From c1717f2d9752d19c54e86e1bcb6cb81f5b253710 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Mon, 24 Feb 2014 00:45:10 -0500 Subject: Bug fixes and replace $_GET with $_POST where possible. --- config/suricata/suricata_alerts.php | 12 +- config/suricata/suricata_app_parsers.php | 145 +++++++++----- config/suricata/suricata_download_updates.php | 18 +- config/suricata/suricata_flow_stream.php | 144 +++++++++----- config/suricata/suricata_global.php | 12 +- config/suricata/suricata_import_aliases.php | 191 ++++-------------- config/suricata/suricata_interfaces_edit.php | 43 ++-- config/suricata/suricata_libhtp_policy_engine.php | 12 +- config/suricata/suricata_os_policy_engine.php | 12 +- config/suricata/suricata_rules.php | 228 +++++++++------------- config/suricata/suricata_rulesets.php | 60 ++---- 11 files changed, 408 insertions(+), 469 deletions(-) (limited to 'config') diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index 2f23260b..3fc39f36 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -208,9 +208,11 @@ if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsu exit; } - /* Add the new entry to the Suppress List */ - if (suricata_add_supplist_entry($suppress)) + /* Add the new entry to the Suppress List and signal Suricata to reload config */ + if (suricata_add_supplist_entry($suppress)) { + suricata_reload_config($a_instance[$instanceid]); $savemsg = $success; + } else $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!"); } @@ -547,11 +549,11 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo {$alert_priority} {$alert_proto} {$alert_class} - {$alert_ip_src} + {$alert_ip_src} {$alert_src_p} - {$alert_ip_dst} + {$alert_ip_dst} {$alert_dst_p} - {$alert_sid_str}
{$sidsupplink}  {$sid_dsbl_link} + {$alert_sid_str}
{$sidsupplink}  {$sid_dsbl_link} {$alert_descr} \n"; diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index 0be45c32..1706f04a 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -28,7 +28,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ - require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); @@ -37,10 +36,8 @@ global $g, $rebuild_rules; $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; -if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; -} +if (is_null($id)) + $id = 0; if (!is_array($config['installedpackages']['suricata'])) $config['installedpackages']['suricata'] = array(); @@ -51,10 +48,21 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'])) $config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array(); +// Initialize required array variables as necessary +if (!is_array($config['aliases']['alias'])) + $config['aliases']['alias'] = array(); +$a_aliases = $config['aliases']['alias']; + $a_nat = &$config['installedpackages']['suricata']['rule']; $libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']); +// Build a lookup array of currently used engine 'bind_to' Aliases +// so we can screen matching Alias names from the list. +$used = array(); +foreach ($a_nat[$id]['host_os_policy']['item'] as $v) + $used[$v['bind_to']] = true; + $pconfig = array(); if (isset($id) && $a_nat[$id]) { /* Get current values from config for page form fields */ @@ -78,29 +86,32 @@ if (isset($id) && $a_nat[$id]) { $pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy']; } -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; +// Check for "import alias mode" and set flag if TRUE +if ($_POST['import_alias']) { + $importalias = true; + $title = "HTTP Server Policy"; } +else + $importalias = false; -if ($_GET['act'] && isset($_GET['eng_id'])) { - +if ($_POST['add_libhtp_policy']) { + header("Location: suricata_libhtp_policy_engine.php?id={$id}&eng_id={$libhtp_engine_next_id}"); + exit; +} +elseif ($_POST['del_libhtp_policy']) { $natent = array(); $natent = $pconfig; - if ($_GET['act'] == "del_libhtp_policy") - unset($natent['libhtp_policy']['item'][$_GET['eng_id']]); - + if ($_POST['eng_id'] != "") { + unset($natent['libhtp_policy']['item'][$_POST['eng_id']]); + $pconfig = $natent; + } if (isset($id) && $a_nat[$id]) { $a_nat[$id] = $natent; write_config(); } - - header("Location: /suricata/suricata_app_parsers.php?id=$id"); - exit; } - -if ($_POST['ResetAll']) { +elseif ($_POST['ResetAll']) { /* Reset all the settings to defaults */ $pconfig['asn1_max_frames'] = "256"; @@ -108,7 +119,57 @@ if ($_POST['ResetAll']) { /* Log a message at the top of the page to inform the user */ $savemsg = gettext("All flow and stream settings have been reset to their defaults."); } -elseif ($_POST['Submit']) { +elseif ($_POST['save_import_alias']) { + $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS", + "request-body-limit" => "4096", "response-body-limit" => "4096", + "double-decode-path" => "no", "double-decode-query" => "no" ); + + // See if anything was checked to import + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) { + foreach ($_POST['aliastoimport'] as $item) { + $engine['name'] = strtolower($item); + $engine['bind_to'] = $item; + $a_nat[$id]['libhtp_policy']['item'][] = $engine; + } + } + else { + $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); + $importalias = true; + } + + // if no errors, write new entry to conf + if (!$input_errors) { + // Reorder the engine array to ensure the + // 'bind_to=all' entry is at the bottom if + // the array contains more than one entry. + if (count($a_nat[$id]['libhtp_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } + } + // Only relocate the entry if we + // found it, and it's not already + // at the end. + if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['libhtp_policy']['item'][$i]; + unset($a_nat[$id]['libhtp_policy']['item'][$i]); + $a_nat[$id]['libhtp_policy']['item'][] = $tmp; + } + $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item']; + } + + // Write the new engine array to config file + write_config(); + $importalias = false; + } +} +elseif ($_POST['cancel_import_alias']) { + $importalias = false; +} +elseif ($_POST['save']) { $natent = array(); $natent = $pconfig; @@ -149,29 +210,19 @@ include_once("head.inc"); ?> - -' . $pgtitle . '

';} - - - /* Display Alert message */ - + - - - -
+ + +
+ + + + + @@ -231,11 +287,9 @@ include_once("head.inc"); - @@ -247,8 +301,8 @@ include_once("head.inc"); "> "all") : ?> - - ">
- "> - - "/> + ">
  - "> -      +     
+ + +
diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php index ecfd5f8b..200bc834 100644 --- a/config/suricata/suricata_download_updates.php +++ b/config/suricata/suricata_download_updates.php @@ -91,6 +91,9 @@ if ($_POST['view']&& $suricata_rules_upd_log_chk == 'yes') { $input_errors[] = gettext("Unable to read log file: {$suricata_rules_upd_log}"); } +if ($_POST['hide']) + $contents = ""; + $pgtitle = gettext("Suricata: Update Rules Set Files"); include_once("head.inc"); ?> @@ -174,15 +177,20 @@ include_once("head.inc");
+ + " name="hide" id="hide" class="formbtn" + title=""/> + " name="view" id="view" class="formbtn" - title=""/> -            + title=""/> + +          " name="clear" id="clear" class="formbtn" - title="" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/> + title="" onClick="return confirm('Are you sure?\nOK to confirm, or CANCEL to quit');"/>

-    
+




@@ -201,7 +209,7 @@ include_once("head.inc"); -

+
  " . gettext(" and ") . "" . gettext("EmergingThreats.net") . "" . diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index 3a677d3a..6d5134c3 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -28,7 +28,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ - require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); @@ -37,16 +36,19 @@ global $g, $rebuild_rules; $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; -if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; -} +if (is_null($id)) + $id=0; if (!is_array($config['installedpackages']['suricata'])) $config['installedpackages']['suricata'] = array(); if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); +// Initialize required array variables as necessary +if (!is_array($config['aliases']['alias'])) + $config['aliases']['alias'] = array(); +$a_aliases = $config['aliases']['alias']; + // Initialize Host-OS Policy engine arrays if necessary