[PATCH 1/7] suricata: Include all default rules

List overview All Threads
Download

newer

older

[PATCH] ipfire-theme/functions.pl:...

Re: Temporary branch for patches...

Michael Tremer

19 Nov 2021 19 Nov '21

5:44 p.m.

These rules do not drop anything, but only alert when internal parts of the engine trigger an event. This will allow us more insight on what is happening.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/rootfiles/common/suricata | 22 ++++++++++++++++++++++ config/suricata/suricata.yaml | 24 ++++++++++++++++++++++-- lfs/suricata | 3 --- 3 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 32358483a..21dbeae64 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -19,6 +19,28 @@ usr/bin/suricata #usr/share/man/man1/suricatactl-filestore.1 #usr/share/man/man1/suricatactl.1 #usr/share/man/man1/suricatasc.1 +usr/share/suricata/ +#usr/share/suricata/classification.config +#usr/share/suricata/reference.config +#usr/share/suricata/rules +#usr/share/suricata/rules/app-layer-events.rules +#usr/share/suricata/rules/decoder-events.rules +#usr/share/suricata/rules/dhcp-events.rules +#usr/share/suricata/rules/dnp3-events.rules +#usr/share/suricata/rules/dns-events.rules +#usr/share/suricata/rules/files.rules +#usr/share/suricata/rules/http2-events.rules +#usr/share/suricata/rules/http-events.rules +#usr/share/suricata/rules/ipsec-events.rules +#usr/share/suricata/rules/kerberos-events.rules +#usr/share/suricata/rules/modbus-events.rules +#usr/share/suricata/rules/mqtt-events.rules +#usr/share/suricata/rules/nfs-events.rules +#usr/share/suricata/rules/ntp-events.rules +#usr/share/suricata/rules/smb-events.rules +#usr/share/suricata/rules/smtp-events.rules +#usr/share/suricata/rules/stream-events.rules +#usr/share/suricata/rules/tls-events.rules var/lib/suricata var/lib/suricata/classification.config var/lib/suricata/reference.config diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 6f37671c8..0ad36e705 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -46,8 +46,28 @@ vars: ## default-rule-path: /var/lib/suricata rule-files: - # Include enabled ruleset files from external file. - include: /var/ipfire/suricata/suricata-used-rulefiles.yaml + # Default rules + - /usr/share/suricata/rules/app-layer-events.rules + - /usr/share/suricata/rules/decoder-events.rules + - /usr/share/suricata/rules/dhcp-events.rules + - /usr/share/suricata/rules/dnp3-events.rules + - /usr/share/suricata/rules/dns-events.rules + - /usr/share/suricata/rules/files.rules + - /usr/share/suricata/rules/http2-events.rules + - /usr/share/suricata/rules/http-events.rules + - /usr/share/suricata/rules/ipsec-events.rules + - /usr/share/suricata/rules/kerberos-events.rules + - /usr/share/suricata/rules/modbus-events.rules + - /usr/share/suricata/rules/mqtt-events.rules + - /usr/share/suricata/rules/nfs-events.rules + - /usr/share/suricata/rules/ntp-events.rules + - /usr/share/suricata/rules/smb-events.rules + - /usr/share/suricata/rules/smtp-events.rules + - /usr/share/suricata/rules/stream-events.rules + - /usr/share/suricata/rules/tls-events.rules + + # Include enabled ruleset files from external file + - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml

classification-file: /var/lib/suricata/classification.config reference-config-file: /var/lib/suricata/reference.config diff --git a/lfs/suricata b/lfs/suricata index c7f189bf4..bd57b829e 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -96,9 +96,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Install IPFire related config file. install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata

- # Remove shipped rules. - rm -rvf /usr/share/suricata - # Create emtpy rules directory. -mkdir -p /var/lib/suricata

-- 2.30.2

Show replies by date

Michael Tremer

19 Nov 19 Nov

5:44 p.m.

