$pconfig['et_iqrisk_enable'] = $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'];
$pconfig['iqrisk_code'] = $config['installedpackages']['suricata']['config'][0]['iqrisk_code'];
}
// Validate IQRisk settings if enabled and saving them
if ($_POST['save']) {
if ($pconfig['et_iqrisk_enable'] == 'on' && empty($pconfig['iqrisk_code'])) {
$input_errors[] = gettext("You must provide a valid IQRisk subscription code when IQRisk downloads are enabled!");
}
if (!$input_errors) {
$config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = $_POST['et_iqrisk_enable'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['iqrisk_code'] = $_POST['iqrisk_code'];
write_config("Suricata pkg: modified IP Lists settings.");
/* Toggle cron task for ET IQRisk updates if setting was changed */
if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) {
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, "*/6", "*", "*", "*", "root");
} elseif ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) {
install_cron_job("/usr/local/pkg/suricata/suricata_etiqrisk_update.php", FALSE);
}
/* Peform a manual ET IQRisk file check/download */
if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on') {
include "/usr/local/pkg/suricata/suricata_etiqrisk_update.php";
}
}
}
if (isset($_POST['upload'])) {
if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["iprep_fileup"]["tmp_name"];
$name = $_FILES["iprep_fileup"]["name"];
move_uploaded_file($tmp_name, "{$iprep_path}{$name}");
} else {
$input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}");
}
// Move deprecated_rules file to SURICATADIR/rules directory
@rename("/usr/local/pkg/suricata/deprecated_rules", "{$suricatadir}rules/deprecated_rules");
/*********************************************************/
/* START OF BUG FIX CODE */
/* */
/* Remove any Suricata cron tasks that may have been */
/* left from a previous uninstall due to a bug that */
/* saved edited cron tasks as new ones while still */
/* leaving the original task. Correct cron task */
/* entries will be recreated below if saved settings */
/* are detected. */
/*********************************************************/
$cron_count = 0;
$suri_pf_table = SURICATA_PF_TABLE;
while (suricata_cron_job_exists($suri_pf_table, FALSE)) {
install_cron_job($suri_pf_table, false);
$cron_count++;
}
if ($cron_count > 0) {
log_error(gettext("[Suricata] Removed {$cron_count} duplicate 'remove_blocked_hosts' cron task(s)."));
}
/*********************************************************/
/* END OF BUG FIX CODE */
/*********************************************************/
// remake saved settings if previously flagged
if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') {
log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings..."));
update_status(gettext("Saved settings detected..."));
/****************************************************************/
/* Do test and fix for duplicate UUIDs if this install was */
$tmp = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT);
$_POST['autoruleupdatetime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2);
}
$config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT);
}
$config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['log_to_systemlog_facility'] = $_POST['log_to_systemlog_facility'];
$config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off';
$config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off';
$retval = 0;
write_config("Suricata pkg: modified global settings.");
/* Toggle cron task for GeoIP database updates if setting was changed */
if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_geoipupdate.php")) {
include "/usr/local/pkg/suricata/suricata_geoipupdate.php";
install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root");
} elseif ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_geoipupdate.php")) {
install_cron_job("/usr/local/pkg/suricata/suricata_geoipupdate.php", FALSE);
}
/* create passlist and homenet file, then sync files */
conf_mount_rw();
sync_suricata_package_config();
conf_mount_ro();
/* forces page to reload new settings */
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header("Location: /suricata/suricata_global.php");
exit;
}
