$ssh_port = $config['system']['ssh']['port']; } else { $ssh_port = "22"; } $suricata_ports = array("ftp_ports" => "21", "http_ports" => "80", "oracle_ports" => "1521", "ssh_ports" => $ssh_port, "shellcode_ports" => "!80", "DNP3_PORTS" => "20000", "file_data_ports" => "\$HTTP_PORTS,110,143"); $port_vars = ""; foreach ($suricata_ports as $alias => $avalue) { if (!empty($suricatacfg["def_{$alias}"]) && is_alias($suricatacfg["def_{$alias}"])) { $avalue = trim(filter_expand_alias($suricatacfg["def_{$alias}"])); $avalue = preg_replace('/\\s+/', ',', trim($avalue)); } $port_vars .= " " . strtoupper($alias) . ": \"{$avalue}\"\n"; } $port_vars = trim($port_vars); // Define a Suppress List (Threshold) if one is configured $suppress = suricata_find_list($suricatacfg['suppresslistname'], 'suppress'); if (!empty($suppress)) { $suppress_data = str_replace("\r", "", base64_decode($suppress['suppresspassthru'])); @file_put_contents("{$suricatacfgdir}/threshold.config", $suppress_data); } else { @file_put_contents("{$suricatacfgdir}/threshold.config", ""); } // Add interface-specific detection engine settings if (!empty($suricatacfg['max_pending_packets'])) { $max_pend_pkts = $suricatacfg['max_pending_packets']; } else { $max_pend_pkts = 1024; } if (!empty($suricatacfg['detect_eng_profile'])) { $detect_eng_profile = $suricatacfg['detect_eng_profile']; } else {
} $wlist = htmlspecialchars($_GET['wlist']); $type = htmlspecialchars($_GET['type']); $title = "List"; if (isset($id) && isset($wlist)) { $a_rule = $config['installedpackages']['suricata']['rule'][$id]; if ($type == "homenet") { $list = suricata_build_list($a_rule, $wlist); $contents = implode("\n", $list); $title = "HOME_NET"; } elseif ($type == "passlist") { $list = suricata_build_list($a_rule, $wlist, true); $contents = implode("\n", $list); $title = "Pass List"; } elseif ($type == "suppress") { $list = suricata_find_list($wlist, $type); $contents = str_replace("\r", "", base64_decode($list['suppresspassthru'])); $title = "Suppress List"; } elseif ($type == "externalnet") { if ($wlist == "default") { $list = suricata_build_list($a_rule, $a_rule['homelistname']); $contents = ""; foreach ($list as $ip) { $contents .= "!{$ip}\n"; } $contents = trim($contents, "\n"); } else { $list = suricata_build_list($a_rule, $wlist, false, true); $contents = implode("\n", $list); } $title = "EXTERNAL_NET";