0) { $btn_view_flowb_rules = " title=\"" . gettext("View flowbit-required rules") . "\""; } else $btn_view_flowb_rules = " disabled"; } else $btn_view_flowb_rules = " disabled"; // If a Snort VRT policy is enabled and selected, remove all Snort VRT // rules from the configured rule sets to allow automatic selection. if ($a_nat[$id]['ips_policy_enable'] == 'on') { if (isset($a_nat[$id]['ips_policy'])) { $disable_vrt_rules = "disabled"; $enabled_sets = explode("||", $a_nat[$id]['rulesets']); foreach ($enabled_sets as $k => $v) { if (substr($v, 0, 6) == "suricata_") unset($enabled_sets[$k]); } $a_nat[$id]['rulesets'] = implode("||", $enabled_sets); } } else $disable_vrt_rules = ""; if ($_POST["save"]) { if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; } else { $a_nat[$id]['ips_policy_enable'] = 'off'; unset($a_nat[$id]['ips_policy']); } // Always start with the default events and files rules $enabled_items = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules"; if (is_array($_POST['toenable'])) $enabled_items .= "||" . implode("||", $_POST['toenable']); else $enabled_items .= "||{$_POST['toenable']}"; $a_nat[$id]['rulesets'] = $enabled_items; if ($_POST['autoflowbits'] == "on") $a_nat[$id]['autoflowbitrules'] = 'on'; else { $a_nat[$id]['autoflowbitrules'] = 'off'; if (file_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}")) @unlink("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } write_config(); /*************************************************/ /* Update the suricata.yaml file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; suricata_generate_yaml($a_nat[$id]); $rebuild_rules = false; /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_nat[$id]); } elseif ($_POST['unselectall']) { // Remove all but the default events and files rules $a_nat[$id]['rulesets'] = "decoder-events.rules||files.rules||http-events.rules||smtp-events.rules||stream-events.rules"; if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; } else { $a_nat[$id]['ips_policy_enable'] = 'off'; unset($a_nat[$id]['ips_policy']); } write_config(); sync_suricata_package_config(); } elseif ($_POST['selectall']) { // Start with the required default events and files rules $rulesets = array( "decoder-events.rules", "files.rules", "http-events.rules", "smtp-events.rules", "stream-events.rules" ); if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy']; } else { $a_nat[$id]['ips_policy_enable'] = 'off'; unset($a_nat[$id]['ips_policy']); } if ($emergingdownload == 'on') { $files = glob("{$suricatadir}rules/" . ET_OPEN_FILE_PREFIX . "*.rules"); foreach ($files as $file) $rulesets[] = basename($file); } elseif ($etpro == 'on') { $files = glob("{$suricatadir}rules/" . ET_PRO_FILE_PREFIX . "*.rules"); foreach ($files as $file) $rulesets[] = basename($file); } if ($snortcommunitydownload == 'on') { $files = glob("{$suricatadir}rules/" . GPL_FILE_PREFIX . "community.rules"); foreach ($files as $file) $rulesets[] = basename($file); } /* Include the Snort VRT rules only if enabled and no IPS policy is set */ if ($snortdownload == 'on' && $a_nat[$id]['ips_policy_enable'] == 'off') { $files = glob("{$suricatadir}rules/" . VRT_FILE_PREFIX . "*.rules"); foreach ($files as $file) $rulesets[] = basename($file); } $a_nat[$id]['rulesets'] = implode("||", $rulesets); write_config(); sync_suricata_package_config(); } $enabled_rulesets_array = explode("||", $a_nat[$id]['rulesets']); $if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); $pgtitle = gettext("Suricata IDS: Interface {$if_friendly} - Categories"); include_once("head.inc"); ?>