$natent['ssh_parser'] = $_POST['ssh_parser'];
$natent['ftp_parser'] = $_POST['ftp_parser'];
$natent['dcerpc_parser'] = $_POST['dcerpc_parser'];
$natent['smb_parser'] = $_POST['smb_parser'];
$natent['msn_parser'] = $_POST['msn_parser'];
/**************************************************/
/* If we have a valid rule ID, save configuration */
/* then update the suricata.conf file for this */
/* interface. */
/**************************************************/
if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
write_config("Suricata pkg: saved updated app-layer parser configuration for " . convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']));
$rebuild_rules = false;
conf_mount_rw();
suricata_generate_yaml($natent);
conf_mount_ro();
// Sync to configured CARP slaves if any are enabled
suricata_sync_on_changes();
}
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header("Location: suricata_app_parsers.php?id={$id}");
exit;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Application Layer Parsers");
}
$a_nat[$id]['rulesets'] = $enabled_items;
if ($_POST['autoflowbits'] == "on") {
$a_nat[$id]['autoflowbitrules'] = 'on';
} else {
$a_nat[$id]['autoflowbitrules'] = 'off';
unlink_if_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}");
}
write_config("Suricata pkg: save enabled rule categories for {$a_nat[$id]['interface']}.");
/*************************************************/
/* Update the suricata.yaml file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
suricata_generate_yaml($a_nat[$id]);
conf_mount_ro();
$rebuild_rules = false;
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_nat[$id]);
$pconfig = $_POST;
$enabled_rulesets_array = explode("||", $enabled_items);
if (suricata_is_running($suricata_uuid, $if_real)) {
$savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface.");
}
// Sync to configured CARP slaves if any are enabled
suricata_sync_on_changes();
} elseif ($_POST['unselectall']) {
if ($_POST['ips_policy_enable'] == "on") {
$a_nat[$id]['ips_policy_enable'] = 'on';
$a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
}
$tmp = rtrim($tmp, "||");
if (!empty($tmp)) {
$a_instance[$instanceid]['rule_sid_off'] = $tmp;
} else {
unset($a_instance[$instanceid]['rule_sid_off']);
}
/* Update the config.xml file. */
write_config();
/*************************************************/
/* Update the suricata.yaml file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
suricata_generate_yaml($a_instance[$instanceid]);
conf_mount_ro();
$rebuild_rules = false;
/* Signal Suricata to live-load the new rules */
suricata_reload_config($a_instance[$instanceid]);
// Sync to configured CARP slaves if any are enabled
suricata_sync_on_changes();
sleep(2);
$savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules.");
}
if ($_POST['delete']) {
suricata_post_delete_logs($suricata_uuid);
$fd = @fopen("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/alerts.log", "w+");
if ($fd) {
fclose($fd);
}
$rebuild_rules = false;
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_rule[$id]);
clear_subsystem_dirty('suricata_rules');
// Sync to configured CARP slaves if any are enabled
suricata_sync_on_changes();
} elseif ($_POST['apply']) {
/* Save new configuration */
write_config("Suricata pkg: new rules configuration for {$a_rule[$id]['interface']}.");
/*************************************************/
/* Update the suricata.yaml file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
suricata_generate_yaml($a_rule[$id]);
conf_mount_ro();
$rebuild_rules = false;
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_rule[$id]);
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('suricata_rules');
// Sync to configured CARP slaves if any are enabled
suricata_sync_on_changes();
}
include_once "head.inc";
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset}");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
