From 94aafa5bcef07d85b2fdc820457594ce047f425e Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 5 Dec 2014 00:03:31 -0500 Subject: Add support for IP REPUTATION to GUI code. --- config/suricata/suricata.priv.inc | 4 + config/suricata/suricata.xml | 20 + config/suricata/suricata_alerts.php | 1 + config/suricata/suricata_app_parsers.php | 2 + config/suricata/suricata_barnyard.php | 2 + config/suricata/suricata_blocked.php | 1 + config/suricata/suricata_define_vars.php | 2 + config/suricata/suricata_defs.inc | 2 + config/suricata/suricata_download_updates.php | 1 + config/suricata/suricata_etiqrisk_update.php | 144 ++++++++ config/suricata/suricata_flow_stream.php | 2 + config/suricata/suricata_generate_yaml.php | 26 ++ config/suricata/suricata_global.php | 1 + config/suricata/suricata_interfaces.php | 1 + config/suricata/suricata_interfaces_edit.php | 7 + config/suricata/suricata_ip_list_mgmt.php | 387 +++++++++++++++++++ config/suricata/suricata_ip_reputation.php | 472 ++++++++++++++++++++++++ config/suricata/suricata_iprep_list_browser.php | 99 +++++ config/suricata/suricata_logs_browser.php | 1 + config/suricata/suricata_logs_mgmt.php | 1 + config/suricata/suricata_migrate_config.php | 28 ++ config/suricata/suricata_passlist.php | 1 + config/suricata/suricata_passlist_edit.php | 1 + config/suricata/suricata_post_install.php | 11 +- config/suricata/suricata_rules.php | 2 + config/suricata/suricata_rulesets.php | 2 + config/suricata/suricata_sid_mgmt.php | 1 + config/suricata/suricata_suppress.php | 1 + config/suricata/suricata_suppress_edit.php | 1 + config/suricata/suricata_sync.xml | 5 + config/suricata/suricata_uninstall.php | 1 + config/suricata/suricata_yaml_template.inc | 14 +- 32 files changed, 1233 insertions(+), 11 deletions(-) create mode 100644 config/suricata/suricata_etiqrisk_update.php create mode 100644 config/suricata/suricata_ip_list_mgmt.php create mode 100644 config/suricata/suricata_ip_reputation.php create mode 100644 config/suricata/suricata_iprep_list_browser.php (limited to 'config/suricata') diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc index d6edab9a..84ede368 100644 --- a/config/suricata/suricata.priv.inc +++ b/config/suricata/suricata.priv.inc @@ -36,12 +36,16 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules_flowb $priv_list['page-services-suricata']['match'][] = "suricata/suricata_rulesets.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_os_policy_engine.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_global.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_ip_list_mgmt.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_ip_reputation.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_iprep_list_browser.php*"; $priv_list['page-services-suricata']['match'][] = "pkg_edit.php?xml=suricata/suricata.xml*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_check_cron_misc.inc*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_yaml_template.inc*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata.inc*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_defs.inc*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_geoipupdate.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_etiqrisk_update.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_uninstall.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_generate_yaml.php*"; diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml index 03355b25..d2ede036 100644 --- a/config/suricata/suricata.xml +++ b/config/suricata/suricata.xml @@ -117,6 +117,11 @@ /usr/local/pkg/suricata/ 0755 + + https://packages.pfsense.org/packages/config/suricata/suricata_etiqrisk_update.php + /usr/local/pkg/suricata/ + 0755 + https://packages.pfsense.org/packages/config/suricata/suricata_download_updates.php /usr/local/www/suricata/ @@ -232,6 +237,21 @@ /usr/local/www/suricata/ 0755 + + https://packages.pfsense.org/packages/config/suricata/suricata_ip_list_mgmt.php + /usr/local/www/suricata/ + 0755 + + + https://packages.pfsense.org/packages/config/suricata/suricata_ip_reputation.php + /usr/local/www/suricata/ + 0755 + + + https://packages.pfsense.org/packages/config/suricata/suricata_iprep_list_browser.php + /usr/local/www/suricata/ + 0755 + /usr/local/www/widgets/javascript/ 0644 diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index 595d96a9..f151e173 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -455,6 +455,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index 51514ee5..cfa34a54 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -475,6 +475,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo ''; echo ''; @@ -487,6 +488,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), true, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php index 24aa1653..5c05fa4c 100644 --- a/config/suricata/suricata_barnyard.php +++ b/config/suricata/suricata_barnyard.php @@ -259,6 +259,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo ''; echo ''; @@ -271,6 +272,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_blocked.php b/config/suricata/suricata_blocked.php index a091835d..4f4bf095 100644 --- a/config/suricata/suricata_blocked.php +++ b/config/suricata/suricata_blocked.php @@ -193,6 +193,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php index 040244b0..b94292c3 100644 --- a/config/suricata/suricata_define_vars.php +++ b/config/suricata/suricata_define_vars.php @@ -187,6 +187,7 @@ if ($savemsg) $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo ''; echo ''; @@ -199,6 +200,7 @@ if ($savemsg) $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), true, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_defs.inc b/config/suricata/suricata_defs.inc index ab1b5a58..0a34b391 100644 --- a/config/suricata/suricata_defs.inc +++ b/config/suricata/suricata_defs.inc @@ -95,6 +95,8 @@ if (!defined("ET_DNLD_FILENAME")) define("ET_DNLD_FILENAME", "emerging.rules.tar.gz"); if (!defined("ETPRO_DNLD_FILENAME")) define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz"); +if (!defined("ET_IQRISK_DNLD_URL")) + define("ET_IQRISK_DNLD_URL", "https://rules.emergingthreatspro.com/_xxx_/reputation/"); if (!defined("GPLV2_DNLD_FILENAME")) define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz"); if (!defined("GPLV2_DNLD_URL")) diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php index 62898a2b..1abb32d6 100644 --- a/config/suricata/suricata_download_updates.php +++ b/config/suricata/suricata_download_updates.php @@ -192,6 +192,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_etiqrisk_update.php b/config/suricata/suricata_etiqrisk_update.php new file mode 100644 index 00000000..f4a84403 --- /dev/null +++ b/config/suricata/suricata_etiqrisk_update.php @@ -0,0 +1,144 @@ +. + * Copyright (C) 2003-2004 Manuel Kasper . + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("config.inc"); +require_once("functions.inc"); +require("/usr/local/pkg/suricata/suricata_defs.inc"); + +/************************************************************************* + * Hack for backwards compatibility with older 2.1.x pfSense versions * + * that did not contain the new "download_file()" utility function * + * present in 2.2 and higher. * + *************************************************************************/ +if(!function_exists("download_file")) { + function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0) { + global $config, $g; + + $fp = fopen($destination, "wb"); + + if (!$fp) + return false; + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $verify_ssl); + curl_setopt($ch, CURLOPT_FILE, $fp); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout); + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_HEADER, false); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + + if (!empty($config['system']['proxyurl'])) { + curl_setopt($ch, CURLOPT_PROXY, $config['system']['proxyurl']); + if (!empty($config['system']['proxyport'])) + curl_setopt($ch, CURLOPT_PROXYPORT, $config['system']['proxyport']); + if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) { + @curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_ANY | CURLAUTH_ANYSAFE); + curl_setopt($ch, CURLOPT_PROXYUSERPWD, "{$config['system']['proxyuser']}:{$config['system']['proxypass']}"); + } + } + + @curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + fclose($fp); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; + } +} + +/********************************************************************** + * Start of main code * + **********************************************************************/ +global $g, $config; +$iprep_path = SURICATA_IPREP_PATH; +$iqRisk_tmppath = "{$g['tmp_path']}/IQRisk/"; +$success = FALSE; + +// If auto-updates of GeoIP are disabled, then exit +if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == "off") + return(0); +else + log_error(gettext("[Suricata] Updating the Emerging Threats IQRisk IP List...")); + +// Construct the download URL using the saved ET IQRisk Subscriber Code +if (!empty($config['installedpackages']['suricata']['config'][0]['iqrisk_code'])) { + $et_iqrisk_url = str_replace("_xxx_", $config['installedpackages']['suricata']['config'][0]['iqrisk_code'], ET_IQRISK_DNLD_URL); +} +else { + log_error(gettext("[Suricata] No IQRisk subscriber