[ipfire-2.x.git] / html / cgi-bin / ids.cgi

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use strict;

# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
use File::Copy;

require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";

my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);

my %snortsettings=();
my %checked=();
my %selected=();
my %netsettings=();
our $errormessage = '';
our $results = '';
our $tempdir = '';
our $url='';
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);

&Header::showhttpheaders();

$snortsettings{'ENABLE_SNORT'} = 'off';
$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
$snortsettings{'ACTION'} = '';
$snortsettings{'RULES'} = '';
$snortsettings{'OINKCODE'} = '';
$snortsettings{'INSTALLDATE'} = '';
$snortsettings{'FILE'} = '';

&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});

my $snortrulepath = "/etc/snort/rules";
my $restartsnortrequired = 0;
my %snortrules;
my $rule = '';
my $table1colour = '';
my $table2colour = '';
my $var = '';
my $value = '';
my $tmp = '';
my $linkedrulefile = '';
my $border = '';
my $checkboxname = '';

## Grab all available snort rules and store them in the snortrules hash.
#
# Open snort rules directory and do a directory listing.
opendir(DIR, $snortrulepath) or die $!;
	# Loop through the direcory.
	while (my $file = readdir(DIR)) {

		# We only want files.
		next unless (-f "$snortrulepath/$file");

		# Ignore empty files.
		next if (-z "$snortrulepath/$file");

		# Use a regular expression to find files ending in .rules
		next unless ($file =~ m/\.rules$/);

		# Ignore files which are not read-able.
		next unless (-R "$snortrulepath/$file");

		# Call subfunction to read-in rulefile and add rules to
		# the snortrules hash.
		&readrulesfile("$file");
	}

closedir(DIR);

if ($snortsettings{'OINKCODE'} ne "") {
	$errormessage = $Lang::tr{'invalid input for oink code'} unless ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/);
}

if (!$errormessage) {
	if ($snortsettings{'RULES'} eq 'subscripted') {
		$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
	} elsif ($snortsettings{'RULES'} eq 'registered') {
		$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
	} elsif ($snortsettings{'RULES'} eq 'community') {
		$url=" https://www.snort.org/rules/community";
	} else {
		$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
	}

	if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" ) {
		&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
		if ($snortsettings{'ENABLE_SNORT'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable");
		} else {
			unlink "${General::swroot}/snort/enable";
		}
		if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
		} else {
			unlink "${General::swroot}/snort/enable_green";
		}
		if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
		} else {
			unlink "${General::swroot}/snort/enable_blue";
		}
		if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
		} else {
			unlink "${General::swroot}/snort/enable_orange";
		}
		if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
		} else {
			unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
		}

		system('/usr/local/bin/snortctrl restart >/dev/null');
	}

	# INSTALLMD5 is not in the form, so not retrieved by getcgihash
	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);

	if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
		my @df = `/bin/df -B M /var`;
		foreach my $line (@df) {
			next if $line =~ m/^Filesystem/;
			my $return;

			if ($line =~ m/dev/ ) {
				$line =~ m/^.* (\d+)M.*$/;
				my @temp = split(/ +/,$line);
				if ($1<300) {
					$errormessage = "$Lang::tr{'not enough disk space'} < 300MB, /var $1MB";
				} else {
					if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
						&downloadrulesfile();
						sleep(3);
						$return = `cat /var/tmp/log 2>/dev/null`;

					}

					if ($return =~ "ERROR") {
						$errormessage = "<br /><pre>".$return."</pre>";
					} else {
						system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &");
						sleep(2);
					}
				}
			}
		}
	}
}

$checked{'ENABLE_SNORT'}{'off'} = '';
$checked{'ENABLE_SNORT'}{'on'} = '';
$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'emerging'} = '';
$selected{'RULES'}{'registered'} = '';
$selected{'RULES'}{'subscripted'} = '';
$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";

&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');

### Java Script ###
print <<END
<script>
	// Tiny java script function to show/hide the rules
	// of a given category.
	function showhide(tblname) {
		\$("#" + tblname).toggle();
	}
</script>
END
;

print <<END
<style type="text/css">
<!--
.section {
	border: groove;
}
.row1color {
	border: ridge;
	background-color: $color{'color22'};
}
.row2color {
	border: ridge;
	background-color: $color{'color20'};
}
.rowselected {
	border: double #FF0000;
	background-color: #DCDCDC;
}
-->
</style>
END
;

