From 31c40a608469a3739cfcdb08fed8c967ef27291a Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 25 Dec 2014 11:08:39 -0500 Subject: Need trim() in some places to filter md5 hash string. --- config/suricata/suricata_etiqrisk_update.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/config/suricata/suricata_etiqrisk_update.php b/config/suricata/suricata_etiqrisk_update.php index 6723ce99..17d264e3 100644 --- a/config/suricata/suricata_etiqrisk_update.php +++ b/config/suricata/suricata_etiqrisk_update.php @@ -106,9 +106,9 @@ function suricata_check_iprep_md5($filename) { if (download_file("{$et_iqrisk_url}{$filename}.md5sum", "{$iqRisk_tmppath}{$filename}.md5") == true) { if (file_exists("{$iqRisk_tmppath}{$filename}.md5")) - $new_md5 = file_get_contents("{$iqRisk_tmppath}{$filename}.md5"); + $new_md5 = trim(file_get_contents("{$iqRisk_tmppath}{$filename}.md5")); if (file_exists("{$iprep_path}{$filename}.md5")) - $old_md5 = file_get_contents("{$iprep_path}{$filename}.md5"); + $old_md5 = trim(file_get_contents("{$iprep_path}{$filename}.md5")); if ($new_md5 != $old_md5) return TRUE; else @@ -156,8 +156,8 @@ if (suricata_check_iprep_md5("categories.txt")) { // If the files downloaded successfully, unpack them and store // the list files in the SURICATA_IPREP_PATH directory. if (file_exists("{$iqRisk_tmppath}categories.txt") && file_exists("{$iqRisk_tmppath}categories.txt.md5")) { - $new_md5 = file_get_contents("{$iqRisk_tmppath}categories.txt.md5"); - if ($new_md5 == trim(md5_file("{$iqRisk_tmppath}categories.txt"))) { + $new_md5 = trim(file_get_contents("{$iqRisk_tmppath}categories.txt.md5")); + if ($new_md5 == md5_file("{$iqRisk_tmppath}categories.txt")) { @rename("{$iqRisk_tmppath}categories.txt", "{$iprep_path}categories.txt"); @rename("{$iqRisk_tmppath}categories.txt.md5", "{$iprep_path}categories.txt.md5"); $success = TRUE; @@ -179,8 +179,8 @@ if (suricata_check_iprep_md5("iprepdata.txt.gz")) { // If the files downloaded successfully, unpack them and store // the list files in the SURICATA_IPREP_PATH directory. if (file_exists("{$iqRisk_tmppath}iprepdata.txt.gz") && file_exists("{$iqRisk_tmppath}iprepdata.txt.gz.md5")) { - $new_md5 = file_get_contents("{$iqRisk_tmppath}iprepdata.txt.gz.md5"); - if ($new_md5 == trim(md5_file("{$iqRisk_tmppath}iprepdata.txt.gz"))) { + $new_md5 = trim(file_get_contents("{$iqRisk_tmppath}iprepdata.txt.gz.md5")); + if ($new_md5 == md5_file("{$iqRisk_tmppath}iprepdata.txt.gz")) { mwexec("/usr/bin/gunzip -f {$iqRisk_tmppath}iprepdata.txt.gz"); @rename("{$iqRisk_tmppath}iprepdata.txt", "{$iprep_path}iprepdata.txt"); @rename("{$iqRisk_tmppath}iprepdata.txt.gz.md5", "{$iprep_path}iprepdata.txt.gz.md5"); -- cgit v1.2.3 From 0b369ed3ffbc8c57995f8f9176bcc4ae3f8c06ff Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 25 Dec 2014 11:22:22 -0500 Subject: Always do a manual IQRisk file check when enabled and saving settings. --- config/suricata/suricata_ip_list_mgmt.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/suricata/suricata_ip_list_mgmt.php b/config/suricata/suricata_ip_list_mgmt.php index ee3a7009..1d928531 100644 --- a/config/suricata/suricata_ip_list_mgmt.php +++ b/config/suricata/suricata_ip_list_mgmt.php @@ -101,11 +101,14 @@ if ($_POST['save']) { /* Toggle cron task for ET IQRisk updates if setting was changed */ if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) { - include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php"); install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root"); } elseif ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) install_cron_job("/usr/local/pkg/suricata/suricata_etiqrisk_update.php", FALSE); + + /* Peform a manual ET IQRisk file check/download */ + if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on') + include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php"); } } -- cgit v1.2.3 From 118c8ebbf9593189fba969f47f60753849181536 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 28 Dec 2014 15:10:03 -0500 Subject: Fix fatal error 'string offset cannot be array' on greenfield installs. --- config/suricata/suricata_post_install.