if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'])) $config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array(); @@ -55,6 +57,12 @@ $a_nat = &$config['installedpackages']['suricata']['rule']; $host_os_policy_engine_next_id = count($a_nat[$id]['host_os_policy']['item']); +// Build a lookup array of currently used engine 'bind_to' Aliases +// so we can screen matching Alias names from the list. +$used = array(); +foreach ($a_nat[$id]['host_os_policy']['item'] as $v) + $used[$v['bind_to']] = true; + $pconfig = array(); if (isset($id) && $a_nat[$id]) { /* Get current values from config for page form fields */ @@ -76,29 +84,32 @@ if (isset($id) && $a_nat[$id]) { $pconfig['host_os_policy'] = $a_nat[$id]['host_os_policy']; } -// Check for returned "selected alias" if action is import -if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalue'])) { - $pconfig[$_GET['varname']] = $_GET['varvalue']; +// Check for "import alias mode" and set flag if TRUE +if ($_POST['import_alias']) { + $importalias = true; + $title = "Host Operating System Policy"; } +else + $importalias = false; -if ($_GET['act'] && isset($_GET['eng_id'])) { - +if ($_POST['add_os_policy']) { + header("Location: suricata_os_policy_engine.php?id={$id}&eng_id={$host_os_policy_engine_next_id}"); + exit; +} +elseif ($_POST['del_os_policy']) { $natent = array(); $natent = $pconfig; - if ($_GET['act'] == "del_host_os_policy") - unset($natent['host_os_policy']['item'][$_GET['eng_id']]); - + if ($_POST['eng_id'] != "") { + unset($natent['host_os_policy']['item'][$_POST['eng_id']]); + $pconfig = $natent; + } if (isset($id) && $a_nat[$id]) { $a_nat[$id] = $natent; write_config(); } - - header("Location: /suricata/suricata_flow_stream.php?id=$id"); - exit; } - -if ($_POST['ResetAll']) { +elseif ($_POST['ResetAll']) { /* Reset all the settings to defaults */ $pconfig['ip_max_frags'] = "65535"; @@ -143,7 +154,7 @@ if ($_POST['ResetAll']) { /* Log a message at the top of the page to inform the user */ $savemsg = gettext("All flow and stream settings have been reset to their defaults."); } -elseif ($_POST['Submit']) { +elseif ($_POST['save']) { $natent = array(); $natent = $pconfig; @@ -211,6 +222,54 @@ elseif ($_POST['Submit']) { exit; } } +elseif ($_POST['save_import_alias']) { + $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" ); + + // See if anything was checked to import + if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) { + foreach ($_POST['aliastoimport'] as $item) { + $engine['name'] = strtolower($item); + $engine['bind_to'] = $item; + $a_nat[$id]['host_os_policy']['item'][] = $engine; + } + } + else { + $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); + $importalias = true; + } + + // if no errors, write new entry to conf + if (!$input_errors) { + // Reorder the engine array to ensure the + // 'bind_to=all' entry is at the bottom if + // the array contains more than one entry. + if (count($a_nat[$id]['host_os_policy']['item']) > 1) { + $i = -1; + foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) { + if ($v['bind_to'] == "all") { + $i = $f; + break; + } + } + // Only relocate the entry if we + // found it, and it's not already + // at the end. + if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) { + $tmp = $a_nat[$id]['host_os_policy']['item'][$i]; + unset($a_nat[$id]['host_os_policy']['item'][$i]); + $a_nat[$id]['host_os_policy']['item'][] = $tmp; + } + $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item']; + } + + // Write the new engine array to config file + write_config(); + $importalias = false; + } +} +elseif ($_POST['cancel_import_alias']) { + $importalias = false; +} $if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); $pgtitle = gettext("Suricata: Interface {$if_friendly} - Flow and Stream"); @@ -218,29 +277,21 @@ include_once("head.inc"); ?> - -' . $pgtitle . '

';} - - - /* Display Alert message */ + - - +
+ + -
+ + + + + @@ -284,12 +340,10 @@ include_once("head.inc"); - + $v): ?> @@ -300,9 +354,9 @@ include_once("head.inc"); "> "all") : ?> - - "> + "/> "> @@ -314,7 +368,6 @@ include_once("head.inc"); - @@ -603,7 +656,7 @@ include_once("head.inc");
