="Submit" name="cancel_import_alias" value="Cancel" id="cancel_import_alias" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/>
</td>
</tr>
<?php endif; ?>
<tr>
- <td class="tabcont">
+ <td>
<span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br></strong></span><?=gettext("Fully-Qualified Domain Name (FQDN) host Aliases cannot be used as Suricata configuration parameters. Aliases resolving to a single FQDN value are disabled in the list above. In the case of nested Aliases where one or more of the nested values is a FQDN host, the FQDN host will not be included in the {$title} configuration.");?></span>
</td>
</tr>
</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
+
+
diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php
index 20deb885..6dbf9412 100644
--- a/config/suricata/suricata_interfaces_edit.php
+++ b/config/suricata/suricata_interfaces_edit.php
@@ -44,10 +44,8 @@ if ($_GET['id'] && is_numeric($_GET['id']));
$id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401);
if ($_POST['id'] && is_numeric($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id = 0;
$pconfig = array();
if (empty($suricataglob['rule'][$id]['uuid'])) {
@@ -128,7 +126,7 @@ if (empty($pconfig['max_pcap_log_size']))
if (empty($pconfig['max_pcap_log_files']))
$pconfig['max_pcap_log_files'] = "1000";
-if ($_POST["Submit"]) {
+if ($_POST["save"]) {
if (!$_POST['interface'])
$input_errors[] = gettext("Choosing an Interface is mandatory!");
@@ -255,7 +253,7 @@ if ($_POST["Submit"]) {
$natent['libhtp_policy']['item'][] = $default;
// Enable the basic default rules for the interface
- $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events";
+ $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules";
// Adding a new interface, so set flag to build new rules
$rebuild_rules = true;
@@ -301,19 +299,14 @@ include_once("head.inc");
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-
-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
-
-<?php
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors);
- }
-
- if ($savemsg) {
- print_info_box($savemsg);
- }
+<?php include("fbegin.inc");
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors);
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform">
@@ -654,6 +647,7 @@ include_once("head.inc");
"setting at default. Create an Alias for custom External Net settings."); ?><br/>
</td>
</tr>
+<!--
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td>
<td width="78%" class="vtable">
@@ -682,6 +676,7 @@ include_once("head.inc");
"whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?>
</td>
</tr>
+-->
<tr>
<td colspan="2" class="listtopic"><?php echo gettext("Alert Suppression and Filtering"); ?></td>
</tr>
@@ -723,15 +718,13 @@ include_once("head.inc");
</td>
</tr>
<tr>
- <td width="22%" valign="top"></td>
- <td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" title="<?php echo
+ <td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo
gettext("Click to save settings and exit"); ?>"/>
<input name="id" type="hidden" value="<?=$id;?>"/>
</td>
</tr>
<tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
+ <td colspan="2" align="center" valign="middle"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span></span>" .
gettext("Please save your settings before you attempt to start Suricata."); ?>
</td>
</tr>
@@ -849,11 +842,11 @@ function enable_change(enable_change) {
document.iform.alertsystemlog.disabled = endis;
document.iform.externallistname.disabled = endis;
document.iform.homelistname.disabled = endis;
- document.iform.whitelistname.disabled=endis;
+// document.iform.whitelistname.disabled=endis;
document.iform.suppresslistname.disabled = endis;
document.iform.configpassthru.disabled = endis;
document.iform.btnHomeNet.disabled=endis;
- document.iform.btnWhitelist.disabled=endis;
+// document.iform.btnWhitelist.disabled=endis;
document.iform.btnSuppressList.disabled=endis;
}
diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php
index e7cf4135..ec00bbb2 100644
--- a/config/suricata/suricata_libhtp_policy_engine.php
+++ b/config/suricata/suricata_libhtp_policy_engine.php
@@ -43,6 +43,10 @@ if (is_null($id)) {
header("Location: /suricata/suricata_interfaces.php");
exit;
}
+if (is_null($eng_id)) {
+ header("Location: /suricata/suricata_app_parsers.php?id={$id}");
+ exit;
+}
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
@@ -71,7 +75,7 @@ else {
$pconfig['personality'] = "IDS";
}
-if ($_POST['Cancel']) {
+if ($_POST['cancel']) {
header("Location: /suricata/suricata_app_parsers.php?id={$id}");
exit;
}
@@ -82,7 +86,7 @@ if ($_GET['act'] == "import") {
$pconfig[$_GET['varname']] = $_GET['varvalue'];
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
/* Grab all the POST values and save in new temp array */
$engine = array();
