<?php /* * suricata_interfaces.php * * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); global $g, $rebuild_rules; $suricatadir = SURICATADIR; $suricatalogdir = SURICATALOGDIR; $rcdir = RCFILEPREFIX; if ($_POST['id']) $id = $_POST['id']; else $id = 0; if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); $a_nat = &$config['installedpackages']['suricata']['rule']; $id_gen = count($config['installedpackages']['suricata']['rule']); if ($_POST['del_x']) { /* delete selected interfaces */ if (is_array($_POST['rule'])) { conf_mount_rw(); foreach ($_POST['rule'] as $rulei) { $if_real = get_real_interface($a_nat[$rulei]['interface']); $suricata_uuid = $a_nat[$rulei]['uuid']; suricata_stop($a_nat[$rulei], $if_real); exec("/bin/rm -r {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}"); exec("/bin/rm -r {$suricatadir}suricata_{$suricata_uuid}_{$if_real}"); unset($a_nat[$rulei]); } conf_mount_ro(); /* If all the Suricata interfaces are removed, then unset the config array. */ if (empty($a_nat)) unset($a_nat); write_config(); sleep(2); /* if there are no ifaces remaining do not create suricata.sh */ if (!empty($config['installedpackages']['suricata']['rule'])) suricata_create_rc(); else { conf_mount_rw(); @unlink("{$rcdir}/suricata.sh"); conf_mount_ro(); } sync_suricata_package_config(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /suricata/suricata_interfaces.php"); exit; } } /* start/stop Barnyard2 */ if ($_POST['bartoggle']) { $suricatacfg = $config['installedpackages']['suricata']['rule'][$id]; $if_real = get_real_interface($suricatacfg['interface']); $if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']); if (!suricata_is_running($suricatacfg['uuid'], $if_real, 'barnyard2')) { log_error("Toggle (barnyard starting) for {$if_friendly}({$suricatacfg['descr']})..."); sync_suricata_package_config(); suricata_barnyard_start($suricatacfg, $if_real); } else { log_error("Toggle (barnyard stopping) for {$if_friendly}({$suricatacfg['descr']})..."); suricata_barnyard_stop($suricatacfg, $if_real); } sleep(3); // So the GUI reports correctly header("Location: /suricata/suricata_interfaces.php"); exit; } /* start/stop Suricata */ if ($_POST['toggle']) { $suricatacfg = $config['installedpackages']['suricata']['rule'][$id]; $if_real = get_real_interface($suricatacfg['interface']); $if_friendly = convert_friendly_interface_to_friendly_descr($suricatacfg['interface']); if (suricata_is_running($suricatacfg['uuid'], $if_real)) { log_error("Toggle (suricata stopping) for {$if_friendly}({$suricatacfg['descr']})..."); suricata_stop($suricatacfg, $if_real); } else { log_error("Toggle (suricata starting) for {$if_friendly}({$suricatacfg['descr']})..."); // set flag to rebuild interface rules before starting Snort $rebuild_rules = true; sync_suricata_package_config(); $rebuild_rules = false; suricata_start($suricatacfg, $if_real); } sleep(3); // So the GUI reports correctly header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /suricata/suricata_interfaces.php"); exit; } $suri_bin_ver = SURICATA_VER; $suri_pkg_ver = SURICATA_PKG_VER; $pgtitle = "Services: Suricata {$suri_bin_ver} pkg {$suri_pkg_ver} - Intrusion Detection System"; include_once("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000"> <?php include_once("fbegin.inc"); ?> <form action="suricata_interfaces.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <input type="hidden" name="id" id="id" value=""> <?php /* Display Alert message */ if ($input_errors) print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> <?php $tab_array = array(); $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); display_top_tabs($tab_array); ?> </td> </tr> <tr> <td> <div id="mainarea"> <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <colgroup> <col width="3%" align="center"> <col width="12%"> <col width="14%"> <col width="120" align="center"> <col width="65" align="center"> <col width="14%"> <col> <col width="20" align="center"> </colgroup> <thead> <tr id="frheader"> <th class="list"> </th> <th class="listhdrr"><?php echo gettext("Interface"); ?