From d2600c88e6720a1f6f2dad74bbe8dac60b435d97 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Sat, 20 Sep 2014 16:35:40 -0400
Subject: Ensure defined CONSTANTS are unique to this package.

---
 config/suricata/suricata_post_install.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 42f72eca..46204f91 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -64,10 +64,10 @@ global $config, $g, $rebuild_rules, $pkg_interface, $suricata_gui_include;
  * updated version icluded with the     *
  * updated GUI package.                 *
  ****************************************/
-if (!defined('SID_MODS_PATH'))
-	define('SID_MODS_PATH', '/var/db/suricata/sidmods/');
-if (!defined('IPREP_PATH'))
-	define('IPREP_PATH', '/var/db/suricata/iprep/');
+if (!defined('SURICATA_SID_MODS_PATH'))
+	define('SURICATA_SID_MODS_PATH', '/var/db/suricata/sidmods/');
+if (!defined('SURICATA_IPREP_PATH'))
+	define('SURICATA_IPREP_PATH', '/var/db/suricata/iprep/');
 
 /****************************************
  * End of PHP cachine workaround        *
@@ -77,7 +77,7 @@ if (!defined('IPREP_PATH'))
 $suricatadir = SURICATADIR;
 $suricatalogdir = SURICATALOGDIR;
 $flowbit_rules_file = FLOWBITS_FILENAME;
-$suricata_enforcing_rules_file = ENFORCING_RULES_FILENAME;
+$suricata_enforcing_rules_file = SURICATA_ENFORCING_RULES_FILENAME;
 $rcdir = RCFILEPREFIX;
 
 // Hard kill any running Suricata process that may have been started by any
@@ -109,8 +109,8 @@ conf_mount_rw();
 safe_mkdir(SURICATALOGDIR);
 
 // Create the IP Rep and SID Mods lists directory
-safe_mkdir(SID_MODS_PATH);
-safe_mkdir(IPREP_PATH);
+safe_mkdir(SURICATA_SID_MODS_PATH);
+safe_mkdir(SURICATA_IPREP_PATH);
 
 // remake saved settings if previously flagged
 if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
-- 
cgit v1.2.3


From 16e975b4421e04052b7f87d6d65690ca4c57119f Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Sat, 20 Sep 2014 18:03:43 -0400
Subject: Replace calls to @unlink with unlink_if_exists().

---
 config/suricata/suricata_post_install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 46204f91..5b6defeb 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -103,7 +103,7 @@ $g['suricata_postinstall'] = true;
 conf_mount_rw();
 
 // Remove any previously installed script since we rebuild it
-@unlink("{$rcdir}suricata.sh");
+unlink_if_exists("{$rcdir}suricata.sh");
 
 // Create the top-tier log directory
 safe_mkdir(SURICATALOGDIR);
-- 
cgit v1.2.3


From 3ae4e63128e24505f0af7475711d9054e3c19a00 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Sat, 4 Oct 2014 13:40:18 -0400
Subject: Bump Suricata binary to 2.0.4 and package GUI to v2.0.3

---
 config/suricata/suricata_post_install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 5b6defeb..972539ac 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -238,7 +238,7 @@ if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettin
 conf_mount_ro();
 
 // Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.2";
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.3";
 write_config("Suricata pkg: updated GUI package version number.");
 
 // Done with post-install, so clear flag
-- 
cgit v1.2.3


From d2a824eee9c499258fda4f9e21475fe31bdb53cf Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Fri, 10 Oct 2014 15:59:07 -0400
Subject: Remove unnecessary calls to write_config() to reduce auto-backups.