@@ -279,10 +283,10 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save web server policy engine settings and return to App Parsers tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
- <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
+ <input name="cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
gettext("Cancel changes and return to App Parsers tab"); ?>"></td>
</tr>
</table>
diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php
index 61918e65..ae5a9348 100644
--- a/config/suricata/suricata_os_policy_engine.php
+++ b/config/suricata/suricata_os_policy_engine.php
@@ -43,6 +43,10 @@ if (is_null($id)) {
header("Location: /suricata/suricata_interfaces.php");
exit;
}
+if (is_null($eng_id)) {
+ header("Location: /suricata/suricata_flow_stream.php?id={$id}");
+ exit;
+}
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
@@ -68,7 +72,7 @@ else {
$pconfig['policy'] = "bsd";
}
-if ($_POST['Cancel']) {
+if ($_POST['cancel']) {
header("Location: /suricata/suricata_flow_stream.php?id={$id}");
exit;
}
@@ -79,7 +83,7 @@ if ($_GET['act'] == "import") {
$pconfig[$_GET['varname']] = $_GET['varvalue'];
}
-if ($_POST['Submit']) {
+if ($_POST['save']) {
/* Grab all the POST values and save in new temp array */
$engine = array();
@@ -225,10 +229,10 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="Submit" id="submit" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save OS policy engine settings and return to Flow/Stream tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
- <input name="Cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
+ <input name="cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
gettext("Cancel changes and return to Flow/Stream tab"); ?>"></td>
</tr>
</table>
diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index 428bc9be..f6457f19 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -27,7 +27,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -35,23 +34,26 @@ global $g, $rebuild_rules;
$suricatadir = SURICATADIR;
$rules_map = array();
+$pconfig = array();
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
$a_rule = &$config['installedpackages']['suricata']['rule'];
-if (is_numeric($_GET['id']))
+log_error(print_r($_POST, true));
+
+if ($_GET['id'])
$id = $_GET['id'];
-if (isset($_POST['id']))
+if ($_POST['id'])
$id = $_POST['id'];
if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
+ $id = 0;
}
if (isset($id) && $a_rule[$id]) {
$pconfig['interface'] = $a_rule[$id]['interface'];
$pconfig['rulesets'] = $a_rule[$id]['rulesets'];
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
}
function truncate($string, $length) {
@@ -110,7 +112,9 @@ $categories = explode("||", $pconfig['rulesets']);
if ($_GET['openruleset'])
$currentruleset = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
-else if ($_POST['openruleset'])
+elseif ($_POST['selectbox'])
+ $currentruleset = $_POST['selectbox'];
+elseif ($_POST['openruleset'])
$currentruleset = $_POST['openruleset'];
else
$currentruleset = $categories[0];
@@ -147,13 +151,11 @@ if ($currentruleset != 'custom.rules') {
$enablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_on']);
$disablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_off']);
-if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
-
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gid'];
+if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) {
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['ids'];
+ // Get the GID:SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gid'];
+ $sid = $_POST['sid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it back to default if present; otherwise,
@@ -197,11 +199,9 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
- $_GET['openruleset'] = $currentruleset;
$anchor = "rule_{$gid}_{$sid}";
}
-
-if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
+elseif ($_POST['disable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "disabled".
foreach (array_keys($rules_map) as $k1) {
@@ -238,13 +238,8 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
+elseif ($_POST['enable_all'] && !empty($rules_map)) {
// Mark all rules in the currently selected category "enabled".
foreach (array_keys($rules_map) as $k1) {
@@ -280,13 +275,8 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
+elseif ($_POST['resetcategory'] && !empty($rules_map)) {
// Reset any modified SIDs in the current rule category to their defaults.
foreach (array_keys($rules_map) as $k1) {
@@ -324,13 +314,8 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) {
unset($a_rule[$id]['rule_sid_off']);
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_GET['act'] == "resetall" && !empty($rules_map)) {
+elseif ($_POST['resetall'] && !empty($rules_map)) {
// Remove all modified SIDs from config.xml and save the changes.