New subject: [PATCH 2/7] rust: Drop Cargo home directory after build

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/rootfiles/common/suricata | 2 -- lfs/Config | 5 ++++- 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 21dbeae64..7c512b033 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -1,7 +1,5 @@ etc/suricata etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache usr/bin/suricata #usr/share/doc/suricata #usr/share/doc/suricata/AUTHORS diff --git a/lfs/Config b/lfs/Config index a2d3cddc5..8b2e5dabb 100644 --- a/lfs/Config +++ b/lfs/Config @@ -143,6 +143,9 @@ ifeq "$(BUILD_ARCH)" "aarch64" GOARCH = arm64 endif

+# Rust +export CARGOPATH = $(HOME)/.cargo + ############################################################################### # Common Macro Definitions ############################################################################### @@ -184,7 +187,7 @@ define POSTBUILD @echo "Updating linker cache..." @type -p ldconfig >/dev/null && ldconfig || : @echo "Install done; saving file list to $(TARGET) ..." - @rm -rf $(GOPATH) + @rm -rf $(GOPATH) $(CARGOPATH) @$(FIND_FILES) > $(DIR_SRC)/lsalrnew @diff $(DIR_SRC)/lsalr $(DIR_SRC)/lsalrnew | grep '^> ' | sed 's/^> //' > $(TARGET)_diff @cp -f $(DIR_SRC)/lsalrnew $(DIR_SRC)/lsalr

-- 2.30.2

Michael Tremer

5:44 p.m.

New subject: [PATCH 3/7] suricata: Drop extra rootfiles

These are all the same and not different from what is in config/rootfiles/common/suricata.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/rootfiles/common/aarch64/suricata | 28 ------------------------ config/rootfiles/common/armv6l/suricata | 28 ------------------------ config/rootfiles/common/i586/suricata | 28 ------------------------ config/rootfiles/common/x86_64/suricata | 28 ------------------------ 4 files changed, 112 deletions(-) delete mode 100644 config/rootfiles/common/aarch64/suricata delete mode 100644 config/rootfiles/common/armv6l/suricata delete mode 100644 config/rootfiles/common/i586/suricata delete mode 100644 config/rootfiles/common/x86_64/suricata

