if ($_POST['sign_time'] == 'onehour') {
install_cron_job('/usr/local/bin/log_signer', true, '0', '*', '*', '*', '*', 'root');
}
}
install_cron_job('/usr/local/bin/log_sender', false, '*', '*', '*', '*', '*', 'root');
} else {
if ($_POST['sign_type'] == 'remote') {
install_cron_job('/usr/local/bin/log_signer', false, '*', '*', '*', '*', '*', 'root');
smbfileInit($_POST['smbhostname'], $_POST['smbusername'], $_POST['smbpassword'], $_POST['smbfolder']);
install_cron_job('/usr/local/bin/log_sender', true, '0', '*/4', '*', '*', '*', 'root');
}
}
} else {
install_cron_job('/usr/local/bin/dhcp_logger', false, '*', '*', '*', '*', '*', 'root');
install_cron_job('/usr/local/bin/log_signer', false, '*', '*', '*', '*', '*', 'root');
install_cron_job('/usr/local/bin/log_sender', false, '*', '*', '*', '*', '*', 'root');
}
$savemsg = 'Ayarlar başarıyla kaydedildi.';
}
}
?>
<?php
include 'head.inc';
?>
</head>
<body>
<?php
include 'fbegin.inc';
?>
// Move deprecated_rules file to SURICATADIR/rules directory
@rename("/usr/local/pkg/suricata/deprecated_rules", "{$suricatadir}rules/deprecated_rules");
/*********************************************************/
/* START OF BUG FIX CODE */
/* */
/* Remove any Suricata cron tasks that may have been */
/* left from a previous uninstall due to a bug that */
/* saved edited cron tasks as new ones while still */
/* leaving the original task. Correct cron task */
/* entries will be recreated below if saved settings */
/* are detected. */
/*********************************************************/
$cron_count = 0;
$suri_pf_table = SURICATA_PF_TABLE;
while (suricata_cron_job_exists($suri_pf_table, FALSE)) {
install_cron_job($suri_pf_table, false);
$cron_count++;
}
if ($cron_count > 0) {
log_error(gettext("[Suricata] Removed {$cron_count} duplicate 'remove_blocked_hosts' cron task(s)."));
}
/*********************************************************/
/* END OF BUG FIX CODE */
/*********************************************************/
// remake saved settings if previously flagged
if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
update_status(gettext("Saved settings detected..."));
/****************************************************************/
/* Do test and fix for duplicate UUIDs if this install was */
/* impacted by the DUP (clone) bug that generated a duplicate */
} else {
unset($config['system']['tftpinterface']);
}
if ($_POST['bogonsinterval'] != $config['system']['bogons']['interval']) {
switch ($_POST['bogonsinterval']) {
case 'daily':
install_cron_job("/usr/bin/nice -n20 /etc/rc.update_bogons.sh", true, "1", "3", "*", "*", "*");
break;
case 'weekly':
install_cron_job("/usr/bin/nice -n20 /etc/rc.update_bogons.sh", true, "1", "3", "*", "*", "0");
break;
case 'monthly':
// fall through
// fall through
default:
install_cron_job("/usr/bin/nice -n20 /etc/rc.update_bogons.sh", true, "1", "3", "1", "*", "*");
}
$config['system']['bogons']['interval'] = $_POST['bogonsinterval'];
}
write_config();
// Kill filterdns when value changes, filter_configure() will restart it
if ($old_aliasesresolveinterval != $config['system']['aliasesresolveinterval'] && isvalidpid("{$g['varrun_path']}/filterdns.pid")) {
killbypid("{$g['varrun_path']}/filterdns.pid");
}
$retval = 0;
$retval = filter_configure();
if (stristr($retval, "error") != true) {
$savemsg = get_std_save_message($retval);
$class = 'success';
} else {
$savemsg = $retval;
sleep(1);
// Delete any leftover suricata PID files in /var/run
unlink_if_exists("{$g['varrun_path']}/suricata_*.pid");
/* Make sure all active Barnyard2 processes are terminated */
/* Log a message only if a running process is detected */
if (is_service_running("barnyard2")) {
log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces..."));
}
