From 2f252efa0dc0625248ecf99917be9887821b5223 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Tue, 23 Mar 2021 14:56:11 +0100 Subject: [PATCH] ids.cgi: Rework rulesetsettings section. * The page and section now supports multiple ruleset providers at once. * Adding / Editing a ruleset provider has been moved to a own sub-page. Signed-off-by: Stefan Schantl --- html/cgi-bin/ids.cgi | 424 +++++++++++++++++++++++++++++++++---------- 1 file changed, 329 insertions(+), 95 deletions(-) diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 42d2ca7fbc..e922e5dd3c 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -38,7 +38,7 @@ my %color = (); my %mainsettings = (); my %idsrules = (); my %idssettings=(); -my %rulessettings=(); +my %used_providers=(); my %cgiparams=(); my %checked=(); my %selected=(); @@ -52,6 +52,9 @@ my %ignored=(); # the list of zones in an array. my @network_zones = &Network::get_available_network_zones(); +# Grab all used ruleset providers. +&General::readhasharray($IDS::providers_settings_file, \%used_providers); + # Check if openvpn is started and add it to the array of network zones. if ( -e "/var/run/openvpn.pid") { push(@network_zones, "ovpn"); @@ -584,7 +587,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Check if the IDS should be enabled. if ($cgiparams{'ENABLE_IDS'} eq "on") { # Check if any ruleset is available. Otherwise abort and display an error. - unless(%idsrules) { + unless(%used_providers) { $errormessage = $Lang::tr{'ids no ruleset available'}; } @@ -633,7 +636,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Check if "MONITOR_TRAFFIC_ONLY" has been changed. if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) { # Check if a ruleset exists. - if (%idsrules) { + if (%used_providers) { # Lock the webpage and print message. &working_notice("$Lang::tr{'ids working'}"); @@ -675,6 +678,8 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { if ($cgiparams{'RULESET'} eq "$Lang::tr{'ids customize ruleset'}" ) { &show_customize_ruleset(); +} elsif ($cgiparams{'PROVIDERS'} ne "") { + &show_add_provider(); } else { &show_mainpage(); } @@ -698,9 +703,8 @@ sub show_display_error_message() { ## Function to display the main IDS page. # sub show_mainpage() { - # Read-in idssettings and rulesetsettings + # Read-in idssettings . &General::readhash("$IDS::ids_settings_file", \%idssettings); - &General::readhash("$IDS::rules_settings_file", \%rulessettings); # If no autoupdate intervall has been configured yet, set default value. unless(exists($idssettings{'AUTOUPDATE_INTERVAL'})) { @@ -717,40 +721,10 @@ sub show_mainpage() { $checked{'MONITOR_TRAFFIC_ONLY'}{'off'} = ''; $checked{'MONITOR_TRAFFIC_ONLY'}{'on'} = ''; $checked{'MONITOR_TRAFFIC_ONLY'}{$idssettings{'MONITOR_TRAFFIC_ONLY'}} = "checked='checked'"; - $selected{'RULES'}{'nothing'} = ''; - $selected{'RULES'}{$rulessettings{'RULES'}} = "selected='selected'"; $selected{'AUTOUPDATE_INTERVAL'}{'off'} = ''; $selected{'AUTOUPDATE_INTERVAL'}{'daily'} = ''; $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} = ''; - $selected{'AUTOUPDATE_INTERVAL'}{$rulessettings{'AUTOUPDATE_INTERVAL'}} = "selected='selected'"; - - ### Java Script ### - print " -END -; + $selected{'AUTOUPDATE_INTERVAL'}{$idssettings{'AUTOUPDATE_INTERVAL'}} = "selected='selected'"; # Draw current state of the IDS &Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'}); @@ -803,8 +777,8 @@ END END } - # Only show this area, if a ruleset is present. - if (%idsrules) { + # Only show this area, if at least one ruleset provider is configured. + if (%used_providers) { print < - - - - - - - - + + + + + + END -; - # Get all available ruleset providers. - my @ruleset_providers = &IDS::get_ruleset_providers(); + # Check if some providers has been configured. + if (keys (%used_providers)) { + my $col = ""; - # Loop throgh the list of providers. - foreach my $provider (@ruleset_providers) { - # Call get_provider_name function to obtain the provider name. - my $option_string = &get_provider_name($provider); + # Loop through all entries of the hash. + #while( (my $id) = each %used_providers) { + foreach my $id (sort keys(%used_providers)) { + # Assign data array positions to some nice variable names. + my $provider = $used_providers{$id}[0]; + my $provider_name = &get_provider_name($provider); - # Print option. - print "\n"; + #XXX my $rulesdate = &IDS::get_ruleset_date($provider); + my $rulesdate; + + my $subscription_code = $used_providers{$id}[1]; + my $autoupdate_status = $used_providers{$id}[2]; + my $status = $used_providers{$id}[3]; + + # Check if the item number is even or not. + if ($id % 2) { + $col="bgcolor='$color{'color22'}'"; + } else { + $col="bgcolor='$color{'color20'}'"; } -print < - - - + # Choose icons for the checkboxes. + my $status_gif; + my $status_gdesc; + my $autoupdate_status_gif; + my $autoupdate_status_gdesc; - - - + # Check if the status is enabled and select the correct image and description. + if ($status eq 'enabled' ) { + $status_gif = 'on.gif'; + $status_gdesc = $Lang::tr{'click to disable'}; + } else { + $status_gif = 'off.gif'; + $status_gdesc = $Lang::tr{'click to enable'}; + } - - - + # Check if the autoupdate status is enabled and select the correct image and description. + if ($autoupdate_status eq 'enabled') { + $autoupdate_status_gif = 'on.gif'; + $autoupdate_status_gdesc = $Lang::tr{'click to disable'}; + } else { + $autoupdate_status_gif = 'off.gif'; + $autoupdate_status_gdesc = $Lang::tr{'click to enable'}; + } - - +print < + + + + + + + + - + END -; - # Show the "Update Ruleset"-Button only if a ruleset has been downloaded yet and automatic updates are disabled. - if ((%idsrules) && ($rulessettings{'AUTOUPDATE_INTERVAL'} eq "off")) { - # Display button to update the ruleset. - print"\n"; } + + } else { + # Print notice that currently no hosts are ignored. + print "\n"; + print "\n"; + print "\n"; + } + + print "
$Lang::tr{'ids rules update'}$Lang::tr{'ids automatic rules update'}
$Lang::tr{'ids provider'}$Lang::tr{'date'}$Lang::tr{'ids autoupdates'}
- -


 $provider_name$rulesdate +
+ + + +
+ 		+
+ + + +
+ 		+
+ + + +
+ 		+ +
+ + + +
+
$Lang::tr{'guardian no entries'}
\n"; + + # Section to add new elements or edit existing ones. print < - - +
+
+
- +
+ + + +END + + # Only show this button if a ruleset provider is configured. + if (%used_providers) { + print "\n"; + } +print < + +
- +
END -; &Header::closebox(); @@ -1028,17 +1070,17 @@ print <
- - - + + +
- - - + + +
@@ -1244,6 +1286,198 @@ END } } +# +## Function to show section for add/edit a provider. +# +sub show_add_provider() { + my @subscription_providers; + + # Get all supported ruleset providers. + my @ruleset_providers = &IDS::get_ruleset_providers(); + + ### Java Script ### + print " +END +; + + &Header::openbox('100%', 'center', $Lang::tr{'ids provider settings'}); + + # Check if an existing provider should be edited. + if($cgiparams{'PROVIDERS'} eq "$Lang::tr{'edit'}") { + # Check if autoupdate is enabled for this provider. + if ($used_providers{$cgiparams{'ID'}}[2] eq "on") { + # Set the checkbox to be checked. + $checked{'ENABLE_AUTOUPDATE'} = "checked='checked'"; + } + } elsif ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'ids add provider'}") { + # Set the autoupdate to true as default. + $checked{'ENABLE_AUTOUPDATE'} = "checked='checked'"; + } + +print < + + + + + + + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'ids provider'}
+ + + $Lang::tr{'ids visit provider website'} +


+  $Lang::tr{'ids enable automatic updates'} +
+ +END +; + # Check if a provider should be added or edited. + if ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'edit'}") { + # Display button for updating the existing provider. + print "\n"; + } else { + # Display button to add the new provider. + print "\n"; + } +print < +
+ +END +; + &Header::closebox(); +} + # ## A function to display a notice, to lock the webpage and ## tell the user which action currently will be performed. -- 2.39.2