code found! Aborting scheduled update of Emerging Threats IQRisk IP List.")); + return(0); +} + +// Download the IP List files to a temporary location +safe_mkdir("$iqRisk_tmppath"); +if (download_file("{$et_iqrisk_url}categories.txt", "{$iqRisk_tmppath}categories.txt") != true) + log_error(gettext("[Suricata] An error occurred downloading the 'categories.txt' file for IQRisk.")); +if (download_file("{$et_iqrisk_url}iprepdata.txt.gz", "{$iqRisk_tmppath}iprepdata.txt.gz") != true) + log_error(gettext("[Suricata] An error occurred downloading the 'iprepdata.txt.gz' file for IQRisk.")); + +// If the files downloaded successfully, unpack them and store +// the list files in the SURICATA_IPREP_PATH directory. +if (file_exists("{$iqRisk_tmppath}categories.txt")) { + @rename("{$iqRisk_tmppath}categories.txt", "{$iprep_path}categories.txt"); + $success = TRUE; +} +if (file_exists("{$iqRisk_tmppath}iprepdata.txt.gz")) { + mwexec("/usr/bin/gunzip -f {$iqRisk_tmppath}iprepdata.txt.gz"); + @rename("{$iqRisk_tmppath}iprepdata.txt", "{$iprep_path}iprepdata.txt"); + $success = TRUE; +} + +// Cleanup the tmp directory path +rmdir_recursive("$iqRisk_tmppath"); + +log_error(gettext("[Suricata] Emerging Threats IQRisk IP List update finished.")); + +// If successful, signal any running Suricata process to live reload the rules and IP lists +if ($success == TRUE && is_process_running("suricata")) { + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + if ($value['enable_iprep'] == "on") { + suricata_reload_config($value); + sleep(2); + } + } +} + +?> diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index 53c4e010..9467ea7c 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -467,6 +467,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo ''; echo ''; @@ -479,6 +480,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php index 704caa76..1ace4044 100644 --- a/config/suricata/suricata_generate_yaml.php +++ b/config/suricata/suricata_generate_yaml.php @@ -702,6 +702,32 @@ else /* Configure the IP REP section */ $iprep_path = rtrim(SURICATA_IPREP_PATH, '/'); +$iprep_config = "# IP Reputation\n"; +if ($suricatacfg['enable_iprep'] == "on") { + $iprep_config .= "default-reputation-path: {$iprep_path}\n"; + $iprep_config .= "reputation-categories-file: {$iprep_path}/{$suricatacfg['iprep_catlist']}\n"; + $iprep_config .= "reputation-files:"; + + if (!is_array($suricatacfg['iplist_files']['item'])) + $suricatacfg['iplist_files']['item'] = array(); + + foreach ($suricatacfg['iplist_files']['item'] as $f) + $iprep_config .= "\n - $f"; +} + +/* Configure Host Table settings */ +if (!empty($suricatacfg['host_memcap'])) + $host_memcap = $suricatacfg['host_memcap']; +else + $host_memcap = "16777216"; +if (!empty($suricatacfg['host_hash_size'])) + $host_hash_size = $suricatacfg['host_hash_size']; +else + $host_hash_size = "4096"; +if (!empty($suricatacfg['host_prealloc'])) + $host_prealloc = $suricatacfg['host_prealloc']; +else + $host_prealloc = "1000"; // Create the rules files and save in the interface directory suricata_prepare_rule_files($suricatacfg, $suricatacfgdir); diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php index b462a7c8..eb657465 100644 --- a/config/suricata/suricata_global.php +++ b/config/suricata/suricata_global.php @@ -216,6 +216,7 @@ if ($input_errors) $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php index 3c2e1d6a..e996a24f 100644 --- a/config/suricata/suricata_interfaces.php +++ b/config/suricata/suricata_interfaces.php @@ -182,6 +182,7 @@ include_once("head.inc"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index d523a8b5..13526031 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -394,6 +394,11 @@ if ($_POST["save"] && !$input_errors) { $natent['smb_parser'] = "yes"; $natent['msn_parser'] = "detection-only"; + $natent['enable_iprep'] = "off"; + $natent['host_memcap'] = "16777216"; + $natent['host_hash_size'] = "4096"; + $natent['host_prealloc'] = "1000"; + $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd" ); if (!is_array($natent['host_os_policy']['item'])) $natent['host_os_policy']['item'] = array(); @@ -477,6 +482,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo ''; echo ''; @@ -489,6 +495,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_ip_list_mgmt.php b/config/suricata/suricata_ip_list_mgmt.php new file mode 100644 index 00000000..b63d3e77 --- /dev/null +++ b/config/suricata/suricata_ip_list_mgmt.php @@ -0,0 +1,387 @@ +. + * Copyright (C) 2003-2004 Manuel Kasper . + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $config; + +if (!is_array($config['installedpackages']['suricata']['rule'])) + $config['installedpackages']['suricata']['rule'] = array(); + +// Hard-code the path where IP Lists are stored +// and disregard any user-supplied path element. +$iprep_path = SURICATA_IPREP_PATH; + +// Set default to not show IP List editor controls +$iplist_edit_style = "display: none;"; + +function suricata_is_iplist_active($iplist) { + + /*************************************************** + * This function checks all configured Suricata * + * interfaces to see if the passed IP List is used * + * as a whitelist or blacklist by an interface. * + * * + * Returns: TRUE if IP List is in use * + * FALSE if IP List is not in use * + ***************************************************/ + + global $g, $config; + + if (!is_array($config['installedpackages']['suricata']['rule'])) + return FALSE; + + foreach ($config['installedpackages']['suricata']['rule'] as $rule) { + if (is_array($rule['iplist_files']['item'])) { + foreach ($rule['iplist_files']['item'] as $file) { + if ($file == $iplist) + return TRUE; + } + } + } + return FALSE; +} + +// If doing a postback, used typed values, else load from stored config +if (!empty($_POST)) { + $pconfig = $_POST; +} +else { + $pconfig['et_iqrisk_enable'] = $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable']; + $pconfig['iqrisk_code'] = $config['installedpackages']['suricata']['config'][0]['iqrisk_code']; +} + +// Validate IQRisk settings if enabled and saving them +if ($_POST['save']) { + if ($pconfig['et_iqrisk_enable'] == 'on' && empty($pconfig['iqrisk_code'])) + $input_errors[] = gettext("You must provide a valid IQRisk subscription code when IQRisk downloads are enabled!"); + + if (!$input_errors) { + $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = $_POST['et_iqrisk_enable'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['iqrisk_code'] = $_POST['iqrisk_code']; + write_config("Suricata pkg: modified IP Lists settings."); + + /* Toggle cron task for ET IQRisk updates if setting was changed */ + if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) { + include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php"); + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root"); + } + elseif ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) + install_cron_job("/usr/local/pkg/suricata/suricata_etiqrisk_update.php", FALSE); + } +} + +if (isset($_POST['upload'])) { + if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) { + $tmp_name = $_FILES["iprep_fileup"]["tmp_name"]; + $name = $_FILES["iprep_fileup"]["name"]; + move_uploaded_file($tmp_name, "{$iprep_path}{$name}"); + } + else + $input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}"); +} + +if (isset($_POST['iplist_delete']) && isset($_POST['iplist_fname'])) { + if (!suricata_is_iplist_active($_POST['iplist_fname'])) + unlink_if_exists("{$iprep_path}{$_POST['iplist_fname']}"); + else + $input_errors[] = gettext("This IP List is currently assigned to an interface and cannot be deleted until it is removed from the configured interface."); +} + +if (isset($_POST['iplist_edit']) && isset($_POST['iplist_fname'])) { + $file = $iprep_path . basename($_POST['iplist_fname']); + $data = file_get_contents($file); + if ($data !== FALSE) { + $iplist_data = htmlspecialchars($data); + $iplist_edit_style = "display: table-row-group;"; + $iplist_name = basename($_POST['iplist_fname']); + unset($data); + } + else { + $input_errors[] = gettext("An error occurred reading the file."); + } +} + +if (isset($_POST['iplist_edit_save']) && isset($_POST['iplist_data'])) { + if (strlen(basename($_POST['iplist_name'])) > 0) { + $file = $iprep_path . basename($_POST['iplist_name']); + $data = str_replace("\r\n", "\n", $_POST['iplist_data']); + file_put_contents($file, $data); + unset($data); + } + else { + $input_errors[] = gettext("You must provide a valid filename for the IP List."); + $iplist_edit_style = "display: table-row-group;"; + } +} + +// Get all files in the IP Lists sub-directory as an array +// Leave this as the last thing before spewing the page HTML +// so we can pick up any changes made to files in code above. +$ipfiles = return_dir_as_array($iprep_path); + +$pgtitle = gettext("Suricata: IP Reputation Lists"); +include_once("head.inc"); + +?> + + + + + +
+ + + + + + + + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ onclick="IQRisk_enablechange();"/> + +
+ + + + + + + + + + + + + +
" . gettext("http://emergingthreats.net/products/iqrisk-rep-list/") . "" . + gettext(" for more information or to purchase a subscription.");?>


+
+
"/>
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+ ');" + src="../themes//images/icons/icon_x.gif" width="17" + height="17" border="0" title=""/>
 
