65535) $input_errors[] = gettext("The value for Maximum-Pending-Packets must be between 1 and 65,535!"); if (!empty($_POST['max_pcap_log_size']) && !is_numeric($_POST['max_pcap_log_size'])) $input_errors[] = gettext("The value for 'Max Packet Log Size' must be numbers only. Do not include any alphabetic characters."); if (!empty($_POST['max_pcap_log_files']) && !is_numeric($_POST['max_pcap_log_files'])) $input_errors[] = gettext("The value for 'Max Packet Log Files' must be numbers only."); // if no errors write to suricata.yaml if (!$input_errors) { $natent = $a_rule[$id]; $natent['interface'] = $_POST['interface']; $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; $natent['uuid'] = $pconfig['uuid']; // See if the HOME_NET, EXTERNAL_NET, or SUPPRESS LIST values were changed $suricata_reload = false; if ($_POST['homelistname'] && ($_POST['homelistname'] <> $natent['homelistname'])) $suricata_reload = true; if ($_POST['externallistname'] && ($_POST['externallistname'] <> $natent['externallistname'])) $suricata_reload = true; if ($_POST['suppresslistname'] && ($_POST['suppresslistname'] <> $natent['suppresslistname'])) $suricata_reload = true; if ($_POST['descr']) $natent['descr'] = $_POST['descr']; else $natent['descr'] = strtoupper($natent['interface']); if ($_POST['max_pcap_log_size']) $natent['max_pcap_log_size'] = $_POST['max_pcap_log_size']; else unset($natent['max_pcap_log_size']); if ($_POST['max_pcap_log_files']) $natent['max_pcap_log_files'] = $_POST['max_pcap_log_files']; else unset($natent['max_pcap_log_files']); if ($_POST['enable_stats_log'] == "on") { $natent['enable_stats_log'] = 'on'; }else{ $natent['enable_stats_log'] = 'off'; } if ($_POST['append_stats_log'] == "on") { $natent['append_stats_log'] = 'on'; }else{ $natent['append_stats_log'] = 'off'; } if ($_POST['stats_upd_interval']) $natent['stats_upd_interval'] = $_POST['stats_upd_interval']; else $natent['stats_upd_interval'] = "10"; if ($_POST['enable_http_log'] == "on") { $natent['enable_http_log'] = 'on'; }else{ $natent['enable_http_log'] = 'off'; } if ($_POST['append_http_log'] == "on") { $natent['append_http_log'] = 'on'; }else{ $natent['append_http_log'] = 'off'; } if ($_POST['enable_tls_log'] == "on") { $natent['enable_tls_log'] = 'on'; }else{ $natent['enable_tls_log'] = 'off'; } if ($_POST['tls_log_extended'] == "on") { $natent['tls_log_extended'] = 'on'; }else{ $natent['tls_log_extended'] = 'off'; } if ($_POST['enable_pcap_log'] == "on") { $natent['enable_pcap_log'] = 'on'; }else{ $natent['enable_pcap_log'] = 'off'; } if ($_POST['enable_json_file_log'] == "on") { $natent['enable_json_file_log'] = 'on'; }else{ $natent['enable_json_file_log'] = 'off'; } if ($_POST['append_json_file_log'] == "on") { $natent['append_json_file_log'] = 'on'; }else{ $natent['append_json_file_log'] = 'off'; } if ($_POST['enable_tracked_files_magic'] == "on") { $natent['enable_tracked_files_magic'] = 'on'; }else{ $natent['enable_tracked_files_magic'] = 'off'; } if ($_POST['enable_tracked_files_md5'] == "on") { $natent['enable_tracked_files_md5'] = 'on'; }else{ $natent['enable_tracked_files_md5'] = 'off'; } if ($_POST['enable_file_store'] == "on") { $natent['enable_file_store'] = 'on'; }else{ $natent['enable_file_store'] = 'off'; } if ($_POST['max_pending_packets']) $natent['max_pending_packets'] = $_POST['max_pending_packets']; else unset($natent['max_pending_packets']); if ($_POST['inspect_recursion_limit']) $natent['inspect_recursion_limit'] = $_POST['inspect_recursion_limit']; else unset($natent['inspect_recursion_limit']); if ($_POST['detect_eng_profile']) $natent['detect_eng_profile'] = $_POST['detect_eng_profile']; else unset($natent['detect_eng_profile']); if ($_POST['mpm_algo']) $natent['mpm_algo'] = $_POST['mpm_algo']; else unset($natent['mpm_algo']); if ($_POST['sgh_mpm_context']) $natent['sgh_mpm_context'] = $_POST['sgh_mpm_context']; else