From 1d9c1cc8e530352168b97fd8b9c552c2588b67f4 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Sun, 7 Sep 2014 17:57:15 -0400
Subject: Sync some changes to CARP slaves when enabled.

---
 config/suricata/suricata_alerts.php      | 6 ++++++
 config/suricata/suricata_app_parsers.php | 3 +++
 config/suricata/suricata_define_vars.php | 3 +++
 config/suricata/suricata_flow_stream.php | 3 +++
 config/suricata/suricata_rules.php       | 9 +++++++++
 config/suricata/suricata_rulesets.php    | 3 +++
 config/suricata/suricata_sid_mgmt.php    | 3 +++
 7 files changed, 30 insertions(+)

(limited to 'config/suricata')

diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index eab2a1d5..57ccbe27 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -294,6 +294,9 @@ if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsu
 	if (suricata_add_supplist_entry($suppress)) {
 		suricata_reload_config($a_instance[$instanceid]);
 		$savemsg = $success;
+
+		// Sync to configured CARP slaves if any are enabled
+		suricata_sync_on_changes();
 		sleep(2);
 	}
 	else
@@ -354,6 +357,9 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen
 
 	/* Signal Suricata to live-load the new rules */
 	suricata_reload_config($a_instance[$instanceid]);
+
+	// Sync to configured CARP slaves if any are enabled
+	suricata_sync_on_changes();
 	sleep(2);
 
 	$savemsg = gettext("The state for rule {$gid}:{$sid} has been modified.  Suricata is 'live-reloading' the new rules list.  Please wait at least 15 secs for the process to complete before toggling additional rules.");
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 16927092..51514ee5 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -420,6 +420,9 @@ elseif ($_POST['save'] || $_POST['apply']) {
 			conf_mount_rw();
 			suricata_generate_yaml($natent);
 			conf_mount_ro();
+
+			// Sync to configured CARP slaves if any are enabled
+			suricata_sync_on_changes();
 		}
 
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php
index 3fe5de0d..040244b0 100644
--- a/config/suricata/suricata_define_vars.php
+++ b/config/suricata/suricata_define_vars.php
@@ -135,6 +135,9 @@ if ($_POST) {
 		/* Soft-restart Suricaa to live-load new variables. */
 		suricata_reload_config($a_nat[$id]);
 
+		/* Sync to configured CARP slaves if any are enabled */
+		suricata_sync_on_changes();
+
 		/* after click go to this page */
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
 		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index fa9edc16..53c4e010 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -319,6 +319,9 @@ elseif ($_POST['save'] || $_POST['apply']) {
 			conf_mount_rw();
 			suricata_generate_yaml($natent);
 			conf_mount_ro();
+
+			// Sync to configured CARP slaves if any are enabled
+			suricata_sync_on_changes();
 		}
 
 		header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php
index aa420371..a787261d 100644
--- a/config/suricata/suricata_rules.php
+++ b/config/suricata/suricata_rules.php
@@ -375,6 +375,9 @@ elseif ($_POST['clear']) {
 	conf_mount_ro();
 	$rebuild_rules = false;
 	$pconfig['customrules'] = '';
+
+	// Sync to configured CARP slaves if any are enabled
+	suricata_sync_on_changes();
 }
 elseif ($_POST['cancel']) {
 	$pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
@@ -395,6 +398,9 @@ elseif ($_POST['save']) {
 	/* Signal Suricata to "live reload" the rules */
 	suricata_reload_config($a_rule[$id]);
 	clear_subsystem_dirty('suricata_rules');
+
+	// Sync to configured CARP slaves if any are enabled
+	suricata_sync_on_changes();
 }
 elseif ($_POST['apply']) {
 
@@ -416,6 +422,9 @@ elseif ($_POST['apply']) {
 
 	// We have saved changes and done a soft restart, so clear "dirty" flag
 	clear_subsystem_dirty('suricata_rules');
+
+	// Sync to configured CARP slaves if any are enabled
+	suricata_sync_on_changes();
 }
 
 include_once("head.inc");
diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php
index ce32af20..7ea672b1 100644
--- a/config/suricata/suricata_rulesets.php
+++ b/config/suricata/suricata_rulesets.php
@@ -165,6 +165,9 @@ if ($_POST["save"]) {
 	$enabled_rulesets_array = explode("||", $enabled_items);
 	if (suricata_is_running($suricata_uuid, $if_real))
 		$savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface.");
+
+	// Sync to configured CARP slaves if any are enabled
+	suricata_sync_on_changes();
 }
 elseif ($_POST['unselectall']) {
 	// Remove all but the default events and files rules
diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php
index c69a9fcd..2224e81a 100644
--- a/config/suricata/suricata_sid_mgmt.php
+++ b/config/suricata/suricata_sid_mgmt.php
@@ -188,6 +188,9 @@ if (isset($_POST['save_auto_sid_conf'])) {
 			$intf_msg .= convert_friendly_interface_to_friendly_descr($a_nat[$k]['interface']) . ", ";
 		}
 		$savemsg = gettext("Changes were applied to these interfaces: " . trim($intf_msg, ' ,') . " and Suricata signaled to live-load the new rules.");
+
+		// Sync to configured CARP slaves if any are enabled
+		suricata_sync_on_changes();
 	}
 }
 
-- 
cgit v1.2.3