&Header::openbigbox('100%', 'left', '', $errormessage);

###############
# DEBUG DEBUG
# &Header::openbox('100%', 'left', 'DEBUG');
# my $debugCount = 0;
# foreach my $line (sort keys %snortsettings) {
# print "$line = $snortsettings{$line}<br />\n";
# $debugCount++;
# }
# print "&nbsp;Count: $debugCount\n";
# &Header::closebox();
# DEBUG DEBUG
###############

if ($errormessage) {
	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	print "<class name='base'>$errormessage\n";
	print "&nbsp;</class>\n";
	&Header::closebox();
}

my $return = `pidof oinkmaster.pl -x`;
chomp($return);
if ($return) {
	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
	print <<END;
	<table>
		<tr><td>
				<img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />&nbsp;
			<td>
				$Lang::tr{'snort working'}
		<tr><td colspan='2' align='center'>
			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
				<input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
			</form>
		<tr><td colspan='2' align='left'><pre>
END
	my @output = `tail -20 /var/tmp/log`;
	foreach (@output) {
		print "$_";
	}
	print <<END;
			</pre>
		</table>
END
	&Header::closebox();
	&Header::closebigbox();
	&Header::closepage();
	exit;
	refreshpage();
}

&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
<tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
END
;
if ($netsettings{'BLUE_DEV'} ne '') {
  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />   BLUE Snort";
}
if ($netsettings{'ORANGE_DEV'} ne '') {
  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />   ORANGE Snort";
}
  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />   RED Snort";

print <<END
</td></tr>
<tr>
	<td><br><br></td>
</tr>
<tr>
	<td><b>$Lang::tr{'ids rules update'}</b></td>
</tr>
<tr>
	<td><select name='RULES'>
				<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
				<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
				<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
				<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
				<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
			</select>
	</td>
</tr>
<tr>
	<td><br />
		$Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
		$Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
	</td>
</tr>
<tr>
	<td nowrap='nowrap'>Oinkcode:&nbsp;<input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
</tr>
<tr>
	<td width='30%' align='left'><br><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
END
;
if ( -e "/var/tmp/snortrules.tar.gz"){
	my @Info = stat("/var/tmp/snortrules.tar.gz");
	$snortsettings{'INSTALLDATE'} = localtime($Info[9]);
}
print "&nbsp;$Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";

print <<END
</tr>
</table>
<br><br>
<table width='100%'>
<tr>
	<td align='right'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
</table>
</form>
END
;

if ($results ne '') {
	print "$results";
}

&Header::closebox();

&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
	# Output display table for rule files
	print "<table width='100%'>\n";

	# Local variable required for java script to show/hide
	# rules of a rulefile.
	my $rulesetcount = 1;

	# Loop over each rule file
	foreach my $rulefile (sort keys(%snortrules)) {
		my $rulechecked = '';

		# Check if rule file is enabled
		if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
			$rulechecked = 'CHECKED';
		}

		# Table and rows for the rule files.
		print"<tr>\n";
		print"<td class='base' width='5%'>\n";
		print"<input type='checkbox' name='SNORT_RULE_$rulefile' $rulechecked>\n";
		print"</td>\n";
		print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
		print"<td class='base' width='5%' align='right'>\n";
		print"<a href=\"javascript:showhide('ruleset$rulesetcount')\">SHOW</a>\n";
		print"</td>\n";
		print"</tr>\n";

		# Rows which will be hidden per default and will contain the single rules.
		print"<tr  style='display:none' id='ruleset$rulesetcount'>\n";
		print"<td colspan='3'>\n";

		# Local vars
		my $lines;
		my $rows;
		my $col;

		# New table for the single rules.
		print "<table width='100%'>\n";

		# Loop over rule file rules
		foreach my $sid (sort {$a <=> $b} keys(%{$snortrules{$rulefile}})) {
			# Local vars
			my $ruledefchecked = '';

			# If 2 rules have been displayed, start a new row
			if (($lines % 2) == 0) {
				print "</tr><tr>\n";

				# Increase rows by once.
				$rows++;
			}

			# Colour lines.
			if ($rows % 2) {
				$col="bgcolor='$color{'color20'}'";
			} else {
				$col="bgcolor='$color{'color22'}'";
			}

