}
 /* Clear the rebuild rules flag.  */
 $rebuild_rules = false;
 /* Restart Suricata if already running and we are not in post-install, so as to pick up the new rules. */
 if (is_process_running("suricata") && !$g['suricata_postinstall'] && count($config['installedpackages']['suricata']['rule']) > 0) {
     // See if "Live Reload" is configured and signal each Suricata instance
     // if enabled, else just do a hard restart of all the instances.
     if ($config['installedpackages']['suricata']['config'][0]['live_swap_updates'] == 'on') {
         if ($pkg_interface != "console") {
             update_status(gettext('Signaling Suricata to live-load the new set of rules...'));
             update_output_window(gettext("Please wait ... the process should complete in a few seconds..."));
         }
         log_error(gettext("[Suricata] Live-Reload of rules from auto-update is enabled..."));
         error_log(gettext("\tLive-Reload of updated rules is enabled...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
         foreach ($config['installedpackages']['suricata']['rule'] as $value) {
             suricata_reload_config($value);
             error_log(gettext("\tLive swap of updated rules requested for " . convert_friendly_interface_to_friendly_descr($value['interface']) . ".\n"), 3, SURICATA_RULES_UPD_LOGFILE);
         }
         log_error(gettext("[Suricata] Live-Reload of updated rules completed..."));
         error_log(gettext("\tLive-Reload of the updated rules is complete.\n"), 3, SURICATA_RULES_UPD_LOGFILE);
     } else {
         if ($pkg_interface != "console") {
             update_status(gettext('Restarting Suricata to activate the new set of rules...'));
             update_output_window(gettext("Please wait ... restarting Suricata will take some time..."));
         }
         error_log(gettext("\tRestarting Suricata to activate the new set of rules...\n"), 3, SURICATA_RULES_UPD_LOGFILE);
         restart_service("suricata");
         if ($pkg_interface != "console") {
             update_output_window(gettext("Suricata has restarted with your new set of rules..."));
         }
         log_error(gettext("[Suricata] Suricata has restarted with your new set of rules..."));
Ejemplo n.º 2
0
    } else {
        $a_nat[$id]['autoflowbitrules'] = 'off';
        unlink_if_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
    }
    write_config("Suricata pkg: save enabled rule categories for {$a_nat[$id]['interface']}.");
    /*************************************************/
    /* Update the suricata.yaml file and rebuild the */
    /* rules for this interface.                     */
    /*************************************************/
    $rebuild_rules = true;
    conf_mount_rw();
    suricata_generate_yaml($a_nat[$id]);
    conf_mount_ro();
    $rebuild_rules = false;
    /* Signal Suricata to "live reload" the rules */
    suricata_reload_config($a_nat[$id]);
    $pconfig = $_POST;
    $enabled_rulesets_array = explode("||", $enabled_items);
    if (suricata_is_running($suricata_uuid, $if_real)) {
        $savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface.");
    }
    // Sync to configured CARP slaves if any are enabled
    suricata_sync_on_changes();
} elseif ($_POST['unselectall']) {
    if ($_POST['ips_policy_enable'] == "on") {
        $a_nat[$id]['ips_policy_enable'] = 'on';
        $a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
    } else {
        $a_nat[$id]['ips_policy_enable'] = 'off';
        unset($a_nat[$id]['ips_policy']);
    }
Ejemplo n.º 3
0
    } else {
        unset($a_instance[$instanceid]['rule_sid_off']);
    }
    /* Update the config.xml file. */
    write_config();
    /*************************************************/
    /* Update the suricata.yaml file and rebuild the */
    /* rules for this interface.                     */
    /*************************************************/
    $rebuild_rules = true;
    conf_mount_rw();
    suricata_generate_yaml($a_instance[$instanceid]);
    conf_mount_ro();
    $rebuild_rules = false;
    /* Signal Suricata to live-load the new rules */
    suricata_reload_config($a_instance[$instanceid]);
    // Sync to configured CARP slaves if any are enabled
    suricata_sync_on_changes();
    sleep(2);
    $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified.  Suricata is 'live-reloading' the new rules list.  Please wait at least 15 secs for the process to complete before toggling additional rules.");
}
if ($_POST['delete']) {
    suricata_post_delete_logs($suricata_uuid);
    $fd = @fopen("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/alerts.log", "w+");
    if ($fd) {
        fclose($fd);
    }
    /* XXX: This is needed if suricata is run as suricata user */
    mwexec('/bin/chmod 660 {$suricatalogdir}*', true);
    header("Location: /suricata/suricata_alerts.php?instance={$instanceid}");
    exit;
    // Sync to configured CARP slaves if any are enabled
    suricata_sync_on_changes();
} elseif ($_POST['apply']) {
    /* Save new configuration */
    write_config("Suricata pkg: new rules configuration for {$a_rule[$id]['interface']}.");
    /*************************************************/
    /* Update the suricata.yaml file and rebuild the */
    /* rules for this interface.                     */
    /*************************************************/
    $rebuild_rules = true;
    conf_mount_rw();
    suricata_generate_yaml($a_rule[$id]);
    conf_mount_ro();
    $rebuild_rules = false;
    /* Signal Suricata to "live reload" the rules */
    suricata_reload_config($a_rule[$id]);
    // We have saved changes and done a soft restart, so clear "dirty" flag
    clear_subsystem_dirty('suricata_rules');
    // Sync to configured CARP slaves if any are enabled
    suricata_sync_on_changes();
}
include_once "head.inc";
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset}");
?>

<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php 
include "fbegin.inc";
?>