From 6c0d365bdb5f4e4fdc2bf57561178573be5a36cc Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Tue, 26 Aug 2014 21:39:21 -0400 Subject: Upgrade Suricata to 2.0.3 and GUI package to v2.0 --- config/suricata/suricata_interfaces_edit.php | 404 ++++++++++++++++++++++----- 1 file changed, 332 insertions(+), 72 deletions(-) (limited to 'config/suricata/suricata_interfaces_edit.php') diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index dcf6fe3f..1bef338a 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -59,8 +59,10 @@ if (isset($_POST['id']) && is_numericint($_POST['id'])) elseif (isset($_GET['id']) && is_numericint($_GET['id'])); $id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401); -if (is_null($id)) - $id = 0; +if (is_null($id)) { + header("Location: /suricata/suricata_interfaces.php"); + exit; +} if (isset($_POST['action'])) $action = htmlspecialchars($_POST['action'], ENT_QUOTES | ENT_HTML401); @@ -87,14 +89,15 @@ $interfaces = get_configured_interface_with_descr(); // See if interface is already configured, and use its values if (isset($id) && $a_rule[$id]) { + /* old options */ $pconfig = $a_rule[$id]; if (!empty($pconfig['configpassthru'])) $pconfig['configpassthru'] = base64_decode($pconfig['configpassthru']); if (empty($pconfig['uuid'])) $pconfig['uuid'] = $suricata_uuid; } +// Must be a new interface, so try to pick next available physical interface to use elseif (isset($id) && !isset($a_rule[$id])) { - // Must be a new interface, so try to pick next available physical interface to use $ifaces = get_configured_interface_list(); $ifrules = array(); foreach($a_rule as $r) @@ -130,24 +133,42 @@ if (empty($pconfig['enable_http_log'])) $pconfig['enable_http_log'] = "on"; if (empty($pconfig['append_http_log'])) $pconfig['append_http_log'] = "on"; -if (empty($pconfig['enable_tls_log'])) - $pconfig['enable_tls_log'] = "off"; +if (empty($pconfig['http_log_extended'])) + $pconfig['http_log_extended'] = "on"; if (empty($pconfig['tls_log_extended'])) $pconfig['tls_log_extended'] = "on"; -if (empty($pconfig['enable_stats_log'])) - $pconfig['enable_stats_log'] = "off"; if (empty($pconfig['stats_upd_interval'])) $pconfig['stats_upd_interval'] = "10"; -if (empty($pconfig['append_stats_log'])) - $pconfig['append_stats_log'] = "off"; +if (empty($pconfig['append_dns_log'])) + $pconfig['append_dns_log'] = "on"; if (empty($pconfig['append_json_file_log'])) $pconfig['append_json_file_log'] = "on"; -if (empty($pconfig['enable_pcap_log'])) - $pconfig['enable_pcap_log'] = "off"; if (empty($pconfig['max_pcap_log_size'])) $pconfig['max_pcap_log_size'] = "32"; if (empty($pconfig['max_pcap_log_files'])) $pconfig['max_pcap_log_files'] = "1000"; +if (empty($pconfig['alertsystemlog_facility'])) + $pconfig['alertsystemlog_facility'] = "local1"; +if (empty($pconfig['alertsystemlog_priority'])) + $pconfig['alertsystemlog_priority'] = "notice"; +if (empty($pconfig['eve_output_type'])) + $pconfig['eve_output_type'] = "file"; +if (empty($pconfig['eve_systemlog_facility'])) + $pconfig['eve_systemlog_facility'] = "local1"; +if (empty($pconfig['eve_systemlog_priority'])) + $pconfig['eve_systemlog_priority'] = "notice"; +if (empty($pconfig['eve_log_alerts'])) + $pconfig['eve_log_alerts'] = "on"; +if (empty($pconfig['eve_log_http'])) + $pconfig['eve_log_http'] = "on"; +if (empty($pconfig['eve_log_dns'])) + $pconfig['eve_log_dns'] = "on"; +if (empty($pconfig['eve_log_tls'])) + $pconfig['eve_log_tls'] = "on"; +if (empty($pconfig['eve_log_files'])) + $pconfig['eve_log_files'] = "on"; +if (empty($pconfig['eve_log_ssh'])) + $pconfig['eve_log_ssh'] = "on"; // See if creating a new interface by duplicating an existing one if (strcasecmp($action, 'dup') == 0) { @@ -180,35 +201,37 @@ if (strcasecmp($action, 'dup') == 0) { } if ($_POST["save"] && !