[ipfire-2.x.git] / html / cgi-bin / ids.cgi

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use strict;

# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
use File::Copy;

require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";

my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);

my %snortsettings=();
my %checked=();
my %selected=();
my %netsettings=();
our $errormessage = '';
our $results = '';
our $tempdir = '';
our $url='';
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);

&Header::showhttpheaders();

$snortsettings{'ENABLE_SNORT'} = 'off';
$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
$snortsettings{'ACTION'} = '';
$snortsettings{'RULES'} = '';
$snortsettings{'OINKCODE'} = '';
$snortsettings{'INSTALLDATE'} = '';
$snortsettings{'FILE'} = '';

&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});

my $snortrulepath = "/etc/snort/rules";
my $restartsnortrequired = 0;
my %snortrules;
my $rule = '';
my $table1colour = '';
my $table2colour = '';
my $var = '';
my $value = '';
my $tmp = '';
my $linkedrulefile = '';
my $border = '';
my $checkboxname = '';

## Grab all available snort rules and store them in the snortrules hash.
#
# Open snort rules directory and do a directory listing.
opendir(DIR, $snortrulepath) or die $!;
	# Loop through the direcory.
	while (my $file = readdir(DIR)) {

		# We only want files.
		next unless (-f "$snortrulepath/$file");

		# Ignore empty files.
		next if (-z "$snortrulepath/$file");

		# Use a regular expression to find files ending in .rules
		next unless ($file =~ m/\.rules$/);

		# Ignore files which are not read-able.
		next unless (-R "$snortrulepath/$file");

		# Call subfunction to read-in rulefile and add rules to
		# the snortrules hash.
		&readrulesfile("$file");
	}

closedir(DIR);

if ($snortsettings{'OINKCODE'} ne "") {
	$errormessage = $Lang::tr{'invalid input for oink code'} unless ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/);
}

if (!$errormessage) {
	if ($snortsettings{'RULES'} eq 'subscripted') {
		$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
	} elsif ($snortsettings{'RULES'} eq 'registered') {
		$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
	} elsif ($snortsettings{'RULES'} eq 'community') {
		$url=" https://www.snort.org/rules/community";
	} else {
		$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
	}

	if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" ) {
		&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
		if ($snortsettings{'ENABLE_SNORT'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable");
		} else {
			unlink "${General::swroot}/snort/enable";
		}
		if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
		} else {
			unlink "${General::swroot}/snort/enable_green";
		}
		if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
		} else {
			unlink "${General::swroot}/snort/enable_blue";
		}
		if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
		} else {
			unlink "${General::swroot}/snort/enable_orange";
		}
		if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
		} else {
			unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
		}

		system('/usr/local/bin/snortctrl restart >/dev/null');
	}

	# INSTALLMD5 is not in the form, so not retrieved by getcgihash
	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);

	if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
		my @df = `/bin/df -B M /var`;
		foreach my $line (@df) {
			next if $line =~ m/^Filesystem/;
			my $return;

			if ($line =~ m/dev/ ) {
				$line =~ m/^.* (\d+)M.*$/;
				my @temp = split(/ +/,$line);
				if ($1<300) {
					$errormessage = "$Lang::tr{'not enough disk space'} < 300MB, /var $1MB";
				} else {
					if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
						&downloadrulesfile();
						sleep(3);
						$return = `cat /var/tmp/log 2>/dev/null`;

					}

					if ($return =~ "ERROR") {
						$errormessage = "<br /><pre>".$return."</pre>";
					} else {
						system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &");
						sleep(2);
					}
				}
			}
		}
	}
}

$checked{'ENABLE_SNORT'}{'off'} = '';
$checked{'ENABLE_SNORT'}{'on'} = '';
$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'emerging'} = '';
$selected{'RULES'}{'registered'} = '';
$selected{'RULES'}{'subscripted'} = '';
$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";

&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');

print "<script type='text/javascript' src='/include/snortupdateutility.js'></script>";
print <<END
<style type="text/css">
<!--
.section {
	border: groove;
}
.row1color {
	border: ridge;
	background-color: $color{'color22'};
}
.row2color {
	border: ridge;
	background-color: $color{'color20'};
}
.rowselected {
	border: double #FF0000;
	background-color: #DCDCDC;
}
-->
</style>
END
;

&Header::openbigbox('100%', 'left', '', $errormessage);