diff --git a/config/rootfiles/common/aarch64/suricata b/config/rootfiles/common/aarch64/suricata deleted file mode 100644 index 32358483a..000000000 --- a/config/rootfiles/common/aarch64/suricata +++ /dev/null @@ -1,28 +0,0 @@ -etc/suricata -etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache -usr/bin/suricata -#usr/share/doc/suricata -#usr/share/doc/suricata/AUTHORS -#usr/share/doc/suricata/Basic_Setup.txt -#usr/share/doc/suricata/GITGUIDE -#usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS -#usr/share/doc/suricata/NEWS -#usr/share/doc/suricata/README -#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt -#usr/share/doc/suricata/TODO -#usr/share/doc/suricata/Third_Party_Installation_Guides.txt -#usr/share/man/man1/suricata.1 -#usr/share/man/man1/suricatactl-filestore.1 -#usr/share/man/man1/suricatactl.1 -#usr/share/man/man1/suricatasc.1 -var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config -var/log/suricata -#var/log/suricata/certs -#var/log/suricata/files diff --git a/config/rootfiles/common/armv6l/suricata b/config/rootfiles/common/armv6l/suricata deleted file mode 100644 index 32358483a..000000000 --- a/config/rootfiles/common/armv6l/suricata +++ /dev/null @@ -1,28 +0,0 @@ -etc/suricata -etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache -usr/bin/suricata -#usr/share/doc/suricata -#usr/share/doc/suricata/AUTHORS -#usr/share/doc/suricata/Basic_Setup.txt -#usr/share/doc/suricata/GITGUIDE -#usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS -#usr/share/doc/suricata/NEWS -#usr/share/doc/suricata/README -#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt -#usr/share/doc/suricata/TODO -#usr/share/doc/suricata/Third_Party_Installation_Guides.txt -#usr/share/man/man1/suricata.1 -#usr/share/man/man1/suricatactl-filestore.1 -#usr/share/man/man1/suricatactl.1 -#usr/share/man/man1/suricatasc.1 -var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config -var/log/suricata -#var/log/suricata/certs -#var/log/suricata/files diff --git a/config/rootfiles/common/i586/suricata b/config/rootfiles/common/i586/suricata deleted file mode 100644 index 32358483a..000000000 --- a/config/rootfiles/common/i586/suricata +++ /dev/null @@ -1,28 +0,0 @@ -etc/suricata -etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache -usr/bin/suricata -#usr/share/doc/suricata -#usr/share/doc/suricata/AUTHORS -#usr/share/doc/suricata/Basic_Setup.txt -#usr/share/doc/suricata/GITGUIDE -#usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS -#usr/share/doc/suricata/NEWS -#usr/share/doc/suricata/README -#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt -#usr/share/doc/suricata/TODO -#usr/share/doc/suricata/Third_Party_Installation_Guides.txt -#usr/share/man/man1/suricata.1 -#usr/share/man/man1/suricatactl-filestore.1 -#usr/share/man/man1/suricatactl.1 -#usr/share/man/man1/suricatasc.1 -var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config -var/log/suricata -#var/log/suricata/certs -#var/log/suricata/files diff --git a/config/rootfiles/common/x86_64/suricata b/config/rootfiles/common/x86_64/suricata deleted file mode 100644 index 32358483a..000000000 --- a/config/rootfiles/common/x86_64/suricata +++ /dev/null @@ -1,28 +0,0 @@ -etc/suricata -etc/suricata/suricata.yaml -#root/.cargo -#root/.cargo/.package-cache -usr/bin/suricata -#usr/share/doc/suricata -#usr/share/doc/suricata/AUTHORS -#usr/share/doc/suricata/Basic_Setup.txt -#usr/share/doc/suricata/GITGUIDE -#usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS -#usr/share/doc/suricata/NEWS -#usr/share/doc/suricata/README -#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt -#usr/share/doc/suricata/TODO -#usr/share/doc/suricata/Third_Party_Installation_Guides.txt -#usr/share/man/man1/suricata.1 -#usr/share/man/man1/suricatactl-filestore.1 -#usr/share/man/man1/suricatactl.1 -#usr/share/man/man1/suricatasc.1 -var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config -var/log/suricata -#var/log/suricata/certs -#var/log/suricata/files

-- 2.30.2

Michael Tremer

5:44 p.m.

New subject: [PATCH 4/7] suricata: This package is supported on all architectures

There is no need to list them specifically.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- lfs/suricata | 1 - 1 file changed, 1 deletion(-)

diff --git a/lfs/suricata b/lfs/suricata index bd57b829e..0a1dcf2b8 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -31,7 +31,6 @@ DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) -SUP_ARCH = x86_64 i586 aarch64 armv6l

############################################################################### # Top-level Rules

-- 2.30.2

Arne Fitzenreiter

24 Nov 24 Nov

2:54 p.m.

New subject: [PATCH 4/7] suricata: This package is supported on all architectures

Is rust now available on risc-v ? You have introduces this.

Am 2021-11-19 18:44, schrieb Michael Tremer:

...

There is no need to list them specifically.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

lfs/suricata | 1 - 1 file changed, 1 deletion(-)

diff --git a/lfs/suricata b/lfs/suricata index bd57b829e..0a1dcf2b8 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -31,7 +31,6 @@ DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) -SUP_ARCH = x86_64 i586 aarch64 armv6l

############################################################################### # Top-level Rules

Michael Tremer

4:53 p.m.

New subject: [PATCH 4/7] suricata: This package is supported on all architectures

Oh, no it isn’t.

In that case, never mind and just drop this patch :)

-Michael

...

On 24 Nov 2021, at 14:54, Arne Fitzenreiter arne_f@ipfire.org wrote:

Is rust now available on risc-v ? You have introduces this.