+   " title="" /> +   " onClick="document.getElementById('iplist_editor').style.display='none';" + title="" />
 
+

+
" . + gettext("https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationFormat") . "" . + gettext(" for IP Reputation file formats."); ?>



+    +  
+    +  
+    +  
+    +  
+
+
+
+
+ + + + + diff --git a/config/suricata/suricata_ip_reputation.php b/config/suricata/suricata_ip_reputation.php new file mode 100644 index 00000000..d1e67dad --- /dev/null +++ b/config/suricata/suricata_ip_reputation.php @@ -0,0 +1,472 @@ + + + + + +
+ + + + + +

+" . gettext("You must apply the change in order for it to take effect."));?> + + + + + '; + echo ' + + + + +
+
'; + $tab_array = array(); + $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); + $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), true, "/suricata/suricata_ip_reputation.php?id={$id}"); + display_top_tabs($tab_array, true); + ?> +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ /> + " . gettext("Not Checked.") . ""; ?> +
  + " . + gettext("16777216") . "" . gettext(" (16 MB). Min value is 1048576 (1 MB)."); ?>

  + " . + gettext("4096") . "" . gettext(". Min value is 1024."); ?>

  + " . + gettext("1000") . "" . gettext(". Min value is 10."); ?>

  + " /> +    +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + + + + + + + + + + + + + + + + $f): + $class = "listr"; + if (!file_exists("{$iprep_path}{$f}")) { + $filedate = gettext("Unknown -- file missing"); + $class .= " red"; + } + else + $filedate = date('M-d Y g:i a', filemtime("{$iprep_path}{$f}")); + ?> + + + + + + + + + + +
+
+
+
+
+ + + +

+ + + diff --git a/config/suricata/suricata_iprep_list_browser.php b/config/suricata/suricata_iprep_list_browser.php new file mode 100644 index 00000000..9dd65311 --- /dev/null +++ b/config/suricata/suricata_iprep_list_browser.php @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + +
+ Home + + Close +
+
+ +
+ +   +
+ 		+ +
+ diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php index d4475625..320ba23f 100644 --- a/config/suricata/suricata_logs_browser.php +++ b/config/suricata/suricata_logs_browser.php @@ -151,6 +151,7 @@ if ($input_errors) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php index f929675d..aa353d6f 100644 --- a/config/suricata/suricata_logs_mgmt.php +++ b/config/suricata/suricata_logs_mgmt.php @@ -278,6 +278,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php index a53b5ba4..75e13315 100644 --- a/config/suricata/suricata_migrate_config.php +++ b/config/suricata/suricata_migrate_config.php @@ -86,6 +86,14 @@ if (empty($config['installedpackages']['suricata']['config'][0]['autogeoipupdate $updated_cfg = true; } +/**********************************************************/ +/* Create new ET IQRisk IP Reputation setting if not set */ +/**********************************************************/ +if (empty($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'])) { + $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = "off"; + $updated_cfg = true; +} + // Now process the interface-specific settings foreach ($rule as &$r) { @@ -344,6 +352,26 @@ foreach ($rule as &$r) { $updated_cfg = true; } + /**********************************************************/ + /* Create interface IP Reputation settings if not set */ + /**********************************************************/ + if (empty($pconfig['enable_iprep'])) { + $pconfig['enable_iprep'] = "off"; + $updated_cfg = true; + } + if (empty($pconfig['host_memcap'])) { + $pconfig['host_memcap'] = "16777216"; + $updated_cfg = true; + } + if (empty($pconfig['host_hash_size'])) { + $pconfig['host_hash_size'] = "4096"; + $updated_cfg = true; + } + if (empty($pconfig['host_prealloc'])) { + $pconfig['host_prealloc'] = "1000"; + $updated_cfg = true; + } + // Save the new configuration data into the $config array pointer $r = $pconfig; } diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php index cdfd98e8..af1c4ff5 100644 --- a/config/suricata/suricata_passlist.php +++ b/config/suricata/suricata_passlist.php @@ -132,6 +132,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php index b27f69ad..5bfeb8b9 100644 --- a/config/suricata/suricata_passlist_edit.php +++ b/config/suricata/suricata_passlist_edit.php @@ -226,6 +226,7 @@ if ($savemsg) $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 3a82d567..f82ff42c 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -119,6 +119,13 @@ if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] != install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root"); } +// Download