###############
# DEBUG DEBUG
# &Header::openbox('100%', 'left', 'DEBUG');
# my $debugCount = 0;
# foreach my $line (sort keys %snortsettings) {
# print "$line = $snortsettings{$line}<br />\n";
# $debugCount++;
# }
# print "&nbsp;Count: $debugCount\n";
# &Header::closebox();
# DEBUG DEBUG
###############

if ($errormessage) {
	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	print "<class name='base'>$errormessage\n";
	print "&nbsp;</class>\n";
	&Header::closebox();
}

my $return = `pidof oinkmaster.pl -x`;
chomp($return);
if ($return) {
	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
	print <<END;
	<table>
		<tr><td>
				<img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />&nbsp;
			<td>
				$Lang::tr{'snort working'}
		<tr><td colspan='2' align='center'>
			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
				<input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
			</form>
		<tr><td colspan='2' align='left'><pre>
END
	my @output = `tail -20 /var/tmp/log`;
	foreach (@output) {
		print "$_";
	}
	print <<END;
			</pre>
		</table>
END
	&Header::closebox();
	&Header::closebigbox();
	&Header::closepage();
	exit;
	refreshpage();
}

&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
<tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
END
;
if ($netsettings{'BLUE_DEV'} ne '') {
  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />   BLUE Snort";
}
if ($netsettings{'ORANGE_DEV'} ne '') {
  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />   ORANGE Snort";
}
  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />   RED Snort";

print <<END
</td></tr>
<tr>
	<td><br><br></td>
</tr>
<tr>
	<td><b>$Lang::tr{'ids rules update'}</b></td>
</tr>
<tr>
	<td><select name='RULES'>
				<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
				<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
				<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
				<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
				<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
			</select>
	</td>
</tr>
<tr>
	<td><br />
		$Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
		$Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
	</td>
</tr>
<tr>
	<td nowrap='nowrap'>Oinkcode:&nbsp;<input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
</tr>
<tr>
	<td width='30%' align='left'><br><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
END
;
if ( -e "/var/tmp/snortrules.tar.gz"){
	my @Info = stat("/var/tmp/snortrules.tar.gz");
	$snortsettings{'INSTALLDATE'} = localtime($Info[9]);
}
print "&nbsp;$Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";

print <<END
</tr>
</table>
<br><br>
<table width='100%'>
<tr>
	<td align='right'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
</table>
</form>
END
;

if ($results ne '') {
	print "$results";
}

&Header::closebox();

&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
	# Output display table for rule files
	print "<table width='100%'><tr><td valign='top'><table>";

	print "<form method='post'>";

	# Local vars
	my $ruledisplaycnt = 1;
	my $rulecnt = keys %snortrules;
	$rulecnt++;
	$rulecnt = $rulecnt / 2;

	# Loop over each rule file
	foreach my $rulefile (sort keys(%snortrules)) {
		my $rulechecked = '';

		# Hide inkompatible Block rules
		if ($rulefile =~'-BLOCK.rules') {
			next;
		}

		# Check if reached half-way through rule file rules to start new column
		if ($ruledisplaycnt > $rulecnt) {
			print "</table></td><td valign='top'><table>";
			$ruledisplaycnt = 0;
		}

		# Check if rule file is enabled
		if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
			$rulechecked = 'CHECKED';
		}

		# Create rule file link, vars array, and display flag
		my $rulefilelink = "?RULEFILE=$rulefile";
		my $rulefiletoclose = '';
		my @queryvars = ();
		my $displayrulefilerules = 0;

		# Check for passed in query string
		if ($ENV{'QUERY_STRING'}) {
			# Split out vars
			@queryvars = split(/\&/, $ENV{'QUERY_STRING'});

			# Loop over values
			foreach $value (@queryvars) {
				# Split out var pairs
				($var, $linkedrulefile) = split(/=/, $value);

				# Check if var is 'RULEFILE'
				if ($var eq 'RULEFILE') {
					# Check if rulefile equals linkedrulefile
					if ($rulefile eq $linkedrulefile) {
						# Set display flag
						$displayrulefilerules = 1;

						# Strip out rulefile from rulefilelink
						$rulefilelink =~ s/RULEFILE=$linkedrulefile//g;
					} else {
						# Add linked rule file to rulefilelink
						$rulefilelink .= "&RULEFILE=$linkedrulefile";
					}
				}
			}
		}

