def load_capture_settings(req,appid=None):
companyName = 'Untangle'
oemName = get_settings_item("/usr/share/untangle/conf/oem.js","oemName")
if (oemName != None):
companyName = oemName
brandco = get_app_settings_item('branding-manager','companyName')
if (brandco != None):
companyName = brandco
if (appid == None):
captureSettings = get_app_settings('captive-portal')
else:
captureSettings = get_appid_settings(long(appid))
# add the company name to the app settings dictionary
captureSettings['companyName'] = companyName
# add some headers to prevent caching any of our stuff
req.headers_out.add("Cache-Control", "no-store, no-cache, must-revalidate, post-check=0, pre-check=0")
req.headers_out.add("Pragma", "no-cache")
req.headers_out.add("Expires", "Sat, 1 Jan 2000 00:00:00 GMT");
return(captureSettings)
def load_capture_settings(req, appid=None):
companyName = 'Untangle'
oemName = get_settings_item("/usr/share/untangle/conf/oem.js", "oemName")
if (oemName != None):
companyName = oemName
brandco = get_app_settings_item('branding-manager', 'companyName')
if (brandco != None):
companyName = brandco
if (appid == None):
captureSettings = get_app_settings('captive-portal')
else:
captureSettings = get_appid_settings(long(appid))
# add the company name to the app settings dictionary
captureSettings['companyName'] = companyName
# add some headers to prevent caching any of our stuff
req.headers_out.add(
"Cache-Control",
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0")
req.headers_out.add("Pragma", "no-cache")
req.headers_out.add("Expires", "Sat, 1 Jan 2000 00:00:00 GMT")
return (captureSettings)
def load_capture_settings(req, appid=None):
captureSettings = None
# start with our company name
companyName = 'Untangle'
# if there is an OEM name configured we use that instead of our company name
oemName = get_settings_item("/usr/share/untangle/conf/oem.js", "oemName")
if (oemName != None):
companyName = oemName
# if there is a company name in the branding manager it wins over everything else
brandco = get_app_settings_item('branding-manager', 'companyName')
if (brandco != None):
companyName = brandco
try:
if (appid == None):
captureSettings = get_app_settings('captive-portal')
else:
captureSettings = get_appid_settings(int(appid))
except Exception as e:
req.log_error("handler.py: Exception loading settings: %s" % str(e))
if (captureSettings == None):
req.log_error(
"handler.py: Unable to load capture settings for appid: %s" %
str(appid))
return None
if (captureSettings.get('pageType') == None):
req.log_error("handler.py: Missing required setting: pageType")
return None
# add the company name to the app settings dictionary
captureSettings['companyName'] = companyName
# add some headers to prevent caching any of our stuff
req.headers_out.add(
"Cache-Control",
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0")
req.headers_out.add("Pragma", "no-cache")
req.headers_out.add("Expires", "Mon, 10 Jan 2000 00:00:00 GMT")
req.headers_out.add("Connection", "close")
return (captureSettings)
def load_capture_settings(req,appid=None):
captureSettings = None
# start with our company name
companyName = 'Untangle'
# if there is an OEM name configured we use that instead of our company name
oemName = get_settings_item("/usr/share/untangle/conf/oem.js","oemName")
if (oemName != None):
companyName = oemName
# if there is a company name in the branding manager it wins over everything else
brandco = get_app_settings_item('branding-manager','companyName')
if (brandco != None):
companyName = brandco
try:
if (appid == None):
captureSettings = get_app_settings('captive-portal')
else:
captureSettings = get_appid_settings(int(appid))
except Exception as e:
req.log_error("handler.py: Exception loading settings: %s" % str(e))
if (captureSettings == None):
req.log_error("handler.py: Unable to load capture settings for appid: %s" % str(appid))
return None
if (captureSettings.get('pageType') == None):
req.log_error("handler.py: Missing required setting: pageType")
return None
# add the company name to the app settings dictionary
captureSettings['companyName'] = companyName
# add some headers to prevent caching any of our stuff
req.headers_out.add("Cache-Control", "no-store, no-cache, must-revalidate, post-check=0, pre-check=0")
req.headers_out.add("Pragma", "no-cache")
req.headers_out.add("Expires", "Mon, 10 Jan 2000 00:00:00 GMT")
req.headers_out.add("Connection", "close")
return(captureSettings)
def main(argv):
"""
Main loop
"""
global _debug
_debug = False
default_home_net = ""
try:
opts, args = getopt.getopt(argv, "hsincaqvx:d", ["help", "home_net=", "debug"])
except getopt.GetoptError as error:
print(error)
usage()
sys.exit(2)
for opt, arg in opts:
if opt in ("-h", "--help"):
usage()
sys.exit()
elif opt in ("-d", "--debug"):
_debug = True
elif opt in ("-v", "--home_net"):
default_home_net = arg
if default_home_net.find(",") != -1:
default_home_net = "[" + default_home_net + "]"
if _debug is True:
print("_debug = %r" % (_debug))
settings = get_app_settings("intrusion-prevention")
if settings is None:
print("Unable to read settings")
sys.exit(2)
SuricataSignature.block_action = settings["blockAction"]
if _debug is True:
print("Loading signatures")
##
## Load known signatures
##
signatures = intrusion_prevention.SuricataSignatures()
signatures.load()
