Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pfSense-pkg-suricata-6.0.6_1 - Fix PHP8 compatibility issues. Redmine Issue #13531. #1192

Merged
merged 10 commits into from
Oct 20, 2022
Merged

pfSense-pkg-suricata-6.0.6_1 - Fix PHP8 compatibility issues. Redmine Issue #13531. #1192

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
520f971
Fix PHP8 compatibility issues. Redmine Issue #13531.
bmeeks8 Sep 30, 2022
72445ea
Add 'clear blocks' option to remove blocked hosts when uninstalling p…
bmeeks8 Oct 1, 2022
10fc782
Incorporate jim-p's comments - fix syntax error, improve array access.
bmeeks8 Oct 3, 2022
4c1a777
Add missing 'by reference' designator when updating array entry.
bmeeks8 Oct 10, 2022
e29b714
Fix typo in function name.
bmeeks8 Oct 18, 2022
20e6835
Let pkg clean up the files/dirs it created instead of us doing it.
bmeeks8 Oct 19, 2022
7e826b3
Do not need parentheses around filename when using 'include' statement.
bmeeks8 Oct 19, 2022
c658538
Simplify code by using new array_path functionality.
bmeeks8 Oct 19, 2022
b64c641
Simplify conditional test by just using config_path_enabled() alone.
bmeeks8 Oct 20, 2022
cea195b
Simplify code with use of array_del_path() and array_set_path() funct…
bmeeks8 Oct 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion security/pfSense-pkg-suricata/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

PORTNAME= pfSense-pkg-suricata
PORTVERSION= 6.0.6
PORTREVISION= 0
PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= # empty
DISTFILES= # empty
Expand Down
367 changes: 138 additions & 229 deletions security/pfSense-pkg-suricata/files/usr/local/pkg/suricata/suricata.inc
View file
Open in desktop

Large diffs are not rendered by default.

73 changes: 37 additions & 36 deletions security/pfSense-pkg-suricata/files/usr/local/pkg/suricata/suricata_check_cron_misc.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
* Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
* Copyright (C) 2009 Robert Zelaya Sr. Developer
* Copyright (C) 2020 Bill Meeks
* Copyright (C) 2022 Bill Meeks
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
Expand All @@ -25,7 +25,7 @@

require_once("/usr/local/pkg/suricata/suricata.inc");

global $g, $config;
global $g;

function suricata_folderSize($dir) {

Expand Down Expand Up @@ -56,7 +56,7 @@ function suricata_check_dir_size_limit($suricataloglimitsize) {
* in megabytes *
********************************************************/

global $g, $config;
global $g;

// Convert Log Limit Size setting from MB to KB
$suricataloglimitsizeKB = round($suricataloglimitsize * 1024);
Expand All @@ -69,7 +69,7 @@ function suricata_check_dir_size_limit($suricataloglimitsize) {
$logs = array ( "alerts.log", "block.log", "dns.log", "eve.json", "http.log", "sid_changes.log", "stats.log", "tls.log" );

// Clean-up the rotated logs for each configured Suricata instance
foreach ($config['installedpackages']['suricata']['rule'] as $value) {
foreach (config_get_path('installedpackages/suricata/rule', []) as $value) {
$if_real = get_real_interface($value['interface']);

// Skip instances where pfSense physical interface
Expand Down Expand Up @@ -129,7 +129,7 @@ function suricata_check_dir_size_limit($suricataloglimitsize) {

// Clean-up active logs for each configured Suricata instance
// until we get below the configured Directory Size Limit.
foreach ($config['installedpackages']['suricata']['rule'] as $value) {
foreach (config_get_path('installedpackages/suricata/rule', []) as $value) {
$if_real = get_real_interface($value['interface']);

// Skip instances where pfSense physical interface
Expand Down Expand Up @@ -337,30 +337,30 @@ if ($g['booting'] == true)
return;

// If no interfaces defined, there is nothing to clean up
if (!is_array($config['installedpackages']['suricata']['rule']))
if (!config_get_path('installedpackages/suricata/rule'))
return;

$logs = array ();

// Build an arry of files to check and limits to check them against from our saved configuration
$logs['alerts.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'];
$logs['alerts.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention'];
$logs['block.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['block_log_limit_size'];
$logs['block.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['block_log_retention'];
$logs['eve.json']['limit'] = $config['installedpackages']['suricata']['config'][0]['eve_log_limit_size'];
$logs['eve.json']['retention'] = $config['installedpackages']['suricata']['config'][0]['eve_log_retention'];
$logs['http.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'];
$logs['http.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention'];
$logs['sid_changes.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['sid_changes_log_limit_size'];
$logs['sid_changes.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['sid_changes_log_retention'];
$logs['stats.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'];
$logs['stats.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention'];
$logs['tls.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'];
$logs['tls.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention'];
$logs['alerts.log']['limit'] = config_get_path('installedpackages/suricata/config/0/alert_log_limit_size');
$logs['alerts.log']['retention'] = config_get_path('installedpackages/suricata/config/0/alert_log_retention');
$logs['block.log']['limit'] = config_get_path('installedpackages/suricata/config/0/block_log_limit_size');
$logs['block.log']['retention'] = config_get_path('installedpackages/suricata/config/0/block_log_retention');
$logs['eve.json']['limit'] = config_get_path('installedpackages/suricata/config/0/eve_log_limit_size');
$logs['eve.json']['retention'] = config_get_path('installedpackages/suricata/config/0/eve_log_retention');
$logs['http.log']['limit'] = config_get_path('installedpackages/suricata/config/0/http_log_limit_size');
$logs['http.log']['retention'] = config_get_path('installedpackages/suricata/config/0/http_log_retention');
$logs['sid_changes.log']['limit'] = config_get_path('installedpackages/suricata/config/0/sid_changes_log_limit_size');
$logs['sid_changes.log']['retention'] = config_get_path('installedpackages/suricata/config/0/sid_changes_log_retention');
$logs['stats.log']['limit'] = config_get_path('installedpackages/suricata/config/0/stats_log_limit_size');
$logs['stats.log']['retention'] = config_get_path('installedpackages/suricata/config/0/stats_log_retention');
$logs['tls.log']['limit'] = config_get_path('installedpackages/suricata/config/0/tls_log_limit_size');
$logs['tls.log']['retention'] = config_get_path('installedpackages/suricata/config/0/tls_log_retention');