Am 2021-11-19 18:44, schrieb Michael Tremer:

...
There is no need to list them specifically. Signed-off-by: Michael Tremer michael.tremer@ipfire.org

lfs/suricata | 1 - 1 file changed, 1 deletion(-) diff --git a/lfs/suricata b/lfs/suricata index bd57b829e..0a1dcf2b8 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -31,7 +31,6 @@ DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) -SUP_ARCH = x86_64 i586 aarch64 armv6l ############################################################################### # Top-level Rules

Michael Tremer

19 Nov 19 Nov

5:44 p.m.

New subject: [PATCH 5/7] suricata: Load *.config files from default location

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/rootfiles/common/suricata | 3 --- config/suricata/suricata.yaml | 7 +++---- lfs/suricata | 5 +---- 3 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 7c512b033..091245023 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -40,9 +40,6 @@ usr/share/suricata/ #usr/share/suricata/rules/stream-events.rules #usr/share/suricata/rules/tls-events.rules var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config var/log/suricata #var/log/suricata/certs #var/log/suricata/files diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 0ad36e705..ba56c6a75 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -69,10 +69,9 @@ rule-files: # Include enabled ruleset files from external file - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml

-classification-file: /var/lib/suricata/classification.config -reference-config-file: /var/lib/suricata/reference.config -threshold-file: /var/lib/suricata/threshold.config - +classification-file: /usr/share/suricata/classification.config +reference-config-file: /usr/share/suricata/reference.config +threshold-file: /usr/share/suricata/threshold.config

## ## Logging options. diff --git a/lfs/suricata b/lfs/suricata index 0a1dcf2b8..38289962f 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -100,10 +100,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))

# Move config files for references, threshold and classification # to the rules directory. - mv /etc/suricata/*.config /var/lib/suricata - - # Set correct permissions for the files. - chmod 644 /var/lib/suricata/*.config + rm -rfv /etc/suricata/*.config

# Set correct ownership for /var/lib/suricata and the # contained files

-- 2.30.2

Stefan Schantl

22 Nov 22 Nov

4:21 a.m.

New subject: [PATCH 5/7] suricata: Load *.config files from default location

Hello Michael,

thanks for working on suricata and cleaning / adjusting things.

This commit is very problematic, because it may breaks current installations.

Currently after downloading a ruleset tarball of a certain provider, oinkmaster is going to extract the tarball content(rules files and *.config files) into the rules directory ("/var/lib/suricata") by deleting the old rules files and overwriting the *.config files - so they perfectly fits together.

When moving the config files to a new location, we have to take care about that by moving these files after oinkmaster has launched to the new location and we also have to take care about file permissions on the new location.

So I would recommend to hold off this patch until we have a nice solution for this.

Best regards,

-Stefan

...

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

config/rootfiles/common/suricata | 3 --- config/suricata/suricata.yaml    | 7 +++---- lfs/suricata                     | 5 +---- 3 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 7c512b033..091245023 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -40,9 +40,6 @@ usr/share/suricata/ #usr/share/suricata/rules/stream-events.rules #usr/share/suricata/rules/tls-events.rules var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config var/log/suricata #var/log/suricata/certs #var/log/suricata/files diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 0ad36e705..ba56c6a75 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -69,10 +69,9 @@ rule-files:      # Include enabled ruleset files from external file      - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml -classification-file: /var/lib/suricata/classification.config -reference-config-file: /var/lib/suricata/reference.config -threshold-file: /var/lib/suricata/threshold.config

+classification-file: /usr/share/suricata/classification.config +reference-config-file: /usr/share/suricata/reference.config +threshold-file: /usr/share/suricata/threshold.config ## ## Logging options. diff --git a/lfs/suricata b/lfs/suricata index 0a1dcf2b8..38289962f 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -100,10 +100,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))         # Move config files for references, threshold and classification         # to the rules directory. -       mv /etc/suricata/*.config /var/lib/suricata

-       # Set correct permissions for the files. -       chmod 644 /var/lib/suricata/*.config +       rm -rfv /etc/suricata/*.config         # Set correct ownership for /var/lib/suricata and the         # contained files

Michael Tremer

9:52 a.m.