unset($a_rule[$id]['rule_sid_on']);
@@ -338,23 +323,20 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) {
/* Update the config.xml file. */
write_config();
-
- $_GET['openruleset'] = $currentruleset;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
}
-
-if ($_POST['clear']) {
+elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
write_config();
$rebuild_rules = true;
suricata_generate_yaml($a_rule[$id]);
$rebuild_rules = false;
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
+ $pconfig['customrules'] = '';
}
-
-if ($_POST['customrules']) {
+elseif ($_POST['cancel']) {
+ $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
+}
+elseif ($_POST['save']) {
+ $pconfig['customrules'] = $_POST['customrules'];
if ($_POST['customrules'])
$a_rule[$id]['customrules'] = base64_encode($_POST['customrules']);
else
@@ -363,24 +345,21 @@ if ($_POST['customrules']) {
$rebuild_rules = true;
suricata_generate_yaml($a_rule[$id]);
$rebuild_rules = false;
- $output = "";
- $retcode = "";
- exec("/usr/local/bin/suricata -T --init-errors-fatal -c {$suricatacfgdir}/suricata.yaml 2>&1", $output, $retcode);
- if (intval($retcode) != 0) {
- $error = "";
- $start = count($output);
- $end = $start - 4;
- for($i = $start; $i > $end; $i--)
- $error .= $output[$i];
- $input_errors[] = "Custom rules have errors:\n {$error}";
- }
- else {
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
- }
+ /* Signal Suricata to "live reload" the rules */
+ suricata_reload_config($a_rule[$id]);
+// $output = "";
+// $retcode = "";
+// exec("/usr/local/bin/suricata -T --init-errors-fatal -c {$suricatacfgdir}/suricata.yaml 2>&1", $output, $retcode);
+// if (intval($retcode) != 0) {
+// $error = "";
+// $start = count($output);
+// $end = $start - 4;
+// for($i = $start; $i > $end; $i--)
+// $error .= $output[$i];
+// $input_errors[] = "Custom rules have errors:\n {$error}";
+// }
}
-
-else if ($_POST['apply']) {
+elseif ($_POST['apply']) {
/* Save new configuration */
write_config();
@@ -395,16 +374,6 @@ else if ($_POST['apply']) {
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_rule[$id]);
-
- /* Return to this same page */
- header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}");
- exit;
-}
-else if ($_POST['cancel']) {
-
- /* Return to this same page */
- header("Location: /suricata/suricata_rules.php?id={$id}");
- exit;
}
require_once("guiconfig.inc");
@@ -417,9 +386,7 @@ $pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include("fbegin.inc");
-if ($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
-
-/* Display message */
+/* Display error or save messages if present */
if ($input_errors) {
print_input_errors($input_errors); // TODO: add checks
}
@@ -430,7 +397,11 @@ if ($savemsg) {
?>
-<form action="/suricata/suricata_rules.php" method="post" name="iform" id="iform">
+<form action='/suricata/suricata_rules.php' method='post' name='iform' id='iform'>
+<input type='hidden' name='id' id='id' value='<?=$id;?>'/>
+<input type='hidden' name='openruleset' id='openruleset' value='<?=$currentruleset;?>'/>
+<input type='hidden' name='sid' id='sid' value=''/>
+<input type='hidden' name='gid' id='gid' value=''/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -461,31 +432,31 @@ if ($savemsg) {
<tr>
<td class="listtopic"><?php echo gettext("Available Rule Categories"); ?></td>
</tr>
-
<tr>
- <td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;<select id="selectbox" name="selectbox" class="formselect" onChange="go()">
- <option value='?id=<?=$id;?>&openruleset=custom.rules'>custom.rules</option>
+ <td class="vncell" height="30px"><strong><?php echo gettext("Category:"); ?></strong>&nbsp;&nbsp;