		# Strip out extra & & ? from rulefilelink
		$rulefilelink =~ s/^\?\&/\?/i;

		# Check for a single '?' and replace with page for proper link display
		if ($rulefilelink eq '?') {
			$rulefilelink = "ids.cgi";
		}

		# Output rule file name and checkbox
		print "<tr><td class='base' valign='top'><input type='checkbox' NAME='SNORT_RULE_$rulefile' $rulechecked> <a href='$rulefilelink'>$rulefile</a></td></tr>";
		print "<tr><td class='base' valign='top'>";

		# Check for empty 'Description'
		if ($snortrules{$rulefile}{'Description'} eq '') {
			print "<table width='100%'><tr><td class='base'>No description available</td></tr>";
		} else {
			# Output rule file 'Description'
			print "<table width='100%'><tr><td class='base'>$snortrules{$rulefile}{'Description'}</td></tr>";
		}

		# Check for display flag
		if ($displayrulefilerules) {
			# Rule file definition rule display
			print "<tr><td class='base' valign='top'><table border='0'><tr>";

			# Local vars
		 	my $ruledefdisplaycnt = 0;
			my $ruledefcnt = keys %{$snortrules{$rulefile}{"Definition"}};
			$ruledefcnt++;
			$ruledefcnt = $ruledefcnt / 2;

			# Loop over rule file rules
			foreach my $ruledef (sort {$a <=> $b} keys(%{$snortrules{$rulefile}{"Definition"}})) {
				# Local vars
				my $ruledefchecked = '';

				# If have display 2 rules, start new row
				if (($ruledefdisplaycnt % 2) == 0) {
					print "</tr><tr>";
					$ruledefdisplaycnt = 0;
				}

				# Check for rules state
				if ($snortrules{$rulefile}{'Definition'}{$ruledef}{'State'} eq 'Enabled') {
					$ruledefchecked = 'CHECKED';
				}

				# Create rule file rule's checkbox
				$checkboxname = "SNORT_RULE_$rulefile";
				$checkboxname .= "_$ruledef";
				print "<td class='base'><input type='checkbox' NAME='$checkboxname' $ruledefchecked> $snortrules{$rulefile}{'Definition'}{$ruledef}{'Description'}</td>";

				# Increment count
				$ruledefdisplaycnt++;
			}

			# If do not have second rule for row, create empty cell
			if (($ruledefdisplaycnt % 2) != 0) {
				print "<td class='base'></td>";
			}

			# Close display table
			print "</tr></table></td></tr>";
		}

		# Close display table
		print "</table>";

		# Increment ruledisplaycnt
		$ruledisplaycnt++;
	}
print "</td></tr></table></td></tr></table>";
print <<END
<table width='100%'>
<tr>
	<td width='100%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
		&nbsp; <!-- space for future online help link -->
	</td>
</tr>
</table>
</form>
END
;
&Header::closebox();

&Header::closebigbox();
&Header::closepage();

sub refreshpage {
	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );
		print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";
	&Header::closebox();
}

sub downloadrulesfile {
	my $peer;
	my $peerport;

	unlink("/var/tmp/log");

	unless (-e "${General::swroot}/red/active") {
		$errormessage = $Lang::tr{'could not download latest updates'};
		return undef;
	}

	my %proxysettings=();
	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);

	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
		($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
	}

	if ($peer) {
		system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
	} else {
		system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
	}
}

sub readrulesfile ($) {
	my $rulefile = shift;

	# Open rule file and read in contents
	open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!";

	# Store file content in an array.
	my @lines = <RULEFILE>;

	# Close file.
	close(RULEFILE);

	# Loop over rule file contents
	foreach my $line (@lines) {
		# Remove whitespaces.
		chomp $line;

		# Skip blank  lines.
		next if ($line =~ /^\s*$/);

		# Local vars.
		my $sid;
		my $msg;

		# Gather rule sid and message from the ruleline.
		if ($line =~ m/.*msg:\"(.*?)\"\; .* sid:(.*?); /) {
			$msg = $1;
			$sid = $2;

			# Check if a rule has been found.
			if ($sid && $msg) {
				# Add rule to the snortrules hash.
				$snortrules{$rulefile}{$sid}{'Description'} = $msg;

