From c1717f2d9752d19c54e86e1bcb6cb81f5b253710 Mon Sep 17 00:00:00 2001
From: bmeeks8
Date: Mon, 24 Feb 2014 00:45:10 -0500
Subject: Bug fixes and replace $_GET with $_POST where possible.
---
config/suricata/suricata_alerts.php | 12 +-
config/suricata/suricata_app_parsers.php | 145 +++++++++-----
config/suricata/suricata_download_updates.php | 18 +-
config/suricata/suricata_flow_stream.php | 144 +++++++++-----
config/suricata/suricata_global.php | 12 +-
config/suricata/suricata_import_aliases.php | 191 ++++--------------
config/suricata/suricata_interfaces_edit.php | 43 ++--
config/suricata/suricata_libhtp_policy_engine.php | 12 +-
config/suricata/suricata_os_policy_engine.php | 12 +-
config/suricata/suricata_rules.php | 228 +++++++++-------------
config/suricata/suricata_rulesets.php | 60 ++----
11 files changed, 408 insertions(+), 469 deletions(-)
(limited to 'config')
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 2f23260b..3fc39f36 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -208,9 +208,11 @@ if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsu
exit;
}
- /* Add the new entry to the Suppress List */
- if (suricata_add_supplist_entry($suppress))
+ /* Add the new entry to the Suppress List and signal Suricata to reload config */
+ if (suricata_add_supplist_entry($suppress)) {
+ suricata_reload_config($a_instance[$instanceid]);
$savemsg = $success;
+ }
else
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
}
@@ -547,11 +549,11 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
{$alert_priority}
{$alert_proto}
{$alert_class}
-
{$alert_ip_src}
+
{$alert_ip_src}
{$alert_src_p}
-
{$alert_ip_dst}
+
{$alert_ip_dst}
{$alert_dst_p}
-
{$alert_sid_str} {$sidsupplink} {$sid_dsbl_link}
+
{$alert_sid_str} {$sidsupplink} {$sid_dsbl_link}
{$alert_descr}
\n";
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 0be45c32..1706f04a 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -37,10 +36,8 @@ global $g, $rebuild_rules;
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id = 0;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
@@ -51,10 +48,21 @@ if (!is_array($config['installedpackages']['suricata']['rule']))
if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item']))
$config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array();
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
$a_nat = &$config['installedpackages']['suricata']['rule'];
$libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']);
+// Build a lookup array of currently used engine 'bind_to' Aliases
+// so we can screen matching Alias names from the list.
+$used = array();
+foreach ($a_nat[$id]['host_os_policy']['item'] as $v)
+ $used[$v['bind_to']] = true;
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* Get current values from config for page form fields */
@@ -78,29 +86,32 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy'];
}
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+// Check for "import alias mode" and set flag if TRUE
+if ($_POST['import_alias']) {
+ $importalias = true;
+ $title = "HTTP Server Policy";
}
+else
+ $importalias = false;
-if ($_GET['act'] && isset($_GET['eng_id'])) {
-
+if ($_POST['add_libhtp_policy']) {
+ header("Location: suricata_libhtp_policy_engine.php?id={$id}&eng_id={$libhtp_engine_next_id}");
+ exit;
+}
+elseif ($_POST['del_libhtp_policy']) {
$natent = array();
$natent = $pconfig;
- if ($_GET['act'] == "del_libhtp_policy")
- unset($natent['libhtp_policy']['item'][$_GET['eng_id']]);
-
+ if ($_POST['eng_id'] != "") {
+ unset($natent['libhtp_policy']['item'][$_POST['eng_id']]);
+ $pconfig = $natent;
+ }
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
-
- header("Location: /suricata/suricata_app_parsers.php?id=$id");
- exit;
}
-
-if ($_POST['ResetAll']) {
+elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
$pconfig['asn1_max_frames'] = "256";
@@ -108,7 +119,57 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+elseif ($_POST['save_import_alias']) {
+ $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
+ }
+
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ }
+}
+elseif ($_POST['cancel_import_alias']) {
+ $importalias = false;
+}
+elseif ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -149,29 +210,19 @@ include_once("head.inc");
?>
-
-' . $pgtitle . '
+
+ " name="hide" id="hide" class="formbtn"
+ title=""/>
+
" name="view" id="view" class="formbtn"
- title=""/>
-
+ title=""/>
+
+
" name="clear" id="clear" class="formbtn"
- title="" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/>
+ title="" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/>
-
+
@@ -201,7 +209,7 @@ include_once("head.inc");
-
+ " .
gettext(" and ") . "" . gettext("EmergingThreats.net") . "" .