			# Set rule state
			if ($snortrules{$rulefile}{$sid}{'State'} eq 'Enabled') {
				$ruledefchecked = 'CHECKED';
			}

			# Create rule checkbox and display rule description
			print "<td class='base' width='5%' align='right' $col>\n";
			print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
			print "</td>\n";
			print "<td class='base' width='45%' $col>$snortrules{$rulefile}{$sid}{'Description'}</td>";

			# Increment rule count
			$lines++;
		}

		# If do not have a second rule for row, create empty cell
		if (($lines % 2) != 0) {
			print "<td class='base'></td>";
		}

		# Close display table
		print "</tr></table></td></tr>";

		# Finished whith the rule file, increase count.
		$rulesetcount++;
	}

	# Close display table
	print "</table>";

print <<END
<table width='100%'>
<tr>
	<td width='100%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}'>
		&nbsp; <!-- space for future online help link -->
	</td>
</tr>
</table>
END
;
&Header::closebox();

&Header::closebigbox();
&Header::closepage();

sub refreshpage {
	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );
		print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";
	&Header::closebox();
}

sub downloadrulesfile {
	my $peer;
	my $peerport;

	unlink("/var/tmp/log");

	unless (-e "${General::swroot}/red/active") {
		$errormessage = $Lang::tr{'could not download latest updates'};
		return undef;
	}

	my %proxysettings=();
	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);

	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
		($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
	}

	if ($peer) {
		system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
	} else {
		system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
	}
}

sub readrulesfile ($) {
	my $rulefile = shift;

	# Open rule file and read in contents
	open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!";

	# Store file content in an array.
	my @lines = <RULEFILE>;

	# Close file.
	close(RULEFILE);

	# Loop over rule file contents
	foreach my $line (@lines) {
		# Remove whitespaces.
		chomp $line;

		# Skip blank  lines.
		next if ($line =~ /^\s*$/);

		# Local vars.
		my $sid;
		my $msg;

		# Gather rule sid and message from the ruleline.
		if ($line =~ m/.*msg:\"(.*?)\"\; .* sid:(.*?); /) {
			$msg = $1;
			$sid = $2;

			# Check if a rule has been found.
			if ($sid && $msg) {
				# Add rule to the snortrules hash.
				$snortrules{$rulefile}{$sid}{'Description'} = $msg;