				# Grab status of the rule. Check if ruleline starts with a "dash".
				if ($line =~ /^\#/) {
					# If yes, the rule is disabled.
					$snortrules{$rulefile}{$sid}{'State'} = "Disabled";
				} else {
					# Otherwise the rule is enabled.
					$snortrules{$rulefile}{$sid}{'State'} = "Enabled";
				}
			}
		}
        }
}
Commit	Line	Data
ac1cfefa	1	#!/usr/bin/perl
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
b6f571fa	5	# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
70df8302 MT	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
ac1cfefa MT	22	use strict;
	23
	24	# enable only the following on debugging purpose
90c2e164 CS	25	#use warnings;
90c2e164 CS	26	#use CGI::Carp 'fatalsToBrowser';
73231650	27	use File::Copy;
ac1cfefa	28
986e08d9	29	require '/var/ipfire/general-functions.pl';
ac1cfefa MT	30	require "${General::swroot}/lang.pl";
	31	require "${General::swroot}/header.pl";
	32
f2fdd0c1 CS	33	my %color = ();
	34	my %mainsettings = ();
	35	&General::readhash("${General::swroot}/main/settings", \%mainsettings);
	36	&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
	37
ac1cfefa MT	38	my %snortsettings=();
ac1cfefa MT	39	my %checked=();
5a3e0dca	40	my %selected=();
ac1cfefa MT	41	my %netsettings=();
ac1cfefa MT	42	our $errormessage = '';
ac1cfefa MT	43	our $results = '';
	44	our $tempdir = '';
	45	our $url='';
	46	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
	47
	48	&Header::showhttpheaders();
	49
	50	$snortsettings{'ENABLE_SNORT'} = 'off';
	51	$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
	52	$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
	53	$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
	54	$snortsettings{'ACTION'} = '';
5a3e0dca	55	$snortsettings{'RULES'} = '';
ac1cfefa MT	56	$snortsettings{'OINKCODE'} = '';
ac1cfefa MT	57	$snortsettings{'INSTALLDATE'} = '';
73231650	58	$snortsettings{'FILE'} = '';
ac1cfefa MT	59
	60	&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});
	61
422204ff	62	my $snortrulepath = "/etc/snort/rules";
395e3b90 MT	63	my $restartsnortrequired = 0;
	64	my %snortrules;
	65	my $rule = '';
	66	my $table1colour = '';
	67	my $table2colour = '';
	68	my $var = '';
	69	my $value = '';
	70	my $tmp = '';
	71	my $linkedrulefile = '';
	72	my $border = '';
	73	my $checkboxname = '';
	74
3da6e01b SS	75	## Grab all available snort rules and store them in the snortrules hash.
3da6e01b SS	76	#
422204ff SS	77	# Open snort rules directory and do a directory listing.
	78	opendir(DIR, $snortrulepath) or die $!;
	79	# Loop through the direcory.
	80	while (my $file = readdir(DIR)) {
	81
	82	# We only want files.
	83	next unless (-f "$snortrulepath/$file");
	84
	85	# Ignore empty files.
	86	next if (-z "$snortrulepath/$file");
	87
3da6e01b	88	# Use a regular expression to find files ending in .rules
422204ff SS	89	next unless ($file =~ m/\.rules$/);
422204ff SS	90
3da6e01b SS	91	# Ignore files which are not read-able.
3da6e01b SS	92	next unless (-R "$snortrulepath/$file");
395e3b90	93
3da6e01b SS	94	# Call subfunction to read-in rulefile and add rules to
	95	# the snortrules hash.
	96	&readrulesfile("$file");
395e3b90	97	}
395e3b90	98
3da6e01b	99	closedir(DIR);
395e3b90	100
a9a91e5f MT	101	if ($snortsettings{'OINKCODE'} ne "") {
a9a91e5f MT	102	$errormessage = $Lang::tr{'invalid input for oink code'} unless ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/);
ac1cfefa MT	103	}
ac1cfefa MT	104
a9a91e5f MT	105	if (!$errormessage) {
a9a91e5f MT	106	if ($snortsettings{'RULES'} eq 'subscripted') {
9d79aea2	107	$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
a9a91e5f	108	} elsif ($snortsettings{'RULES'} eq 'registered') {
9d79aea2	109	$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
a9a91e5f MT	110	} elsif ($snortsettings{'RULES'} eq 'community') {
a9a91e5f MT	111	$url=" https://www.snort.org/rules/community";
ac1cfefa	112	} else {
