65000) $input_errors[] = gettext("The value for Maximum-Pending-Packets must be between 1 and 65,000!"); if (isset($_POST['max_pcap_log_size']) && !is_numeric($_POST['max_pcap_log_size'])) $input_errors[] = gettext("The value for 'Max Packet Log Size' must be numbers only. Do not include any alphabetic characters."); if (isset($_POST['max_pcap_log_files']) && !is_numeric($_POST['max_pcap_log_files'])) $input_errors[] = gettext("The value for 'Max Packet Log Files' must be numbers only."); if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit'])) $input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0."); /* See if assigned interface is already in use */ if (isset($_POST['interface'])) { foreach ($a_rule as $k => $v) { if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance."); break; } } } // if no errors write to suricata.yaml if (!$input_errors) { $natent = $a_rule[$id]; $natent['interface'] = $_POST['interface']; $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; $natent['uuid'] = $pconfig['uuid']; if ($_POST['descr']) $natent['descr'] = htmlspecialchars($_POST['descr']); else $natent['descr'] = strtoupper($natent['interface']); if ($_POST['max_pcap_log_size']) $natent['max_pcap_log_size'] = $_POST['max_pcap_log_size']; else unset($natent['max_pcap_log_size']); if ($_POST['max_pcap_log_files']) $natent['max_pcap_log_files'] = $_POST['max_pcap_log_files']; else unset($natent['max_pcap_log_files']); if ($_POST['enable_stats_log'] == "on") { $natent['enable_stats_log'] = 'on'; }else{ $natent['enable_stats_log'] = 'off'; } if ($_POST['append_stats_log'] == "on") { $natent['append_stats_log'] = 'on'; }else{ $natent['append_stats_log'] = 'off'; } if ($_POST['stats_upd_interval'] >= 1) $natent['stats_upd_interval'] = $_POST['stats_upd_interval']; else $natent['stats_upd_interval'] = "10"; if ($_POST['enable_http_log'] == "on") { $natent['enable_http_log'] = 'on'; }else{ $natent['enable_http_log'] = 'off'; } if ($_POST['append_http_log'] == "on") { $natent['append_http_log'] = 'on'; }else{ $natent['append_http_log'] = 'off'; } if ($_POST['enable_tls_log'] == "on") { $natent['enable_tls_log'] = 'on'; }else{ $natent['enable_tls_log'] = 'off'; } if ($_POST['tls_log_extended'] == "on") { $natent['tls_log_extended'] = 'on'; }else{ $natent['tls_log_extended'] = 'off'; } if ($_POST['enable_pcap_log'] == "on") { $natent['enable_pcap_log'] = 'on'; }else{ $natent['enable_pcap_log'] = 'off'; } if ($_POST['enable_json_file_log'] == "on") { $natent['enable_json_file_log'] = 'on'; }else{ $natent['enable_json_file_log'] = 'off'; } if ($_POST['append_json_file_log'] == "on") { $natent['append_json_file_log'] = 'on'; }else{ $natent['append_json_file_log'] = 'off'; } if ($_POST['enable_tracked_files_magic'] == "on") { $natent['enable_tracked_files_magic'] = 'on'; }else{ $natent['enable_tracked_files_magic'] = 'off'; } if ($_POST['enable_tracked_files_md5'] == "on") { $natent['enable_tracked_files_md5'] = 'on'; }else{ $natent['enable_tracked_files_md5'] = 'off'; } if ($_POST['enable_file_store'] == "on") { $natent['enable_file_store'] = 'on'; }else{ $natent['enable_file_store'] = 'off'; } if ($_POST['max_pending_packets']) $natent['max_pending_packets'] = $_POST['max_pending_packets']; else unset($natent['max_pending_packets']); if ($_POST['inspect_recursion_limit'] >= '0') $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']); if ($_POST['detect_eng_profile']) $natent['detect_eng_profile'] = $_POST['detect_eng_profile']; else unset($natent['detect_eng_profile']); if ($_POST['mpm_algo']) $natent['mpm_algo'] = $_POST['mpm_algo']; else unset($natent['mpm_algo']); if ($_POST['sgh_mpm_context']) $natent['sgh_mpm_context'] = $_POST['sgh_mpm_context']; else unset($natent['sgh_mpm_context']); if ($_POST['blockoffenders'] == "on") $natent['blockoffenders'] = 'on'; else $natent['blockoffenders'] = 'off'; if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); if ($_POST['passlistname']) $natent['passlistname'] = $_POST['passlistname']; else unset($natent['passlistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { // See if moving an existing Suricata instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); if (suricata_is_running($a_rule[$id]['uuid'], $oif_real)) { suricata_stop($a_rule[$id], $oif_real); $suricata_start = true; } else $suricata_start = false; exec("mv -f {$suricatalogdir}suricata_{$oif_real}" . $a_rule[$id]['uuid'] . " {$suricatalogdir}suricata_{$if_real}" . $a_rule[$id]['uuid']); conf_mount_rw(); exec("mv -f {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); conf_mount_ro(); } $a_rule[$id] = $natent; } else { // Adding new interface, so set interface configuration parameter defaults $natent['ip_max_frags'] = "65535"; $natent['ip_frag_timeout'] = "60"; $natent['frag_memcap'] = '33554432'; $natent['ip_max_trackers'] = '65535'; $natent['frag_hash_size'] = '65536'; $natent['flow_memcap'] = '33554432'; $natent['flow_prealloc'] = '10000'; $natent['flow_hash_size'] = '65536'; $natent['flow_emerg_recovery'] = '30'; $natent['flow_prune'] = '5'; $natent['flow_tcp_new_timeout'] = '60'; $natent['flow_tcp_established_timeout'] = '3600'; $natent['flow_tcp_closed_timeout'] = '120'; $natent['flow_tcp_emerg_new_timeout'] = '10'; $natent['flow_tcp_emerg_established_timeout'] = '300'; $natent['flow_tcp_emerg_closed_timeout'] = '20'; $natent['flow_udp_new_timeout'] = '30'; $natent['flow_udp_established_timeout'] = '300'; $natent['flow_udp_emerg_new_timeout'] = '10'; $natent['flow_udp_emerg_established_timeout'] = '100'; $natent['flow_icmp_new_timeout'] = '30'; $natent['flow_icmp_established_timeout'] = '300'; $natent['flow_icmp_emerg_new_timeout'] = '10'; $natent['flow_icmp_emerg_established_timeout'] = '100'; $natent['stream_memcap'] = '33554432'; $natent['stream_max_sessions'] = '262144'; $natent['stream_prealloc_sessions'] = '32768'; $natent['reassembly_memcap'] = '67108864'; $natent['reassembly_depth'] = '1048576'; $natent['reassembly_to_server_chunk'] = '2560'; $natent['reassembly_to_client_chunk'] = '2560'; $natent['enable_midstream_sessions'] = 'off'; $natent['enable_async_sessions'] = 'off'; $natent['asn1_max_frames'] = '256'; $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd" ); if (!is_array($natent['host_os_policy']['item'])) $natent['host_os_policy']['item'] = array(); $natent['host_os_policy']['item'][] = $default; $default = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", "request-body-limit" => 4096, "response-body-limit" => 4096, "double-decode-path" => "no", "double-decode-query" => "no" ); if (!is_array($natent['libhtp_policy']['item'])) $natent['libhtp_policy']['item'] = array(); $natent['libhtp_policy']['item'][] = $default; // Enable the basic default rules for the interface $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules||tls-events.rules"; // Adding a new interface, so set flag to build new rules $rebuild_rules = true; // Add the new interface configuration to the [rule] array in config $a_rule[] = $natent; } // If Suricata is disabled on this interface, stop any running instance if ($natent['enable'] != 'on') suricata_stop($natent, $if_real); // Save configuration changes write_config(); // Update suricata.conf and suricata.sh files for this interface sync_suricata_package_config(); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /suricata/suricata_interfaces.php"); exit; } else $pconfig = $_POST; } $if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); $pgtitle = gettext("Suricata: Interface {$if_friendly} - Edit Settings"); include_once("head.inc"); ?>
" method="post" name="iform" id="iform"> '; echo '
'; $tab_array = array(); $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); $tab_array[] = array($menu_iface . gettext("Settings"), true, "/suricata/suricata_interfaces_edit.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); display_top_tabs($tab_array, true); ?>
onClick="enable_change(false)"/>
  
