From 066ca0c244b349aff2dea6bf8d896bd6c83febbc Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 22 Jul 2015 21:32:13 -0400 Subject: Sync IPREP IP List files with CARP replication partners. --- config/suricata/suricata.inc | 32 ++++++++++++++++++++++++++++++ config/suricata/suricata_ip_reputation.php | 3 +++ 2 files changed, 35 insertions(+) (limited to 'config') diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index 1c21181b..35f4f808 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -3433,6 +3433,38 @@ function suricata_do_xmlrpc_sync($syncdownloadrules, $sync_to_ip, $port, $userna if (!empty($sid_files) && $error == "") log_error("[suricata] Suricata pkg XMLRPC CARP sync auto-SID conf files success with {$url}:{$port} (pfsense.exec_php)."); + /*************************************************/ + /* Send over any IPREP IP List files */ + /*************************************************/ + $iprep_files = glob(SURICATA_IPREP_PATH . '*'); + foreach ($iprep_files as $file) { + $content = base64_encode(file_get_contents($file)); + $payload = "@file_put_contents('{$file}', base64_decode('{$content}'));"; + + /* assemble xmlrpc payload */ + $method = 'pfsense.exec_php'; + $params = array( XML_RPC_encode($password), XML_RPC_encode($payload) ); + + log_error("[suricata] Suricata XMLRPC CARP sync sending IPREP files to {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + $error = ""; + if(!$resp) { + $error = "A communications error occurred while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file); + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting Suricata XMLRPC CARP sync with {$url}:{$port}. Failed to transfer file: " . basename($file) . " - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("sync_settings", $error, "Suricata Settings Sync", ""); + } + } + + if (!empty($iprep_files) && $error == "") + log_error("[suricata] Suricata pkg XMLRPC CARP sync IPREP files success with {$url}:{$port} (pfsense.exec_php)."); + /**************************************************/ /* Send over the portion of config.xml */ /* $xml will hold the section to sync. */ diff --git a/config/suricata/suricata_ip_reputation.php b/config/suricata/suricata_ip_reputation.php index d9d45a5f..953b167c 100644 --- a/config/suricata/suricata_ip_reputation.php +++ b/config/suricata/suricata_ip_reputation.php @@ -163,6 +163,9 @@ if ($_POST['save'] || $_POST['apply']) { // Soft-restart Suricata to live-load new variables suricata_reload_config($a_nat[$id]); + // Sync to configured CARP slaves if any are enabled + suricata_sync_on_changes(); + // We have saved changes and done a soft restart, so clear "dirty" flag clear_subsystem_dirty('suricata_iprep'); } -- cgit v1.2.3