a9a91e5f	113	$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
f9c2147d	114	}
ac1cfefa	115
a9a91e5f MT	116	if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" ) {
	117	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
	118	if ($snortsettings{'ENABLE_SNORT'} eq 'on')
	119	{
	120	system ('/usr/bin/touch', "${General::swroot}/snort/enable");
	121	} else {
	122	unlink "${General::swroot}/snort/enable";
	123	}
	124	if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
	125	{
	126	system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
	127	} else {
	128	unlink "${General::swroot}/snort/enable_green";
	129	}
	130	if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
	131	{
	132	system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
	133	} else {
	134	unlink "${General::swroot}/snort/enable_blue";
	135	}
	136	if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
	137	{
	138	system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
	139	} else {
	140	unlink "${General::swroot}/snort/enable_orange";
	141	}
	142	if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
	143	{
	144	system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
	145	} else {
	146	unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
	147	}
395e3b90	148
a9a91e5f MT	149	system('/usr/local/bin/snortctrl restart >/dev/null');
a9a91e5f MT	150	}
a27c40a0	151
a9a91e5f	152	# INSTALLMD5 is not in the form, so not retrieved by getcgihash
ac1cfefa	153	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
ac1cfefa	154
fbd43017	155	if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
a9a91e5f MT	156	my @df = `/bin/df -B M /var`;
	157	foreach my $line (@df) {
	158	next if $line =~ m/^Filesystem/;
	159	my $return;
	160
	161	if ($line =~ m/dev/ ) {
	162	$line =~ m/^.* (\d+)M.*$/;
	163	my @temp = split(/ +/,$line);
	164	if ($1<300) {
	165	$errormessage = "$Lang::tr{'not enough disk space'} < 300MB, /var $1MB";
	166	} else {
	167	if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
	168	&downloadrulesfile();
	169	sleep(3);
	170	$return = `cat /var/tmp/log 2>/dev/null`;
	171
73231650	172	}
73231650	173
a9a91e5f	174	if ($return =~ "ERROR") {
73231650 CS	175	$errormessage = "<br /><pre>".$return."</pre>";
	176	} else {
	177	system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &");
	178	sleep(2);
32810952	179	}
a9a91e5f	180	}
ac1cfefa	181	}
ac1cfefa MT	182	}
	183	}
	184	}
	185
	186	$checked{'ENABLE_SNORT'}{'off'} = '';
	187	$checked{'ENABLE_SNORT'}{'on'} = '';
	188	$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
	189	$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
	190	$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
	191	$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
	192	$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
	193	$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
	194	$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
	195	$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
	196	$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
	197	$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
5a3e0dca	198	$selected{'RULES'}{'nothing'} = '';
5a3e0dca	199	$selected{'RULES'}{'community'} = '';
a0fa489f	200	$selected{'RULES'}{'emerging'} = '';
5a3e0dca MT	201	$selected{'RULES'}{'registered'} = '';
	202	$selected{'RULES'}{'subscripted'} = '';
	203	$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
ac1cfefa MT	204
	205	&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
	206
2c01f467	207	print "<script type='text/javascript' src='/include/snortupdateutility.js'></script>";
395e3b90	208	print <<END
e6d8a421	209	<style type="text/css">
395e3b90 MT	210	<!--
	211	.section {
	212	border: groove;
	213	}
	214	.row1color {
	215	border: ridge;
f2fdd0c1	216	background-color: $color{'color22'};
395e3b90 MT	217	}
	218	.row2color {
	219	border: ridge;
