From 10cab278e653f00bd8ec0ee0e82d30e5c7798042 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 19 Feb 2014 14:08:14 -0500 Subject: BETA version of Suricata 1.4.6 IDS package v0.1 for pfSense. --- config/suricata/suricata_interfaces.php | 474 ++++++++++++++++++++++++++++++++ 1 file changed, 474 insertions(+) create mode 100644 config/suricata/suricata_interfaces.php (limited to 'config/suricata/suricata_interfaces.php') diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php new file mode 100644 index 00000000..47a3ba11 --- /dev/null +++ b/config/suricata/suricata_interfaces.php @@ -0,0 +1,474 @@ + $i) { + if ($i['name'] == $autolist) { + unset($config['installedpackages']['suricata']['suppress']['item'][$k]); + break; + } + } + } + + // Finally delete the interface's config entry entirely + unset($a_nat[$rulei]); + } + conf_mount_ro(); + + /* If all the Suricata interfaces are removed, then unset the config array. */ + if (empty($a_nat)) + unset($a_nat); + + write_config(); + sleep(2); + + /* if there are no ifaces remaining do not create suricata.sh */ + if (!empty($config['installedpackages']['suricata']['rule'])) + suricata_create_rc(); + else { + conf_mount_rw(); + @unlink("{$rcdir}/suricata.sh"); + conf_mount_ro(); + } + + sync_suricata_package_config(); + + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_interfaces.php"); + exit; + } + +} + +/* start/stop Barnyard2 */ +if ($_GET['act'] == 'bartoggle' && is_numeric($id)) { + $suricatacfg = $config['installedpackages']['suricata']['rule'][$id]; + $if_real = suricata_get_real_interface($suricatacfg['interface']); + $if_friendly = suricata_get_friendly_interface($suricatacfg['interface']); + + if (suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2') == 'no') { + log_error("Toggle (barnyard starting) for {$if_friendly}({$suricatacfg['descr']})..."); + sync_suricata_package_config(); + suricata_barnyard_start($suricatacfg, $if_real); + } else { + log_error("Toggle (barnyard stopping) for {$if_friendly}({$suricatacfg['descr']})..."); + suricata_barnyard_stop($suricatacfg, $if_real); + } + + sleep(3); // So the GUI reports correctly + header("Location: /suricata/suricata_interfaces.php"); + exit; +} + +/* start/stop Suricata */ +if ($_GET['act'] == 'toggle' && is_numeric($id)) { + $suricatacfg = $config['installedpackages']['suricata']['rule'][$id]; + $if_real = suricata_get_real_interface($suricatacfg['interface']); + $if_friendly = suricata_get_friendly_interface($suricatacfg['interface']); + + if (suricata_is_running($suricatacfg['uuid'], $if_real) == 'yes') { + log_error("Toggle (suricata stopping) for {$if_friendly}({$suricatacfg['descr']})..."); + suricata_stop($suricatacfg, $if_real); + } else { + log_error("Toggle (suricata starting) for {$if_friendly}({$suricatacfg['descr']})..."); + // set flag to rebuild interface rules before starting Snort + $rebuild_rules = true; + sync_suricata_package_config(); + $rebuild_rules = false; + suricata_start($suricatacfg, $if_real); + } + sleep(3); // So the GUI reports correctly + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_interfaces.php"); + exit; +} + +$pgtitle = "Services: Suricata Intrusion Detection System"; +include_once("head.inc"); + +?> + + +' . $pgtitle . '

'; +?> + +
+ + + + + + + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  + + + + + +
+
+ + + + + + "; + echo ($no_rules) ? " " : ""; + } else + echo gettext("DISABLED"); + ?> + + + + + + + "; + } else + echo gettext("DISABLED"); + ?> + +   + + + + + +
+
+
+
+    +   + +
+ + + + +
+ + " + onclick="return intf_del()"> +
+
 
