From 6c0d365bdb5f4e4fdc2bf57561178573be5a36cc Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Tue, 26 Aug 2014 21:39:21 -0400
Subject: Upgrade Suricata to 2.0.3 and GUI package to v2.0

---
 config/suricata/suricata_post_install.php | 99 ++++++++++++++++++++++---------
 1 file changed, 72 insertions(+), 27 deletions(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index eb193d58..955751ad 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -51,7 +51,33 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
 
 global $config, $g, $rebuild_rules, $pkg_interface, $suricata_gui_include;
 
+/****************************************
+ * Define any new constants here that   *
+ * may not be yet defined in the old    *
+ * "suricata.inc" include file that     *
+ * might be cached and used by the      *
+ * package manager installation code.   *
+ *                                      *
+ * This is a hack to work around the    *
+ * fact the old version of suricata.inc *
+ * is cached and used instead of the    *
+ * updated version icluded with the     *
+ * updated GUI package.                 *
+ ****************************************/
+if (!defined('SID_MODS_PATH'))
+	define('SID_MODS_PATH', '/var/db/suricata/sidmods/');
+if (!defined('IPREP_PATH'))
+	define('IPREP_PATH', '/var/db/suricata/iprep/');
+
+/****************************************
+ * End of PHP cachine workaround        *
+ ****************************************/
+
+// Initialize some common values from defined constants
 $suricatadir = SURICATADIR;
+$suricatalogdir = SURICATALOGDIR;
+$flowbit_rules_file = FLOWBITS_FILENAME;
+$suricata_enforcing_rules_file = ENFORCING_RULES_FILENAME;
 $rcdir = RCFILEPREFIX;
 
 // Hard kill any running Suricata process that may have been started by any
@@ -73,47 +99,59 @@ if(is_process_running("barnyard")) {
 // Set flag for post-install in progress
 $g['suricata_postinstall'] = true;
 
+// Mount file system read/write so we can modify some files
+conf_mount_rw();
+
 // Remove any previously installed script since we rebuild it
-@unlink("{$rcdir}/suricata.sh");
+@unlink("{$rcdir}suricata.sh");
 
 // Create the top-tier log directory
 safe_mkdir(SURICATALOGDIR);
 
+// Create the IP Rep and SID Mods lists directory
+safe_mkdir(SID_MODS_PATH);
+safe_mkdir(IPREP_PATH);
+
 // remake saved settings
 if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
 	log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
 	update_status(gettext("Saved settings detected..."));
+	/* Do one-time settings migration for new version configuration */
+	update_output_window(gettext("Please wait... migrating settings to new configuration..."));
+	include('/usr/local/pkg/suricata/suricata_migrate_config.php');
 	update_output_window(gettext("Please wait... rebuilding installation with saved settings..."));
 	log_error(gettext("[Suricata] Downloading and updating configured rule types..."));
 	update_output_window(gettext("Please wait... downloading and updating configured rule types..."));
 	if ($pkg_interface <> "console")
 		$suricata_gui_include = true;
-	include('/usr/local/www/suricata/suricata_check_for_rule_updates.php');
+	include('/usr/local/pkg/suricata/suricata_check_for_rule_updates.php');
 	update_status(gettext("Generating suricata.yaml configuration file from saved settings..."));
 	$rebuild_rules = true;
 
 	// Create the suricata.yaml files for each enabled interface
 	$suriconf = $config['installedpackages']['suricata']['rule'];
-	foreach ($suriconf as $value) {
-		$if_real = get_real_interface($value['interface']);
-
-		// ## BETA pkg bug fix-up -- be sure default rules enabled ##
-		$rules = explode("||", $value['rulesets']);
-		foreach (array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules", "tls-events.rules" ) as $r){
-			if (!in_array($r, $rules))
-				$rules[] = $r;
-		}
-		natcasesort($rules);
-		$value['rulesets'] = implode("||", $rules);
-		write_config();
-		// ## end of BETA pkg bug fix-up ##
-
-		// create a suricata.yaml file for interface
-		suricata_generate_yaml($value);
+	foreach ($suriconf as $suricatacfg) {
+		$if_real = get_real_interface($suricatacfg['interface']);
+		$suricata_uuid = $suricatacfg['uuid'];
+		$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
+
+		// Pull in the PHP code that generates the suricata.yaml file
+		// variables that will be substitued further down below.
+		include("/usr/local/pkg/suricata/suricata_generate_yaml.php");
+
+		// Pull in the boilerplate template for the suricata.yaml
+		// configuration file.  The contents of the template along
+		// with substituted variables are stored in $suricata_conf_text
+		// (which is defined in the included file).
+		include("/usr/local/pkg/suricata/suricata_yaml_template.inc");
+
+		// Now write out the conf file using $suricata_conf_text contents
+		@file_put_contents("{$suricatacfgdir}/suricata.yaml", $suricata_conf_text); 
+		unset($suricata_conf_text);
 
 		// create barnyard2.conf file for interface
-		if ($value['barnyard_enable'] == 'on')
-			suricata_generate_barnyard2_conf($value, $if_real);
+		if ($suricatacfg['barnyard_enable'] == 'on')
+			suricata_generate_barnyard2_conf($suricatacfg, $if_real);
 	}
 
 	// create Suricata bootup file suricata.sh
@@ -128,10 +166,14 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 	configure_cron();
 