- "> - - ">"/> + "/>
  - ">     
+ + +
diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php index f6b5d83d..3ba84736 100644 --- a/config/suricata/suricata_global.php +++ b/config/suricata/suricata_global.php @@ -28,7 +28,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ - require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); @@ -59,7 +58,6 @@ if (empty($pconfig['suricataloglimitsize'])) // Set limit to 20% of slice that is unused */ $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024); - if ($_POST['autoruleupdatetime']) { if (!preg_match('/^([01]?[0-9]|2[0-3]):?([0-5][0-9])$/', $_POST['autoruleupdatetime'])) $input_errors[] = "Invalid Rule Update Start Time! Please supply a value in 24-hour format as 'HH:MM'."; @@ -73,7 +71,7 @@ if ($_POST['enable_etpro_rules'] == "on" && empty($_POST['etprocode'])) /* if no errors move foward with save */ if (!$input_errors) { - if ($_POST["Submit"]) { + if ($_POST["save"]) { $config['installedpackages']['suricata']['config'][0]['enable_vrt_rules'] = $_POST['enable_vrt_rules'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off'; @@ -388,14 +386,10 @@ if ($input_errors) >  - - - - + -   -   +   diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php index c16ac65d..a93d2d64 100644 --- a/config/suricata/suricata_import_aliases.php +++ b/config/suricata/suricata_import_aliases.php @@ -1,5 +1,4 @@ system global variables array + $config --> global variable pointing to configuration information + $a_aliases --> $config['aliases']['alias'] array + $title --> title string for import alias engine type + $used --> array of currently used engine 'bind_to' Alias names -// Used to track if any selectable Aliases are found -$selectablealias = false; - -// Initialize required array variables as necessary -if (!is_array($config['aliases']['alias'])) - $config['aliases']['alias'] = array(); -$a_aliases = $config['aliases']['alias']; -if (!is_array($config['installedpackages']['suricata']['rule'])) - $config['installedpackages']['suricata']['rule'] = array(); - -// The $eng variable points to the specific Suricata config section -// engine we are importing values into. Initialize the config.xml -// array if necessary. -if (!is_array($config['installedpackages']['suricata']['rule'][$id][$eng]['item'])) - $config['installedpackages']['suricata']['rule'][$id][$eng]['item'] = array(); - -// Initialize a pointer to the Suricata config section engine we are -// importing values into. -$a_nat = &$config['installedpackages']['suricata']['rule'][$id][$eng]['item']; - -// Build a lookup array of currently used engine 'bind_to' Aliases -// so we can screen matching Alias names from the list. -$used = array(); -foreach ($a_nat as $v) - $used[$v['bind_to']] = true; - -// Construct the correct return URL based on the Suricata config section -// engine we were called with. This lets us return to the page we were -// called from. -switch ($eng) { - case "host_os_policy": - $returl = "/suricata/suricata_flow_stream.php"; - $multi_ip = true; - $title = "Host Operating System Policy"; - break; - case "libhtp_policy": - $returl = "/suricata/suricata_app_parsers.php"; - $multi_ip = true; - $title = "HTTP Server Policy"; - break; - default: - $returl = "/suricata/suricata_interface_edit"; - $multi_ip = true; - $title = ""; -} - -if ($_POST['cancel']) { - header("Location: {$returl}?id={$id}"); - exit; -} - -if ($_POST['save']) { - - // Define default engine configurations for each of the supported engines. - $def_os_policy = array( "name" => "", "bind_to" => "", "policy" => "bsd" ); - - $def_libhtp_policy = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", - "request-body-limit" => 4096, "response-body-limit" => 4096, - "double-decode-path" => "no", "double-decode-query" => "no" ); - - // Figure out which engine type we are importing and set up default engine array - $engine = array(); - switch ($eng) { - case "host_os_policy": - $engine = $def_os_policy; - break; - case "libhtp_policy": - $engine = $def_libhtp_policy; - break; - default: - $engine = ""; - $input_errors[] = gettext("Invalid ENGINE TYPE passed in query string. Aborting operation."); - } - - // See if anything was checked to import - if (is_array($_POST['toimport']) && count($_POST['toimport']) > 0) { - foreach ($_POST['toimport'] as $item) { - $engine['name'] = strtolower($item); - $engine['bind_to'] = $item; - $a_nat[] = $engine; - } - } - else - $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE."); - - // if no errors, write new entry to conf - if (!