$natent['ssh_parser'] = $_POST['ssh_parser']; $natent['ftp_parser'] = $_POST['ftp_parser']; $natent['dcerpc_parser'] = $_POST['dcerpc_parser']; $natent['smb_parser'] = $_POST['smb_parser']; $natent['msn_parser'] = $_POST['msn_parser']; /**************************************************/ /* If we have a valid rule ID, save configuration */ /* then update the suricata.conf file for this */ /* interface. */ /**************************************************/ if (isset($id) && $a_nat[$id]) { $a_nat[$id] = $natent; write_config("Suricata pkg: saved updated app-layer parser configuration for " . convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface'])); $rebuild_rules = false; conf_mount_rw(); suricata_generate_yaml($natent); conf_mount_ro(); // Sync to configured CARP slaves if any are enabled suricata_sync_on_changes(); } header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header("Location: suricata_app_parsers.php?id={$id}"); exit; } } $if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); $pgtitle = gettext("Suricata: Interface {$if_friendly} - Application Layer Parsers");
} $a_nat[$id]['rulesets'] = $enabled_items; if ($_POST['autoflowbits'] == "on") { $a_nat[$id]['autoflowbitrules'] = 'on'; } else { $a_nat[$id]['autoflowbitrules'] = 'off'; unlink_if_exists("{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } write_config("Suricata pkg: save enabled rule categories for {$a_nat[$id]['interface']}."); /*************************************************/ /* Update the suricata.yaml file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); suricata_generate_yaml($a_nat[$id]); conf_mount_ro(); $rebuild_rules = false; /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_nat[$id]); $pconfig = $_POST; $enabled_rulesets_array = explode("||", $enabled_items); if (suricata_is_running($suricata_uuid, $if_real)) { $savemsg = gettext("Suricata is 'live-loading' the new rule set on this interface."); } // Sync to configured CARP slaves if any are enabled suricata_sync_on_changes(); } elseif ($_POST['unselectall']) { if ($_POST['ips_policy_enable'] == "on") { $a_nat[$id]['ips_policy_enable'] = 'on'; $a_nat[$id]['ips_policy'] = $_POST['ips_policy'];
} $tmp = rtrim($tmp, "||"); if (!empty($tmp)) { $a_instance[$instanceid]['rule_sid_off'] = $tmp; } else { unset($a_instance[$instanceid]['rule_sid_off']); } /* Update the config.xml file. */ write_config(); /*************************************************/ /* Update the suricata.yaml file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); suricata_generate_yaml($a_instance[$instanceid]); conf_mount_ro(); $rebuild_rules = false; /* Signal Suricata to live-load the new rules */ suricata_reload_config($a_instance[$instanceid]); // Sync to configured CARP slaves if any are enabled suricata_sync_on_changes(); sleep(2); $savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 15 secs for the process to complete before toggling additional rules."); } if ($_POST['delete']) { suricata_post_delete_logs($suricata_uuid); $fd = @fopen("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/alerts.log", "w+"); if ($fd) { fclose($fd); }
$rebuild_rules = false; /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); clear_subsystem_dirty('suricata_rules'); // Sync to configured CARP slaves if any are enabled suricata_sync_on_changes(); } elseif ($_POST['apply']) { /* Save new configuration */ write_config("Suricata pkg: new rules configuration for {$a_rule[$id]['interface']}."); /*************************************************/ /* Update the suricata.yaml file and rebuild the */ /* rules for this interface. */ /*************************************************/ $rebuild_rules = true; conf_mount_rw(); suricata_generate_yaml($a_rule[$id]); conf_mount_ro(); $rebuild_rules = false; /* Signal Suricata to "live reload" the rules */ suricata_reload_config($a_rule[$id]); // We have saved changes and done a soft restart, so clear "dirty" flag clear_subsystem_dirty('suricata_rules'); // Sync to configured CARP slaves if any are enabled suricata_sync_on_changes(); } include_once "head.inc"; $if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); $pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset}"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC">