function suricata_apply_customizations($suricatacfg, $if_real) { global $vrt_enabled, $rebuild_rules; $suricatadir = SURICATADIR; suricata_prepare_rule_files($suricatacfg, "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}"); /* Copy the master config and map files to the interface directory */ @copy("{$suricatadir}classification.config", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/classification.config"); @copy("{$suricatadir}reference.config", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/reference.config"); @copy("{$suricatadir}gen-msg.map", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/gen-msg.map"); @copy("{$suricatadir}unicode.map", "{$suricatadir}suricata_{$suricatacfg['uuid']}_{$if_real}/unicode.map"); }
} /* HTTP Parser */ if (!empty($suricatacfg['http_parser'])) { $http_parser = $suricatacfg['http_parser']; } else { $http_parser = "yes"; } if (!empty($suricatacfg['http_parser_memcap'])) { $http_parser_memcap = $suricatacfg['http_parser_memcap']; } else { $http_parser_memcap = "67108864"; } /* Configure the IP REP section */ $iprep_path = rtrim(IPREP_PATH, '/'); // Create the rules files and save in the interface directory suricata_prepare_rule_files($suricatacfg, $suricatacfgdir); // Check and configure only non-empty rules files for the interface $rules_files = ""; if (filesize("{$suricatacfgdir}/rules/" . ENFORCING_RULES_FILENAME) > 0) { $rules_files .= ENFORCING_RULES_FILENAME; } if (filesize("{$suricatacfgdir}/rules/" . FLOWBITS_FILENAME) > 0) { $rules_files .= "\n - " . FLOWBITS_FILENAME; } if (filesize("{$suricatacfgdir}/rules/custom.rules") > 0) { $rules_files .= "\n - custom.rules"; } $rules_files = ltrim($rules_files, '\\n -'); // Add the general logging settings to the configuration (non-interface specific) if ($config['installedpackages']['suricata']['config'][0]['log_to_systemlog'] == 'on') { $suricata_use_syslog = "yes";