 	// Restore the Dashboard Widget if it was previously enabled and saved
-	if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget']) && !empty($config['widgets']['sequence']))
-		$config['widgets']['sequence'] .= "," . $config['installedpackages']['suricata']['config'][0]['dashboard_widget'];
-	if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']) && !empty($config['widgets']))
-		$config['widgets']['widget_suricata_display_lines'] = $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows'];
+	if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget']) && !empty($config['widgets']['sequence'])) {
+		if (strpos($config['widgets']['sequence'], "suricata_alerts-container") === FALSE)
+			$config['widgets']['sequence'] .= "," . $config['installedpackages']['suricata']['config'][0]['dashboard_widget'];
+	}
+	if (!empty($config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows']) && !empty($config['widgets'])) {
+		if (empty($config['widgets']['widget_suricata_display_lines']))
+			$config['widgets']['widget_suricata_display_lines'] = $config['installedpackages']['suricata']['config'][0]['dashboard_widget_rows'];
+	}
 
 	$rebuild_rules = false;
 	update_output_window(gettext("Finished rebuilding Suricata configuration files..."));
@@ -142,14 +184,17 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 		update_status(gettext("Starting Suricata using rebuilt configuration..."));
 		update_output_window(gettext("Please wait... while Suricata is started..."));
 		log_error(gettext("[Suricata] Starting Suricata using rebuilt configuration..."));
-		start_service("suricata");
+		mwexec_bg("{$rcdir}suricata.sh start");
 		update_output_window(gettext("Suricata has been started using the rebuilt configuration..."));
 	}
 }
 
+// Finished with file system mods, so remount it read-only
+conf_mount_ro();
+
 // Update Suricata package version in configuration
-$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.2";
-write_config();
+$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0";
+write_config("Suricata pkg: updated GUI package version number.");
 
 // Done with post-install, so clear flag
 unset($g['suricata_postinstall']);
-- 
cgit v1.2.3


From 56f7c116d00eea10ef796ac41c477330a4d1daac Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Mon, 1 Sep 2014 16:27:09 -0400
Subject: Include new 'dns-events.rules' file for Suricata 2.0.3

---
 config/suricata/suricata_post_install.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 955751ad..47dd3ad7 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -112,6 +112,11 @@ safe_mkdir(SURICATALOGDIR);
 safe_mkdir(SID_MODS_PATH);
 safe_mkdir(IPREP_PATH);
 
+// Copy the new dns-events.rules file to the
+// Suricata directory if not already present.
+if (!file_exists(SURICATADIR . "rules/dns-events.rules"))
+	@copy("/usr/local/pkg/suricata/dns-events.rules", SURICATADIR . "rules/dns-events.rules");
+
 // remake saved settings
 if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
 	log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
-- 
cgit v1.2.3


From 12960cc35261a40916f02e2f5883d5fbfa2e9b0f Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Thu, 4 Sep 2014 16:39:48 -0400
Subject: Fix spelling error typo in a comment line.

---
 config/suricata/suricata_post_install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 47dd3ad7..3c362055 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -141,7 +141,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 		$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
 
 		// Pull in the PHP code that generates the suricata.yaml file
-		// variables that will be substitued further down below.
+		// variables that will be substituted further down below.
 		include("/usr/local/pkg/suricata/suricata_generate_yaml.php");
 
 		// Pull in the boilerplate template for the suricata.yaml
-- 
cgit v1.2.3


From 9d85e3d4ced9edbb9233a7df8e28b14ef0b00eae Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Thu, 4 Sep 2014 17:50:05 -0400
Subject: Default "forcekeepsettings" to 'on' for new installs (Issue #3838)

---
 config/suricata/suricata_post_install.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 3c362055..4ee50946 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -117,7 +117,7 @@ safe_mkdir(IPREP_PATH);
 if (!file_exists(SURICATADIR . "rules/dns-events.rules"))
 	@copy("/usr/local/pkg/suricata/dns-events.rules", SURICATADIR . "rules/dns-events.rules");
 
-// remake saved settings
+// remake saved settings if previously flagged
 if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
 	log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
 	update_status(gettext("Saved settings detected..."));
@@ -194,6 +194,11 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] =
 	}
 }
 
+// If this is first install and "forcekeepsettings" is empty,
+// then default it to 'on'.
+if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettings']))
+	$config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = 'on';
+
 // Finished with file system mods, so remount it read-only
 conf_mount_ro();
 
-- 
cgit v1.2.3


From ad7e3dca2b915b9f27ba01bade962305a0dd34bb Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Fri, 5 Sep 2014 18:05:00 -0400
Subject: Some changes no longer needed since dns-events.rules file is now in
 PBI.

---
 config/suricata/suricata_post_install.php | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'config/suricata/suricata_post_install.php')

diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php
index 4ee50946..7c8d03a5 100644
--- a/config/suricata/suricata_post_install.php
+++ b/config/suricata/suricata_post_install.php
@@ -112,11 +112,6 @@ safe_mkdir(SURICATALOGDIR);
 safe_mkdir(SID_MODS_PATH);
 safe_mkdir(IPREP_PATH);
 
-// Copy the new dns-events.rules file to the
-// Suricata directory if not already present.
-if (!file_exists(SURICATADIR . "rules/dns-events.rules"))
-	@copy("/usr/local/pkg/suricata/dns-events.rules", SURICATADIR . "rules/dns-events.rules");
-
 // remake saved settings if previously flagged
 if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
 	log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
-- 
cgit v1.2.3