  + + + + + + + + + + + + + + + + + + + + + + + + + +

+ " . gettext("Suricata Menu ") . + "" . gettext("where you can see an overview of all your interface settings. "); + if (empty($a_nat)) { + echo gettext("Please configure the parameters on the ") . "" . gettext("Global Settings") . + "" . gettext(" tab before adding an interface."); + }?> +

+

+ +

+
Click on the "> icon to add + an interface. +   + "> + "> icons will show current + suricata and barnyard2 status. +
Click on the "> icon to edit + an interface and settings. +   + Click on the status icons to toggle suricata and barnyard2 status. +
Click on the "> icon to + delete an interface and settings. +
+
 
+
+
+
+ + + + + + -- cgit v1.2.3 From a5c40093adcb507d8d5991568a36702fcc649cdb Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 19 Feb 2014 23:10:40 -0500 Subject: Use system calls instead of wrappers for getting interface names. --- config/suricata/suricata_interfaces.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'config/suricata/suricata_interfaces.php') diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php index 47a3ba11..26ccada3 100644 --- a/config/suricata/suricata_interfaces.php +++ b/config/suricata/suricata_interfaces.php @@ -52,7 +52,7 @@ if (isset($_POST['del_x'])) { conf_mount_rw(); foreach ($_POST['rule'] as $rulei) { /* convert fake interfaces to real */ - $if_real = suricata_get_real_interface($a_nat[$rulei]['interface']); + $if_real = get_real_interface($a_nat[$rulei]['interface']); $suricata_uuid = $a_nat[$rulei]['uuid']; suricata_stop($a_nat[$rulei], $if_real); exec("/bin/rm -r {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}"); @@ -109,8 +109,8 @@ if (isset($_POST['del_x'])) { /* start/stop Barnyard2 */ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) { $suricatacfg = $config['installedpackages']['suricata']['rule'][$id]; - $if_real = suricata_get_real_interface($suricatacfg['interface']); - $if_friendly = suricata_get_friendly_interface($suricatacfg['interface']); + $if_real = get_real_interface($suricatacfg['interface']); + $if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']); if (suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2') == 'no') { log_error("Toggle (barnyard starting) for {$if_friendly}({$suricatacfg['descr']})..."); @@ -129,8 +129,8 @@ if ($_GET['act'] == 'bartoggle' && is_numeric($id)) { /* start/stop Suricata */ if ($_GET['act'] == 'toggle' && is_numeric($id)) { $suricatacfg = $config['installedpackages']['suricata']['rule'][$id]; - $if_real = suricata_get_real_interface($suricatacfg['interface']); - $if_friendly = suricata_get_friendly_interface($suricatacfg['interface']); + $if_real = get_real_interface($suricatacfg['interface']); + $if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']); if (suricata_is_running($suricatacfg['uuid'], $if_real) == 'yes') { log_error("Toggle (suricata stopping) for {$if_friendly}({$suricatacfg['descr']})..."); @@ -234,8 +234,8 @@ if ($pfsense_stable == 'yes') /* convert fake interfaces to real and check if iface is up */ /* There has to be a smarter way to do this */ - $if_real = suricata_get_real_interface($natent['interface']); - $natend_friendly= suricata_get_friendly_interface($natent['interface']); + $if_real = get_real_interface($natent['interface']); + $natend_friendly= convert_friendly_interface_to_friendly_descr($natent['interface']); $suricata_uuid = $natent['uuid']; if (suricata_is_running($suricata_uuid, $if_real) == 'no'){ $iconfn = 'block'; -- cgit v1.2.3 From 4d68da5d12cc272337f38d338913f66a8c703898 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 21 Feb 2014 14:44:36 -0500 Subject: Remove use of $_GET wherever possible for security. --- config/suricata/suricata_interfaces.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'config/suricata/suricata_interfaces.php') diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php index 26ccada3..364abe62 100644 --- a/config/suricata/suricata_interfaces.php +++ b/config/suricata/suricata_interfaces.php @@ -449,6 +449,12 @@ if ($pfsense_stable == 'yes')