// Check log limits and retention in the interface logging directories if enabled
if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on') {
foreach ($config['installedpackages']['suricata']['rule'] as $value) {
if (config_get_path('installedpackages/suricata/config/0/enable_log_mgmt') == 'on') {
foreach (config_get_path('installedpackages/suricata/rule', []) as $value) {
$if_real = get_real_interface($value['interface']);

// Skip instances where pfSense physical interface
Expand All @@ -382,37 +382,38 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] ==

// Prune aged-out File Store captured files if any exist
if (is_dir("{$suricata_log_dir}/filestore") &&
$config['installedpackages']['suricata']['config'][0]['file_store_retention'] > 0) {
config_get_path('installedpackages/suricata/config/0/file_store_retention') > 0) {

$prune_count = suricata_check_prune_filestore_files("{$suricata_log_dir}/filestore", $config['installedpackages']['suricata']['config'][0]['file_store_retention']);
$prune_count = suricata_check_prune_filestore_files("{$suricata_log_dir}/filestore", config_get_path('installedpackages/suricata/config/0/file_store_retention'));
if ($prune_count > 0)
syslog(LOG_NOTICE, gettext("[Suricata] File Store captured files cleanup job removed {$prune_count} file(s) from '{$suricata_log_dir}/filestore/' path..."));
}

// Check File Store captured files storage limit and prune if necessary
if (is_dir("{$suricata_log_dir}/filestore") &&
$config['installedpackages']['suricata']['config'][0]['file_store_limit_size'] > 0 &&
(intval(suricata_folderSize("{$suricata_log_dir}/filestore")/1000000) >= $config['installedpackages']['suricata']['config'][0]['file_store_limit_size'])) {
suricata_check_filestore_limit_size("{$suricata_log_dir}/filestore", $config['installedpackages']['suricata']['config'][0]['file_store_limit_size']);
if (is_dir("{$suricata_log_dir}/filestore") &&
config_get_path('installedpackages/suricata/config/0/file_store_limit_size') > 0 &&
(intval(suricata_folderSize("{$suricata_log_dir}/filestore")/1000000) >= config_get_path('installedpackages/suricata/config/0/file_store_limit_size'))
) {
suricata_check_filestore_limit_size("{$suricata_log_dir}/filestore", config_get_path('installedpackages/suricata/config/0/file_store_limit_size'));
}

// If a user-customized file store directory is set, check it, too
if (isset($value['file_store_logdir'])) {
if (is_dir($value['file_store_logdir']) &&
$config['installedpackages']['suricata']['config'][0]['file_store_limit_size'] > 0 &&
(intval(suricata_folderSize($value['file_store_logdir'])/1000000) >= $config['installedpackages']['suricata']['config'][0]['file_store_limit_size'])) {
suricata_check_filestore_limit_size($value['file_store_logdir'], $config['installedpackages']['suricata']['config'][0]['file_store_limit_size']);
if (is_dir($value['file_store_logdir']) &&
config_get_path('installedpackages/suricata/config/0/file_store_limit_size') > 0 &&
(intval(suricata_folderSize($value['file_store_logdir'])/1000000) >= (int)config_get_path('installedpackages/suricata/config/0/file_store_limit_size'))) {
suricata_check_filestore_limit_size($value['file_store_logdir'], config_get_path('installedpackages/suricata/config/0/file_store_limit_size'));
}
}

// Prune aged-out TLS Certs Store files if any exist
if (is_dir("{$suricata_log_dir}/certs") &&
$config['installedpackages']['suricata']['config'][0]['tls_certs_store_retention'] > 0) {
config_get_path('installedpackages/suricata/config/0/tls_certs_store_retention') > 0) {
$now = time();
$files = glob("{$suricata_log_dir}/certs/*.*");
$prune_count = 0;
foreach ($files as $f) {
if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['tls_certs_store_retention'] * 3600)) {
if (($now - filemtime($f)) > (int)(config_get_path('installedpackages/suricata/config/0/tls_certs_store_retention') * 3600)) {
$prune_count++;
unlink_if_exists($f);
}
Expand Down Expand Up @@ -444,8 +445,8 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] ==
}

// Check the overall log directory limit (if enabled) and prune if necessary
if ($config['installedpackages']['suricata']['config'][0]['suricataloglimit'] == 'on') {
suricata_check_dir_size_limit($config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']);
if (config_get_path('installedpackages/suricata/config/0/suricataloglimit') == 'on') {
suricata_check_dir_size_limit(config_get_path('installedpackages/suricata/config/0/suricataloglimitsize'));
}

?>
Loading