From 6c0d365bdb5f4e4fdc2bf57561178573be5a36cc Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Tue, 26 Aug 2014 21:39:21 -0400
Subject: Upgrade Suricata to 2.0.3 and GUI package to v2.0

---
 config/suricata/suricata_global.php | 124 +++++++++++++++++++++++++++---------
 1 file changed, 93 insertions(+), 31 deletions(-)

(limited to 'config/suricata/suricata_global.php')

diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index 9c932222..5f01a660 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -45,29 +45,45 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
 global $g;
 
 $suricatadir = SURICATADIR;
+$pconfig = array();
 
-$pconfig['enable_vrt_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'];
-$pconfig['oinkcode'] = $config['installedpackages']['suricata']['config'][0]['oinkcode'];
-$pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['etprocode'];
-$pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'];
-$pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'];
-$pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked'];
-$pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate'];
-$pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'];
-$pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates'];
-$pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'];
-$pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'];
-$pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'];
+// If doing a postback, used typed values, else load from stored config
+if (!empty($_POST)) {
+	$pconfig = $_POST;
+}
+else {
+	$pconfig['enable_vrt_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'];
+	$pconfig['oinkcode'] = $config['installedpackages']['suricata']['config'][0]['oinkcode'];
+	$pconfig['etprocode'] = $config['installedpackages']['suricata']['config'][0]['etprocode'];
+	$pconfig['enable_etopen_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etopen_rules'];
+	$pconfig['enable_etpro_rules'] = $config['installedpackages']['suricata']['config'][0]['enable_etpro_rules'];
+	$pconfig['rm_blocked'] = $config['installedpackages']['suricata']['config'][0]['rm_blocked'];
+	$pconfig['autoruleupdate'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdate'];
+	$pconfig['autoruleupdatetime'] = $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'];
+	$pconfig['live_swap_updates'] = $config['installedpackages']['suricata']['config'][0]['live_swap_updates'];
+	$pconfig['log_to_systemlog'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'];
+	$pconfig['log_to_systemlog_facility'] = $config['installedpackages']['suricata']['config'][0]['log_to_systemlog_facility'];
+	$pconfig['forcekeepsettings'] = $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'];
+	$pconfig['snortcommunityrules'] = $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'];
+	$pconfig['snort_rules_file'] = $config['installedpackages']['suricata']['config'][0]['snort_rules_file'];
+}
 
+// Do input validation on parameters
 if (empty($pconfig['autoruleupdatetime']))
 	$pconfig['autoruleupdatetime'] = '00:30';
 
+if (empty($pconfig['log_to_systemlog_facility']))
+	$pconfig['log_to_systemlog_facility'] = "local1";
+
 if ($_POST['autoruleupdatetime']) {
 	if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime']))
 		$input_errors[] = "Invalid Rule Update Start Time!  Please supply a value in 24-hour format as 'HH:MM'.";
 }
 
-if ($_POST['suricatadownload'] == "on" && empty($_POST['oinkcode']))
+if ($_POST['enable_vrt_rules'] == "on" && empty($_POST['snort_rules_file']))
+		$input_errors[] = "You must supply a snort rules tarball filename in the box provided in order to enable Snort VRT rules!";
+
+if ($_POST['enable_vrt_rules'] == "on" && empty($_POST['oinkcode']))
 		$input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!";
 
 if ($_POST['enable_etpro_rules'] == "on" && empty($_POST['etprocode']))
@@ -117,6 +133,7 @@ if (!$input_errors) {
 			}
 		}
 
+		$config['installedpackages']['suricata']['config'][0]['snort_rules_file'] = $_POST['snort_rules_file'];
 		$config['installedpackages']['suricata']['config'][0]['oinkcode'] = $_POST['oinkcode'];
 		$config['installedpackages']['suricata']['config'][0]['etprocode'] = $_POST['etprocode'];
 		$config['installedpackages']['suricata']['config'][0]['rm_blocked'] = $_POST['rm_blocked'];
@@ -130,6 +147,7 @@ if (!$input_errors) {
 		}
 		$config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT);
 		$config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off';
+		$config['installedpackages']['suricata']['config'][0]['log_to_systemlog_facility'] = $_POST['log_to_systemlog_facility'];
 		$config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off';
 		$config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
 
@@ -138,7 +156,7 @@ if (!$input_errors) {
 		/* create passlist and homenet file, then sync files */
 		sync_suricata_package_config();
 