				# Grab status of the rule. Check if ruleline starts with a "dash".
				if ($line =~ /^\#/) {
					# If yes, the rule is disabled.
					$snortrules{$rulefile}{$sid}{'State'} = "Disabled";
				} else {
					# Otherwise the rule is enabled.
					$snortrules{$rulefile}{$sid}{'State'} = "Enabled";
				}
			}
		}
        }
}
Commit	Line	Data
ac1cfefa	1	#!/usr/bin/perl
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
b6f571fa	5	# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
70df8302 MT	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
ac1cfefa MT	22	use strict;
	23
	24	# enable only the following on debugging purpose
90c2e164 CS	25	#use warnings;
90c2e164 CS	26	#use CGI::Carp 'fatalsToBrowser';
73231650	27	use File::Copy;
ac1cfefa	28
986e08d9	29	require '/var/ipfire/general-functions.pl';
ac1cfefa MT	30	require "${General::swroot}/lang.pl";
	31	require "${General::swroot}/header.pl";
	32
f2fdd0c1 CS	33	my %color = ();
	34	my %mainsettings = ();
	35	&General::readhash("${General::swroot}/main/settings", \%mainsettings);
	36	&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
	37
ac1cfefa MT	38	my %snortsettings=();
ac1cfefa MT	39	my %checked=();
5a3e0dca	40	my %selected=();
ac1cfefa MT	41	my %netsettings=();
ac1cfefa MT	42	our $errormessage = '';
ac1cfefa MT	43	our $results = '';
	44	our $tempdir = '';
	45	our $url='';
	46	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
	47
	48	&Header::showhttpheaders();
	49
	50	$snortsettings{'ENABLE_SNORT'} = 'off';
	51	$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
	52	$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
	53	$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
	54	$snortsettings{'ACTION'} = '';
5a3e0dca	55	$snortsettings{'RULES'} = '';
ac1cfefa MT	56	$snortsettings{'OINKCODE'} = '';
ac1cfefa MT	57	$snortsettings{'INSTALLDATE'} = '';
73231650	58	$snortsettings{'FILE'} = '';
ac1cfefa MT	59
	60	&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});
	61
422204ff	62	my $snortrulepath = "/etc/snort/rules";
395e3b90 MT	63	my $restartsnortrequired = 0;
	64	my %snortrules;
	65	my $rule = '';
	66	my $table1colour = '';
	67	my $table2colour = '';
	68	my $var = '';
	69	my $value = '';
	70	my $tmp = '';
	71	my $linkedrulefile = '';
	72	my $border = '';
	73	my $checkboxname = '';
	74
3da6e01b SS	75	## Grab all available snort rules and store them in the snortrules hash.
3da6e01b SS	76	#
422204ff SS	77	# Open snort rules directory and do a directory listing.
	78	opendir(DIR, $snortrulepath) or die $!;
	79	# Loop through the direcory.
	80	while (my $file = readdir(DIR)) {
	81
	82	# We only want files.
	83	next unless (-f "$snortrulepath/$file");
	84
	85	# Ignore empty files.
	86	next if (-z "$snortrulepath/$file");
	87
3da6e01b	88	# Use a regular expression to find files ending in .rules
422204ff SS	89	next unless ($file =~ m/\.rules$/);
422204ff SS	90
3da6e01b SS	91	# Ignore files which are not read-able.
3da6e01b SS	92	next unless (-R "$snortrulepath/$file");
395e3b90	93
3da6e01b SS	94	# Call subfunction to read-in rulefile and add rules to
	95	# the snortrules hash.
	96	&readrulesfile("$file");
395e3b90	97	}
395e3b90	98
3da6e01b	99	closedir(DIR);
395e3b90	100
a9a91e5f MT	101	if ($snortsettings{'OINKCODE'} ne "") {
a9a91e5f MT	102	$errormessage = $Lang::tr{'invalid input for oink code'} unless ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/);
ac1cfefa MT	103	}
ac1cfefa MT	104
a9a91e5f MT	105	if (!$errormessage) {
a9a91e5f MT	106	if ($snortsettings{'RULES'} eq 'subscripted') {
9d79aea2	107	$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
a9a91e5f	108	} elsif ($snortsettings{'RULES'} eq 'registered') {
9d79aea2	109	$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
a9a91e5f MT	110	} elsif ($snortsettings{'RULES'} eq 'community') {
a9a91e5f MT	111	$url=" https://www.snort.org/rules/community";
ac1cfefa	112	} else {
a9a91e5f	113	$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
f9c2147d	114	}
ac1cfefa	115
a9a91e5f MT	116	if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" ) {
	117	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
	118	if ($snortsettings{'ENABLE_SNORT'} eq 'on')
	119	{
	120	system ('/usr/bin/touch', "${General::swroot}/snort/enable");
	121	} else {
	122	unlink "${General::swroot}/snort/enable";
	123	}
	124	if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
	125	{
	126	system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
	127	} else {
