if ($_POST['sign_time'] == 'onehour') { install_cron_job('/usr/local/bin/log_signer', true, '0', '*', '*', '*', '*', 'root'); } } install_cron_job('/usr/local/bin/log_sender', false, '*', '*', '*', '*', '*', 'root'); } else { if ($_POST['sign_type'] == 'remote') { install_cron_job('/usr/local/bin/log_signer', false, '*', '*', '*', '*', '*', 'root'); smbfileInit($_POST['smbhostname'], $_POST['smbusername'], $_POST['smbpassword'], $_POST['smbfolder']); install_cron_job('/usr/local/bin/log_sender', true, '0', '*/4', '*', '*', '*', 'root'); } } } else { install_cron_job('/usr/local/bin/dhcp_logger', false, '*', '*', '*', '*', '*', 'root'); install_cron_job('/usr/local/bin/log_signer', false, '*', '*', '*', '*', '*', 'root'); install_cron_job('/usr/local/bin/log_sender', false, '*', '*', '*', '*', '*', 'root'); } $savemsg = 'Ayarlar başarıyla kaydedildi.'; } } ?> <?php include 'head.inc'; ?> </head> <body> <?php include 'fbegin.inc'; ?>
// Move deprecated_rules file to SURICATADIR/rules directory @rename("/usr/local/pkg/suricata/deprecated_rules", "{$suricatadir}rules/deprecated_rules"); /*********************************************************/ /* START OF BUG FIX CODE */ /* */ /* Remove any Suricata cron tasks that may have been */ /* left from a previous uninstall due to a bug that */ /* saved edited cron tasks as new ones while still */ /* leaving the original task. Correct cron task */ /* entries will be recreated below if saved settings */ /* are detected. */ /*********************************************************/ $cron_count = 0; $suri_pf_table = SURICATA_PF_TABLE; while (suricata_cron_job_exists($suri_pf_table, FALSE)) { install_cron_job($suri_pf_table, false); $cron_count++; } if ($cron_count > 0) { log_error(gettext("[Suricata] Removed {$cron_count} duplicate 'remove_blocked_hosts' cron task(s).")); } /*********************************************************/ /* END OF BUG FIX CODE */ /*********************************************************/ // remake saved settings if previously flagged if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] == 'on') { log_error(gettext("[Suricata] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); /****************************************************************/ /* Do test and fix for duplicate UUIDs if this install was */ /* impacted by the DUP (clone) bug that generated a duplicate */
} else { unset($config['system']['tftpinterface']); } if ($_POST['bogonsinterval'] != $config['system']['bogons']['interval']) { switch ($_POST['bogonsinterval']) { case 'daily': install_cron_job("/usr/bin/nice -n20 /etc/rc.update_bogons.sh", true, "1", "3", "*", "*", "*"); break; case 'weekly': install_cron_job("/usr/bin/nice -n20 /etc/rc.update_bogons.sh", true, "1", "3", "*", "*", "0"); break; case 'monthly': // fall through // fall through default: install_cron_job("/usr/bin/nice -n20 /etc/rc.update_bogons.sh", true, "1", "3", "1", "*", "*"); } $config['system']['bogons']['interval'] = $_POST['bogonsinterval']; } write_config(); // Kill filterdns when value changes, filter_configure() will restart it if ($old_aliasesresolveinterval != $config['system']['aliasesresolveinterval'] && isvalidpid("{$g['varrun_path']}/filterdns.pid")) { killbypid("{$g['varrun_path']}/filterdns.pid"); } $retval = 0; $retval = filter_configure(); if (stristr($retval, "error") != true) { $savemsg = get_std_save_message($retval); $class = 'success'; } else { $savemsg = $retval;