the latest ET IQRisk updates and create cron task if the feature is not disabled +if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] != 'off') { + log_error(gettext("[Suricata] Installing Emerging Threats IQRisk IP List...")); + include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php"); + install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root"); +} + // remake saved settings if previously flagged if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings...")); @@ -247,8 +254,8 @@ if (empty($config['installedpackages']['suricata']['config'][0]['forcekeepsettin conf_mount_ro(); // Update Suricata package version in configuration -$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.0.3"; -write_config("Suricata pkg v2.0.3: post-install configuration saved."); +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "2.1"; +write_config("Suricata pkg v2.1: post-install configuration saved."); // Done with post-install, so clear flag unset($g['suricata_postinstall']); diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index 539a1daf..480bf3dc 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -473,6 +473,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo ''; echo ''; @@ -485,6 +486,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php index c4e5cbf4..7f591b6c 100644 --- a/config/suricata/suricata_rulesets.php +++ b/config/suricata/suricata_rulesets.php @@ -290,6 +290,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); echo ''; echo ''; @@ -302,6 +303,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); + $tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/suricata/suricata_ip_reputation.php?id={$id}"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_sid_mgmt.php b/config/suricata/suricata_sid_mgmt.php index 2ad2fa5a..eed75f96 100644 --- a/config/suricata/suricata_sid_mgmt.php +++ b/config/suricata/suricata_sid_mgmt.php @@ -290,6 +290,7 @@ if ($savemsg) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), true, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php index b3ef6fd4..8fcb3dd5 100644 --- a/config/suricata/suricata_suppress.php +++ b/config/suricata/suricata_suppress.php @@ -146,6 +146,7 @@ if ($input_errors) { $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php index 24572789..8814d3db 100644 --- a/config/suricata/suricata_suppress_edit.php +++ b/config/suricata/suricata_suppress_edit.php @@ -168,6 +168,7 @@ if ($savemsg) $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); $tab_array[] = array(gettext("SID Mgmt"), false, "/suricata/suricata_sid_mgmt.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=suricata/suricata_sync.xml"); + $tab_array[] = array(gettext("IP Lists"), false, "/suricata/suricata_ip_list_mgmt.php"); display_top_tabs($tab_array, true); ?> diff --git a/config/suricata/suricata_sync.xml b/config/suricata/suricata_sync.xml index a85a3d63..28083d8d 100644 --- a/config/suricata/suricata_sync.xml +++ b/config/suricata/suricata_sync.xml @@ -110,6 +110,11 @@ POSSIBILITY OF SUCH DAMAGE. + + IP Lists + /suricata/suricata_ip_list_mgmt.php + + diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php index b8928d17..c8048a1c 100644 --- a/config/suricata/suricata_uninstall.php +++ b/config/suricata/suricata_uninstall.php @@ -78,6 +78,7 @@ install_cron_job("suricata_check_for_rule_updates.php", false); install_cron_job("suricata_check_cron_misc.inc", false); install_cron_job("{$suri_pf_table}" , false); install_cron_job("suricata_geoipupdate.php" , false); +install_cron_job("suricata_etiqrisk_update.php", false); /* See if we are to keep Suricata log files on uninstall */ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc index 82c449d3..a8b06ebe 100644 --- a/config/suricata/suricata_yaml_template.inc +++ b/config/suricata/suricata_yaml_template.inc @@ -225,9 +225,9 @@ reassembly: # Host table is used by tagging and per host thresholding subsystems. host: - hash-size: 4096 - prealloc: 1000 - memcap: 16777216 + hash-size: {$host_hash_size} + prealloc: {$host_prealloc} + memcap: {$host_memcap} # Host specific policies for defragmentation and TCP stream reassembly. host-os-policy: @@ -286,18 +286,14 @@ vars: port-groups: {$port_vars} -# Set the order of alerts bassed on actions +# Set the order of alerts based on actions action-order: - pass - drop - reject - alert -# IP Reputation -#reputation-categories-file: {$iprep_path}/categories.txt -#default-reputation-path: {$iprep_path} -#reputation-files: -# - reputation.list +{$iprep_config} # Limit for the maximum number of asn1 frames to decode (default 256) asn1-max-frames: {$asn1_max_frames} -- cgit v1.2.3