From f15023b3676134fe19fd67bcaa97d9d243698f5a Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 30 Apr 2014 16:14:29 -0400 Subject: Fix bug in cron task edit for 'rm_blocked' hosts --- config/suricata/suricata.inc | 11 +++++++++-- config/suricata/suricata_post_install.php | 6 +++--- config/suricata/suricata_uninstall.php | 2 ++ 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index a2be802a..53dc678f 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -589,8 +589,15 @@ function suricata_rm_blocked_install_cron($should_install) { $suricata_rm_blocked_expire = "2419200"; } - $command = "/usr/bin/nice -n20 /sbin/pfctl -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}"; - install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root"); + // First, remove any existing cron task for "rm_blocked" hosts + install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false); + + // Now add or update the cron task for "rm_blocked" hosts + // if enabled. + if ($should_install) { + $command = "/usr/bin/nice -n20 /sbin/pfctl -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}"; + install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root"); + } } function sync_suricata_package_config() { diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 4d5454d5..91866982 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -110,8 +110,8 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = suricata_create_rc(); // Set Log Limit, Block Hosts Time and Rules Update Time - suricata_loglimit_install_cron(); -// suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); + suricata_loglimit_install_cron(true); + suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false); // Add the recurring jobs created above to crontab @@ -138,7 +138,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = } // Update Suricata package version in configuration -$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v0.3-BETA"; +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.1"; write_config(); // Done with post-install, so clear flag diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php index b8ea6097..558069be 100644 --- a/config/suricata/suricata_uninstall.php +++ b/config/suricata/suricata_uninstall.php @@ -35,6 +35,7 @@ $suricatadir = SURICATADIR; $suricatalogdir = SURICATALOGDIR; $rcdir = RCFILEPREFIX; $suricata_rules_upd_log = RULES_UPD_LOGFILE; +$suri_pf_table = SURICATA_PF_TABLE; log_error(gettext("[Suricata] Suricata package uninstall in progress...")); @@ -64,6 +65,7 @@ mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true); /* Remove the Suricata cron jobs. */ install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false); install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false); +install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false); /* See if we are to keep Suricata log files on uninstall */ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { -- cgit v1.2.3 From 877135883f3da75c4fc065a50deb80aa3de04667 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 30 Apr 2014 16:18:47 -0400 Subject: Bump Suricata package version to 1.0.1 for bug fix. --- pkg_config.10.xml | 2 +- pkg_config.8.xml | 2 +- pkg_config.8.xml.amd64 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg_config.10.xml b/pkg_config.10.xml index b458e02e..c064a17c 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1567,7 +1567,7 @@ http://suricata-ids.org/ Security - 1.4.6 pkg v1.0 + 1.4.6 pkg v1.0.1 Stable 2.2 https://packages.pfsense.org/packages/config/suricata/suricata.xml diff --git a/pkg_config.8.xml b/pkg_config.8.xml index b0aa5de8..c954a345 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -2016,7 +2016,7 @@ http://suricata-ids.org/ Security - 1.4.6 pkg v1.0 + 1.4.6 pkg v1.0.1 Stable 2.1 https://packages.pfsense.org/packages/config/suricata/suricata.xml diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index a1d67317..7d76e35b 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -2003,7 +2003,7 @@ http://suricata-ids.org/ Security - 1.4.6 pkg v1.0 + 1.4.6 pkg v1.0.1 Stable 2.1 https://packages.pfsense.org/packages/config/suricata/suricata.xml -- cgit v1.2.3 From ae28f7ce8af377985864b8df5e24b5c98e387e71 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 30 Apr 2014 18:14:47 -0400 Subject: No need to call suricata_reload_config() here. --- config/suricata/suricata_alerts.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index 71739f82..66916e26 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -110,12 +110,11 @@ function suricata_add_supplist_entry($suppress) { } } - /* If we created a new list or updated an existing one, save the change, */ - /* tell Snort to load it, and return true; otherwise return false. */ + /* If we created a new list or updated an existing one, save the change */ + /* and return true; otherwise return false. */ if ($found_list) { write_config(); sync_suricata_package_config(); - suricata_reload_config($a_instance[$instanceid]); return true; } else -- cgit v1.2.3 From 7bb99d97c33021c4e4cacb0b8dd739be5933c61f Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 30 Apr 2014 21:02:11 -0400 Subject: Allow disabling of 'Delayed Detect' feature when required. --- config/suricata/suricata_generate_yaml.php | 5 +++++ config/suricata/suricata_interfaces_edit.php | 13 ++++++++++++- config/suricata/suricata_yaml_template.inc | 2 +- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php index e4d2c153..3f9e307b 100644 --- a/config/suricata/suricata_generate_yaml.php +++ b/config/suricata/suricata_generate_yaml.php @@ -142,6 +142,11 @@ if (!empty($suricatacfg['inspect_recursion_limit']) || $suricatacfg['inspect_rec else $inspection_recursion_limit = ""; +if ($suricatacfg['delayed_detect'] == 'on') + $delayed_detect = "yes"; +else + $delayed_detect = "no"; + // Add interface-specific blocking settings if ($suricatacfg['blockoffenders'] == 'on') $suri_blockoffenders = "yes"; diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 62c5eecb..f9319f92 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -222,6 +222,7 @@ if ($_POST["save"]) { if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); @@ -281,6 +282,7 @@ if ($_POST["save"]) { $natent['reassembly_to_client_chunk'] = '2560'; $natent['enable_midstream_sessions'] = 'off'; $natent['enable_async_sessions'] = 'off'; + $natent['delayed_detect'] = 'off'; $natent['asn1_max_frames'] = '256'; @@ -621,6 +623,14 @@ if ($savemsg) { " . gettext("3000") . "."; ?>

+ + + + /> + " . gettext("Not Checked") . "."; ?> + @@ -880,7 +890,8 @@ function enable_change(enable_change) { document.iform.btnHomeNet.disabled=endis; document.iform.btnPasslist.disabled=endis; document.iform.btnSuppressList.disabled=endis; -} +} document.iform.delayed_detect.disabled=endis; + function wopen(url, name, w, h) { // Fudge factors for window decoration space. diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc index 4ced9059..c20ca8db 100644 --- a/config/suricata/suricata_yaml_template.inc +++ b/config/suricata/suricata_yaml_template.inc @@ -117,7 +117,7 @@ detect-engine: - sgh-mpm-context: {$sgh_mpm_ctx} - inspection-recursion-limit: {$inspection_recursion_limit} - rule-reload: true - - delayed-detect: yes + - delayed-detect: {$delayed_detect} # Suricata is multi-threaded. Here the threading can be influenced. threading: -- cgit v1.2.3