 



/>
onClick="toggle_stats_log();" id="enable_stats_log"/> " . gettext("Not Checked") . "."; ?>
  " . gettext("seconds") . "" . gettext(" for stats updating. Default is ") . "" . gettext("10") . "."; ?>
/> " . gettext("Not Checked") . "."; ?>
onClick="toggle_http_log()" id="enable_http_log"/> " . gettext("Checked") . "."; ?>
/> " . gettext("Checked") . "."; ?>
onClick="toggle_tls_log()" id="enable_tls_log"/> " . gettext("Not Checked") . "."; ?>
/> " . gettext("Checked") . "."; ?>
onClick="toggle_json_file_log()" id="enable_json_file_log"/> " . gettext("Not Checked") . "."; ?>
id="append_json_file_log"/> " . gettext("Checked") . "."; ?>
id="enable_tracked_files_magic"/> " . gettext("Not Checked") . "."; ?>
id="enable_tracked_files_md5"/> " . gettext("Not Checked") . "."; ?>
onClick="toggle_file_store()" id="enable_file_store"/> " . gettext("Not Checked") . "."; ?>
onClick="toggle_pcap_log()"/> " . gettext("Not Checked") . "."; ?>
  " . gettext("MB") . "" . gettext(" for a packet log file. Default is ") . "" . gettext("32") . "."; ?>

  " . gettext("1000") . "."; ?>

onClick="enable_blockoffenders()"/>
/>
  
 " . gettext("Choosing BOTH is suggested, and it is the default value."); ?>
  " . gettext("1024") . "."; ?>

" . gettext("Warning: ") . "" . gettext("Setting this too high can lead to degradation and a possible system crash by exhausting available memory.") ?>
   " . gettext("Default") . "" . gettext(" is ") . "" . gettext("Medium") . ""; ?>.


   " . gettext("Default") . "" . gettext(" is ") . "" . gettext("AC") . ""; ?>.


   " . gettext("Default") . "" . gettext(" is ") . "" . gettext("Auto") . ""; ?>.


  " . gettext("3000") . "."; ?>

     "/>


 
 
    

 
 
     "/>


 
 
     "/>

 
" . gettext("Default option disables suppression and filtering."); ?>
"/>
" . gettext("Please save your settings before you attempt to start Suricata."); ?>