sleep(1); // Delete any leftover suricata PID files in /var/run unlink_if_exists("{$g['varrun_path']}/suricata_*.pid"); /* Make sure all active Barnyard2 processes are terminated */ /* Log a message only if a running process is detected */ if (is_service_running("barnyard2")) { log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces...")); } killbyname("barnyard2"); sleep(1); // Delete any leftover barnyard2 PID files in /var/run unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); /* Remove the Suricata cron jobs. */ install_cron_job("suricata_check_for_rule_updates.php", false); install_cron_job("suricata_check_cron_misc.inc", false); install_cron_job("{$suri_pf_table}", false); /* See if we are to keep Suricata log files on uninstall */ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { log_error(gettext("[Suricata] Clearing all Suricata-related log files...")); @unlink("{$suricata_rules_upd_log}"); mwexec("/bin/rm -rf {$suricatalogdir}"); } // Mount filesystem read-write to remove our files conf_mount_rw(); /* Remove the Suricata GUI app directories */ mwexec("/bin/rm -rf /usr/local/pkg/suricata"); mwexec("/bin/rm -rf /usr/local/www/suricata"); /* Remove our associated Dashboard widget config and files. */ /* If "save settings" is enabled, then save old widget */ /* container settings so we can restore them later. */ $widgets = $config['widgets']['sequence'];
} else { unset($config['system']['ftp-proxy']['client']); } if ($_POST['bogonsinterval'] != $config['system']['bogons']['interval']) { switch ($_POST['bogonsinterval']) { case 'daily': install_cron_job("/usr/local/etc/rc.update_bogons", true, "1", "3", "*", "*", "*"); break; case 'weekly': install_cron_job("/usr/local/etc/rc.update_bogons", true, "1", "3", "*", "*", "0"); break; case 'monthly': // fall through // fall through default: install_cron_job("/usr/local/etc/rc.update_bogons", true, "1", "3", "1", "*", "*"); } $config['system']['bogons']['interval'] = $_POST['bogonsinterval']; } write_config(); // Kill filterdns when value changes, filter_configure() will restart it if ($old_aliasesresolveinterval != $config['system']['aliasesresolveinterval']) { killbypid('/var/run/filterdns.pid'); } $retval = 0; $retval = filter_configure(); if (stristr($retval, "error") != true) { $savemsg = get_std_save_message(); } else { $savemsg = $retval; }
$config['system']['use_mfs_tmpvar'] = true; } elseif (isset($config['system']['use_mfs_tmpvar'])) { unset($config['system']['use_mfs_tmpvar']); } if (!empty($pconfig['rrdbackup'])) { $config['system']['rrdbackup'] = $_POST['rrdbackup']; install_cron_job("/usr/local/etc/rc.backup_rrd", $config['system']['rrdbackup'] > 0, $minute = "0", "*/{$config['system']['rrdbackup']}"); } elseif (isset($config['system']['rrdbackup'])) { install_cron_job("/usr/local/etc/rc.backup_rrd", false, $minute = "0", "*/{$config['system']['rrdbackup']}"); unset($config['system']['rrdbackup']); } if (!empty($pconfig['dhcpbackup'])) { $config['system']['dhcpbackup'] = $pconfig['dhcpbackup']; install_cron_job("/usr/local/etc/rc.backup_dhcpleases", $config['system']['dhcpbackup'] > 0, $minute = "0", "*/{$config['system']['dhcpbackup']}"); } elseif (isset($config['system']['dhcpbackup'])) { install_cron_job("/usr/local/etc/rc.backup_dhcpleases", false, $minute = "0", "*/{$config['system']['dhcpbackup']}"); unset($config['system']['dhcpbackup']); } write_config(); $savemsg = get_std_save_message(); system_resolvconf_generate(true); filter_configure(); activate_powerd(); load_crypto(); load_thermal_hardware(); if ($need_relayd_restart) { relayd_configure(); } } } legacy_html_escape_form_data($pconfig);