+ <select id="selectbox" name="selectbox" class="formselect" onChange="go();">
+ <option value='custom.rules'>custom.rules</option>
<?php
- $files = explode("||", $pconfig['rulesets']);
- if ($a_rule[$id]['ips_policy_enable'] == 'on')
- $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
- if ($a_rule[$id]['autoflowbitrules'] == 'on')
- $files[] = "Auto-Flowbit Rules";
- natcasesort($files);
- foreach ($files as $value) {
- if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX)
- continue;
- if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX)
- continue;
- if ($etpro != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX)
- continue;
- if (empty($value))
- continue;
- echo "<option value='?id={$id}&openruleset={$value}' ";
- if ($value == $currentruleset)
- echo "selected";
- echo ">{$value}</option>\n";
- }
+ $files = explode("||", $pconfig['rulesets']);
+ if ($a_rule[$id]['ips_policy_enable'] == 'on')
+ $files[] = "IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']);
+ if ($a_rule[$id]['autoflowbitrules'] == 'on')
+ $files[] = "Auto-Flowbit Rules";
+ natcasesort($files);
+ foreach ($files as $value) {
+ if ($snortdownload != 'on' && substr($value, 0, mb_strlen(VRT_FILE_PREFIX)) == VRT_FILE_PREFIX)
+ continue;
+ if ($emergingdownload != 'on' && substr($value, 0, mb_strlen(ET_OPEN_FILE_PREFIX)) == ET_OPEN_FILE_PREFIX)
+ continue;
+ if ($etpro != 'on' && substr($value, 0, mb_strlen(ET_PRO_FILE_PREFIX)) == ET_PRO_FILE_PREFIX)
+ continue;
+ if (empty($value))
+ continue;
+ echo "<option value='{$value}' ";
+ if ($value == $currentruleset)
+ echo "selected";
+ echo ">{$value}</option>\n";
+ }
?>
</select>&nbsp;&nbsp;&nbsp;<?php echo gettext("Select the rule category to view"); ?>
</td>
@@ -497,15 +468,13 @@ if ($savemsg) {
</tr>
<tr>
<td valign="top" class="vtable">
- <input type='hidden' name='openruleset' value='custom.rules'>
- <input type='hidden' name='id' value='<?=$id;?>'>
<textarea wrap="soft" cols="90" rows="40" name="customrules"><?=$pconfig['customrules'];?></textarea>
</td>
</tr>
<tr>
<td>
- <input name="Submit" type="submit" class="formbtn" id="submit" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
- <input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel changes and return to last page"); ?>"/>&nbsp;&nbsp;
+ <input name="save" type="submit" class="formbtn" id="save" value="<?php echo gettext(" Save "); ?>" title=" <?php echo gettext("Save custom rules"); ?>"/>&nbsp;&nbsp;
+ <input name="cancel" type="submit" class="formbtn" id="cancel" value="<?php echo gettext("Cancel"); ?>" title="<?php echo gettext("Cancel all changes made prior to last save"); ?>"/>&nbsp;&nbsp;
<input name="clear" type="submit" class="formbtn" id="clear" value="<?php echo gettext("Clear"); ?>" onclick="return confirm('<?php echo gettext("This will erase all custom rules for the interface. Are you sure?"); ?>')" title="<?php echo gettext("Deletes all custom rules"); ?>"/>
</td>
</tr>
@@ -518,43 +487,40 @@ if ($savemsg) {
<table width="100%" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
<td rowspan="5" width="48%" valign="middle"><input type="submit" name="apply" id="apply" value="<?php echo gettext("Apply"); ?>" class="formbtn"
- title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/>
- <input type='hidden' name='id' value='<?=$id;?>'/>
- <input type='hidden' name='openruleset' value='<?=$currentruleset;?>'/><br/><br/>
+ title="<?php echo gettext("Click to rebuild the rules with your changes"); ?>"/><br/><br/>
<span class="vexpl"><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" .