f2fdd0c1	220	background-color: $color{'color20'};
395e3b90 MT	221	}
	222	.rowselected {
	223	border: double #FF0000;
	224	background-color: #DCDCDC;
	225	}
	226	-->
e6d8a421	227	</style>
395e3b90 MT	228	END
395e3b90 MT	229	;
395e3b90	230
ac1cfefa MT	231	&Header::openbigbox('100%', 'left', '', $errormessage);
ac1cfefa MT	232
90c2e164 CS	233	###############
	234	# DEBUG DEBUG
	235	# &Header::openbox('100%', 'left', 'DEBUG');
	236	# my $debugCount = 0;
	237	# foreach my $line (sort keys %snortsettings) {
	238	# print "$line = $snortsettings{$line}<br />\n";
	239	# $debugCount++;
	240	# }
	241	# print " Count: $debugCount\n";
	242	# &Header::closebox();
	243	# DEBUG DEBUG
	244	###############
	245
ac1cfefa MT	246	if ($errormessage) {
	247	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	248	print "<class name='base'>$errormessage\n";
	249	print " </class>\n";
	250	&Header::closebox();
	251	}
	252
73231650 CS	253	my $return = `pidof oinkmaster.pl -x`;
	254	chomp($return);
	255	if ($return) {
	256	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
	257	print <<END;
	258	<table>
	259	<tr><td>
	260	<img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />
	261	<td>
	262	$Lang::tr{'snort working'}
	263	<tr><td colspan='2' align='center'>
	264	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
f8aa0679	265	<input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
73231650 CS	266	</form>
	267	<tr><td colspan='2' align='left'><pre>
	268	END
	269	my @output = `tail -20 /var/tmp/log`;
	270	foreach (@output) {
	271	print "$_";
	272	}
	273	print <<END;
	274	</pre>
	275	</table>
	276	END
	277	&Header::closebox();
	278	&Header::closebigbox();
	279	&Header::closepage();
	280	exit;
	281	refreshpage();
	282	}
	283
7cc8a0e5	284	&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
ac1cfefa MT	285	print <<END
ac1cfefa MT	286	<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
1b73b07e	287	<tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
ac1cfefa MT	288	END
	289	;
	290	if ($netsettings{'BLUE_DEV'} ne '') {
1b73b07e	291	print "      <input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} /> BLUE Snort";
ac1cfefa MT	292	}
ac1cfefa MT	293	if ($netsettings{'ORANGE_DEV'} ne '') {
1b73b07e	294	print "      <input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} /> ORANGE Snort";
ac1cfefa	295	}
1b73b07e	296	print "      <input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} /> RED Snort";
1b73b07e	297
ac1cfefa	298	print <<END
1b73b07e	299	</td></tr>
ac1cfefa	300	<tr>
7cc8a0e5	301	<td><br><br></td>
ac1cfefa MT	302	</tr>
	303	<tr>
	304	<td><b>$Lang::tr{'ids rules update'}</b></td>
	305	</tr>
	306	<tr>
5a3e0dca MT	307	<td><select name='RULES'>
5a3e0dca MT	308	<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
a0fa489f	309	<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
5a3e0dca MT	310	<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
	311	<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
	312	<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
	313	</select>
	314	</td>
ac1cfefa MT	315	</tr>
	316	<tr>
	317	<td><br />
8d29504c	318	$Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
4935eb8b	319	$Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
ac1cfefa MT	320	</td>
	321	</tr>
	322	<tr>
5a3e0dca	323	<td nowrap='nowrap'>Oinkcode: <input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
ac1cfefa MT	324	</tr>
ac1cfefa MT	325	<tr>
7cc8a0e5	326	<td width='30%' align='left'><br><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
ac1cfefa MT	327	END
ac1cfefa MT	328	;
42d9192e	329	if ( -e "/var/tmp/snortrules.tar.gz"){
0972c650 CS	330	my @Info = stat("/var/tmp/snortrules.tar.gz");
0972c650 CS	331	$snortsettings{'INSTALLDATE'} = localtime($Info[9]);
ac1cfefa	332	}
32810952 CS	333	print " $Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";
32810952 CS	334
ac1cfefa MT	335	print <<END