	128	unlink "${General::swroot}/snort/enable_green";
	129	}
	130	if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
	131	{
	132	system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
	133	} else {
	134	unlink "${General::swroot}/snort/enable_blue";
	135	}
	136	if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
	137	{
	138	system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
	139	} else {
	140	unlink "${General::swroot}/snort/enable_orange";
	141	}
	142	if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
	143	{
	144	system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
	145	} else {
	146	unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
	147	}
395e3b90	148
a9a91e5f MT	149	system('/usr/local/bin/snortctrl restart >/dev/null');
a9a91e5f MT	150	}
a27c40a0	151
a9a91e5f	152	# INSTALLMD5 is not in the form, so not retrieved by getcgihash
ac1cfefa	153	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
ac1cfefa	154
fbd43017	155	if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
a9a91e5f MT	156	my @df = `/bin/df -B M /var`;
	157	foreach my $line (@df) {
	158	next if $line =~ m/^Filesystem/;
	159	my $return;
	160
	161	if ($line =~ m/dev/ ) {
	162	$line =~ m/^.* (\d+)M.*$/;
	163	my @temp = split(/ +/,$line);
	164	if ($1<300) {
	165	$errormessage = "$Lang::tr{'not enough disk space'} < 300MB, /var $1MB";
	166	} else {
	167	if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
	168	&downloadrulesfile();
	169	sleep(3);
	170	$return = `cat /var/tmp/log 2>/dev/null`;
	171
73231650	172	}
73231650	173
a9a91e5f	174	if ($return =~ "ERROR") {
73231650 CS	175	$errormessage = "<br /><pre>".$return."</pre>";
	176	} else {
	177	system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &");
	178	sleep(2);
32810952	179	}
a9a91e5f	180	}
ac1cfefa	181	}
ac1cfefa MT	182	}
	183	}
	184	}
	185
	186	$checked{'ENABLE_SNORT'}{'off'} = '';
	187	$checked{'ENABLE_SNORT'}{'on'} = '';
	188	$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
	189	$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
	190	$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
	191	$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
	192	$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
	193	$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
	194	$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
	195	$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
	196	$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
	197	$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
5a3e0dca	198	$selected{'RULES'}{'nothing'} = '';
5a3e0dca	199	$selected{'RULES'}{'community'} = '';
a0fa489f	200	$selected{'RULES'}{'emerging'} = '';
5a3e0dca MT	201	$selected{'RULES'}{'registered'} = '';
	202	$selected{'RULES'}{'subscripted'} = '';
	203	$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
ac1cfefa MT	204
	205	&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
	206
17726644 SS	207	### Java Script ###
	208	print <<END
	209	<script>
	210	// Tiny java script function to show/hide the rules
	211	// of a given category.
	212	function showhide(tblname) {
	213	\$("#" + tblname).toggle();
	214	}
	215	</script>
	216	END
	217	;
	218
395e3b90	219	print <<END
e6d8a421	220	<style type="text/css">
395e3b90 MT	221	<!--
	222	.section {
	223	border: groove;
	224	}
	225	.row1color {
	226	border: ridge;
f2fdd0c1	227	background-color: $color{'color22'};
395e3b90 MT	228	}
	229	.row2color {
	230	border: ridge;
f2fdd0c1	231	background-color: $color{'color20'};
395e3b90 MT	232	}
	233	.rowselected {
	234	border: double #FF0000;
	235	background-color: #DCDCDC;
	236	}
	237	-->
e6d8a421	238	</style>
395e3b90 MT	239	END
395e3b90 MT	240	;
395e3b90	241
ac1cfefa MT	242	&Header::openbigbox('100%', 'left', '', $errormessage);
ac1cfefa MT	243
90c2e164 CS	244	###############
	245	# DEBUG DEBUG
	246	# &Header::openbox('100%', 'left', 'DEBUG');
	247	# my $debugCount = 0;
	248	# foreach my $line (sort keys %snortsettings) {
	249	# print "$line = $snortsettings{$line}<br />\n";
	250	# $debugCount++;
	251	# }
	252	# print " Count: $debugCount\n";
	253	# &Header::closebox();
	254	# DEBUG DEBUG
	255	###############
	256
ac1cfefa MT	257	if ($errormessage) {
	258	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	259	print "<class name='base'>$errormessage\n";
	260	print " </class>\n";
	261	&Header::closebox();
	262	}
	263
73231650 CS	264	my $return = `pidof oinkmaster.pl -x`;
	265	chomp($return);
	266	if ($return) {
