X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fids.cgi;h=bc066a0dc31e3dd95f14ffa2b8f97e007535f564;hb=a27c40a05bda1e3dc64954c0550ec32bc84c6763;hp=7da270c97ecd23f1e2598fca216245703760d239;hpb=48a2495afd78163adfd984689ab1c08091fdd2d3;p=people%2Fpmueller%2Fipfire-2.x.git

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 7da270c97e..bc066a0dc3 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2005-2011  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -55,16 +55,7 @@ $snortsettings{'ENABLE_SNORT'} = 'off';
 $snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
 $snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
 $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
-$snortsettings{'ENABLE_GUARDIAN'} = 'off';
-$snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`;
-$snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1';
-$snortsettings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
-$snortsettings{'GUARDIAN_ALERTFILE'} = '/var/log/snort/alert';
-$snortsettings{'GUARDIAN_IGNOREFILE'} = '/var/ipfire/guardian/guardian.ignore';
-$snortsettings{'GUARDIAN_TARGETFILE'} = '/var/ipfire/guardian/guardian.target';
-$snortsettings{'GUARDIAN_TIMELIMIT'} = '86400';
 $snortsettings{'ACTION'} = '';
-$snortsettings{'ACTION2'} = '';
 $snortsettings{'RULES'} = '';
 $snortsettings{'OINKCODE'} = '';
 $snortsettings{'INSTALLDATE'} = '';
@@ -263,13 +254,11 @@ if (-e "/etc/snort/snort.conf") {
 #######################  End added for snort rules control  #################################
 
 if ($snortsettings{'RULES'} eq 'subscripted') {
-	#$url="http://dl.snort.org/sub-rules/snortrules-snapshot-2.8_s.tar.gz?oink_code=$snortsettings{'OINKCODE'}";
-	$url=" http://www.snort.org/reg-rules/snortrules-snapshot-2903_s.tar.gz/$snortsettings{'OINKCODE'}";
-	#$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.8_s.tar.gz";
+	$url=" https://www.snort.org/rules/snortrules-snapshot-2982.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
 } elsif ($snortsettings{'RULES'} eq 'registered') {
-	#$url="http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=$snortsettings{'OINKCODE'}";
-	$url=" http://www.snort.org/reg-rules/snortrules-snapshot-2903.tar.gz/$snortsettings{'OINKCODE'}";
-	#$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.8.tar.gz";
+	$url=" https://www.snort.org/rules/snortrules-snapshot-2982.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
+} elsif ($snortsettings{'RULES'} eq 'community') {
+	$url=" https://www.snort.org/rules/community";
 } else {
 	$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
 }
@@ -278,8 +267,9 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
 {
 	$errormessage = $Lang::tr{'invalid input for oink code'} unless (
 	    ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/)  ||
-	    ($snortsettings{'RULESTYPE'} eq 'nothing' ) ||
-	    ($snortsettings{'RULESTYPE'} eq 'community' ));
+	    ($snortsettings{'RULES'} eq 'nothing' ) ||
+	    ($snortsettings{'RULES'} eq 'emerging' ) ||
+	    ($snortsettings{'RULES'} eq 'community' ));
 
 	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
 	if ($snortsettings{'ENABLE_SNORT'} eq 'on')
@@ -312,39 +302,11 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
 	} else {
 		unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
 	}
-	if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on')
-	{
-		system ('/usr/bin/touch', "${General::swroot}/guardian/enable");
-	} else {
-		unlink "${General::swroot}/guardian/enable";
-	}
 
 	system('/usr/local/bin/snortctrl restart >/dev/null');
 
-} elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){
-			foreach my $key (keys %snortsettings){
-				if ( $key !~ /^GUARDIAN/ ){
-					delete $snortsettings{$key};
-				}
-			}
-			&General::writehashpart("${General::swroot}/snort/settings", \%snortsettings);
-			open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}";
-				print IGNOREFILE $snortsettings{'GUARDIAN_IGNOREFILE_CONTENT'};
-			close(IGNOREFILE);
-			open(GUARDIAN, ">/var/ipfire/guardian/guardian.conf") or die "Unable to write guardian conf /var/ipfire/guardian/guardian.conf";
-				print GUARDIAN <<END
-Interface   $snortsettings{'GUARDIAN_INTERFACE'}
-HostGatewayByte   $snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'}
-LogFile   $snortsettings{'GUARDIAN_LOGFILE'}
-AlertFile   $snortsettings{'GUARDIAN_ALERTFILE'}
-IgnoreFile   $snortsettings{'GUARDIAN_IGNOREFILE'}
-TargetFile   $snortsettings{'GUARDIAN_TARGETFILE'}
-TimeLimit   $snortsettings{'GUARDIAN_TIMELIMIT'}
-END
-;
-			close(GUARDIAN);
-	  	system('/usr/local/bin/snortctrl restart >/dev/null');
 }
+
 	 # INSTALLMD5 is not in the form, so not retrieved by getcgihash
 	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
 