if (isset($_POST['dhcpbackup'])) { if ($_POST['dhcpbackup'] > 0 && $_POST['dhcpbackup'] <= 24) { $config['system']['dhcpbackup'] = intval($_POST['dhcpbackup']); } else { unset($config['system']['dhcpbackup']); } } // Add/Remove RAM disk periodic backup cron jobs according to settings and installation type. // Remove the cron jobs on full install if not using RAM disk. // Add the cron jobs on all others if the periodic backup option is set. Otherwise the cron job is removed. if ($g['platform'] == $g['product_name'] && !isset($config['system']['use_mfs_tmpvar'])) { install_cron_job("/etc/rc.backup_rrd.sh", false); install_cron_job("/etc/rc.backup_dhcpleases.sh", false); } else { install_cron_job("/etc/rc.backup_rrd.sh", $config['system']['rrdbackup'] > 0, $minute = "0", "*/{$config['system']['rrdbackup']}"); install_cron_job("/etc/rc.backup_dhcpleases.sh", $config['system']['dhcpbackup'] > 0, $minute = "0", "*/{$config['system']['dhcpbackup']}"); } write_config(); $retval = 0; system_resolvconf_generate(true); $retval = filter_configure(); if (stristr($retval, "error") != true) { $savemsg = get_std_save_message(gettext($retval)); } else { $savemsg = gettext($retval); } activate_powerd(); load_crypto(); load_thermal_hardware(); if ($need_relayd_restart) { relayd_configure();
$input_errors[] = gettext("The supplied 'Password' and 'Confirm' field values must match."); } if (is_uploaded_file($_FILES['GDriveP12file']['tmp_name'])) { $data = file_get_contents($_FILES['GDriveP12file']['tmp_name']); $config['system']['remotebackup']['GDriveP12key'] = base64_encode($data); } elseif ($config['system']['remotebackup']['GDriveEnabled'] != "on") { unset($config['system']['remotebackup']['GDriveP12key']); } write_config(); // test / perform backup try { $filesInBackup = backup_to_google_drive(); $cron_job = "/usr/local/opnsense/scripts/remote_backup.php"; if (!cron_job_exists($cron_job)) { // initial cron job install install_cron_job($cron_job, true, 0, 1); } } catch (Exception $e) { $filesInBackup = array(); } if (count($filesInBackup) == 0) { $input_errors[] = gettext("Google Drive communication failure"); } else { $input_messages = gettext("Backup succesfull, current filelist:"); foreach ($filesInBackup as $filename => $file) { $input_messages = $input_messages . "<br>" . $filename; } } } } include "head.inc";
function pfb_cron_update($type) { global $pfb; // Query for any active pfBlockerNG CRON jobs exec('/bin/ps -wx', $result_cron); if (preg_grep("/pfblockerng[.]php\\s+?(cron|update)/", $result_cron)) { pfbupdate_status(gettext("Force {$type} Terminated - Failed due to Active Running Task. Click 'View' for running process")); exit; } if (!file_exists("{$pfb['log']}")) { touch("{$pfb['log']}"); } // Update status window with correct task if ($type == 'update') { pfbupdate_status(gettext('Running Force Update Task')); } elseif ($type == 'reload') { $reload_type = htmlspecialchars($_POST['rmode']); pfbupdate_status(gettext("Running Force Reload Task - {$reload_type}")); switch ($reload_type) { case 'IP': $type = 'updateip'; break; case 'DNSBL': $type = 'updatednsbl'; rmdir_recursive("{$pfb['dnsdir']}"); break; case 'All': default: $type = 'update'; rmdir_recursive("{$pfb['dnsdir']}"); } } else { pfbupdate_status(gettext('Running Force CRON Task')); } // Remove any existing pfBlockerNG CRON Jobs install_cron_job('pfblockerng.php cron', false); // Execute PHP process in the background mwexec_bg("/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php {$type} >> {$pfb['log']} 2>&1"); // Execute Live Tail function pfb_livetail($pfb['log'], 'force'); }