	267	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
	268	print <<END;
	269	<table>
	270	<tr><td>
	271	<img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />
	272	<td>
	273	$Lang::tr{'snort working'}
	274	<tr><td colspan='2' align='center'>
	275	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
f8aa0679	276	<input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
73231650 CS	277	</form>
	278	<tr><td colspan='2' align='left'><pre>
	279	END
	280	my @output = `tail -20 /var/tmp/log`;
	281	foreach (@output) {
	282	print "$_";
	283	}
	284	print <<END;
	285	</pre>
	286	</table>
	287	END
	288	&Header::closebox();
	289	&Header::closebigbox();
	290	&Header::closepage();
	291	exit;
	292	refreshpage();
	293	}
	294
7cc8a0e5	295	&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
ac1cfefa MT	296	print <<END
ac1cfefa MT	297	<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
1b73b07e	298	<tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
ac1cfefa MT	299	END
	300	;
	301	if ($netsettings{'BLUE_DEV'} ne '') {
1b73b07e	302	print "      <input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} /> BLUE Snort";
ac1cfefa MT	303	}
ac1cfefa MT	304	if ($netsettings{'ORANGE_DEV'} ne '') {
1b73b07e	305	print "      <input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} /> ORANGE Snort";
ac1cfefa	306	}
1b73b07e	307	print "      <input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} /> RED Snort";
1b73b07e	308
ac1cfefa	309	print <<END
1b73b07e	310	</td></tr>
ac1cfefa	311	<tr>
7cc8a0e5	312	<td><br><br></td>
ac1cfefa MT	313	</tr>
	314	<tr>
	315	<td><b>$Lang::tr{'ids rules update'}</b></td>
	316	</tr>
	317	<tr>
5a3e0dca MT	318	<td><select name='RULES'>
5a3e0dca MT	319	<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
a0fa489f	320	<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
5a3e0dca MT	321	<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
	322	<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
	323	<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
	324	</select>
	325	</td>
ac1cfefa MT	326	</tr>
	327	<tr>
	328	<td><br />
8d29504c	329	$Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
4935eb8b	330	$Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
ac1cfefa MT	331	</td>
	332	</tr>
	333	<tr>
5a3e0dca	334	<td nowrap='nowrap'>Oinkcode: <input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
ac1cfefa MT	335	</tr>
ac1cfefa MT	336	<tr>
7cc8a0e5	337	<td width='30%' align='left'><br><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
ac1cfefa MT	338	END
ac1cfefa MT	339	;
42d9192e	340	if ( -e "/var/tmp/snortrules.tar.gz"){
0972c650 CS	341	my @Info = stat("/var/tmp/snortrules.tar.gz");
0972c650 CS	342	$snortsettings{'INSTALLDATE'} = localtime($Info[9]);
ac1cfefa	343	}
32810952 CS	344	print " $Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";
32810952 CS	345
ac1cfefa MT	346	print <<END
	347	</tr>
	348	</table>
7cc8a0e5	349	<br><br>
ac1cfefa MT	350	<table width='100%'>
ac1cfefa MT	351	<tr>
7cc8a0e5	352	<td align='right'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
ac1cfefa MT	353	</tr>
	354	</table>
	355	</form>
	356	END
	357	;
	358
	359	if ($results ne '') {
	360	print "$results";
	361	}
	362
	363	&Header::closebox();
fbfdb241	364
f7fcd1c0 SS	365	&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
f7fcd1c0 SS	366	# Output display table for rule files
17726644	367	print "<table width='100%'>\n";
ce0e83b3	368
17726644 SS	369	# Local variable required for java script to show/hide
	370	# rules of a rulefile.
	371	my $rulesetcount = 1;
f7fcd1c0 SS	372
	373	# Loop over each rule file
	374	foreach my $rulefile (sort keys(%snortrules)) {
	375	my $rulechecked = '';
	376
f7fcd1c0 SS	377	# Check if rule file is enabled
	378	if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
	379	$rulechecked = 'CHECKED';
	380	}
3ffee04b	381
17726644 SS	382	# Table and rows for the rule files.
	383	print"<tr>\n";
	384	print"<td class='base' width='5%'>\n";
	385	print"<input type='checkbox' name='SNORT_RULE_$rulefile' $rulechecked>\n";
	386	print"</td>\n";
	387	print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
	388	print"<td class='base' width='5%' align='right'>\n";
	389	print"<a href=\"javascript:showhide('ruleset$rulesetcount')\">SHOW</a>\n";
	390	print"</td>\n";
	391	print"</tr>\n";
	392
	393	# Rows which will be hidden per default and will contain the single rules.
	394	print"<tr style='display:none' id='ruleset$rulesetcount'>\n";