---
 config/suricata/suricata_post_install.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 972539ac..16fe4208 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -149,7 +149,6 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 				log_error(gettext("[Suricata] updated UUID for interface " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . " from {$old_uuid} to {$new_uuid}."));
 			}
 		}
-		write_config("Suricata pkg: updated interface UUIDs to eliminate duplicates.");
 		unset($uuids, $rulesets);
 	}
 	/****************************************************************/
@@ -221,11 +220,14 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 
 	// Only try to start Suricata if not in reboot
 	if (!$g['booting']) {
-		update_status(gettext("Starting Suricata using rebuilt configuration..."));
-		update_output_window(gettext("Please wait... while Suricata is started..."));
-		log_error(gettext("[Suricata] Starting Suricata using rebuilt configuration..."));
-		mwexec_bg("{$rcdir}suricata.sh start");
-		update_output_window(gettext("Suricata has been started using the rebuilt configuration..."));
+		if ($pkg_interface <> "console") {
+			update_status(gettext("Starting Suricata using rebuilt configuration..."));
+			update_output_window(gettext("Please wait while Suricata is started..."));
+			mwexec("{$rcdir}suricata.sh start");
+			update_output_window(gettext("Suricata has been started using the rebuilt configuration..."));
+		}
+		else
+			mwexec_bg("{$rcdir}suricata.sh start");
 	}
 }
 
@@ -239,7 +241,7 @@ conf_mount_ro();
 
 // Update Suricata package version in configuration
 $config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.3";
-write_config("Suricata pkg: updated GUI package version number.");
+write_config("Suricata pkg v2.0.3: post-install configuration saved.");
 
 // Done with post-install, so clear flag
 unset($g['suricata_postinstall']);
-- 
cgit v1.2.3


From f5738bea12732bdcb18645350ee7271dbcc4befa Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Mon, 13 Oct 2014 00:45:20 -0400
Subject: Remove unnecessary call to configure_cron() & tidy up post-install a
 bit.

---
 config/suricata/suricata_post_install.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 16fe4208..04c86eaf 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -166,6 +166,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 	include('/usr/local/pkg/suricata/suricata_check_for_rule_updates.php');
 	update_status(gettext("Generating suricata.yaml configuration file from saved settings..."));
 	$rebuild_rules = true;
+	conf_mount_rw();
 
 	// Create the suricata.yaml files for each enabled interface
 	$suriconf = $config['installedpackages']['suricata']['rule'];
@@ -173,6 +174,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 		$if_real = get_real_interface($suricatacfg['interface']);
 		$suricata_uuid = $suricatacfg['uuid'];
 		$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
+		update_output_window(gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($suricatacfg['interface']) . "..."));
 
 		// Pull in the PHP code that generates the suricata.yaml file
 		// variables that will be substituted further down below.
@@ -201,9 +203,6 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 	suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false);
 	suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false);
 
-	// Add the recurring jobs created above to crontab
-	configure_cron();
-
 	// Restore the Dashboard Widget if it was previously enabled and saved
 	if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget']) && !empty($config['widgets']['sequence'])) {
 		if (strpos($config['widgets']['sequence'], "suricata_alerts-container") === FALSE)
@@ -215,7 +214,8 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 	}
 
 	$rebuild_rules = false;
-	update_output_window(gettext("Finished rebuilding Suricata configuration files..."));
+	if ($pkg_interface <> "console")
+		update_output_window(gettext("Finished rebuilding Suricata configuration files..."));
 	log_error(gettext("[Suricata] Finished rebuilding installation from saved settings..."));
 
 	// Only try to start Suricata if not in reboot
-- 
cgit v1.2.3


From 8cecf2e8ccb439c416557ee7b12806f878863cd9 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 26 Nov 2014 10:42:57 -0500
Subject: Consolidate DEFINES into a single INC file for ease of future
 maintenance.

---
 config/suricata/suricata_post_install.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 04c86eaf..73ba7f50 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -48,18 +48,20 @@
 require_once("config.inc");
 require_once("functions.inc");
 require_once("/usr/local/pkg/suricata/suricata.inc");
+require("/usr/local/pkg/suricata/suricata_defs.inc");
 
 global $config, $g, $rebuild_rules, $pkg_interface, $suricata_gui_include;
 