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index f4a66b0b..5000a17d 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -112,6 +112,10 @@ safe_mkdir(SURICATALOGDIR); safe_mkdir(SURICATA_SID_MODS_PATH); safe_mkdir(SURICATA_IPREP_PATH); +// Make sure config variable is an array +if (!is_array($config['installedpackages']['suricata']['config'][0])) + $config['installedpackages']['suricata']['config'][0] = array(); + // Download the latest GeoIP DB updates and create cron task if the feature is not disabled if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] != 'off') { log_error(gettext("[Suricata] Installing free GeoIP country database files...")); -- cgit v1.2.3 From e21ee2ef12f1302f454df38f030ea8c70dbaa411 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 28 Dec 2014 15:33:02 -0500 Subject: Do not show md5 checksum files in IP LIST MGMT tab. --- config/suricata/suricata_ip_list_mgmt.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/suricata/suricata_ip_list_mgmt.php b/config/suricata/suricata_ip_list_mgmt.php index 1d928531..ca7f85cf 100644 --- a/config/suricata/suricata_ip_list_mgmt.php +++ b/config/suricata/suricata_ip_list_mgmt.php @@ -290,7 +290,9 @@ if ($savemsg) height="17" border="0" title=""/> - + -- cgit v1.2.3 From c7b2fcd5a689cec5cd151556f37eabadb0cb286d Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 28 Dec 2014 15:56:52 -0500 Subject: Check for ET IQRisk update once every 6 hours instead of once daily. --- config/suricata/suricata_ip_list_mgmt.php | 2 +- config/suricata/suricata_post_install.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/suricata/suricata_ip_list_mgmt.php b/config/suricata/suricata_ip_list_mgmt.php index ca7f85cf..37decaad 100644 --- a/config/suricata/suricata_ip_list_mgmt.php +++ b/config/suricata/suricata_ip_list_mgmt.php @@ -101,7 +101,7 @@ if ($_POST['save']) { /* Toggle cron task for ET IQRisk updates if setting was changed */ if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) { - install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root"); + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, "*/6", "*", "*", "*", "root"); } elseif ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) install_cron_job("/usr/local/pkg/suricata/suricata_etiqrisk_update.php", FALSE); diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 5000a17d..d5c771be 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -127,7 +127,7 @@ if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] != if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on') { log_error(gettext("[Suricata] Installing Emerging Threats IQRisk IP List...")); include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php"); - install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root"); + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, "*/6", "*", "*", "*", "root"); } // remake saved settings if previously flagged -- cgit v1.2.3 From 017da7aa775c01bd5530849ac0885d82976238eb Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 28 Dec 2014 16:28:58 -0500 Subject: Define URL variable as local instead of global. --- config/suricata/suricata_etiqrisk_update.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/config/suricata/suricata_etiqrisk_update.php b/config/suricata/suricata_etiqrisk_update.php index 17d264e3..70fbdb79 100644 --- a/config/suricata/suricata_etiqrisk_update.php +++ b/config/suricata/suricata_etiqrisk_update.php @@ -41,6 +41,7 @@ require_once("config.inc"); require_once("functions.