$input_errors) { - // Reorder the engine array to ensure the - // 'bind_to=all' entry is at the bottom if - // the array contains more than one entry. - if (count($a_nat) > 1) { - $i = -1; - foreach ($a_nat as $f => $v) { - if ($v['bind_to'] == "all") { - $i = $f; - break; - } - } - // Only relocate the entry if we - // found it, and it's not already - // at the end. - if ($i > -1 && ($i < (count($a_nat) - 1))) { - $tmp = $a_nat[$i]; - unset($a_nat[$i]); - $a_nat[] = $tmp; - } - } - - // Now write the new engine array to conf and return - write_config(); - - header("Location: {$returl}?id={$id}"); - exit; - } -} - -$pgtitle = gettext("Suricata: Import Host/Network Alias for {$title}"); -include("head.inc"); + Information is returned from this page via the following form fields: + aliastoimport[] --> checkbox array containing selected alias names + save_import_alias --> Submit button for save operation and exit + cancel_import_alias --> Submit button to cancel operation and exit + ************************************************************************************/ ?> - - -
- - - -
- + +
- - + @@ -723,15 +718,13 @@ include_once("head.inc"); - - - - @@ -849,11 +842,11 @@ function enable_change(enable_change) { document.iform.alertsystemlog.disabled = endis; document.iform.externallistname.disabled = endis; document.iform.homelistname.disabled = endis; - document.iform.whitelistname.disabled=endis; +// document.iform.whitelistname.disabled=endis; document.iform.suppresslistname.disabled = endis; document.iform.configpassthru.disabled = endis; document.iform.btnHomeNet.disabled=endis; - document.iform.btnWhitelist.disabled=endis; +// document.iform.btnWhitelist.disabled=endis; document.iform.btnSuppressList.disabled=endis; } diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php index e7cf4135..ec00bbb2 100644 --- a/config/suricata/suricata_libhtp_policy_engine.php +++ b/config/suricata/suricata_libhtp_policy_engine.php @@ -43,6 +43,10 @@ if (is_null($id)) { header("Location: /suricata/suricata_interfaces.php"); exit; } +if (is_null($eng_id)) { + header("Location: /suricata/suricata_app_parsers.php?id={$id}"); + exit; +} if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); @@ -71,7 +75,7 @@ else { $pconfig['personality'] = "IDS"; } -if ($_POST['Cancel']) { +if ($_POST['cancel']) { header("Location: /suricata/suricata_app_parsers.php?id={$id}"); exit; } @@ -82,7 +86,7 @@ if ($_GET['act'] == "import") { $pconfig[$_GET['varname']] = $_GET['varvalue']; } -if ($_POST['Submit']) { +if ($_POST['save']) { /* Grab all the POST values and save in new temp array */ $engine = array(); @@ -279,10 +283,10 @@ if ($savemsg)

+
+ @@ -221,7 +99,7 @@ include("head.inc"); - + - + - - -
@@ -244,29 +122,26 @@ include("head.inc");
- "/> + + "/>
- "/>    - "/> + + "/>   + "/>
+
- - - - - + + diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 20deb885..6dbf9412 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -44,10 +44,8 @@ if ($_GET['id'] && is_numeric($_GET['id'])); $id = htmlspecialchars($_GET['id'], ENT_QUOTES | ENT_HTML401); if ($_POST['id'] && is_numeric($_POST['id'])) $id = $_POST['id']; -if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; -} +if (is_null($id)) + $id = 0; $pconfig = array(); if (empty($suricataglob['rule'][$id]['uuid'])) { @@ -128,7 +126,7 @@ if (empty($pconfig['max_pcap_log_size'])) if (empty($pconfig['max_pcap_log_files'])) $pconfig['max_pcap_log_files'] = "1000"; -if ($_POST["Submit"]) { +if ($_POST["save"]) { if (!$_POST['interface']) $input_errors[] = gettext("Choosing an Interface is mandatory!"); @@ -255,7 +253,7 @@ if ($_POST["Submit"]) { $natent['libhtp_policy']['item'][] = $default; // Enable the basic default rules for the interface - $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events"; + $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules"; // Adding a new interface, so set flag to build new rules $rebuild_rules = true; @@ -301,19 +299,14 @@ include_once("head.inc"); - - -' . $pgtitle . '