-		write_config();
+		write_config("Suricata pkg: modified global settings.");
 
 		/* forces page to reload new settings */
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
@@ -161,9 +179,6 @@ include_once("head.inc");
 <?php
 include_once("fbegin.inc");
 
-if($pfsense_stable == 'yes')
-	echo '<p class="pgtitle">' . $pgtitle . '</p>';
-
 /* Display Alert message, under form tag or no refresh */
 if ($input_errors)
 	print_input_errors($input_errors);
@@ -172,25 +187,29 @@ if ($input_errors)
 
 <form action="suricata_global.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
 <table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tbody>
 <tr><td>
 <?php
-        $tab_array = array();
-        $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
-        $tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php");
-	$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+	$tab_array = array();
+	$tab_array[] = array(gettext("Interfaces"), false, "/suricata/suricata_interfaces.php");
+	$tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php");
+	$tab_array[] = array(gettext("Updates"), false, "/suricata/suricata_download_updates.php");
 	$tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
-	$tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php");
+	$tab_array[] = array(gettext("Blocks"), false, "/suricata/suricata_blocked.php");
 	$tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php");
 	$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
-	$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+	$tab_array[] = array(gettext("Logs View"), false, "/suricata/suricata_logs_browser.php");
 	$tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php");
-        display_top_tabs($tab_array, true);
+	$tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php");
+	$tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml");
+	display_top_tabs($tab_array, true);
 ?>
 </td></tr>
 <tr>
 	<td>
 	<div id="mainarea">
 	<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+<tbody>
 <tr>
 	<td colspan="2" valign="top" class="listtopic"><?php echo gettext("Please Choose The Type Of Rules You Wish To Download");?></td>
 </tr>
@@ -198,6 +217,7 @@ if ($input_errors)
 	<td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Emerging Threats") . "</strong>" . gettext(" rules");?></td>
 	<td width="78%" class="vtable">
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
+			<tbody>
 			<tr>
 				<td valign="top" width="8%"><input name="enable_etopen_rules" type="checkbox" value="on" onclick="enable_et_rules();" 
 				<?php if ($config['installedpackages']['suricata']['config'][0]['enable_etopen_rules']=="on") echo "checked"; ?>/></td>
@@ -218,8 +238,10 @@ if ($input_errors)
 			<td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . "&nbsp;" . 
 			gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td>
 		</tr>
+		</tbody>
 		</table>
 		<table id="etpro_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0">
+		<tbody>
 		<tr>
 			<td colspan="2">&nbsp;</td>
 		</tr>
@@ -232,6 +254,7 @@ if ($input_errors)
 			value="<?=htmlspecialchars($pconfig['etprocode']);?>"/><br/>
 			<?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td>
 		</tr>
+		</tbody>
 		</table>
 	</td>
 </tr>
@@ -239,36 +262,45 @@ if ($input_errors)
 	<td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Snort VRT") . "</strong>" . gettext(" rules");?></td>
 	<td width="78%" class="vtable">
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
+		<tbody>
 		<tr>
 			<td><input name="enable_vrt_rules" type="checkbox" id="enable_vrt_rules" value="on" onclick="enable_snort_vrt();" 
 			<?php if($pconfig['enable_vrt_rules']=='on') echo 'checked'; ?>/></td>
 			<td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td>
 		<tr>
 			<td>&nbsp;</td>
-			<td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/>
-			<a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank">
+			<td><a href="https://www.snort.org/users/sign_up" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br/>
+			<a href="https://www.snort.org/products" target="_blank">
 			<?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td>
 		</tr>
+		</tbody>
 		</table>
 		<table id="snort_oink_code_tbl" width="100%" border="0" cellpadding="2" cellspacing="0">
+		<tbody>
 		<tr>
-			<td colspan="2">&nbsp;</td>
+			<td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Configuration"); ?></span></b></td>
 		</tr>
 		<tr>
-			<td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Oinkmaster Configuration"); ?></span></b></td>