	395	print"<td colspan='3'>\n";
	396
	397	# Local vars
	398	my $lines;
	399	my $rows;
	400	my $col;
	401
	402	# New table for the single rules.
	403	print "<table width='100%'>\n";
	404
	405	# Loop over rule file rules
	406	foreach my $sid (sort {$a <=> $b} keys(%{$snortrules{$rulefile}})) {
f7fcd1c0	407	# Local vars
17726644	408	my $ruledefchecked = '';
f9c2147d	409
17726644 SS	410	# If 2 rules have been displayed, start a new row
	411	if (($lines % 2) == 0) {
	412	print "</tr><tr>\n";
3ffee04b	413
17726644 SS	414	# Increase rows by once.
	415	$rows++;
	416	}
f7fcd1c0	417
17726644 SS	418	# Colour lines.
	419	if ($rows % 2) {
	420	$col="bgcolor='$color{'color20'}'";
	421	} else {
	422	$col="bgcolor='$color{'color22'}'";
f7fcd1c0 SS	423	}
f7fcd1c0 SS	424
17726644 SS	425	# Set rule state
	426	if ($snortrules{$rulefile}{$sid}{'State'} eq 'Enabled') {
	427	$ruledefchecked = 'CHECKED';
f7fcd1c0	428	}
3ffee04b	429
17726644 SS	430	# Create rule checkbox and display rule description
	431	print "<td class='base' width='5%' align='right' $col>\n";
	432	print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
	433	print "</td>\n";
	434	print "<td class='base' width='45%' $col>$snortrules{$rulefile}{$sid}{'Description'}</td>";
	435
	436	# Increment rule count
	437	$lines++;
	438	}
	439
	440	# If do not have a second rule for row, create empty cell
	441	if (($lines % 2) != 0) {
	442	print "<td class='base'></td>";
f7fcd1c0 SS	443	}
	444
	445	# Close display table
17726644	446	print "</tr></table></td></tr>";
3ffee04b	447
17726644 SS	448	# Finished whith the rule file, increase count.
17726644 SS	449	$rulesetcount++;
f7fcd1c0	450	}
17726644 SS	451
	452	# Close display table
	453	print "</table>";
	454
f7fcd1c0	455	print <<END
2999f1d2 CS	456	<table width='100%'>
2999f1d2 CS	457	<tr>
17726644	458	<td width='100%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}'>
3ffee04b CS	459	<!-- space for future online help link -->
3ffee04b CS	460	</td>
2999f1d2 CS	461	</tr>
2999f1d2 CS	462	</table>
3ffee04b CS	463	END
3ffee04b CS	464	;
f7fcd1c0	465	&Header::closebox();
395e3b90	466
ac1cfefa MT	467	&Header::closebigbox();
	468	&Header::closepage();
	469
a70d269a SS	470	sub refreshpage {
	471	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );
	472	print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";
	473	&Header::closebox();
	474	}
	475
ac1cfefa	476	sub downloadrulesfile {
73231650 CS	477	my $peer;
73231650 CS	478	my $peerport;
ac1cfefa	479
73231650	480	unlink("/var/tmp/log");
ac1cfefa MT	481
	482	unless (-e "${General::swroot}/red/active") {
	483	$errormessage = $Lang::tr{'could not download latest updates'};
	484	return undef;
	485	}
	486
ac1cfefa MT	487	my %proxysettings=();
	488	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
	489
	490	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
73231650	491	($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]?(?:\:[A-Za-z0-9\_\.\-]?)?\@)?([a-zA-Z0-9\.\_\-]?)(?:\:([0-9]{1,5}))?(?:\/.?)?$/);
ac1cfefa MT	492	}
ac1cfefa MT	493
73231650	494	if ($peer) {
1f606aef	495	system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
73231650	496	} else {
1f606aef	497	system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
ac1cfefa	498	}
ac1cfefa	499	}
3da6e01b SS	500
	501	sub readrulesfile ($) {
	502	my $rulefile = shift;
	503
	504	# Open rule file and read in contents
	505	open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!";
	506
	507	# Store file content in an array.
	508	my @lines = <RULEFILE>;
	509
	510	# Close file.
	511	close(RULEFILE);
	512
	513	# Loop over rule file contents
	514	foreach my $line (@lines) {
	515	# Remove whitespaces.
	516	chomp $line;
	517
	518	# Skip blank lines.
	519	next if ($line =~ /^\s*$/);
	520
	521	# Local vars.
	522	my $sid;
	523	my $msg;
	524
	525	# Gather rule sid and message from the ruleline.
	526	if ($line =~ m/.msg:\"(.?)\"\; .* sid:(.*?); /) {
	527	$msg = $1;
	528	$sid = $2;
	529
	530	# Check if a rule has been found.
	531	if ($sid && $msg) {
	532	# Add rule to the snortrules hash.
	533	$snortrules{$rulefile}{$sid}{'Description'} = $msg;
	534
	535	# Grab status of the rule. Check if ruleline starts with a "dash".
	536	if ($line =~ /^\#/) {
	537	# If yes, the rule is disabled.
	538	$snortrules{$rulefile}{$sid}{'State'} = "Disabled";
	539	} else {
	540	# Otherwise the rule is enabled.
	541	$snortrules{$rulefile}{$sid}{'State'} = "Enabled";
	542	}
	543	}
	544	}
	545	}
	546	}