killbyname("barnyard2");
sleep(1);
// Delete any leftover barnyard2 PID files in /var/run
unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid");
/* Remove the Suricata cron jobs. */
install_cron_job("suricata_check_for_rule_updates.php", false);
install_cron_job("suricata_check_cron_misc.inc", false);
install_cron_job("{$suri_pf_table}", false);
/* See if we are to keep Suricata log files on uninstall */
if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') {
log_error(gettext("[Suricata] Clearing all Suricata-related log files..."));
@unlink("{$suricata_rules_upd_log}");
mwexec("/bin/rm -rf {$suricatalogdir}");
}
// Mount filesystem read-write to remove our files
conf_mount_rw();
/* Remove the Suricata GUI app directories */
mwexec("/bin/rm -rf /usr/local/pkg/suricata");
mwexec("/bin/rm -rf /usr/local/www/suricata");
/* Remove our associated Dashboard widget config and files. */
/* If "save settings" is enabled, then save old widget */
/* container settings so we can restore them later. */
$widgets = $config['widgets']['sequence'];
} else {
unset($config['system']['ftp-proxy']['client']);
}
if ($_POST['bogonsinterval'] != $config['system']['bogons']['interval']) {
switch ($_POST['bogonsinterval']) {
case 'daily':
install_cron_job("/usr/local/etc/rc.update_bogons", true, "1", "3", "*", "*", "*");
break;
case 'weekly':
install_cron_job("/usr/local/etc/rc.update_bogons", true, "1", "3", "*", "*", "0");
break;
case 'monthly':
// fall through
// fall through
default:
install_cron_job("/usr/local/etc/rc.update_bogons", true, "1", "3", "1", "*", "*");
}
$config['system']['bogons']['interval'] = $_POST['bogonsinterval'];
}
write_config();
// Kill filterdns when value changes, filter_configure() will restart it
if ($old_aliasesresolveinterval != $config['system']['aliasesresolveinterval']) {
killbypid('/var/run/filterdns.pid');
}
$retval = 0;
$retval = filter_configure();
if (stristr($retval, "error") != true) {
$savemsg = get_std_save_message();
} else {
$savemsg = $retval;
}
$config['system']['use_mfs_tmpvar'] = true;
} elseif (isset($config['system']['use_mfs_tmpvar'])) {
unset($config['system']['use_mfs_tmpvar']);
}
if (!empty($pconfig['rrdbackup'])) {
$config['system']['rrdbackup'] = $_POST['rrdbackup'];
install_cron_job("/usr/local/etc/rc.backup_rrd", $config['system']['rrdbackup'] > 0, $minute = "0", "*/{$config['system']['rrdbackup']}");
} elseif (isset($config['system']['rrdbackup'])) {
install_cron_job("/usr/local/etc/rc.backup_rrd", false, $minute = "0", "*/{$config['system']['rrdbackup']}");
unset($config['system']['rrdbackup']);
}
if (!empty($pconfig['dhcpbackup'])) {
$config['system']['dhcpbackup'] = $pconfig['dhcpbackup'];
install_cron_job("/usr/local/etc/rc.backup_dhcpleases", $config['system']['dhcpbackup'] > 0, $minute = "0", "*/{$config['system']['dhcpbackup']}");
} elseif (isset($config['system']['dhcpbackup'])) {
install_cron_job("/usr/local/etc/rc.backup_dhcpleases", false, $minute = "0", "*/{$config['system']['dhcpbackup']}");
unset($config['system']['dhcpbackup']);
}
write_config();
$savemsg = get_std_save_message();
system_resolvconf_generate(true);
filter_configure();
activate_powerd();
load_crypto();
load_thermal_hardware();
if ($need_relayd_restart) {
relayd_configure();
}
}
}
legacy_html_escape_form_data($pconfig);
if (isset($_POST['dhcpbackup'])) {
if ($_POST['dhcpbackup'] > 0 && $_POST['dhcpbackup'] <= 24) {
$config['system']['dhcpbackup'] = intval($_POST['dhcpbackup']);
} else {
unset($config['system']['dhcpbackup']);
}
}
// Add/Remove RAM disk periodic backup cron jobs according to settings and installation type.
// Remove the cron jobs on full install if not using RAM disk.
// Add the cron jobs on all others if the periodic backup option is set. Otherwise the cron job is removed.
