.
* Copyright (C) 2003-2004 Manuel Kasper .
* Copyright (C) 2006 Scott Ullrich
* Copyright (C) 2009 Robert Zelaya Sr. Developer
* Copyright (C) 2012 Ermal Luci
* All rights reserved.
*
* Adapted for Suricata by:
* Copyright (C) 2014 Bill Meeks
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
//require_once("globals.inc");
require_once("guiconfig.inc");
require_once("/usr/local/pkg/suricata/suricata.inc");
global $g, $rebuild_rules;
if (isset($_POST['id']) && is_numericint($_POST['id']))
$id = $_POST['id'];
elseif (isset($_GET['id']) && is_numericint($_GET['id']))
$id = htmlspecialchars($_GET['id']);
if (is_null($id)) {
header("Location: /suricata/suricata_interfaces.php");
exit;
}
if (!is_array($config['installedpackages']['suricata']['rule'])) {
$config['installedpackages']['suricata']['rule'] = array();
}
$a_nat = &$config['installedpackages']['suricata']['rule'];
/* define servers and ports */
$suricata_servers = array (
"dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET",
"sql_servers" => "\$HOME_NET", "telnet_servers" => "\$HOME_NET", "dnp3_server" => "\$HOME_NET",
"dnp3_client" => "\$HOME_NET", "modbus_server" => "\$HOME_NET", "modbus_client" => "\$HOME_NET",
"enip_server" => "\$HOME_NET", "enip_client" => "\$HOME_NET", "ftp_servers" => "\$HOME_NET", "ssh_servers" => "\$HOME_NET",
"aim_servers" => "64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24"
);
/* if user has defined a custom ssh port, use it */
if(is_array($config['system']['ssh']) && isset($config['system']['ssh']['port']))
$ssh_port = $config['system']['ssh']['port'];
else
$ssh_port = "22";
$suricata_ports = array(
"ftp_ports" => "21",
"http_ports" => "80",
"oracle_ports" => "1521",
"ssh_ports" => $ssh_port,
"shellcode_ports" => "!80",
"DNP3_PORTS" => "20000", "file_data_ports" => "\$HTTP_PORTS,110,143"
);
// Sort our SERVERS and PORTS arrays to make values
// easier to locate by the the user.
ksort($suricata_servers);
ksort($suricata_ports);
$pconfig = $a_nat[$id];
/* convert fake interfaces to real */
$if_real = get_real_interface($pconfig['interface']);
$suricata_uuid = $config['installedpackages']['suricata']['rule'][$id]['uuid'];
if ($_POST) {
$natent = array();
$natent = $pconfig;
foreach ($suricata_servers as $key => $server) {
if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"]))
$input_errors[] = "Only aliases are allowed";
}
foreach ($suricata_ports as $key => $server) {
if ($_POST["def_{$key}"] && !is_alias($_POST["def_{$key}"]))
$input_errors[] = "Only aliases are allowed";
}
/* if no errors write to suricata.yaml */
if (!$input_errors) {
/* post new options */
foreach ($suricata_servers as $key => $server) {
if ($_POST["def_{$key}"])
$natent["def_{$key}"] = $_POST["def_{$key}"];
else
unset($natent["def_{$key}"]);
}
foreach ($suricata_ports as $key => $server) {
if ($_POST["def_{$key}"])
$natent["def_{$key}"] = $_POST["def_{$key}"];
else
unset($natent["def_{$key}"]);
}
$a_nat[$id] = $natent;
write_config();
/* Update the suricata.yaml file for this interface. */
$rebuild_rules = false;
conf_mount_rw();
suricata_generate_yaml($a_nat[$id]);
conf_mount_ro();
/* Soft-restart Suricaa to live-load new variables. */
suricata_reload_config($a_nat[$id]);
/* after click go to this page */
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header("Location: suricata_define_vars.php?id=$id");
exit;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} Variables - Servers and Ports");
include_once("head.inc");
?>
' . $pgtitle . '
';}
/* Display Alert message */
if ($input_errors)
print_input_errors($input_errors); // TODO: add checks
if ($savemsg)
print_info_box($savemsg);
?>