if ($_POST['barnyard_bro_ids_dport']) { $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; } else { $natent['barnyard_bro_ids_dport'] = '47760'; } if ($_POST['barnconfigpassthru']) { $natent['barnconfigpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['barnconfigpassthru'])); } else { unset($natent['barnconfigpassthru']); } $a_nat[$id] = $natent; write_config("Suricata pkg: modified Barnyard2 settings."); // No need to rebuild rules for Barnyard2 changes $rebuild_rules = false; conf_mount_rw(); sync_suricata_package_config(); conf_mount_ro(); // If disabling Barnyard2 on the interface, stop any // currently running instance. If an instance is // running, signal it to reload the configuration. // If Barnyard2 is enabled but not running, start it. if ($a_nat[$id]['barnyard_enable'] == "off") { suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); } elseif ($a_nat[$id]['barnyard_enable'] == "on") { if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) { suricata_barnyard_reload_config($a_nat[$id], "HUP"); } else { // Notify user a Suricata restart is required if enabling Barnyard2 for the first time $savemsg = gettext("NOTE: you must restart Suricata on this interface to activate unified2 logging for Barnyard2."); } }
function suricata_add_supplist_entry($suppress) { /************************************************/ /* Adds the passed entry to the Suppress List */ /* for the active interface. If a Suppress */ /* List is defined for the interface, it is */ /* used. If no list is defined, a new default */ /* list is created using the interface name. */ /* */ /* On Entry: */ /* $suppress --> suppression entry text */ /* */ /* Returns: */ /* TRUE if successful or FALSE on failure */ /************************************************/ global $config, $a_instance, $instanceid; if (!is_array($config['installedpackages']['suricata']['suppress'])) { $config['installedpackages']['suricata']['suppress'] = array(); } if (!is_array($config['installedpackages']['suricata']['suppress']['item'])) { $config['installedpackages']['suricata']['suppress']['item'] = array(); } $a_suppress =& $config['installedpackages']['suricata']['suppress']['item']; $found_list = false; /* If no Suppress List is set for the interface, then create one with the interface name */ if (empty($a_instance[$instanceid]['suppresslistname']) || $a_instance[$instanceid]['suppresslistname'] == 'default') { $s_list = array(); $s_list['uuid'] = uniqid(); $s_list['name'] = $a_instance[$instanceid]['interface'] . "suppress" . "_" . $s_list['uuid']; $s_list['descr'] = "Auto-generated list for Alert suppression"; $s_list['suppresspassthru'] = base64_encode($suppress); $a_suppress[] = $s_list; $a_instance[$instanceid]['suppresslistname'] = $s_list['name']; $found_list = true; } else { /* If we get here, a Suppress List is defined for the interface so see if we can find it */ foreach ($a_suppress as $a_id => $alist) { if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) { $found_list = true; if (!empty($alist['suppresspassthru'])) { $tmplist = base64_decode($alist['suppresspassthru']); $tmplist .= "\n{$suppress}"; $alist['suppresspassthru'] = base64_encode($tmplist); $a_suppress[$a_id] = $alist; } else { $alist['suppresspassthru'] = base64_encode($suppress); $a_suppress[$a_id] = $alist; } } } } /* If we created a new list or updated an existing one, save the change */ /* and return true; otherwise return false. */ if ($found_list) { write_config(); sync_suricata_package_config(); return true; } else { return false; } }