gettext("Suricata must be restarted to activate any SID enable/disable changes made on this tab."); ?></span></td>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetcategory'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetcategory[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'></a>"?>
+ title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove Enable/Disable changes in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=resetall'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='resetall[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'></a>"?>
+ title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Remove all Enable/Disable changes in all Categories"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=disable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='disable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_x_mo.gif\"' border='0'
- title='" . gettext("Click to disable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to disable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Disable all rules in the current Category"); ?></td>
</tr>
<tr>
- <td class="vexpl" valign="middle"><?php echo "<a href='?id={$id}&openruleset={$currentruleset}&act=enable_all'>
- <img src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
+ <td class="vexpl" valign="middle"><?php echo "<input type='image' name='enable_all[]'
+ src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" width=\"15\" height=\"15\"
onmouseout='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\"'
onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_plus_mo.gif\"' border='0'
- title='" . gettext("Click to enable all rules in the selected category") . "'></a>"?>
+ title='" . gettext("Click to enable all rules in the selected category") . "'/>"?>
&nbsp;&nbsp;<?php echo gettext("Enable all rules in the current Category"); ?></td>
</tr>
-
<tr>
<td class="vexpl" valign="middle"><a href="javascript: void(0)"
onclick="wopen('suricata_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>','FileViewer',800,600)">
@@ -564,7 +530,6 @@ if ($savemsg) {
title="<?php echo gettext("Click to view full text of all the category rules"); ?>" width="17" height="17" border="0"></a>
&nbsp;&nbsp;<?php echo gettext("View full file contents for the current Category"); ?></td>
</tr>
-
<?php if ($currentruleset == 'Auto-Flowbit Rules'): ?>
<tr>
<td colspan="3">&nbsp;</td>
@@ -579,7 +544,6 @@ if ($savemsg) {
</table>
</td>
</tr>
-
<tr>
<td class="listtopic"><?php echo gettext("Selected Category's Rules"); ?></td>
</tr>
@@ -587,7 +551,7 @@ if ($savemsg) {
<td>
<table id="myTable" class="sortable" style="table-layout: fixed;" width="100%" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="14" align="left" valign="middle">
+ <col width="20" align="left" valign="middle">
<col width="6%" align="center" axis="number">
<col width="8%" align="center" axis="number">
<col width="54" align="center" axis="string">
@@ -668,11 +632,11 @@ if ($savemsg) {
$message = suricata_get_msg($v['rule']);
$sid_tooltip = gettext("View the raw text for this rule");
- echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\">{$textss}
- <a href='?id={$id}&openruleset={$currentruleset}&act=toggle&ids={$sid}'>
- <img src=\"../themes/{$g['theme']}/images/icons/{$iconb}\"
- width=\"11\" height=\"11\" border=\"0\"
- title='{$title}' id=\"rule_{$gid}_{$sid}\"></a>{$textse}
+ echo "<tr><td class=\"listt\" align=\"left\" valign=\"middle\" sorttable_customkey=\"\">{$textss}
+ <input type=\"image\" onClick=\"document.getElementById('sid').value='{$sid}';
+ document.getElementById('gid').value='{$gid}';\"
+ src=\"../themes/{$g['theme']}/images/icons/{$iconb}\" width=\"11\" height=\"11\" border=\"0\"
+ title='{$title}' name=\"toggle[]\"/>{$textse}
</td>
<td class=\"listlr\" align=\"center\" style=\"font-size: 10px;\">
{$textss}{$gid}{$textse}
@@ -753,15 +717,14 @@ if ($savemsg) {
</tr>
</table>
</form>
-<?php include("fend.inc"); ?>
-
<script language="javascript" type="text/javascript">
function go()
{
- var box = document.iform.selectbox;
- destination = box.options[box.selectedIndex].value;
- if (destination)
- location.href = destination;
+ var box = document.getElementById("selectbox");
+ var ruleset = box.options[box.selectedIndex].value;
+ if (ruleset)
+ document.getElementById("openruleset").value = ruleset;
+ document.getElementById("iform").submit();
}
function wopen(url, name, w, h)
@@ -785,7 +748,8 @@ function wopen(url, name, w, h)
window.scrollBy(0,-60);
<?php endif;?>
-
</script>
+<?php include("fend.inc"); ?>
+
</body>
</html>
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index a1609d6c..e15818d5 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -43,10 +43,8 @@ $a_nat = &$config['installedpackages']['suricata']['rule'];