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); +require("/usr/local/pkg/suricata/suricata_defs.inc"); /************************************************************************* * Hack for backwards compatibility with older 2.1.x pfSense versions * @@ -101,8 +102,9 @@ function suricata_check_iprep_md5($filename) { /* error occurred. */ /**********************************************************/ - global $et_iqrisk_url, $iqRisk_tmppath, $iprep_path; + global $iqRisk_tmppath, $iprep_path; $new_md5 = $old_md5 = ""; + $et_iqrisk_url = str_replace("_xxx_", $config['installedpackages']['suricata']['config'][0]['iqrisk_code'], ET_IQRISK_DNLD_URL); if (download_file("{$et_iqrisk_url}{$filename}.md5sum", "{$iqRisk_tmppath}{$filename}.md5") == true) { if (file_exists("{$iqRisk_tmppath}{$filename}.md5")) @@ -115,7 +117,7 @@ function suricata_check_iprep_md5($filename) { log_error(gettext("[Suricata] IPREP file '{$filename}' is up to date.")); } else - log_error(gettext("[Suricata] An error occurred downloading {$filename}.md5sum for IPREP. Update of {$filename} file will be skipped.")); + log_error(gettext("[Suricata] An error occurred downloading {$et_iqrisk_url}{$filename}.md5sum for IPREP. Update of {$filename} file will be skipped.")); return FALSE; } @@ -128,6 +130,9 @@ $iprep_path = SURICATA_IPREP_PATH; $iqRisk_tmppath = "{$g['tmp_path']}/IQRisk/"; $success = FALSE; +if (!is_array($config['installedpackages']['suricata']['config'][0])) + $config['installedpackages']['suricata']['config'][0] = array(); + // If auto-updates of ET IQRisk are disabled, then exit if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == "off") return(0); -- cgit v1.2.3 From 20518f1fbae82aee10ee617636f5fdb66209d324 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sun, 28 Dec 2014 16:33:39 -0500 Subject: Bump Suricata GUI package version to 2.1.2 for bug fixes. --- config/suricata/suricata.xml | 2 +- config/suricata/suricata_post_install.php | 4 ++-- pkg_config.10.xml | 2 +- pkg_config.8.xml | 2 +- pkg_config.8.xml.amd64 | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml index 3b3bf723..bb01698c 100644 --- a/config/suricata/suricata.xml +++ b/config/suricata/suricata.xml @@ -42,7 +42,7 @@ Suricata IDS/IPS Package None suricata - 2.0.4 pkg v2.1 + 2.0.4 pkg v2.1.2 Services: Suricata IDS /usr/local/pkg/suricata/suricata.inc diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index d5c771be..070cf095 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -258,8 +258,8 @@ if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettin conf_mount_ro(); // Update Suricata package version in configuration -$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.1"; -write_config("Suricata pkg v2.1: post-install configuration saved."); +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.1.2"; +write_config("Suricata pkg v2.1.2: post-install configuration saved."); // Done with post-install, so clear flag unset($g['suricata_postinstall']); diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 53eebe96..e3173490 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1451,7 +1451,7 @@ http://suricata-ids.org/ Security - 2.0.4 pkg v2.1.1 + 2.0.4 pkg v2.1.2 Stable 2.2 https://packages.pfsense.org/packages/config/suricata/suricata.xml diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 4bfffe20..fb96637e 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1896,7 +1896,7 @@ http://suricata-ids.org/ Security - 2.0.4 pkg v2.1.1 + 2.0.4 pkg v2.1.2 Stable 2.1 https://packages.pfsense.org/packages/config/suricata/suricata.xml diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 11f9059d..73c971e0 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1883,7 +1883,7 @@ http://suricata-ids.org/ Security - 2.0.4 pkg v2.1.1 + 2.0.4 pkg v2.1.2 Stable 2.1 https://packages.pfsense.org/packages/config/suricata/suricata.xml -- cgit v1.2.3