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index 3a677d3a..6d5134c3 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -37,16 +36,19 @@ global $g, $rebuild_rules;
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
+if (is_null($id))
+ $id=0;
if (!is_array($config['installedpackages']['suricata']))
$config['installedpackages']['suricata'] = array();
if (!is_array($config['installedpackages']['suricata']['rule']))
$config['installedpackages']['suricata']['rule'] = array();
+// Initialize required array variables as necessary
+if (!is_array($config['aliases']['alias']))
+ $config['aliases']['alias'] = array();
+$a_aliases = $config['aliases']['alias'];
+
// Initialize Host-OS Policy engine arrays if necessary
if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item']))
$config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array();
@@ -55,6 +57,12 @@ $a_nat = &$config['installedpackages']['suricata']['rule'];
$host_os_policy_engine_next_id = count($a_nat[$id]['host_os_policy']['item']);
+// Build a lookup array of currently used engine 'bind_to' Aliases
+// so we can screen matching Alias names from the list.
+$used = array();
+foreach ($a_nat[$id]['host_os_policy']['item'] as $v)
+ $used[$v['bind_to']] = true;
+
$pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* Get current values from config for page form fields */
@@ -76,29 +84,32 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['host_os_policy'] = $a_nat[$id]['host_os_policy'];
}
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) {
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
+// Check for "import alias mode" and set flag if TRUE
+if ($_POST['import_alias']) {
+ $importalias = true;
+ $title = "Host Operating System Policy";
}
+else
+ $importalias = false;
-if ($_GET['act'] && isset($_GET['eng_id'])) {
-
+if ($_POST['add_os_policy']) {
+ header("Location: suricata_os_policy_engine.php?id={$id}&eng_id={$host_os_policy_engine_next_id}");
+ exit;
+}
+elseif ($_POST['del_os_policy']) {
$natent = array();
$natent = $pconfig;
- if ($_GET['act'] == "del_host_os_policy")
- unset($natent['host_os_policy']['item'][$_GET['eng_id']]);
-
+ if ($_POST['eng_id'] != "") {
+ unset($natent['host_os_policy']['item'][$_POST['eng_id']]);
+ $pconfig = $natent;
+ }
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config();
}
-
- header("Location: /suricata/suricata_flow_stream.php?id=$id");
- exit;
}
-
-if ($_POST['ResetAll']) {
+elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
$pconfig['ip_max_frags'] = "65535";
@@ -143,7 +154,7 @@ if ($_POST['ResetAll']) {
/* Log a message at the top of the page to inform the user */
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
-elseif ($_POST['Submit']) {
+elseif ($_POST['save']) {
$natent = array();
$natent = $pconfig;
@@ -211,6 +222,54 @@ elseif ($_POST['Submit']) {
exit;
}
}
+elseif ($_POST['save_import_alias']) {
+ $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['host_os_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['host_os_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['host_os_policy']['item'][$i];
+ unset($a_nat[$id]['host_os_policy']['item'][$i]);
+ $a_nat[$id]['host_os_policy']['item'][] = $tmp;
+ }
+ $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item'];
+ }
+
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ }
+}
+elseif ($_POST['cancel_import_alias']) {
+ $importalias = false;
+}
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Flow and Stream");
@@ -218,29 +277,21 @@ include_once("head.inc");
?>
-
-' . $pgtitle . '';}
-
-
- /* Display Alert message */
+
-
-
+
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php
index f6b5d83d..3ba84736 100644
--- a/config/suricata/suricata_global.php
+++ b/config/suricata/suricata_global.php
@@ -28,7 +28,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
@@ -59,7 +58,6 @@ if (empty($pconfig['suricataloglimitsize']))
// Set limit to 20% of slice that is unused */
$pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024);
-
if ($_POST['autoruleupdatetime']) {
if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime']))
$input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'.";
@@ -73,7 +71,7 @@ if ($_POST['enable_etpro_rules'] == "on" && empty($_POST['etprocode']))
/* if no errors move foward with save */
if (!$input_errors) {
- if ($_POST["Submit"]) {
+ if ($_POST["save"]) {
$config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] = $_POST['enable_vrt_rules'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
@@ -388,14 +386,10 @@ if ($input_errors)
>
-
-
-
-
+
-
-
+
diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php
index c16ac65d..a93d2d64 100644
--- a/config/suricata/suricata_import_aliases.php
+++ b/config/suricata/suricata_import_aliases.php
@@ -1,5 +1,4 @@
system global variables array
+ $config --> global variable pointing to configuration information
+ $a_aliases --> $config['aliases']['alias'] array
+ $title --> title string for import alias engine type
+ $used --> array of currently used engine 'bind_to' Alias names
-// Used to track if any selectable Aliases are found
-$selectablealias = false;
-
-// Initialize required array variables as necessary
-if (!is_array($config['aliases']['alias']))
- $config['aliases']['alias'] = array();
-$a_aliases = $config['aliases']['alias'];
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-
-// The $eng variable points to the specific Suricata config section
-// engine we are importing values into. Initialize the config.xml
-// array if necessary.