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id = 0;
if (isset($id) && $a_nat[$id]) {
$pconfig['enable'] = $a_nat[$id]['enable'];
@@ -117,9 +115,7 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') {
else
$disable_vrt_rules = "";
-/* alert file */
-if ($_POST["Submit"]) {
-
+if ($_POST["save"]) {
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
$a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
@@ -129,11 +125,12 @@ if ($_POST["Submit"]) {
unset($a_nat[$id]['ips_policy']);
}
- $enabled_items = "";
+ // Always start with the default events and files rules
+ $enabled_items = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules";
if (is_array($_POST['toenable']))
- $enabled_items = implode("||", $_POST['toenable']);
+ $enabled_items .= "||" . implode("||", $_POST['toenable']);
else
- $enabled_items = $_POST['toenable'];
+ $enabled_items .= "||{$_POST['toenable']}";
$a_nat[$id]['rulesets'] = $enabled_items;
@@ -155,12 +152,12 @@ if ($_POST["Submit"]) {
suricata_generate_yaml($a_nat[$id]);
$rebuild_rules = false;
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
+ /* Signal Suricata to "live reload" the rules */
+ suricata_reload_config($a_nat[$id]);
}
-
-if ($_POST['unselectall']) {
- $a_nat[$id]['rulesets'] = "";
+elseif ($_POST['unselectall']) {
+ // Remove all but the default events and files rules
+ $a_nat[$id]['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules";
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -173,13 +170,10 @@ if ($_POST['unselectall']) {
write_config();
sync_suricata_package_config();
-
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
}
-
-if ($_POST['selectall']) {
- $rulesets = array();
+elseif ($_POST['selectall']) {
+ // Start with the required default events and files rules
+ $rulesets = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules" );
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
@@ -218,9 +212,6 @@ if ($_POST['selectall']) {
write_config();
sync_suricata_package_config();
-
- header("Location: /suricata/suricata_rulesets.php?id=$id");
- exit;
}
$enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']);
@@ -234,7 +225,6 @@ include_once("head.inc");
<?php
include("fbegin.inc");
-if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
/* Display message */
if ($input_errors) {
@@ -282,9 +272,8 @@ if ($savemsg) {
$isrulesfolderempty = glob("{$suricatadir}rules/*.rules");
$iscfgdirempty = array();
if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"))
- $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules");
- if (empty($isrulesfolderempty)):
-?>
+ $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"); ?>
+<?php if (empty($isrulesfolderempty)): ?>
<tr>
<td class="vexpl"><br/>
<?php printf(gettext("# The rules directory is empty: %s%srules%s"), '<strong>',$suricatadir,'</strong>'); ?> <br/><br/>
@@ -294,14 +283,7 @@ if ($savemsg) {
'</strong></a>' . gettext(" tab."); ?>
</td>
</tr>
-<?php else:
- $colspan = 4;
- if ($emergingdownload != 'on')
- $colspan -= 2;
- if ($snortdownload != 'on')
- $colspan -= 2;
-
-?>
+<?php else: ?>
<tr>
<td>
<table width="100%" border="0"
@@ -393,7 +375,7 @@ if ($savemsg) {
<tr height="45px">
<td valign="middle"><input value="Select All" class="formbtns" type="submit" name="selectall" id="selectall" title="<?php echo gettext("Add all to enforcing rules"); ?>"/></td>
<td valign="middle"><input value="Unselect All" class="formbtns" type="submit" name="unselectall" id="unselectall" title="<?php echo gettext("Remove all from enforcing rules"); ?>"/></td>
- <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="Submit" id="Submit" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
+ <td valign="middle"><input value=" Save " class="formbtns" type="submit" name="save" id="save" title="<?php echo gettext("Save changes to enforcing rules and rebuild"); ?>"/></td>
<td valign="middle"><span class="vexpl"><?php echo gettext("Click to save changes and auto-resolve flowbit rules (if option is selected above)"); ?></span></td>
</tr>
</table>
@@ -531,7 +513,7 @@ if ($savemsg) {
</tr>
<tr>
<td colspan="4" align="center" valign="middle">
- <input value="Save" type="submit" name="Submit" id="Submit" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
+ <input value="Save" type="submit" name="save" id="save" class="formbtn" title=" <?php echo gettext("Click to Save changes and rebuild rules"); ?>"/></td>
</tr>
<?php endif; ?>
</table>
@@ -581,7 +563,7 @@ function enable_change()
for (var i = 0; i < document.iform.elements.length; i++) {
if (document.iform.elements[i].type == 'checkbox') {
var str = document.iform.elements[i].value;
- if (str.substr(0,6) == "suricata_")
+ if (str.substr(0,6) == "snort_")
document.iform.elements[i].disabled = !(endis);
}
}