##
## Integrate modifications from settings.
##
for settings_signature in settings["signatures"]["list"]:
##
## Add a custom new rule.
##
match_signature = re.search(SuricataSignature.text_regex, settings_signature['signature'])
if match_signature:
signatures.add_signature(SuricataSignature(match_signature, settings_signature['category']))
if _debug is True:
print("Applying rules")
##
## Process rules over signatures
##
rules = []
for settings_rule in settings["rules"]["list"]:
rules.append(IntrusionPreventionRule(settings_rule))
##
## Network rules
##
for signature in signatures.get_signatures().values():
for rule in rules:
if not rule.get_enabled():
continue
if rule.matches(signature) and rule.get_action() == "whitelist":
rule.add_signature_network("source", signature, True)
rule.add_signature_network("destination", signature, True)
##
## Process rules in order.
##
for signature in signatures.get_signatures().values():
for rule in rules:
if not rule.get_enabled():
continue
if rule.matches(signature):
if rule.get_action() != "whitelist":
rule.set_signature_action(signature)
break
##
## Disable signatures not modified by any rule.
##
for signature in signatures.get_signatures().values():
if not signature.get_action_changed():
signature.set_action(False, False)
if _debug is True:
signature_action_counts = {
'disabled': 0,
'log': 0,
'block': 0
}
for signature in signatures.get_signatures().values():
action = signature.get_action()
if action["log"] is False and action["block"] is False:
signature_action_counts["disabled"] += 1
elif action["block"] is True:
signature_action_counts["block"] += 1
elif action["log"] is True:
signature_action_counts["log"] += 1
else:
print("Unknown Action")
print(action)
print(signature_action_counts)
signatures.save()
##
## Create event map
##
if _debug is True:
print("Creating event map")
intrusion_prevention_event_map = intrusion_prevention.IntrusionPreventionEventMap(signatures)
intrusion_prevention_event_map.save()
if _debug is True:
print("Modifying suricata configuration")
suricata_conf = intrusion_prevention.SuricataConf(_debug=_debug)
##
## Override suricata configuration variables with settings variables
## for settings_variable in settings.get_variables():
##
for settings_variable in settings["variables"]["list"]:
name = settings_variable["name"]
value = settings_variable["value"]
if settings_variable["name"] == "HOME_NET":
if settings_variable["value"] == "default":
value = default_home_net
if settings_variable["name"] == "EXTERNAL_NET":
if settings_variable["value"] == "default":
value = "any"
suricata_conf.set_variable(name, value)
if "suricataSettings" in settings:
suricata_conf.set(settings["suricataSettings"])
suricata_conf.save()
##
## Set nfq queue number for systemd
##
with open("/etc/systemd/system/suricata.service.d/local.conf", "w") as text_file:
text_file.write("[Service]\n")
text_file.write("Environment=\"NFQUEUE={0}\"\n".format(settings["iptablesNfqNumber"]))
call(["systemctl", "daemon-reload"])