+			<td valign="top" align="right"><span class="vexpl"><strong><?php echo gettext("Rules Filename:"); ?></strong></span>&nbsp;</td>
+			<td><input name="snort_rules_file" type="text" class="formfld unknown" id="snort_rules_file" size="52" 
+			value="<?=htmlspecialchars($pconfig['snort_rules_file']);?>"/><br/>
+			<?php echo gettext("Enter the rules tarball filename (filename only, do not include the URL.)"); ?>
+			<br/><span class="red"><strong><?php echo gettext("Example: ") . "</strong></span>" . gettext("snortrules-snapshot-2962.tar.gz");?><br/><br/></td>
 		</tr>
 		<tr>
-			<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
+			<td valign="top" align="right"><span class="vexpl"><strong><?php echo gettext("Oinkmaster Code:"); ?></strong></span>&nbsp;</td>
 			<td><input name="oinkcode" type="text" class="formfld unknown" id="oinkcode" size="52" 
 			value="<?=htmlspecialchars($pconfig['oinkcode']);?>"/><br/>
 			<?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td>
 		</tr>
+		</tbody>
 		</table>
 </tr>
 <tr>
 	<td width="22%" valign="top" class="vncell"><?php echo gettext("Install ") . "<strong>" . gettext("Snort Community") . "</strong>" . gettext(" rules");?></td>
 	<td width="78%" class="vtable">
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
+			<tbody>
 			<tr>
 				<td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on"
 				<?php if ($config['installedpackages']['suricata']['config'][0]['snortcommunityrules']=="on") echo " checked";?>/></td>
@@ -278,6 +310,7 @@ if ($input_errors)
 				gettext("If you are a Snort VRT Paid Subscriber, the community ruleset is already built into your download of the ") . 
 				gettext("Snort VRT rules, and there is no benefit in adding this rule set.");?><br/></td>
 			</tr>
+			</tbody>
 		</table></td>
 </tr>
 <tr>
@@ -334,10 +367,29 @@ if ($input_errors)
 </tr>
 <tr>
 	<td width="22%" valign="top" class="vncell"><?php echo gettext("Log to System Log"); ?></td>
-	<td width="78%" class="vtable"><input name="log_to_systemlog" id="log_to_systemlog" type="checkbox" value="yes"
+	<td width="78%" class="vtable"><input name="log_to_systemlog" id="log_to_systemlog" type="checkbox" value="yes" onclick="toggle_log_to_systemlog();" 
 	<?php if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog']=="on") echo " checked"; ?>/>&nbsp;
 	<?php echo gettext("Copy Suricata messages to the firewall system log."); ?></td>
 </tr>
+	<tbody id="log_to_systemlog_rows">
+		<tr>
+			<td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td>
+			<td width="78%" class="vtable">
+				<select name="log_to_systemlog_facility" id="log_to_systemlog_facility" class="formselect">
+				<?php
+					$log_facility = array(  "auth", "authpriv", "daemon", "kern", "security", "syslog", "user", "local0",
+								"local1", "local2", "local3", "local4", "local5", "local6", "local7" );
+					foreach ($log_facility as $facility) {
+						$selected = "";
+						if ($facility == $pconfig['log_to_systemlog_facility'])
+							$selected = " selected";
+						echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n";
+					}
+				?></select>&nbsp;&nbsp;
+				<?php echo gettext("Select system log facility to use for reporting.  Default is ") . "<strong>" . gettext("local1") . "</strong>."; ?>
+			</td>
+		</tr>
+	</tbody>
 <tr>
 	<td width="22%" valign="top" class="vncell"><?php echo gettext("Keep Suricata Settings After Deinstall"); ?></td>
 	<td width="78%" class="vtable"><input name="forcekeepsettings" id="forcekeepsettings" type="checkbox" value="yes"
@@ -351,9 +403,10 @@ if ($input_errors)
 	<td colspan="2" class="vexpl" align="center"><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
 	</span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td>
 </tr>
+</tbody>
 	</table>
 </div><br/>
-</td></tr>
+</td></tr></tbody>
 </table>
 </form>
 <?php include("fend.inc"); ?>
@@ -396,11 +449,20 @@ function enable_change_rules_upd() {
 		document.iform.autoruleupdatetime.disabled="";		
 }
 
+function toggle_log_to_systemlog() {
+	var endis = !document.iform.log_to_systemlog.checked;
+	if (endis)
+		document.getElementById("log_to_systemlog_rows").style.display="none";
+	else
+		document.getElementById("log_to_systemlog_rows").style.display="";
+}
+
 // Initialize the form controls state based on saved settings
 enable_snort_vrt();
 enable_et_rules();
 enable_pro_rules();
 enable_change_rules_upd();
+toggle_log_to_systemlog();
 
 //-->
 </script>
-- 
cgit v1.2.3