unset($natent['sgh_mpm_context']); if ($_POST['blockoffenders'] == "on") $natent['blockoffenders'] = 'on'; else $natent['blockoffenders'] = 'off'; if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); suricata_stop($a_rule[$id], $oif_real); exec("rm -r /var/log/suricata_{$oif_real}" . $a_rule[$id]['uuid']); exec("mv -f {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); } // Edits don't require a rules rebuild, so turn it "off" $rebuild_rules = false; $a_rule[$id] = $natent; } else { // Adding new interface, so set interface configuration parameter defaults $natent['ip_max_frags'] = "65535"; $natent['ip_frag_timeout'] = "60"; $natent['frag_memcap'] = '33554432'; $natent['ip_max_trackers'] = '65535'; $natent['frag_hash_size'] = '65536'; $natent['flow_memcap'] = '33554432'; $natent['flow_prealloc'] = '10000'; $natent['flow_hash_size'] = '65536'; $natent['flow_emerg_recovery'] = '30'; $natent['flow_prune'] = '5'; $natent['flow_tcp_new_timeout'] = '60'; $natent['flow_tcp_established_timeout'] = '3600'; $natent['flow_tcp_closed_timeout'] = '120'; $natent['flow_tcp_emerg_new_timeout'] = '10'; $natent['flow_tcp_emerg_established_timeout'] = '300'; $natent['flow_tcp_emerg_closed_timeout'] = '20'; $natent['flow_udp_new_timeout'] = '30'; $natent['flow_udp_established_timeout'] = '300'; $natent['flow_udp_emerg_new_timeout'] = '10'; $natent['flow_udp_emerg_established_timeout'] = '100'; $natent['flow_icmp_new_timeout'] = '30'; $natent['flow_icmp_established_timeout'] = '300'; $natent['flow_icmp_emerg_new_timeout'] = '10'; $natent['flow_icmp_emerg_established_timeout'] = '100'; $natent['stream_memcap'] = '33554432'; $natent['stream_max_sessions'] = '262144'; $natent['stream_prealloc_sessions'] = '32768'; $natent['reassembly_memcap'] = '67108864'; $natent['reassembly_depth'] = '1048576'; $natent['reassembly_to_server_chunk'] = '2560'; $natent['reassembly_to_client_chunk'] = '2560'; $natent['enable_midstream_sessions'] = 'off'; $natent['enable_async_sessions'] = 'off'; $natent['asn1_max_frames'] = '256'; $default = array( "name" => "default", "bind_to" => "all", "policy" => "bsd" ); if (!is_array($natent['host_os_policy']['item'])) $natent['host_os_policy']['item'] = array(); $natent['host_os_policy']['item'][] = $default; $default = array( "name" => "default", "bind_to" => "all", "personality" => "IDS", "request-body-limit" => 4096, "response-body-limit" => 4096, "double-decode-path" => "no", "double-decode-query" => "no" ); if (!is_array($natent['libhtp_policy']['item'])) $natent['libhtp_policy']['item'] = array(); $natent['libhtp_policy']['item'][] = $default; // Enable the basic default rules for the interface $natent['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules"; // Adding a new interface, so set flag to build new rules $rebuild_rules = true; // Add the new interface configuration to the [rule] array in config $a_rule[] = $natent; } // If Suricata is disabled on this interface, stop any running instance if ($natent['enable'] != 'on') suricata_stop($natent, $if_real); // Save configuration changes write_config(); // Update suricata.conf and suricata.sh files for this interface sync_suricata_package_config(); /*******************************************************/ /* Signal Suricata to reload configuration if we changed */ /* HOME_NET, EXTERNAL_NET or Suppress list values. */ /* The function only signals a running Suricata instance */ /* to safely reload these parameters. */ /*******************************************************/ if ($suricata_reload == true) suricata_reload_config($natent, "USR2"); header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /suricata/suricata_interfaces.php"); exit; } else $pconfig = $_POST; } $if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); $pgtitle = gettext("Suricata: Interface {$if_friendly} - Edit Settings"); include_once("head.inc"); ?>