unlink_if_exists("/usr/local/pkg/widget-snort.xml"); } /* Define a default Dashboard Widget Container for Snort */ $snort_widget_container = "snort_alerts-container:col2:close"; /*********************************************************/ /* START OF BUG FIX CODE */ /* */ /* Remove any Snort cron tasks that may have been left */ /* from a previous uninstall due to a bug that saved */ /* edited cron tasks as new ones while still leaving */ /* the original task. Correct cron task entries will */ /* be recreated below if saved settings are detected. */ /*********************************************************/ $cron_count = 0; while (snort_cron_job_exists("snort2c", FALSE)) { install_cron_job("snort2c", false); $cron_count++; } if ($cron_count > 0) { log_error(gettext("[Snort] Removed {$cron_count} duplicate 'remove_blocked_hosts' cron task(s).")); } /*********************************************************/ /* END OF BUG FIX CODE */ /*********************************************************/ /* remake saved settings */ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { log_error(gettext("[Snort] Saved settings detected... rebuilding installation with saved settings...")); update_status(gettext("Saved settings detected...")); /****************************************************************/ /* Do test and fix for duplicate UUIDs if this install was */ /* impacted by the DUP (clone) bug that generated a duplicate */
$pconfig['iqrisk_code'] = $config['installedpackages']['suricata']['config'][0]['iqrisk_code']; } // Validate IQRisk settings if enabled and saving them if ($_POST['save']) { if ($pconfig['et_iqrisk_enable'] == 'on' && empty($pconfig['iqrisk_code'])) { $input_errors[] = gettext("You must provide a valid IQRisk subscription code when IQRisk downloads are enabled!"); } if (!$input_errors) { $config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] = $_POST['et_iqrisk_enable'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['iqrisk_code'] = $_POST['iqrisk_code']; write_config("Suricata pkg: modified IP Lists settings."); /* Toggle cron task for ET IQRisk updates if setting was changed */ if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) { install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_etiqrisk_update.php", TRUE, 0, "*/6", "*", "*", "*", "root"); } elseif ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_etiqrisk_update.php")) { install_cron_job("/usr/local/pkg/suricata/suricata_etiqrisk_update.php", FALSE); } /* Peform a manual ET IQRisk file check/download */ if ($config['installedpackages']['suricata']['config'][0]['et_iqrisk_enable'] == 'on') { include "/usr/local/pkg/suricata/suricata_etiqrisk_update.php"; } } } if (isset($_POST['upload'])) { if ($_FILES["iprep_fileup"]["error"] == UPLOAD_ERR_OK) { $tmp_name = $_FILES["iprep_fileup"]["tmp_name"]; $name = $_FILES["iprep_fileup"]["name"]; move_uploaded_file($tmp_name, "{$iprep_path}{$name}"); } else { $input_errors[] = gettext("Failed to upload file {$_FILES["iprep_fileup"]["name"]}"); }
function pfb_cron_update($type) { global $pfb; // Query for any Active pfBlockerNG CRON Jobs $result_cron = array(); $cron_event = exec("/bin/ps -wx", $result_cron); if (preg_grep("/pfblockerng[.]php\\s+cron/", $result_cron) || preg_grep("/pfblockerng[.]php\\s+update/", $result_cron)) { pfbupdate_status(gettext("Force {$type} Terminated - Failed due to Active Running Task")); exit; } if (!file_exists("{$pfb['log']}")) { touch("{$pfb['log']}"); } // Update Status Window with correct Task if ($type == "update") { pfbupdate_status(gettext("Running Force Update Task")); } elseif ($type == "reload") { pfbupdate_status(gettext("Running Force Reload Task")); $type = "update"; } else { pfbupdate_status(gettext("Running Force CRON Task")); } // Remove any existing pfBlockerNG CRON Jobs install_cron_job("pfblockerng.php cron", false); // Execute PHP Process in the Background mwexec_bg("/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php {$type} >> {$pfb['log']} 2>&1"); // Start at EOF $lastpos_old = ""; $len = filesize("{$pfb['log']}"); $lastpos = $len; while (true) { usleep(300000); //0.3s clearstatcache(false, $pfb['log']); $len = filesize("{$pfb['log']}"); if ($len < $lastpos) { //file deleted or reset $lastpos = $len; } else { $f = fopen($pfb['log'], "rb"); if ($f === false) { die; } fseek($f, $lastpos); while (!feof($f)) { $pfb_buffer = fread($f, 2048); $pfb_output .