if ($g['platform'] == $g['product_name'] && !isset($config['system']['use_mfs_tmpvar'])) {
install_cron_job("/etc/rc.backup_rrd.sh", false);
install_cron_job("/etc/rc.backup_dhcpleases.sh", false);
} else {
install_cron_job("/etc/rc.backup_rrd.sh", $config['system']['rrdbackup'] > 0, $minute = "0", "*/{$config['system']['rrdbackup']}");
install_cron_job("/etc/rc.backup_dhcpleases.sh", $config['system']['dhcpbackup'] > 0, $minute = "0", "*/{$config['system']['dhcpbackup']}");
}
write_config();
$retval = 0;
system_resolvconf_generate(true);
$retval = filter_configure();
if (stristr($retval, "error") != true) {
$savemsg = get_std_save_message(gettext($retval));
} else {
$savemsg = gettext($retval);
}
activate_powerd();
load_crypto();
load_thermal_hardware();
if ($need_relayd_restart) {
relayd_configure();
$input_errors[] = gettext("The supplied 'Password' and 'Confirm' field values must match.");
}
if (is_uploaded_file($_FILES['GDriveP12file']['tmp_name'])) {
$data = file_get_contents($_FILES['GDriveP12file']['tmp_name']);
$config['system']['remotebackup']['GDriveP12key'] = base64_encode($data);
} elseif ($config['system']['remotebackup']['GDriveEnabled'] != "on") {
unset($config['system']['remotebackup']['GDriveP12key']);
}
write_config();
// test / perform backup
try {
$filesInBackup = backup_to_google_drive();
$cron_job = "/usr/local/opnsense/scripts/remote_backup.php";
if (!cron_job_exists($cron_job)) {
// initial cron job install
install_cron_job($cron_job, true, 0, 1);
}
} catch (Exception $e) {
$filesInBackup = array();
}
if (count($filesInBackup) == 0) {
$input_errors[] = gettext("Google Drive communication failure");
} else {
$input_messages = gettext("Backup succesfull, current filelist:");
foreach ($filesInBackup as $filename => $file) {
$input_messages = $input_messages . "<br>" . $filename;
}
}
}
}
include "head.inc";
function pfb_cron_update($type)
{
global $pfb;
// Query for any active pfBlockerNG CRON jobs
exec('/bin/ps -wx', $result_cron);
if (preg_grep("/pfblockerng[.]php\\s+?(cron|update)/", $result_cron)) {
pfbupdate_status(gettext("Force {$type} Terminated - Failed due to Active Running Task. Click 'View' for running process"));
exit;
}
if (!file_exists("{$pfb['log']}")) {
touch("{$pfb['log']}");
}
// Update status window with correct task
if ($type == 'update') {
pfbupdate_status(gettext('Running Force Update Task'));
} elseif ($type == 'reload') {
$reload_type = htmlspecialchars($_POST['rmode']);
pfbupdate_status(gettext("Running Force Reload Task - {$reload_type}"));
switch ($reload_type) {
case 'IP':
$type = 'updateip';
break;
case 'DNSBL':
$type = 'updatednsbl';
rmdir_recursive("{$pfb['dnsdir']}");
break;
case 'All':
default:
$type = 'update';
rmdir_recursive("{$pfb['dnsdir']}");
}
} else {
pfbupdate_status(gettext('Running Force CRON Task'));
}
// Remove any existing pfBlockerNG CRON Jobs
install_cron_job('pfblockerng.php cron', false);
// Execute PHP process in the background
mwexec_bg("/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php {$type} >> {$pfb['log']} 2>&1");
// Execute Live Tail function
pfb_livetail($pfb['log'], 'force');
}
unlink_if_exists("/usr/local/pkg/widget-snort.xml");
}
/* Define a default Dashboard Widget Container for Snort */
$snort_widget_container = "snort_alerts-container:col2:close";
/*********************************************************/
/* START OF BUG FIX CODE */
/* */
/* Remove any Snort cron tasks that may have been left */
/* from a previous uninstall due to a bug that saved */
/* edited cron tasks as new ones while still leaving */
/* the original task. Correct cron task entries will */
/* be recreated below if saved settings are detected. */
/*********************************************************/
$cron_count = 0;
while (snort_cron_job_exists("snort2c", FALSE)) {
install_cron_job("snort2c", false);
$cron_count++;
}
if ($cron_count > 0) {
log_error(gettext("[Snort] Removed {$cron_count} duplicate 'remove_blocked_hosts' cron task(s)."));
}
/*********************************************************/
/* END OF BUG FIX CODE */
/*********************************************************/
/* remake saved settings */
if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') {
log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings..."));
update_status(gettext("Saved settings detected..."));
/****************************************************************/
/* Do test and fix for duplicate UUIDs if this install was */
/* impacted by the DUP (clone) bug that generated a duplicate */
$pconfig['iqrisk_code'] = $config['installedpackages']['suricata']['config'][0]['iqrisk_code'];
}
// Validate IQRisk settings if enabled and saving them
if ($_POST['save']) {
if ($pconfig['et_iqrisk_enable'] == 'on' && empty($pconfig['iqrisk_code'])) {
$input_errors[] = gettext("You must provide a valid IQRisk subscription code when IQRisk downloads are enabled!");
}
if (!$input_errors) {
$config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = $_POST['et_iqrisk_enable'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['iqrisk_code'] = $_POST['iqrisk_code'];
write_config("Suricata pkg: modified IP Lists settings.");
/* Toggle cron task for ET IQRisk updates if setting was changed */