';}?> - -
" method="post" name="iform" id="iform"> @@ -654,6 +647,7 @@ include_once("head.inc"); "setting at default. Create an Alias for custom External Net settings."); ?>
"/>
 " . + " . gettext("Please save your settings before you attempt to start Suricata."); ?>
  - ">      - ">
diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php index 61918e65..ae5a9348 100644 --- a/config/suricata/suricata_os_policy_engine.php +++ b/config/suricata/suricata_os_policy_engine.php @@ -43,6 +43,10 @@ if (is_null($id)) { header("Location: /suricata/suricata_interfaces.php"); exit; } +if (is_null($eng_id)) { + header("Location: /suricata/suricata_flow_stream.php?id={$id}"); + exit; +} if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); @@ -68,7 +72,7 @@ else { $pconfig['policy'] = "bsd"; } -if ($_POST['Cancel']) { +if ($_POST['cancel']) { header("Location: /suricata/suricata_flow_stream.php?id={$id}"); exit; } @@ -79,7 +83,7 @@ if ($_GET['act'] == "import") { $pconfig[$_GET['varname']] = $_GET['varvalue']; } -if ($_POST['Submit']) { +if ($_POST['save']) { /* Grab all the POST values and save in new temp array */ $engine = array(); @@ -225,10 +229,10 @@ if ($savemsg)   - ">      - "> diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index 428bc9be..f6457f19 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -27,7 +27,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ - require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); @@ -35,23 +34,26 @@ global $g, $rebuild_rules; $suricatadir = SURICATADIR; $rules_map = array(); +$pconfig = array(); if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); $a_rule = &$config['installedpackages']['suricata']['rule']; -if (is_numeric($_GET['id'])) +log_error(print_r($_POST, true)); + +if ($_GET['id']) $id = $_GET['id']; -if (isset($_POST['id'])) +if ($_POST['id']) $id = $_POST['id']; if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; + $id = 0; } if (isset($id) && $a_rule[$id]) { $pconfig['interface'] = $a_rule[$id]['interface']; $pconfig['rulesets'] = $a_rule[$id]['rulesets']; + $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); } function truncate($string, $length) { @@ -110,7 +112,9 @@ $categories = explode("||", $pconfig['rulesets']); if ($_GET['openruleset']) $currentruleset = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401); -else if ($_POST['openruleset']) +elseif ($_POST['selectbox']) + $currentruleset = $_POST['selectbox']; +elseif ($_POST['openruleset']) $currentruleset = $_POST['openruleset']; else $currentruleset = $categories[0]; @@ -147,13 +151,11 @@ if ($currentruleset != 'custom.rules') { $enablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_on']); $disablesid = suricata_load_sid_mods($a_rule[$id]['rule_sid_off']); -if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { - - // Get the GID tag embedded in the clicked rule icon. - $gid = $_GET['gid']; +if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) && !empty($rules_map)) { - // Get the SID tag embedded in the clicked rule icon. - $sid= $_GET['ids']; + // Get the GID:SID tags embedded in the clicked rule icon. + $gid = $_POST['gid']; + $sid = $_POST['sid']; // See if the target SID is in our list of modified SIDs, // and toggle it back to default if present; otherwise, @@ -197,11 +199,9 @@ if ($_GET['act'] == "toggle" && $_GET['ids'] && !empty($rules_map)) { /* Update the config.xml file. */ write_config(); - $_GET['openruleset'] = $currentruleset; $anchor = "rule_{$gid}_{$sid}"; } - -if ($_GET['act'] == "disable_all" && !empty($rules_map)) { +elseif ($_POST['disable_all'] && !empty($rules_map)) { // Mark all rules in the currently selected category "disabled". foreach (array_keys($rules_map) as $k1) { @@ -238,13 +238,8 @@ if ($_GET['act'] == "disable_all" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_GET['act'] == "enable_all" && !empty($rules_map)) { +elseif ($_POST['enable_all'] && !empty($rules_map)) { // Mark all rules in the currently selected category "enabled". foreach (array_keys($rules_map) as $k1) { @@ -280,13 +275,8 @@ if ($_GET['act'] == "enable_all" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { +elseif ($_POST['resetcategory'] && !empty($rules_map)) { // Reset any modified SIDs in the current rule category to their defaults. foreach (array_keys($rules_map) as $k1) { @@ -324,13 +314,8 @@ if ($_GET['act'] == "resetcategory" && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_GET['act'] == "resetall" && !empty($rules_map)) { +elseif ($_POST['resetall'] && !empty($rules_map)) { // Remove all modified SIDs from config.xml and save the changes. unset($a_rule[$id]['rule_sid_on']); @@ -338,23 +323,20 @@ if ($_GET['act'] == "resetall" && !empty($rules_map)) { /* Update the config.xml file. */ write_config(); - - $_GET['openruleset'] = $currentruleset; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; } - -if ($_POST['clear']) { +elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); write_config(); $rebuild_rules = true; suricata_generate_yaml($a_rule[$id]); $rebuild_rules = false; - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; + $pconfig['customrules'] = ''; } - -if ($_POST['customrules']) { +elseif ($_POST['cancel']) { + $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); +} +elseif ($_POST['save']) { + $pconfig['customrules'] = $_POST['customrules']; if ($_POST['customrules']) $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); else @@ -363,24 +345,21 @@ if ($_POST['customrules']) { $rebuild_rules = true; suricata_generate_yaml($a_rule[$id]); $rebuild_rules = false; - $output = ""; - $retcode = ""; - exec("/usr/local/bin/suricata -T --init-errors-fatal -c {$suricatacfgdir}/suricata.yaml 2>&1", $output, $retcode); - if (intval($retcode) != 0) { - $error = ""; - $start = count($output); - $end = $start - 4; - for($i = $start; $i > $end; $i--) - $error .= $output[$i]; - $input_errors[] = "Custom rules have errors:\n {$error}"; - } - else { - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; - } + /* Signal Suricata to "live reload" the rules */ + suricata_reload_config($a_rule[$id]); +// $output = ""; +// $retcode = ""; +// exec("/usr/local/bin/suricata -T --init-errors-fatal -c {$suricatacfgdir}/suricata.yaml 2>&1", $output, $retcode); +// if (intval($retcode) != 0) { +// $error = ""; +// $start = count($output); +// $end = $start - 4; +// for($i = $start; $i > $end; $i--) +// $error .= $output[$i]; +// $input_errors[] = "Custom rules have errors:\n {$error}"; +// } } - -else if ($_POST['apply']) { +elseif ($_POST['apply']) { /* Save new configuration */ write_config(); @@ -395,16 +374,6 @@ else if ($_POST['apply']) { /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); - - /* Return to this same page */ - header("Location: /suricata/suricata_rules.php?id={$id}&openruleset={$currentruleset}"); - exit; -} -else if ($_POST['cancel']) { - - /* Return to this same page */ - header("Location: /suricata/suricata_rules.php?id={$id}"); - exit; } require_once("guiconfig.inc"); @@ -417,9 +386,7 @@ $pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset ' . $pgtitle . '

';} - -/* Display message */ +/* Display error or save messages if present */ if ($input_errors) { print_input_errors($input_errors); // TODO: add checks } @@ -430,7 +397,11 @@ if ($savemsg) { ?> - + + + + + - - @@ -497,15 +468,13 @@ if ($savemsg) { @@ -518,43 +487,40 @@ if ($savemsg) {
     +    
- -
- " title=" "/>   - " title=""/>   + " title=" "/>   + " title=""/>   " onclick="return confirm('')" title=""/>
- - - - - - @@ -579,7 +544,6 @@ if ($savemsg) {
" class="formbtn" - title=""/> - -

+ title=""/>

" . gettext("Suricata must be restarted to activate any SID enable/disable changes made on this tab."); ?>		 - "?> + title='" . gettext("Click to remove enable/disable changes for rules in the selected category only") . "'/>"?>   