-if (!is_array($config['installedpackages']['suricata']['rule'][$id][$eng]['item']))
- $config['installedpackages']['suricata']['rule'][$id][$eng]['item'] = array();
-
-// Initialize a pointer to the Suricata config section engine we are
-// importing values into.
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id][$eng]['item'];
-
-// Build a lookup array of currently used engine 'bind_to' Aliases
-// so we can screen matching Alias names from the list.
-$used = array();
-foreach ($a_nat as $v)
- $used[$v['bind_to']] = true;
-
-// Construct the correct return URL based on the Suricata config section
-// engine we were called with. This lets us return to the page we were
-// called from.
-switch ($eng) {
- case "host_os_policy":
- $returl = "/suricata/suricata_flow_stream.php";
- $multi_ip = true;
- $title = "Host Operating System Policy";
- break;
- case "libhtp_policy":
- $returl = "/suricata/suricata_app_parsers.php";
- $multi_ip = true;
- $title = "HTTP Server Policy";
- break;
- default:
- $returl = "/suricata/suricata_interface_edit";
- $multi_ip = true;
- $title = "";
-}
-
-if ($_POST['cancel']) {
- header("Location: {$returl}?id={$id}");
- exit;
-}
-
-if ($_POST['save']) {
-
- // Define default engine configurations for each of the supported engines.
- $def_os_policy = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
-
- $def_libhtp_policy = array( "name" => "default", "bind_to" => "all", "personality" => "IDS",
- "request-body-limit" => 4096, "response-body-limit" => 4096,
- "double-decode-path" => "no", "double-decode-query" => "no" );
-
- // Figure out which engine type we are importing and set up default engine array
- $engine = array();
- switch ($eng) {
- case "host_os_policy":
- $engine = $def_os_policy;
- break;
- case "libhtp_policy":
- $engine = $def_libhtp_policy;
- break;
- default:
- $engine = "";
- $input_errors[] = gettext("Invalid ENGINE TYPE passed in query string. Aborting operation.");
- }
-
- // See if anything was checked to import
- if (is_array($_POST['toimport']) && count($_POST['toimport']) > 0) {
- foreach ($_POST['toimport'] as $item) {
- $engine['name'] = strtolower($item);
- $engine['bind_to'] = $item;
- $a_nat[] = $engine;
- }
- }
- else
- $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
-
- // if no errors, write new entry to conf
- if (!$input_errors) {
- // Reorder the engine array to ensure the
- // 'bind_to=all' entry is at the bottom if
- // the array contains more than one entry.
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- // Only relocate the entry if we
- // found it, and it's not already
- // at the end.
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- // Now write the new engine array to conf and return
- write_config();
-
- header("Location: {$returl}?id={$id}");
- exit;
- }
-}
-
-$pgtitle = gettext("Suricata: Import Host/Network Alias for {$title}");
-include("head.inc");
+ Information is returned from this page via the following form fields:
+ aliastoimport[] --> checkbox array containing selected alias names
+ save_import_alias --> Submit button for save operation and exit
+ cancel_import_alias --> Submit button to cancel operation and exit
+ ************************************************************************************/
?>
-
-
-