@@ -401,11 +363,9 @@ $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='c
 $checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
-$checked{'ENABLE_GUARDIAN'}{'off'} = '';
-$checked{'ENABLE_GUARDIAN'}{'on'} = '';
-$checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";
 $selected{'RULES'}{'nothing'} = '';
 $selected{'RULES'}{'community'} = '';
+$selected{'RULES'}{'emerging'} = '';
 $selected{'RULES'}{'registered'} = '';
 $selected{'RULES'}{'subscripted'} = '';
 $selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
@@ -413,9 +373,9 @@ $selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
 &Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
 
 ####################### Added for snort rules control #################################
-print "<SCRIPT LANGUAGE='JavaScript' SRC='/include/snortupdateutility.js'></SCRIPT>";
+print "<script type='text/javascript' src='/include/snortupdateutility.js'></script>";
 print <<END
-<STYLE TYPE="text/css">
+<style type="text/css">
 <!--
 .section {
 	border: groove;
@@ -433,7 +393,7 @@ print <<END
 	background-color: #DCDCDC;
 }
 -->
-</STYLE>
+</style>
 END
 ;
 #######################  End added for snort rules control  #################################
@@ -472,7 +432,7 @@ if ($return) {
 				$Lang::tr{'snort working'}
 		<tr><td colspan='2' align='center'>
 			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-				<input type='image' alt='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
+				<input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
 			</form>
 		<tr><td colspan='2' align='left'><pre>
 END
@@ -491,7 +451,7 @@ END
 	refreshpage();
 }
 
-&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'});
+&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
 print <<END
 <form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
 <tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
@@ -504,14 +464,11 @@ if ($netsettings{'ORANGE_DEV'} ne '') {
   print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />   ORANGE Snort";
 }
   print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />   RED Snort";
-if ( -e "/var/ipfire/guardian/guardian.conf" ) {
-  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_GUARDIAN' $checked{'ENABLE_GUARDIAN'}{'on'} />  Guardian";
-}
 
 print <<END
 </td></tr>
 <tr>
-	<td><hr /></td>
+	<td><br><br></td>
 </tr>
 <tr>
 	<td><b>$Lang::tr{'ids rules update'}</b></td>
@@ -519,6 +476,7 @@ print <<END
 <tr>
 	<td><select name='RULES'>
 				<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
+				<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
 				<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
 				<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
 				<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
@@ -527,7 +485,7 @@ print <<END
 </tr>
 <tr>
 	<td><br />
-		$Lang::tr{'ids rules license'} <a href='https://www.snort.org/signup' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
+		$Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
 		$Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
 	</td>
 </tr>
@@ -535,7 +493,7 @@ print <<END
 	<td nowrap='nowrap'>Oinkcode:&nbsp;<input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
 </tr>
 <tr>
-	<td width='30%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
+	<td width='30%' align='left'><br><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
 END
 ;
 if ( -e "/var/tmp/snortrules.tar.gz"){
@@ -547,10 +505,10 @@ print "&nbsp;$Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>"
 print <<END
 </tr>
 </table>
-<hr />
+<br><br>
 <table width='100%'>
 <tr>
-	<td align='center'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+	<td align='right'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 </tr>
 </table>
 </form>
@@ -563,37 +521,11 @@ if ($results ne '') {
 
 &Header::closebox();
 
-####################### Added for guardian control ####################################
-if ( -e "/var/ipfire/guardian/guardian.conf" ) {
-	&Header::openbox('100%', 'LEFT', $Lang::tr{'guardian configuration'});
-print <<END
-<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian interface'}</td><td align='left'><input type='text' name='GUARDIAN_INTERFACE' value='$snortsettings{'GUARDIAN_INTERFACE'}' size="30" /></td></tr>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian timelimit'}</td><td align='left'><input type='text' name='GUARDIAN_TIMELIMIT' value='$snortsettings{'GUARDIAN_TIMELIMIT'}' size="30" /></td></tr>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian logfile'}</td><td align='left'><input type='text' name='GUARDIAN_LOGFILE' value='$snortsettings{'GUARDIAN_LOGFILE'}' size="30" /></td></tr>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian alertfile'}</td><td align='left'><input type='text' name='GUARDIAN_ALERTFILE' value='$snortsettings{'GUARDIAN_ALERTFILE'}' size="30" /></td></tr>
-<tr><td align='left' width='40%'>$Lang::tr{'guardian ignorefile'}</td><td align='left'><textarea name='GUARDIAN_IGNOREFILE_CONTENT' cols='32' rows='6' wrap='off'>
-END
-;
-	print `cat /var/ipfire/guardian/guardian.ignore`;
-print <<END
-</textarea></td></tr>
-<tr><td align='center' colspan='2'><input type='hidden' name='ACTION2' value='guardian' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td></tr>
-</table>
-</form>
-END
-;
-	&Header::closebox();
-}
-
-
-
-
 ####################### Added for snort rules control #################################
 if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) {
 	&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
 		# Output display table for rule files
-		print "<TABLE width='100%'><TR><TD VALIGN='TOP'><TABLE>";
+		print "<table width='100%'><tr><td valign='top'><table>";
 