$input_errors) { - // If the interface is not enabled, stop any running Suricata - // instance on it, save the new state and exit. - if (!isset($_POST['enable'])) { - if (isset($id) && $a_rule[$id]) { - $a_rule[$id]['enable'] = 'off'; - $a_rule[$id]['interface'] = htmlspecialchars($_POST['interface']); - $a_rule[$id]['descr'] = htmlspecialchars($_POST['descr']); - suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); - - // Save configuration changes - write_config(); - - // Update suricata.conf and suricata.sh files for this interface - sync_suricata_package_config(); - - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: /suricata/suricata_interfaces.php"); - exit; + if (!isset($_POST['interface'])) + $input_errors[] = gettext("Choosing an Interface is mandatory!"); + + /* See if assigned interface is already in use */ + if (isset($_POST['interface'])) { + foreach ($a_rule as $k => $v) { + if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { + $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance."); + break; + } } } - // Validate inputs - if (!isset($_POST['interface'])) - $input_errors[] = gettext("Choosing an Interface is mandatory!"); + // If Suricata is disabled on this interface, stop any running instance, + // save the change and exit. + if ($_POST['enable'] != 'on') { + $a_rule[$id]['enable'] = $_POST['enable'] ? 'on' : 'off'; + suricata_stop($a_rule[$id], get_real_interface($a_rule[$id]['interface'])); + write_config("Suricata pkg: disabled Suricata on " . convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface'])); + $rebuild_rules = false; + sync_suricata_package_config(); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_interfaces.php"); + exit; + } + // Validate inputs if (isset($_POST['stats_upd_interval']) && !is_numericint($_POST['stats_upd_interval'])) $input_errors[] = gettext("The value for Stats Update Interval must contain only digits and evaluate to an integer."); @@ -224,16 +247,6 @@ if ($_POST["save"] && !$input_errors) { if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit'])) $input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0."); - /* See if assigned interface is already in use */ - if (isset($_POST['interface'])) { - foreach ($a_rule as $k => $v) { - if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { - $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance."); - break; - } - } - } - // if no errors write to suricata.yaml if (!$input_errors) { $natent = $a_rule[$id]; @@ -250,6 +263,7 @@ if ($_POST["save"] && !$input_errors) { if ($_POST['enable_http_log'] == "on") { $natent['enable_http_log'] = 'on'; }else{ $natent['enable_http_log'] = 'off'; } if ($_POST['append_http_log'] == "on") { $natent['append_http_log'] = 'on'; }else{ $natent['append_http_log'] = 'off'; } if ($_POST['enable_tls_log'] == "on") { $natent['enable_tls_log'] = 'on'; }else{ $natent['enable_tls_log'] = 'off'; } + if ($_POST['http_log_extended'] == "on") { $natent['http_log_extended'] = 'on'; }else{ $natent['http_log_extended'] = 'off'; } if ($_POST['tls_log_extended'] == "on") { $natent['tls_log_extended'] = 'on'; }else{ $natent['tls_log_extended'] = 'off'; } if ($_POST['enable_pcap_log'] == "on") { $natent['enable_pcap_log'] = 'on'; }else{ $natent['enable_pcap_log'] = 'off'; } if ($_POST['enable_json_file_log'] == "on") { $natent['enable_json_file_log'] = 'on'; }else{ $natent['enable_json_file_log'] = 'off'; } @@ -257,6 +271,7 @@ if ($_POST["save"] && !$input_errors) { if ($_POST['enable_tracked_files_magic'] == "on") { $natent['enable_tracked_files_magic'] = 'on'; }else{ $natent['enable_tracked_files_magic'] = 'off'; } if ($_POST['enable_tracked_files_md5'] == "on") { $natent['enable_tracked_files_md5'] = 'on'; }else{ $natent['enable_tracked_files_md5'] = 'off'; } if ($_POST['enable_file_store'] == "on") { $natent['enable_file_store'] = 'on'; }else{ $natent['enable_file_store'] = 'off'; } + if ($_POST['enable_eve_log'] == "on") { $natent['enable_eve_log'] = 'on'; }else{ $natent['enable_eve_log'] = 'off'; } if ($_POST['max_pending_packets']) $natent['max_pending_packets'] = $_POST['max_pending_packets']; else unset($natent['max_pending_packets']); if ($_POST['inspect_recursion_limit'] >= '0') $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']); if ($_POST['detect_eng_profile']) $natent['detect_eng_profile'] = $_POST['detect_eng_profile']; else unset($natent['detect_eng_profile']); @@ -270,6 +285,20 @@ if ($_POST["save"] && !