New subject: [PATCH 5/7] suricata: Load *.config files from default location

Hello Stefan,

Thank you for your feedback.

...

On 22 Nov 2021, at 04:21, Stefan Schantl stefan.schantl@ipfire.org wrote:

Hello Michael,

thanks for working on suricata and cleaning / adjusting things.

This commit is very problematic, because it may breaks current installations.

Currently after downloading a ruleset tarball of a certain provider, oinkmaster is going to extract the tarball content(rules files and *.config files) into the rules directory ("/var/lib/suricata") by deleting the old rules files and overwriting the *.config files - so they perfectly fits together.

When moving the config files to a new location, we have to take care about that by moving these files after oinkmaster has launched to the new location and we also have to take care about file permissions on the new location.

So I would recommend to hold off this patch until we have a nice solution for this.

Okay. I marked this patch as rejected on PW.

-Michael

...

Best regards,

-Stefan

...
Signed-off-by: Michael Tremer michael.tremer@ipfire.org

config/rootfiles/common/suricata | 3 --- config/suricata/suricata.yaml | 7 +++---- lfs/suricata | 5 +---- 3 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 7c512b033..091245023 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -40,9 +40,6 @@ usr/share/suricata/ #usr/share/suricata/rules/stream-events.rules #usr/share/suricata/rules/tls-events.rules var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config var/log/suricata #var/log/suricata/certs #var/log/suricata/files diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 0ad36e705..ba56c6a75 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -69,10 +69,9 @@ rule-files: # Include enabled ruleset files from external file - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml

-classification-file: /var/lib/suricata/classification.config -reference-config-file: /var/lib/suricata/reference.config -threshold-file: /var/lib/suricata/threshold.config

+classification-file: /usr/share/suricata/classification.config +reference-config-file: /usr/share/suricata/reference.config +threshold-file: /usr/share/suricata/threshold.config

## ## Logging options. diff --git a/lfs/suricata b/lfs/suricata index 0a1dcf2b8..38289962f 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -100,10 +100,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    # Move config files for references, threshold and
classification # to the rules directory.
  mv /etc/suricata/*.config /var/lib/suricata
  # Set correct permissions for the files.
  chmod 644 /var/lib/suricata/*.config
  rm -rfv /etc/suricata/*.config

  # Set correct ownership for /var/lib/suricata and the
  # contained files

Michael Tremer

19 Nov 19 Nov

5:44 p.m.

New subject: [PATCH 6/7] IPS: Do not try to show rules when stat on rules tarball fails

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- html/cgi-bin/ids.cgi | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 85c5ddd86..4e8b28fd8 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -1091,13 +1091,14 @@ if (%idsrules) { # Call stat on the rulestarball. my $stat = stat("$IDS::rulestarball");

- # Get timestamp the file creation. - my $mtime = $stat->mtime; + if (defined $stat) { + # Get timestamp the file creation. + my $mtime = $stat->mtime;

- # Convert into human read-able format. - my $rulesdate = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime)); + # Convert into human read-able format. + my $rulesdate = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime));

- &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'} ($rulesdate)" ); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'} ($rulesdate)" );

print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";

@@ -1189,7 +1190,7 @@ if (%idsrules) { # Close display table print "</table>";

-print <<END + print <<END <table width='100%'> <tr> <td width='100%' align='right'><input type='submit' name='RULESET' value='$Lang::tr{'ids apply'}'></td> @@ -1198,7 +1199,8 @@ print <<END </form> END ; - &Header::closebox(); + &Header::closebox(); + } }

&Header::closebigbox();

-- 2.30.2

Michael Tremer

5:44 p.m.

New subject: [PATCH 7/7] suricata: Handle retransmitted SYN with TSval