. * Copyright (C) 2003-2004 Manuel Kasper . * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya Sr. Developer * Copyright (C) 2012 Ermal Luci * All rights reserved. * * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); global $config, $g; if (!is_array($config['installedpackages']['suricata']['rule'])) $config['installedpackages']['suricata']['rule'] = array(); // Hard-code the path where IP Lists are stored // and disregard any user-supplied path element. $iprep_path = SURICATA_IPREP_PATH; // Set default to not show IP List editor controls $iplist_edit_style = "display: none;"; function suricata_is_iplist_active($iplist) { /*************************************************** * This function checks all configured Suricata * * interfaces to see if the passed IP List is used * * as a whitelist or blacklist by an interface. * * * * Returns: TRUE if IP List is in use * * FALSE if IP List is not in use * ***************************************************/ global $g, $config; if (!is_array($config['installedpackages']['suricata']['rule'])) return FALSE; foreach ($config['installedpackages']['suricata']['rule'] as $rule) { if (is_array($rule['iplist_files']['item'])) { foreach ($rule['iplist_files']['item'] as $file) { if ($file == $iplist) return TRUE; } } } return FALSE; } // If doing a postback, used typed values, else load from stored config if (!empty($_POST)) { $pconfig = $_POST; } else { $pconfig['et_iqrisk_enable'] = $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable']; $pconfig['iqrisk_code'] = $config['installedpackages']['suricata']['config'][0]['iqrisk_code']; } // Validate IQRisk settings if enabled and saving them if ($_POST['save']) { if ($pconfig['et_iqrisk_enable'] == 'on' && empty($pconfig['iqrisk_code'])) $input_errors[] = gettext("You must provide a valid IQRisk subscription code when IQRisk downloads are enabled!"); if (!$input_errors) { $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = $_POST['et_iqrisk_enable'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['iqrisk_code'] = $_POST['iqrisk_code']; write_config("Suricata pkg: modified IP Lists settings."); /* Toggle cron task for ET IQRisk updates if setting was changed */ if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) { include("/usr/local/pkg/suricata/suricata_etiqrisk_update.php"); install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, 0, "*", "*", "*", "root"); } elseif ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) install_cron_job("/usr/local/pkg/suricata/suricata_etiqrisk_update.php", FALSE); } } if (isset($_POST['upload'])) { if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) { $tmp_name = $_FILES["iprep_fileup"]["tmp_name"]; $name = $_FILES["iprep_fileup"]["name"]; move_uploaded_file($tmp_name, "{$iprep_path}{$name}"); } else $input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}"); } if (isset($_POST['iplist_delete']) && isset($_POST['iplist_fname'])) { if (!suricata_is_iplist_active($_POST['iplist_fname'])) unlink_if_exists("{$iprep_path}{$_POST['iplist_fname']}"); else $input_errors[] = gettext("This IP List is currently assigned to an interface and cannot be deleted until it is removed from the configured interface."); } if (isset($_POST['iplist_edit']) && isset($_POST['iplist_fname'])) { $file = $iprep_path . basename($_POST['iplist_fname']); $data = file_get_contents($file); if ($data !== FALSE) { $iplist_data = htmlspecialchars($data); $iplist_edit_style = "display: table-row-group;"; $iplist_name = basename($_POST['iplist_fname']); unset($data); } else { $input_errors[] = gettext("An error occurred reading the file."); } } if (isset($_POST['iplist_edit_save']) && isset($_POST['iplist_data'])) { if (strlen(basename($_POST['iplist_name'])) > 0) { $file = $iprep_path . basename($_POST['iplist_name']); $data = str_replace("\r\n", "\n", $_POST['iplist_data']); file_put_contents($file, $data); unset($data); } else { $input_errors[] = gettext("You must provide a valid filename for the IP List."); $iplist_edit_style = "display: table-row-group;"; } } // Get all files in the IP Lists sub-directory as an array // Leave this as the last thing before spewing the page HTML // so we can pick up any changes made to files in code above. $ipfiles = return_dir_as_array($iprep_path); $pgtitle = gettext("Suricata: IP Reputation Lists"); include_once("head.inc"); ?>
onclick="IQRisk_enablechange();"/>
" . gettext("http://emergingthreats.net/products/iqrisk-rep-list/") . "" . gettext(" for more information or to purchase a subscription.");?>


"/>
');" src="../themes//images/icons/icon_x.gif" width="17" height="17" border="0" title=""/>
 
  " title="" />   " onClick="document.getElementById('iplist_editor').style.display='none';" title="" />
 


" . gettext("https://redmine.openinfosecfoundation.org/projects/suricata/wiki/IPReputationFormat") . "" . gettext(" for IP Reputation file formats."); ?>