 		print "<form method='post'>";
 
@@ -614,7 +546,7 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable
 
 			# Check if reached half-way through rule file rules to start new column
  		if ($ruledisplaycnt > $rulecnt) {
-				print "</TABLE></TD><TD VALIGN='TOP'><TABLE>";
+				print "</table></td><td valign='top'><table>";
 				$ruledisplaycnt = 0;
 			}
 
@@ -665,21 +597,21 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable
 			}
 
 			# Output rule file name and checkbox
-			print "<TR><TD CLASS='base' VALIGN='TOP'><INPUT TYPE='checkbox' NAME='SNORT_RULE_$rulefile' $rulechecked> <A HREF='$rulefilelink'>$rulefile</A></TD></TR>";
-			print "<TR><TD CLASS='base' VALIGN='TOP'>";
+			print "<tr><td class='base' valign='top'><input type='checkbox' NAME='SNORT_RULE_$rulefile' $rulechecked> <a href='$rulefilelink'>$rulefile</a></td></tr>";
+			print "<tr><td class='base' valign='top'>";
 
 			# Check for empty 'Description'
 			if ($snortrules{$rulefile}{'Description'} eq '') {
-				print "<TABLE WIDTH='100%'><TR><TD CLASS='base'>No description available</TD></TR>";
+				print "<table width='100%'><tr><td class='base'>No description available</td></tr>";
 			} else {
 				# Output rule file 'Description'
-				print "<TABLE WIDTH='100%'><TR><TD CLASS='base'>$snortrules{$rulefile}{'Description'}</TD></TR>";
+				print "<table width='100%'><tr><td class='base'>$snortrules{$rulefile}{'Description'}</td></tr>";
 			}
 
 			# Check for display flag
 			if ($displayrulefilerules) {
 				# Rule file definition rule display
-				print "<TR><TD CLASS='base' VALIGN='TOP'><TABLE border=1><TR>";
+				print "<tr><td class='base' valign='top'><table border='0'><tr>";
 
 				# Local vars
 			 	my $ruledefdisplaycnt = 0;
@@ -694,7 +626,7 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable
 
 					# If have display 2 rules, start new row
 					if (($ruledefdisplaycnt % 2) == 0) {
-						print "</TR><TR>";
+						print "</tr><tr>";
 						$ruledefdisplaycnt = 0;
 					}
 
@@ -706,7 +638,7 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable
 					# Create rule file rule's checkbox
 					$checkboxname = "SNORT_RULE_$rulefile";
 					$checkboxname .= "_$ruledef";
-					print "<TD CLASS='base'><INPUT TYPE='checkbox' NAME='$checkboxname' $ruledefchecked> $snortrules{$rulefile}{'Definition'}{$ruledef}{'Description'}</TD>";
+					print "<td class='base'><input type='checkbox' NAME='$checkboxname' $ruledefchecked> $snortrules{$rulefile}{'Definition'}{$ruledef}{'Description'}</td>";
 
 					# Increment count
 					$ruledefdisplaycnt++;
@@ -714,26 +646,24 @@ if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable
 
 				# If do not have second rule for row, create empty cell
 				if (($ruledefdisplaycnt % 2) != 0) {
-					print "<TD CLASS='base'></TD>";
+					print "<td class='base'></td>";
 				}
 
 				# Close display table
-				print "</TR></TABLE></TD></TR>";
+				print "</tr></table></td></tr>";
 		}
 
 			# Close display table
-			print "</TABLE>";
+			print "</table>";
 
 			# Increment ruledisplaycnt
 		$ruledisplaycnt++;
 		}
-	print "</TD></TR></TABLE></TD></TR></TABLE>";
+	print "</td></tr></table></td></tr></table>";
 	print <<END
 <table width='100%'>
 <tr>
-	<td width='33%'>&nbsp;</td>
-	<td width='33%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
-	<td width='33%'>
+	<td width='100%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
 		&nbsp; <!-- space for future online help link -->
 	</td>
 </tr>