 /****************************************
  * Define any new constants here that   *
  * may not be yet defined in the old    *
- * "suricata.inc" include file that     *
- * might be cached and used by the      *
- * package manager installation code.   *
+ * "suricata_defs.inc" include file     *
+ * that might be cached and used by     *
+ * the package manager installation     *
+ * code.                                *
  *                                      *
  * This is a hack to work around the    *
- * fact the old version of suricata.inc *
+ * fact the old version of the inc file *
  * is cached and used instead of the    *
  * updated version icluded with the     *
  * updated GUI package.                 *
@@ -68,9 +70,11 @@ if (!defined('SURICATA_SID_MODS_PATH'))
 	define('SURICATA_SID_MODS_PATH', '/var/db/suricata/sidmods/');
 if (!defined('SURICATA_IPREP_PATH'))
 	define('SURICATA_IPREP_PATH', '/var/db/suricata/iprep/');
+if (!defined('SURICATA_PBI_BASEDIR'))
+	define('SURICATA_PBI_BASEDIR', '/usr/pbi/suricata-' . php_uname("m"));
 
 /****************************************
- * End of PHP cachine workaround        *
+ * End of PHP caching workaround        *
  ****************************************/
 
 // Initialize some common values from defined constants
-- 
cgit v1.2.3


From 95b568faae3d838eeb29e8ea2a46e32e4c1afa0b Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 26 Nov 2014 15:39:07 -0500
Subject: Add GUI support for new GeoIP rule options.

---
 config/suricata/suricata_post_install.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 73ba7f50..3a82d567 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -66,10 +66,6 @@ global $config, $g, $rebuild_rules, $pkg_interface, $suricata_gui_include;
  * updated version icluded with the     *
  * updated GUI package.                 *
  ****************************************/
-if (!defined('SURICATA_SID_MODS_PATH'))
-	define('SURICATA_SID_MODS_PATH', '/var/db/suricata/sidmods/');
-if (!defined('SURICATA_IPREP_PATH'))
-	define('SURICATA_IPREP_PATH', '/var/db/suricata/iprep/');
 if (!defined('SURICATA_PBI_BASEDIR'))
 	define('SURICATA_PBI_BASEDIR', '/usr/pbi/suricata-' . php_uname("m"));
 
@@ -116,6 +112,13 @@ safe_mkdir(SURICATALOGDIR);
 safe_mkdir(SURICATA_SID_MODS_PATH);
 safe_mkdir(SURICATA_IPREP_PATH);
 
+// Download the latest GeoIP DB updates and create cron task if the feature is not disabled
+if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] != 'off') {
+	log_error(gettext("[Suricata] Installing free GeoIP country database files..."));
+	include("/usr/local/pkg/suricata/suricata_geoipupdate.php");
+	install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root");
+}
+
 // remake saved settings if previously flagged
 if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
 	log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
-- 
cgit v1.2.3


From 94aafa5bcef07d85b2fdc820457594ce047f425e Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Fri, 5 Dec 2014 00:03:31 -0500
Subject: Add support for IP REPUTATION to GUI code.

---
 config/suricata/suricata_post_install.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 3a82d567..f82ff42c 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -119,6 +119,13 @@ if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] !=
 	install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root");
 }
 
+// Download the latest ET IQRisk updates and create cron task if the feature is not disabled
+if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] != 'off') {
+	log_error(gettext("[Suricata] Installing Emerging Threats IQRisk IP List..."));
+	include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php");
+	install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root");
+}
+
 // remake saved settings if previously flagged
 if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
 	log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
@@ -247,8 +254,8 @@ if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettin
 conf_mount_ro();
 
 // Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.3";
-write_config("Suricata pkg v2.0.3: post-install configuration saved.");
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.1";
+write_config("Suricata pkg v2.1: post-install configuration saved.");
 
 // Done with post-install, so clear flag
 unset($g['suricata_postinstall']);
-- 
cgit v1.2.3


From bb4ed0301d5fa42e24fd83011b1d816242e8dea6 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Fri, 5 Dec 2014 09:40:02 -0500
Subject: Only grab ET IQRisk IP list if explicitly enabled.

---
 config/suricata/suricata_post_install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index f82ff42c..4ced40be 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -120,7 +120,7 @@ if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] !=
 }
 
 // Download the latest ET IQRisk updates and create cron task if the feature is not disabled
-if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] != 'off') {
+if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on') {
 	log_error(gettext("[Suricata] Installing Emerging Threats IQRisk IP List..."));
 	include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php");
 	install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root");
-- 
cgit v1.2.3