></th> <th class="listhdrr"><?php echo gettext("Suricata"); ?></th> <th class="listhdrr"><?php echo gettext("Pattern Matcher"); ?></th> <th class="listhdrr"><?php echo gettext("Block"); ?></th> <th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th> <th class="listhdr"><?php echo gettext("Description"); ?></th> <th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> </th> </tr> </thead> <?php $nnats = $i = 0; // Turn on buffering to speed up rendering ini_set('output_buffering','true'); // Start buffering to fix display lag issues in IE9 and IE10 ob_start(null, 0); /* If no interfaces are defined, then turn off the "no rules" warning */ $no_rules_footnote = false; if ($id_gen == 0) $no_rules = false; else $no_rules = true; foreach ($a_nat as $natent): ?> <tr valign="top" id="fr<?=$nnats;?>"> <?php /* convert fake interfaces to real and check if iface is up */ /* There has to be a smarter way to do this */ $if_real = get_real_interface($natent['interface']); $natend_friendly= convert_friendly_interface_to_friendly_descr($natent['interface']); $suricata_uuid = $natent['uuid']; if (!suricata_is_running($suricata_uuid, $if_real)){ $iconfn = 'block'; $iconfn_msg1 = 'Suricata is not running on '; $iconfn_msg2 = '. Click to start.'; } else{ $iconfn = 'pass'; $iconfn_msg1 = 'Suricata is running on '; $iconfn_msg2 = '. Click to stop.'; } if (!suricata_is_running($suricata_uuid, $if_real, 'barnyard2')){ $biconfn = 'block'; $biconfn_msg1 = 'Barnyard2 is not running on '; $biconfn_msg2 = '. Click to start.'; } else{ $biconfn = 'pass'; $biconfn_msg1 = 'Barnyard2 is running on '; $biconfn_msg2 = '. Click to stop.'; } /* See if interface has any rules defined and set boolean flag */ $no_rules = true; if (isset($natent['customrules']) && !empty($natent['customrules'])) $no_rules = false; if (isset($natent['rulesets']) && !empty($natent['rulesets'])) $no_rules = false; if (isset($natent['ips_policy']) && !empty($natent['ips_policy'])) $no_rules = false; /* Do not display the "no rules" warning if interface disabled */ if ($natent['enable'] == "off") $no_rules = false; if ($no_rules) $no_rules_footnote = true; ?> <td class="listt"> <input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0;"> </td> <td class="listr" valign="middle" id="frd<?=$nnats;?>" ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> <?php echo $natend_friendly; ?> </td> <td class="listr" valign="middle" id="frd<?=$nnats;?>" ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> <?php $check_suricata_info = $config['installedpackages']['suricata']['rule'][$nnats]['enable']; if ($check_suricata_info == "on") { echo gettext("ENABLED") . " "; echo "<input type='image' src='../themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif' width='13' height='13' border='0' "; echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\";' name=\"toggle[]\" "; echo "title='" . gettext($iconfn_msg1.$natend_friendly.$iconfn_msg2) . "'/>"; echo ($no_rules) ? " <img src=\"../themes/{$g['theme']}/images/icons/icon_frmfld_imp.png\" width=\"15\" height=\"15\" border=\"0\">" : ""; } else echo gettext("DISABLED"); ?> </td> <td class="listr" id="frd<?=$nnats;?>" valign="middle" align="center" ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> <?php $check_performance_info = $config['installedpackages']['suricata']['rule'][$nnats]['mpm_algo']; if ($check_performance_info != "") { $check_performance = $check_performance_info; }else{ $check_performance = "unknown"; } ?> <?=strtoupper($check_performance);?> </td> <td class="listr" id="frd<?=$nnats;?>" valign="middle" align="center" ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> <?php $check_blockoffenders_info = $config['installedpackages']['suricata']['rule'][$nnats]['blockoffenders']; if ($check_blockoffenders_info == "on") { $check_blockoffenders = enabled; } else { $check_blockoffenders = disabled; } ?> <?=strtoupper($check_blockoffenders);?> </td> <td class="listr" id="frd<?=$nnats;?>" valign="middle" ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> <?php $check_suricatabarnyardlog_info = $config['installedpackages']['suricata']['rule'][$nnats]['barnyard_enable']; if ($check_suricatabarnyardlog_info == "on") { echo gettext("ENABLED") . " "; echo "<input type='image' name='bartoggle[]' src='../themes/{$g['theme']}/images/icons/icon_{$biconfn}.gif' width='13' height='13' border='0' "; echo "onClick='document.getElementById(\"id\").value=\"{$nnats}\"'; title='" . gettext($biconfn_msg1.$natend_friendly.$biconfn_msg2) . "'/>"; } else echo gettext("DISABLED"); ?> </td> <td class="listbg" valign="middle" ondblclick="document.location='suricata_interfaces_edit.php?id=<?=$nnats;?>';"> <font color="#ffffff"> <?=htmlspecialchars($natent['descr']);?> </font> </td> <td valign="middle" class="list" nowrap> <a href="suricata_interfaces_edit.php?id=<?=$i;?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a> </td> </tr> <?php $i++; $nnats++; endforeach; ob_end_flush(); ?> <tr> <td class="list"></td> <td class="list" colspan="6"> <?php if ($no_rules_footnote): ?><br><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_frmfld_imp.png" width="15" height="15" border="0"> <span class="red">   <?php echo gettext("WARNING: Marked interface currently has no rules defined for Suricata"); ?></span> <?php else: ?> <?php endif; ?> </td> <td class="list" valign="middle" nowrap> <?php if ($nnats == 0): ?> <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> <?php else: ?> <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>" onclick="return intf_del()"> <?php endif; ?> </td> </tr> <tr> <td colspan="8"> </td> </tr> <tr> <td> </td> <td colspan="6"> <table class="tabcont" width="100%" border="0" cellpadding="1" cellspacing="0"> <tr> <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span> <br> <?php echo gettext("This is the ") . "<strong>" . gettext("Suricata Menu ") . "</strong>" . gettext("where you can see an overview of all your interface settings. "); if (empty($a_nat)) { echo gettext("Please configure the parameters on the ") . "<strong>" . gettext("Global Settings") . "</strong>" . gettext(" tab before adding an interface."); }?> </td> </tr> <tr> <td colspan="3" class="vexpl"><br> </td> </tr> <tr> <td colspan="3" class="vexpl"><span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span><br> <strong><?php echo gettext("New settings will not take effect until interface restart."); ?></strong> </td> </tr> <tr> <td colspan="3" class="vexpl"><br> </td> </tr> <tr> <td class="vexpl"><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?php echo gettext("Add Icon"); ?>"> icon to add an interface. </td> <td width="3%" class="vexpl"> </td> <td class="vexpl"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="13" height="13" border="0" title="<?php echo gettext("Running"); ?>"> <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="13" height="13" border="0" title="<?php echo gettext("Not Running"); ?>"> icons will show current suricata and barnyard2 status. </td> </tr> <tr> <td class="vexpl"><strong>Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit Icon"); ?>"> icon to edit an interface and settings. <td width="3%"> </td> <td class="vexpl"><strong>Click</strong> on the status icons to <strong>toggle</strong> suricata and barnyard2 status. </td> </tr> <tr> <td colspan="3" class="vexpl"><strong> Click</strong> on the <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete Icon"); ?>"> icon to delete an interface and settings. </td> </tr> </table> </td> <td> </td> </tr> </table> </div> </td> </tr> </table> </form> <script type="text/javascript"> function intf_del() { var isSelected = false; var inputs = document.iform.elements; for (var i = 0; i < inputs.length; i++) { if (inputs[i].type == "checkbox") { if (inputs[i].checked) isSelected = true; } } if (isSelected) return confirm('Do you really want to delete the selected Suricata mapping?'); else alert("There is no Suricata mapping selected for deletion. Click the checkbox beside the Suricata mapping(s) you wish to delete."); } </script> <?php include("fend.inc"); ?> </body> </html>