}
$a_nat[$id] = $natent;
write_config("Suricata pkg: modified Barnyard2 settings.");
// No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
conf_mount_rw();
sync_suricata_package_config();
conf_mount_ro();
// If disabling Barnyard2 on the interface, stop any
// currently running instance. If an instance is
// running, signal it to reload the configuration.
// If Barnyard2 is enabled but not running, start it.
if ($a_nat[$id]['barnyard_enable'] == "off") {
suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
} elseif ($a_nat[$id]['barnyard_enable'] == "on") {
if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) {
suricata_barnyard_reload_config($a_nat[$id], "HUP");
} else {
// Notify user a Suricata restart is required if enabling Barnyard2 for the first time
$savemsg = gettext("NOTE: you must restart Suricata on this interface to activate unified2 logging for Barnyard2.");
}
}
$pconfig = $natent;
} else {
// We had errors, so save previous field data to prevent retyping
$pconfig = $_POST;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Barnyard2 Settings");
include_once "head.inc";
}
write_config("Suricata pkg: save enabled rule categories for {$a_nat[$id]['interface']}.");
/*************************************************/
/* Update the suricata.yaml file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
suricata_generate_yaml($a_nat[$id]);
conf_mount_ro();
$rebuild_rules = false;
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_nat[$id]);
$pconfig = $_POST;
$enabled_rulesets_array = explode("||", $enabled_items);
if (suricata_is_running($suricata_uuid, $if_real)) {
$savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface.");
}
// Sync to configured CARP slaves if any are enabled
suricata_sync_on_changes();
} elseif ($_POST['unselectall']) {
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
$a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
} else {
$a_nat[$id]['ips_policy_enable'] = 'off';
unset($a_nat[$id]['ips_policy']);
}
$pconfig['autoflowbits'] = $_POST['autoflowbits'];
$pconfig['ips_policy_enable'] = $_POST['ips_policy_enable'];
$pconfig['ips_policy'] = $_POST['ips_policy'];
if ($_POST['configpassthru']) {
$natent['configpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['configpassthru']));
} else {
unset($natent['configpassthru']);
}
// Check if EVE OUTPUT TYPE is 'syslog' and auto-enable Suricata syslog output if true.
if ($natent['eve_output_type'] == "syslog" && $natent['alertsystemlog'] == "off") {
$natent['alertsystemlog'] = "on";
$savemsg = gettext("EVE Output to syslog requires Suricata alerts to be copied to the system log, so 'Send Alerts to System Log' has been auto-enabled.");
}
$if_real = get_real_interface($natent['interface']);
if (isset($id) && $a_rule[$id] && $action == '') {
// See if moving an existing Suricata instance to another physical interface
if ($natent['interface'] != $a_rule[$id]['interface']) {
$oif_real = get_real_interface($a_rule[$id]['interface']);
if (suricata_is_running($a_rule[$id]['uuid'], $oif_real)) {
suricata_stop($a_rule[$id], $oif_real);
$suricata_start = true;
} else {
$suricata_start = false;
}
@rename("{$suricatalogdir}suricata_{$oif_real}{$a_rule[$id]['uuid']}", "{$suricatalogdir}suricata_{$if_real}{$a_rule[$id]['uuid']}");
conf_mount_rw();
@rename("{$suricatadir}suricata_{$a_rule[$id]['uuid']}_{$oif_real}", "{$suricatadir}suricata_{$a_rule[$id]['uuid']}_{$if_real}");
conf_mount_ro();
}
$a_rule[$id] = $natent;
} elseif (strcasecmp($action, 'dup') == 0) {
// Duplicating an existing interface to a new interface, so set flag to build new rules
$rebuild_rules = true;
// Duplicating an interface, so need to generate a new UUID for the cloned interface
<?php
/* convert fake interfaces to real and check if iface is up */
/* There has to be a smarter way to do this */
$if_real = get_real_interface($natent['interface']);
$natend_friendly = convert_friendly_interface_to_friendly_descr($natent['interface']);
$suricata_uuid = $natent['uuid'];
if (!suricata_is_running($suricata_uuid, $if_real)) {
$iconfn = 'block';
$iconfn_msg1 = 'Suricata is not running on ';
$iconfn_msg2 = '. Click to start.';
} else {
$iconfn = 'pass';
$iconfn_msg1 = 'Suricata is running on ';
$iconfn_msg2 = '. Click to stop.';
}
if (!suricata_is_running($suricata_uuid, $if_real, 'barnyard2')) {
$biconfn = 'block';
$biconfn_msg1 = 'Barnyard2 is not running on ';
$biconfn_msg2 = '. Click to start.';
} else {
$biconfn = 'pass';
$biconfn_msg1 = 'Barnyard2 is running on ';
$biconfn_msg2 = '. Click to stop.';
}
/* See if interface has any rules defined and set boolean flag */
$no_rules = true;
if (isset($natent['customrules']) && !empty($natent['customrules'])) {
$no_rules = false;
}
if (isset($natent['rulesets']) && !empty($natent['rulesets'])) {
$no_rules = false;