	336	</tr>
	337	</table>
7cc8a0e5	338	<br><br>
ac1cfefa MT	339	<table width='100%'>
ac1cfefa MT	340	<tr>
7cc8a0e5	341	<td align='right'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
ac1cfefa MT	342	</tr>
	343	</table>
	344	</form>
	345	END
	346	;
	347
	348	if ($results ne '') {
	349	print "$results";
	350	}
	351
	352	&Header::closebox();
fbfdb241	353
f7fcd1c0 SS	354	&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
	355	# Output display table for rule files
	356	print "<table width='100%'><tr><td valign='top'><table>";
ce0e83b3	357
f7fcd1c0	358	print "<form method='post'>";
3ffee04b	359
f7fcd1c0 SS	360	# Local vars
	361	my $ruledisplaycnt = 1;
	362	my $rulecnt = keys %snortrules;
	363	$rulecnt++;
	364	$rulecnt = $rulecnt / 2;
	365
	366	# Loop over each rule file
	367	foreach my $rulefile (sort keys(%snortrules)) {
	368	my $rulechecked = '';
	369
	370	# Hide inkompatible Block rules
	371	if ($rulefile =~'-BLOCK.rules') {
	372	next;
	373	}
	374
	375	# Check if reached half-way through rule file rules to start new column
	376	if ($ruledisplaycnt > $rulecnt) {
	377	print "</table></td><td valign='top'><table>";
	378	$ruledisplaycnt = 0;
	379	}
	380
	381	# Check if rule file is enabled
	382	if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
	383	$rulechecked = 'CHECKED';
	384	}
3ffee04b	385
f7fcd1c0 SS	386	# Create rule file link, vars array, and display flag
	387	my $rulefilelink = "?RULEFILE=$rulefile";
	388	my $rulefiletoclose = '';
	389	my @queryvars = ();
	390	my $displayrulefilerules = 0;
	391
	392	# Check for passed in query string
	393	if ($ENV{'QUERY_STRING'}) {
	394	# Split out vars
	395	@queryvars = split(/\&/, $ENV{'QUERY_STRING'});
	396
	397	# Loop over values
	398	foreach $value (@queryvars) {
	399	# Split out var pairs
	400	($var, $linkedrulefile) = split(/=/, $value);
	401
	402	# Check if var is 'RULEFILE'
	403	if ($var eq 'RULEFILE') {
	404	# Check if rulefile equals linkedrulefile
	405	if ($rulefile eq $linkedrulefile) {
	406	# Set display flag
	407	$displayrulefilerules = 1;
	408
	409	# Strip out rulefile from rulefilelink
	410	$rulefilelink =~ s/RULEFILE=$linkedrulefile//g;
	411	} else {
	412	# Add linked rule file to rulefilelink
	413	$rulefilelink .= "&RULEFILE=$linkedrulefile";
3ffee04b CS	414	}
	415	}
	416	}
f7fcd1c0	417	}
2999f1d2	418
f7fcd1c0 SS	419	# Strip out extra & & ? from rulefilelink
f7fcd1c0 SS	420	$rulefilelink =~ s/^\?\&/\?/i;
3ffee04b	421
f7fcd1c0 SS	422	# Check for a single '?' and replace with page for proper link display
	423	if ($rulefilelink eq '?') {
	424	$rulefilelink = "ids.cgi";
	425	}
3ffee04b	426
f7fcd1c0 SS	427	# Output rule file name and checkbox
	428	print "<tr><td class='base' valign='top'><input type='checkbox' NAME='SNORT_RULE_$rulefile' $rulechecked> <a href='$rulefilelink'>$rulefile</a></td></tr>";
	429	print "<tr><td class='base' valign='top'>";
3ffee04b	430
f7fcd1c0 SS	431	# Check for empty 'Description'
	432	if ($snortrules{$rulefile}{'Description'} eq '') {
	433	print "<table width='100%'><tr><td class='base'>No description available</td></tr>";
	434	} else {
	435	# Output rule file 'Description'
	436	print "<table width='100%'><tr><td class='base'>$snortrules{$rulefile}{'Description'}</td></tr>";
	437	}
3ffee04b	438
f7fcd1c0 SS	439	# Check for display flag
	440	if ($displayrulefilerules) {
	441	# Rule file definition rule display
	442	print "<tr><td class='base' valign='top'><table border='0'><tr>";
3ffee04b	443
f7fcd1c0 SS	444	# Local vars
	445	my $ruledefdisplaycnt = 0;
	446	my $ruledefcnt = keys %{$snortrules{$rulefile}{"Definition"}};
	447	$ruledefcnt++;
	448	$ruledefcnt = $ruledefcnt / 2;
3ffee04b	449
f7fcd1c0 SS	450	# Loop over rule file rules
	451	foreach my $ruledef (sort {$a <=> $b} keys(%{$snortrules{$rulefile}{"Definition"}})) {
	452	# Local vars
	453	my $ruledefchecked = '';
3ffee04b	454
f7fcd1c0 SS	455	# If have display 2 rules, start new row