if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) {
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, "*/6", "*", "*", "*", "root");
} elseif ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) {
install_cron_job("/usr/local/pkg/suricata/suricata_etiqrisk_update.php", FALSE);
}
/* Peform a manual ET IQRisk file check/download */
if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on') {
include "/usr/local/pkg/suricata/suricata_etiqrisk_update.php";
}
}
}
if (isset($_POST['upload'])) {
if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["iprep_fileup"]["tmp_name"];
$name = $_FILES["iprep_fileup"]["name"];
move_uploaded_file($tmp_name, "{$iprep_path}{$name}");
} else {
$input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}");
}
function pfb_cron_update($type)
{
global $pfb;
// Query for any Active pfBlockerNG CRON Jobs
$result_cron = array();
$cron_event = exec("/bin/ps -wx", $result_cron);
if (preg_grep("/pfblockerng[.]php\\s+cron/", $result_cron) || preg_grep("/pfblockerng[.]php\\s+update/", $result_cron)) {
pfbupdate_status(gettext("Force {$type} Terminated - Failed due to Active Running Task"));
exit;
}
if (!file_exists("{$pfb['log']}")) {
touch("{$pfb['log']}");
}
// Update Status Window with correct Task
if ($type == "update") {
pfbupdate_status(gettext("Running Force Update Task"));
} elseif ($type == "reload") {
pfbupdate_status(gettext("Running Force Reload Task"));
$type = "update";
} else {
pfbupdate_status(gettext("Running Force CRON Task"));
}
// Remove any existing pfBlockerNG CRON Jobs
install_cron_job("pfblockerng.php cron", false);
// Execute PHP Process in the Background
mwexec_bg("/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php {$type} >> {$pfb['log']} 2>&1");
// Start at EOF
$lastpos_old = "";
$len = filesize("{$pfb['log']}");
$lastpos = $len;
while (true) {
usleep(300000);
//0.3s
clearstatcache(false, $pfb['log']);
$len = filesize("{$pfb['log']}");
if ($len < $lastpos) {
//file deleted or reset
$lastpos = $len;
} else {
$f = fopen($pfb['log'], "rb");
if ($f === false) {
die;
}
fseek($f, $lastpos);
while (!feof($f)) {
$pfb_buffer = fread($f, 2048);
$pfb_output .= str_replace(array("\r", "\")"), "", $pfb_buffer);
// Refresh on new lines only. This allows Scrolling.
if ($lastpos != $lastpos_old) {
pfbupdate_output($pfb_output);
}
$lastpos_old = $lastpos;
ob_flush();
flush();
}
$lastpos = ftell($f);
fclose($f);
}
// Capture Remaining Output before closing File
if (preg_match("/(UPDATE PROCESS ENDED)/", $pfb_output)) {
$f = fopen($pfb['log'], "rb");
fseek($f, $lastpos);
$pfb_buffer = fread($f, 2048);
$pfb_output .= str_replace("\r", "", $pfb_buffer);
pfbupdate_output($pfb_output);
clearstatcache(false, $pfb['log']);
ob_flush();
flush();
fclose($f);
// Call Log Mgmt Function
pfb_log_mgmt();
die;
}
}
}
unlink_if_exists("{$g['varrun_path']}/suricata_*.pid");
/* Make sure all active Barnyard2 processes are terminated */
/* Log a message only if a running process is detected */
if (is_service_running("barnyard2")) {
log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces..."));
}
killbyname("barnyard2");
sleep(1);
// Delete any leftover barnyard2 PID files in /var/run
unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid");
/* Remove the Suricata cron jobs. */
install_cron_job("suricata_check_for_rule_updates.php", false);
install_cron_job("suricata_check_cron_misc.inc", false);
install_cron_job("{$suri_pf_table}", false);
install_cron_job("suricata_geoipupdate.php", false);
install_cron_job("suricata_etiqrisk_update.php", false);
/* See if we are to keep Suricata log files on uninstall */
if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') {
log_error(gettext("[Suricata] Clearing all Suricata-related log files..."));
unlink_if_exists("{$suricata_rules_upd_log}");
rmdir_recursive("{$suricatalogdir}");
}
/**************************************************/
/* If not already, set Suricata conf partition to */
/* read-write so we can make changes there */
/**************************************************/
if (!is_subsystem_dirty('mount')) {
conf_mount_rw();
$mounted_rw = TRUE;
}
/* Remove the Suricata GUI app directories */
$_POST['autoruleupdatetime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2);
}
$config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT);
}
$config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['log_to_systemlog_facility'] = $_POST['log_to_systemlog_facility'];
$config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
$retval = 0;
write_config("Suricata pkg: modified global settings.");
/* Toggle cron task for GeoIP database updates if setting was changed */
if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_geoipupdate.php")) {
include "/usr/local/pkg/suricata/suricata_geoipupdate.php";
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root");
} elseif ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_geoipupdate.php")) {
install_cron_job("/usr/local/pkg/suricata/suricata_geoipupdate.php", FALSE);
}
/* create passlist and homenet file, then sync files */
conf_mount_rw();
sync_suricata_package_config();
conf_mount_ro();
/* forces page to reload new settings */
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header("Location: /suricata/suricata_global.php");
exit;
}
}