$input_errors) { if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['alertsystemlog_facility']) $natent['alertsystemlog_facility'] = $_POST['alertsystemlog_facility']; + if ($_POST['alertsystemlog_priority']) $natent['alertsystemlog_priority'] = $_POST['alertsystemlog_priority']; + if ($_POST['enable_dns_log'] == "on") { $natent['enable_dns_log'] = 'on'; }else{ $natent['enable_dns_log'] = 'off'; } + if ($_POST['append_dns_log'] == "on") { $natent['append_dns_log'] = 'on'; }else{ $natent['append_dns_log'] = 'off'; } + if ($_POST['enable_eve_log'] == "on") { $natent['enable_eve_log'] = 'on'; }else{ $natent['enable_eve_log'] = 'off'; } + if ($_POST['eve_output_type']) $natent['eve_output_type'] = $_POST['eve_output_type']; + if ($_POST['eve_systemlog_facility']) $natent['eve_systemlog_facility'] = $_POST['eve_systemlog_facility']; + if ($_POST['eve_systemlog_priority']) $natent['eve_systemlog_priority'] = $_POST['eve_systemlog_priority']; + if ($_POST['eve_log_alerts'] == "on") { $natent['eve_log_alerts'] = 'on'; }else{ $natent['eve_log_alerts'] = 'off'; } + if ($_POST['eve_log_http'] == "on") { $natent['eve_log_http'] = 'on'; }else{ $natent['eve_log_http'] = 'off'; } + if ($_POST['eve_log_dns'] == "on") { $natent['eve_log_dns'] = 'on'; }else{ $natent['eve_log_dns'] = 'off'; } + if ($_POST['eve_log_tls'] == "on") { $natent['eve_log_tls'] = 'on'; }else{ $natent['eve_log_tls'] = 'off'; } + if ($_POST['eve_log_files'] == "on") { $natent['eve_log_files'] = 'on'; }else{ $natent['eve_log_files'] = 'off'; } + if ($_POST['eve_log_ssh'] == "on") { $natent['eve_log_ssh'] = 'on'; }else{ $natent['eve_log_ssh'] = 'off'; } if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); @@ -330,7 +359,6 @@ if ($_POST["save"] && !$input_errors) { $natent['flow_icmp_emerg_established_timeout'] = '100'; $natent['stream_memcap'] = '33554432'; - $natent['stream_max_sessions'] = '262144'; $natent['stream_prealloc_sessions'] = '32768'; $natent['reassembly_memcap'] = '67108864'; $natent['reassembly_depth'] = '1048576'; @@ -341,6 +369,21 @@ if ($_POST["save"] && !$input_errors) { $natent['delayed_detect'] = 'off'; $natent['asn1_max_frames'] = '256'; + $natent['dns_global_memcap'] = "16777216"; + $natent['dns_state_memcap'] = "524288"; + $natent['dns_request_flood_limit'] = "500"; + $natent['http_parser_memcap'] = "67108864"; + $natent['dns_parser_udp'] = "yes"; + $natent['dns_parser_tcp'] = "yes"; + $natent['http_parser'] = "yes"; + $natent['tls_parser'] = "yes"; + $natent['smtp_parser'] = "yes"; + $natent['imap_parser'] = "detection-only"; + $natent['ssh_parser'] = "yes"; + $natent['ftp_parser'] = "yes"; + $natent['dcerpc_parser'] = "yes"; + $natent['smb_parser'] = "yes"; + $natent['msn_parser'] = "detection-only"; $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd" ); if (!is_array($natent['host_os_policy']['item'])) @@ -349,7 +392,8 @@ if ($_POST["save"] && !$input_errors) { $default = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", "request-body-limit" => 4096, "response-body-limit" => 4096, - "double-decode-path" => "no", "double-decode-query" => "no" ); + "double-decode-path" => "no", "double-decode-query" => "no", + "uri-include-all" => "no" ); if (!is_array($natent['libhtp_policy']['item'])) $natent['libhtp_policy']['item'] = array(); $natent['libhtp_policy']['item'][] = $default; @@ -369,7 +413,7 @@ if ($_POST["save"] && !$input_errors) { suricata_stop($natent, $if_real); // Save configuration changes - write_config(); + write_config("Suricata pkg: modified interface configuration for " . convert_friendly_interface_to_friendly_descr($natent['interface'])); // Update suricata.conf and suricata.sh files for this interface sync_suricata_package_config(); @@ -407,18 +451,21 @@ if ($savemsg) { +'; echo ' +
'; @@ -436,6 +483,7 @@ if ($savemsg) {
+ @@ -471,9 +519,57 @@ if ($savemsg) { - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -604,7 +798,7 @@ if ($savemsg) { ?>   
-  " . gettext("Choosing BOTH is suggested, and it is the default value."); ?>
+  " . gettext("Choosing BOTH is suggested, and it is the default value."); ?>
 @@ -643,8 +837,8 @@ if ($savemsg) { @@ -730,9 +925,9 @@ if ($savemsg) { "/>
-

+

 