= str_replace(array("\r", "\")"), "", $pfb_buffer); // Refresh on new lines only. This allows Scrolling. if ($lastpos != $lastpos_old) { pfbupdate_output($pfb_output); } $lastpos_old = $lastpos; ob_flush(); flush(); } $lastpos = ftell($f); fclose($f); } // Capture Remaining Output before closing File if (preg_match("/(UPDATE PROCESS ENDED)/", $pfb_output)) { $f = fopen($pfb['log'], "rb"); fseek($f, $lastpos); $pfb_buffer = fread($f, 2048); $pfb_output .= str_replace("\r", "", $pfb_buffer); pfbupdate_output($pfb_output); clearstatcache(false, $pfb['log']); ob_flush(); flush(); fclose($f); // Call Log Mgmt Function pfb_log_mgmt(); die; } } }
unlink_if_exists("{$g['varrun_path']}/suricata_*.pid"); /* Make sure all active Barnyard2 processes are terminated */ /* Log a message only if a running process is detected */ if (is_service_running("barnyard2")) { log_error(gettext("[Suricata] Barnyard2 STOP for all interfaces...")); } killbyname("barnyard2"); sleep(1); // Delete any leftover barnyard2 PID files in /var/run unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); /* Remove the Suricata cron jobs. */ install_cron_job("suricata_check_for_rule_updates.php", false); install_cron_job("suricata_check_cron_misc.inc", false); install_cron_job("{$suri_pf_table}", false); install_cron_job("suricata_geoipupdate.php", false); install_cron_job("suricata_etiqrisk_update.php", false); /* See if we are to keep Suricata log files on uninstall */ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { log_error(gettext("[Suricata] Clearing all Suricata-related log files...")); unlink_if_exists("{$suricata_rules_upd_log}"); rmdir_recursive("{$suricatalogdir}"); } /**************************************************/ /* If not already, set Suricata conf partition to */ /* read-write so we can make changes there */ /**************************************************/ if (!is_subsystem_dirty('mount')) { conf_mount_rw(); $mounted_rw = TRUE; } /* Remove the Suricata GUI app directories */
$_POST['autoruleupdatetime'] = substr($tmp, 0, 2) . ":" . substr($tmp, -2); } $config['installedpackages']['suricata']['config'][0]['autoruleupdatetime'] = str_pad($_POST['autoruleupdatetime'], 4, "0", STR_PAD_LEFT); } $config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] = $_POST['log_to_systemlog'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['log_to_systemlog_facility'] = $_POST['log_to_systemlog_facility']; $config['installedpackages']['suricata']['config'][0]['live_swap_updates'] = $_POST['live_swap_updates'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = $_POST['forcekeepsettings'] ? 'on' : 'off'; $retval = 0; write_config("Suricata pkg: modified global settings."); /* Toggle cron task for GeoIP database updates if setting was changed */ if ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] == 'on' && !suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_geoipupdate.php")) { include "/usr/local/pkg/suricata/suricata_geoipupdate.php"; install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_geoipupdate.php", TRUE, 0, 0, 8, "*", "*", "root"); } elseif ($config['installedpackages']['suricata']['config'][0]['autogeoipupdate'] == 'off' && suricata_cron_job_exists("/usr/local/pkg/suricata/suricata_geoipupdate.php")) { install_cron_job("/usr/local/pkg/suricata/suricata_geoipupdate.php", FALSE); } /* create passlist and homenet file, then sync files */ conf_mount_rw(); sync_suricata_package_config(); conf_mount_ro(); /* forces page to reload new settings */ header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header("Location: /suricata/suricata_global.php"); exit; } }