	456	if (($ruledefdisplaycnt % 2) == 0) {
	457	print "</tr><tr>";
	458	$ruledefdisplaycnt = 0;
3ffee04b	459	}
f9c2147d	460
f7fcd1c0 SS	461	# Check for rules state
	462	if ($snortrules{$rulefile}{'Definition'}{$ruledef}{'State'} eq 'Enabled') {
	463	$ruledefchecked = 'CHECKED';
3ffee04b CS	464	}
3ffee04b CS	465
f7fcd1c0 SS	466	# Create rule file rule's checkbox
	467	$checkboxname = "SNORT_RULE_$rulefile";
	468	$checkboxname .= "_$ruledef";
	469	print "<td class='base'><input type='checkbox' NAME='$checkboxname' $ruledefchecked> $snortrules{$rulefile}{'Definition'}{$ruledef}{'Description'}</td>";
	470
	471	# Increment count
	472	$ruledefdisplaycnt++;
	473	}
	474
	475	# If do not have second rule for row, create empty cell
	476	if (($ruledefdisplaycnt % 2) != 0) {
	477	print "<td class='base'></td>";
	478	}
3ffee04b CS	479
3ffee04b CS	480	# Close display table
f7fcd1c0 SS	481	print "</tr></table></td></tr>";
	482	}
	483
	484	# Close display table
	485	print "</table>";
3ffee04b	486
f7fcd1c0	487	# Increment ruledisplaycnt
2999f1d2	488	$ruledisplaycnt++;
f7fcd1c0 SS	489	}
	490	print "</td></tr></table></td></tr></table>";
	491	print <<END
2999f1d2 CS	492	<table width='100%'>
2999f1d2 CS	493	<tr>
7cc8a0e5	494	<td width='100%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td>
3ffee04b CS	495	<!-- space for future online help link -->
3ffee04b CS	496	</td>
2999f1d2 CS	497	</tr>
	498	</table>
	499	</form>
3ffee04b CS	500	END
3ffee04b CS	501	;
f7fcd1c0	502	&Header::closebox();
395e3b90	503
ac1cfefa MT	504	&Header::closebigbox();
	505	&Header::closepage();
	506
a70d269a SS	507	sub refreshpage {
	508	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );
	509	print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";
	510	&Header::closebox();
	511	}
	512
ac1cfefa	513	sub downloadrulesfile {
73231650 CS	514	my $peer;
73231650 CS	515	my $peerport;
ac1cfefa	516
73231650	517	unlink("/var/tmp/log");
ac1cfefa MT	518
	519	unless (-e "${General::swroot}/red/active") {
	520	$errormessage = $Lang::tr{'could not download latest updates'};
	521	return undef;
	522	}
	523
ac1cfefa MT	524	my %proxysettings=();
	525	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
	526
	527	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
73231650	528	($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]?(?:\:[A-Za-z0-9\_\.\-]?)?\@)?([a-zA-Z0-9\.\_\-]?)(?:\:([0-9]{1,5}))?(?:\/.?)?$/);
ac1cfefa MT	529	}
ac1cfefa MT	530
73231650	531	if ($peer) {
1f606aef	532	system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
73231650	533	} else {
1f606aef	534	system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
ac1cfefa	535	}
ac1cfefa	536	}
3da6e01b SS	537
	538	sub readrulesfile ($) {
	539	my $rulefile = shift;
	540
	541	# Open rule file and read in contents
	542	open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!";
	543
	544	# Store file content in an array.
	545	my @lines = <RULEFILE>;
	546
	547	# Close file.
	548	close(RULEFILE);
	549
	550	# Loop over rule file contents
	551	foreach my $line (@lines) {
	552	# Remove whitespaces.
	553	chomp $line;
	554
	555	# Skip blank lines.
	556	next if ($line =~ /^\s*$/);
	557
	558	# Local vars.
	559	my $sid;
	560	my $msg;
	561
	562	# Gather rule sid and message from the ruleline.
	563	if ($line =~ m/.msg:\"(.?)\"\; .* sid:(.*?); /) {
	564	$msg = $1;
	565	$sid = $2;
	566
	567	# Check if a rule has been found.
	568	if ($sid && $msg) {
	569	# Add rule to the snortrules hash.
	570	$snortrules{$rulefile}{$sid}{'Description'} = $msg;
	571
	572	# Grab status of the rule. Check if ruleline starts with a "dash".
	573	if ($line =~ /^\#/) {
	574	# If yes, the rule is disabled.
	575	$snortrules{$rulefile}{$sid}{'State'} = "Disabled";
	576	} else {
	577	# Otherwise the rule is enabled.
	578	$snortrules{$rulefile}{$sid}{'State'} = "Enabled";
	579	}
	580	}
	581	}
	582	}
	583	}