  @@ -828,14 +1023,32 @@ if ($savemsg) { gettext("Please save your settings before you attempt to start Suricata."); ?> +
/> - /> +
+    + " . gettext("local1") . "."; ?> +
+    + " . gettext("notice") . "."; ?> +
+ onClick="toggle_dns_log();" id="enable_dns_log"/> + " . gettext("Not Checked") . "."; ?> +
/> + " . gettext("Checked") . "."; ?>
@@ -505,6 +601,11 @@ if ($savemsg) { /> " . gettext("Checked") . "."; ?>
/> + " . gettext("Checked") . "."; ?>
@@ -572,6 +673,99 @@ if ($savemsg) { " . gettext("1000") . "."; ?>
+ onClick="toggle_eve_log()"/> + " . gettext("Not Checked") . "."; ?> + +
+    +
+  " . gettext("Choosing FILE is suggested, and it is the default value."); ?>
+
+    + " . gettext("local1") . "."; ?> +
+    + " . gettext("notice") . "."; ?> +
" . gettext("All Checked") . "."; ?>
+ + + + + + + + + + + + + +
/>Alerts + />HTTP Traffic + />DNS Requests/Replies +
/>TLS Handshakes + />Tracked Files + />SSH Handshakes +
+
default"; - /* find whitelist names and filter by type */ - if (is_array($suricataglob['whitelist']['item'])) { - foreach ($suricataglob['whitelist']['item'] as $value) { + /* find Pass List names and filter by type */ + if (is_array($suricataglob['passlist']['item'])) { + foreach ($suricataglob['passlist']['item'] as $value) { $ilistname = $value['name']; if ($ilistname == $pconfig['homelistname']) echo "
-- cgit v1.2.3 From ce07b15de33b4847df5498f9bbae93e2b1e893ca Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 27 Aug 2014 18:15:44 -0400 Subject: Improve HOME_NET and EXTERNAL_NET variable generation. --- config/suricata/suricata_interfaces_edit.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'config/suricata/suricata_interfaces_edit.php') diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 1bef338a..55c97efc 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -937,7 +937,11 @@ if ($savemsg) { } } ?> -    + +      "/> +
 

  Date: Mon, 1 Sep 2014 16:27:09 -0400 Subject: Include new 'dns-events.rules' file for Suricata 2.0.3 --- config/suricata/suricata_interfaces_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config/suricata/suricata_interfaces_edit.php') diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 55c97efc..a3b2e78a 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -399,7 +399,7 @@ if ($_POST["save"] && !$input_errors) { $natent['libhtp_policy']['item'][] = $default; // Enable the basic default rules for the interface - $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules"; + $natent['rulesets'] = "decoder-events.rules||dns-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules"; // Adding a new interface, so set flag to build new rules $rebuild_rules = true; -- cgit v1.2.3 From 2c4435fa4db6a4d24d7faf0b4cdbd7cde8d73089 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 3 Sep 2014 11:17:55 -0400 Subject: Strip any CR characters that may get pasted into some control fields. --- config/suricata/suricata_interfaces_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config/suricata/suricata_interfaces_edit.php') diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index a3b2e78a..ff21b48f 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -300,7 +300,7 @@ if ($_POST["save"] && !$input_errors) { if ($_POST['eve_log_files'] == "on") { $natent['eve_log_files'] = 'on'; }else{ $natent['eve_log_files'] = 'off'; } if ($_POST['eve_log_ssh'] == "on") { $natent['eve_log_ssh'] = 'on'; }else{ $natent['eve_log_ssh'] = 'off'; } if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; } - if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); + if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['configpassthru'])); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id] && $action == '') { -- cgit v1.2.3 From 46ba3729b4bbf7dd321fc3555677a66c67f4c784 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 4 Sep 2014 16:28:27 -0400 Subject: Add new GUI control for setting interface promisc mode on/off. --- config/suricata/suricata_interfaces_edit.