- "?> + title='" . gettext("Click to remove all enable/disable changes for rules in all categories") . "'/>"?>   
- "?> + title='" . gettext("Click to disable all rules in the selected category") . "'/>"?>   
- "?> + title='" . gettext("Click to enable all rules in the selected category") . "'/>"?>   
@@ -564,7 +530,6 @@ if ($savemsg) { title="" width="17" height="17" border="0">   
 
- @@ -587,7 +551,7 @@ if ($savemsg) { - + @@ -668,11 +632,11 @@ if ($savemsg) { $message = suricata_get_msg($v['rule']); $sid_tooltip = gettext("View the raw text for this rule"); - echo "
{$textss} - - {$textse} + echo "
{$textss} + {$textse} {$textss}{$gid}{$textse} @@ -753,15 +717,14 @@ if ($savemsg) {
- - + + diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php index a1609d6c..e15818d5 100644 --- a/config/suricata/suricata_rulesets.php +++ b/config/suricata/suricata_rulesets.php @@ -43,10 +43,8 @@ $a_nat = &$config['installedpackages']['suricata']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; -if (is_null($id)) { - header("Location: /suricata/suricata_interfaces.php"); - exit; -} +if (is_null($id)) + $id = 0; if (isset($id) && $a_nat[$id]) { $pconfig['enable'] = $a_nat[$id]['enable']; @@ -117,9 +115,7 @@ if ($a_nat[$id]['ips_policy_enable'] == 'on') { else $disable_vrt_rules = ""; -/* alert file */ -if ($_POST["Submit"]) { - +if ($_POST["save"]) { if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; @@ -129,11 +125,12 @@ if ($_POST["Submit"]) { unset($a_nat[$id]['ips_policy']); } - $enabled_items = ""; + // Always start with the default events and files rules + $enabled_items = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules"; if (is_array($_POST['toenable'])) - $enabled_items = implode("||", $_POST['toenable']); + $enabled_items .= "||" . implode("||", $_POST['toenable']); else - $enabled_items = $_POST['toenable']; + $enabled_items .= "||{$_POST['toenable']}"; $a_nat[$id]['rulesets'] = $enabled_items; @@ -155,12 +152,12 @@ if ($_POST["Submit"]) { suricata_generate_yaml($a_nat[$id]); $rebuild_rules = false; - header("Location: /suricata/suricata_rulesets.php?id=$id"); - exit; + /* Signal Suricata to "live reload" the rules */ + suricata_reload_config($a_nat[$id]); } - -if ($_POST['unselectall']) { - $a_nat[$id]['rulesets'] = ""; +elseif ($_POST['unselectall']) { + // Remove all but the default events and files rules + $a_nat[$id]['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules"; if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; @@ -173,13 +170,10 @@ if ($_POST['unselectall']) { write_config(); sync_suricata_package_config(); - - header("Location: /suricata/suricata_rulesets.php?id=$id"); - exit; } - -if ($_POST['selectall']) { - $rulesets = array(); +elseif ($_POST['selectall']) { + // Start with the required default events and files rules + $rulesets = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules" ); if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; @@ -218,9 +212,6 @@ if ($_POST['selectall']) { write_config(); sync_suricata_package_config(); - - header("Location: /suricata/suricata_rulesets.php?id=$id"); - exit; } $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); @@ -234,7 +225,6 @@ include_once("head.inc"); ' . $pgtitle . '

';} /* Display message */ if ($input_errors) { @@ -282,9 +272,8 @@ if ($savemsg) { $isrulesfolderempty = glob("{$suricatadir}rules/*.rules"); $iscfgdirempty = array(); if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules")) - $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"); - if (empty($isrulesfolderempty)): -?> + $iscfgdirempty = (array)("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/custom.rules"); ?> +
',$suricatadir,''); ?>

@@ -294,14 +283,7 @@ if ($savemsg) { '' . gettext(" tab."); ?> - + - +
"/> "/>"/>"/>
@@ -531,7 +513,7 @@ if ($savemsg) { - "/> + "/> @@ -581,7 +563,7 @@ function enable_change() for (var i = 0; i < document.iform.elements.length; i++) { if (document.iform.elements[i].type == 'checkbox') { var str = document.iform.elements[i].value; - if (str.substr(0,6) == "suricata_") + if (str.substr(0,6) == "snort_") document.iform.elements[i].disabled = !(endis); } } -- cgit v1.2.3