if ($_POST['barnyard_bro_ids_dport']) {
$natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport'];
} else {
$natent['barnyard_bro_ids_dport'] = '47760';
}
if ($_POST['barnconfigpassthru']) {
$natent['barnconfigpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['barnconfigpassthru']));
} else {
unset($natent['barnconfigpassthru']);
}
$a_nat[$id] = $natent;
write_config("Suricata pkg: modified Barnyard2 settings.");
// No need to rebuild rules for Barnyard2 changes
$rebuild_rules = false;
conf_mount_rw();
sync_suricata_package_config();
conf_mount_ro();
// If disabling Barnyard2 on the interface, stop any
// currently running instance. If an instance is
// running, signal it to reload the configuration.
// If Barnyard2 is enabled but not running, start it.
if ($a_nat[$id]['barnyard_enable'] == "off") {
suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
} elseif ($a_nat[$id]['barnyard_enable'] == "on") {
if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) {
suricata_barnyard_reload_config($a_nat[$id], "HUP");
} else {
// Notify user a Suricata restart is required if enabling Barnyard2 for the first time
$savemsg = gettext("NOTE: you must restart Suricata on this interface to activate unified2 logging for Barnyard2.");
}
}
function suricata_add_supplist_entry($suppress)
{
/************************************************/
/* Adds the passed entry to the Suppress List */
/* for the active interface. If a Suppress */
/* List is defined for the interface, it is */
/* used. If no list is defined, a new default */
/* list is created using the interface name. */
/* */
/* On Entry: */
/* $suppress --> suppression entry text */
/* */
/* Returns: */
/* TRUE if successful or FALSE on failure */
/************************************************/
global $config, $a_instance, $instanceid;
if (!is_array($config['installedpackages']['suricata']['suppress'])) {
$config['installedpackages']['suricata']['suppress'] = array();
}
if (!is_array($config['installedpackages']['suricata']['suppress']['item'])) {
$config['installedpackages']['suricata']['suppress']['item'] = array();
}
$a_suppress =& $config['installedpackages']['suricata']['suppress']['item'];
$found_list = false;
/* If no Suppress List is set for the interface, then create one with the interface name */
if (empty($a_instance[$instanceid]['suppresslistname']) || $a_instance[$instanceid]['suppresslistname'] == 'default') {
$s_list = array();
$s_list['uuid'] = uniqid();
$s_list['name'] = $a_instance[$instanceid]['interface'] . "suppress" . "_" . $s_list['uuid'];
$s_list['descr'] = "Auto-generated list for Alert suppression";
$s_list['suppresspassthru'] = base64_encode($suppress);
$a_suppress[] = $s_list;
$a_instance[$instanceid]['suppresslistname'] = $s_list['name'];
$found_list = true;
} else {
/* If we get here, a Suppress List is defined for the interface so see if we can find it */
foreach ($a_suppress as $a_id => $alist) {
if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) {
$found_list = true;
if (!empty($alist['suppresspassthru'])) {
$tmplist = base64_decode($alist['suppresspassthru']);
$tmplist .= "\n{$suppress}";
$alist['suppresspassthru'] = base64_encode($tmplist);
$a_suppress[$a_id] = $alist;
} else {
$alist['suppresspassthru'] = base64_encode($suppress);
$a_suppress[$a_id] = $alist;
}
}
}
}
/* If we created a new list or updated an existing one, save the change */
/* and return true; otherwise return false. */
if ($found_list) {
write_config();
sync_suricata_package_config();
return true;
} else {
return false;
}
}