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'config/suricata/suricata_interfaces_edit.php') diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index ff21b48f..e1e6675f 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -169,6 +169,8 @@ if (empty($pconfig['eve_log_files'])) $pconfig['eve_log_files'] = "on"; if (empty($pconfig['eve_log_ssh'])) $pconfig['eve_log_ssh'] = "on"; +if (empty($pconfig['intf_promisc_mode'])) + $pconfig['intf_promisc_mode'] = "on"; // See if creating a new interface by duplicating an existing one if (strcasecmp($action, 'dup') == 0) { @@ -300,6 +302,7 @@ if ($_POST["save"] && !$input_errors) { if ($_POST['eve_log_files'] == "on") { $natent['eve_log_files'] = 'on'; }else{ $natent['eve_log_files'] = 'off'; } if ($_POST['eve_log_ssh'] == "on") { $natent['eve_log_ssh'] = 'on'; }else{ $natent['eve_log_ssh'] = 'off'; } if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; } + if ($_POST['intf_promisc_mode'] == "on") { $natent['intf_promisc_mode'] = 'on'; }else{ $natent['intf_promisc_mode'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['configpassthru'])); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); @@ -367,6 +370,7 @@ if ($_POST["save"] && !$input_errors) { $natent['enable_midstream_sessions'] = 'off'; $natent['enable_async_sessions'] = 'off'; $natent['delayed_detect'] = 'off'; + $natent['intf_promisc_mode'] = 'on'; $natent['asn1_max_frames'] = '256'; $natent['dns_global_memcap'] = "16777216"; @@ -884,6 +888,14 @@ if ($savemsg) { " . gettext("Not Checked") . "."; ?> + + + + /> + " . gettext("Checked") . "."; ?> + @@ -1197,6 +1209,7 @@ function enable_change(enable_change) { document.iform.btnPasslist.disabled=endis; document.iform.btnSuppressList.disabled=endis; document.iform.delayed_detect.disabled=endis; + document.iform.intf_promisc_mode.disabled=endis; } function wopen(url, name, w, h) { -- cgit v1.2.3 From 5810a967278f80a4f54cb3313f31acdaf3fa906b Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Thu, 4 Sep 2014 16:47:49 -0400 Subject: Disable EVE log options when interface is disabled. --- config/suricata/suricata_interfaces_edit.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'config/suricata/suricata_interfaces_edit.php') diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index e1e6675f..f46f88f5 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -1191,6 +1191,12 @@ function enable_change(enable_change) { document.iform.max_pcap_log_files.disabled = endis; document.iform.eve_output_type.disabled = endis; document.iform.enable_eve_log.disabled = endis; + document.iform.eve_log_alerts.disabled = endis; + document.iform.eve_log_http.disabled = endis; + document.iform.eve_log_dns.disabled = endis; + document.iform.eve_log_tls.disabled = endis; + document.iform.eve_log_files.disabled = endis; + document.iform.eve_log_ssh.disabled = endis; document.iform.max_pending_packets.disabled = endis; document.iform.detect_eng_profile.disabled = endis; document.iform.mpm_algo.disabled = endis; -- cgit v1.2.3 From 179d7432250e40e8a7ca0e6e9c60045d14bbf47d Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 5 Sep 2014 12:15:57 -0400 Subject: Bug fix for cloning interface via DUP icon. --- config/suricata/suricata_interfaces_edit.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'config/suricata/suricata_interfaces_edit.php') diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index f46f88f5..c4a1775a 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -73,7 +73,7 @@ else $pconfig = array(); if (empty($suricataglob['rule'][$id]['uuid'])) { - /* Adding new interface, so flag rules to build. */ + /* Adding new interface, so generate a new UUID and flag rules to build. */ $pconfig['uuid'] = suricata_generate_id(); $rebuild_rules = true; } @@ -324,9 +324,12 @@ if ($_POST["save"] && !$input_errors) { $a_rule[$id] = $natent; } elseif (strcasecmp($action, 'dup') == 0) { - // Duplicating a new interface, so set flag to build new rules + // Duplicating an existing interface to a new interface, so set flag to build new rules $rebuild_rules = true; + // Duplicating an interface, so need to generate a new UUID for the cloned interface + $natent['uuid'] = suricata_generate_id(); + // Add the new duplicated interface configuration to the [rule] array in config $a_rule[] = $natent; } -- cgit v1.2.3