]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/ids.cgi
projects / ipfire-2.x.git / blob
? search:


86a469cb2b54cea26b7bc20f4b4670183a83ab27
[ipfire-2.x.git] / html / cgi-bin / ids.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23
24 # enable only the following on debugging purpose
25 #use warnings;
26 #use CGI::Carp 'fatalsToBrowser';
27 use File::Copy;
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/lang.pl";
31 require "${General::swroot}/header.pl";
32
33 my %color = ();
34 my %mainsettings = ();
35 my %netsettings = ();
36 my %snortsettings=();
37 my %cgiparams=();
38 my %checked=();
39 my %selected=();
40
41 # Read-in main settings, for language, theme and colors.
42 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
43 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
44
45 # Get netsettings.
46 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
47
48 &Header::showhttpheaders();
49
50 # Default settings for snort.
51 $snortsettings{'ENABLE_SNORT'} = 'off';
52 $snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
53 $snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
54 $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
55 $snortsettings{'ACTION'} = '';
56 $snortsettings{'RULES'} = '';
57 $snortsettings{'OINKCODE'} = '';
58 $snortsettings{'INSTALLDATE'} = '';
59
60 #Get GUI values
61 &Header::getcgihash(\%cgiparams);
62
63 my $snortrulepath = "/etc/snort/rules";
64 my $restartsnortrequired = 0;
65 my %snortrules;
66 my $errormessage;
67 my $url;
68
69 ## Grab all available snort rules and store them in the snortrules hash.
70 #
71 # Open snort rules directory and do a directory listing.
72 opendir(DIR, $snortrulepath) or die $!;
73 # Loop through the direcory.
74 while (my $file = readdir(DIR)) {
75
76 # We only want files.
77 next unless (-f "$snortrulepath/$file");
78
79 # Ignore empty files.
80 next if (-z "$snortrulepath/$file");
81
82 # Use a regular expression to find files ending in .rules
83 next unless ($file =~ m/\.rules$/);
84
85 # Ignore files which are not read-able.
86 next unless (-R "$snortrulepath/$file");
87
88 # Call subfunction to read-in rulefile and add rules to
89 # the snortrules hash.
90 &readrulesfile("$file");
91 }
92
93 closedir(DIR);
94
95 # Save ruleset.
96 if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
97 my $enabled_sids_file = "${General::swroot}/snort/oinkmaster-enabled-sids.conf";
98 my $disabled_sids_file = "${General::swroot}/snort/oinkmaster-disabled-sids.conf";
99
100 # Arrays to store sid which should be added to the corresponding files.
101 my @enabled_sids;
102 my @disabled_sids;
103
104 # Loop through the hash of snortrules.
105 foreach my $rulefile(keys %snortrules) {
106 # Loop through the single rules of the rulefile.
107 foreach my $sid (keys %{$snortrules{$rulefile}}) {
108 # Check if there exists a key in the cgiparams hash for this sid.
109 if (exists($cgiparams{$sid})) {
110 # Look if the rule is disabled.
111 if ($snortrules{$rulefile}{$sid}{'State'} eq "off") {
112 # Check if the state has been set to 'on'.
113 if ($cgiparams{$sid} eq "on") {
114 # Add the sid to the enabled_sids array.
115 push(@enabled_sids, $sid);
116
117 # Drop item from cgiparams hash.
118 delete $cgiparams{$sid};
119 }
120 }
121 } else {
122 # Look if the rule is enabled.
123 if ($snortrules{$rulefile}{$sid}{'State'} eq "on") {
124 # Check if the state is 'on' and should be disabled.
125 # In this case there is no entry
126 # for the sid in the cgiparams hash.
127 # Add it to the disabled_sids array.
128 push(@disabled_sids, $sid);
129
130 # Drop item from cgiparams hash.
131 delete $cgiparams{$sid};
132 }
133 }
134 }
135 }
136
137 # Check if the enabled_sids array contains any sid's.
138 if (@enabled_sids) {
139 # Open enabled sid's file for writing.
140 open(FILE, ">$enabled_sids_file") or die "Could not write to $enabled_sids_file. $!\n";
141
142 # Write header to file.
143 print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
144
145 # Loop through the array of enabled sids and write them to the file.
146 foreach my $sid (@enabled_sids) {
147 print FILE "enable_sid $sid\n";
148 }
149
150 # Close file after writing.
151 close(FILE);
152 }
153
154 # Check if the enabled_sids array contains any sid's.
155 if (@disabled_sids) {
156 # Open disabled sid's file for writing.
157 open(FILE, ">$disabled_sids_file") or die "Could not write to $disabled_sids_file. $!\n";
158
159 # Write header to file.
160 print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
161
162 # Loop through the array of disabled sids and write them to the file.
163 foreach my $sid (@disabled_sids) {
164 print FILE "disable_sid $sid\n";
165 }
166
167 # Close file after writing.
168 close(FILE);
169 }
170 }
171
172 if ($snortsettings{'OINKCODE'} ne "") {
173 $errormessage = $Lang::tr{'invalid input for oink code'} unless ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/);
174 }
175
176 if (!$errormessage) {
177 if ($snortsettings{'RULES'} eq 'subscripted') {
178 $url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
179 } elsif ($snortsettings{'RULES'} eq 'registered') {
180 $url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
181 } elsif ($snortsettings{'RULES'} eq 'community') {
182 $url=" https://www.snort.org/rules/community";
183 } else {
184 $url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
185 }
186
187 if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" ) {
188 &General::writehash("${General::swroot}/snort/settings", \%snortsettings);
189 if ($snortsettings{'ENABLE_SNORT'} eq 'on')
190 {
191 system ('/usr/bin/touch', "${General::swroot}/snort/enable");
192 } else {
193 unlink "${General::swroot}/snort/enable";
194 }
195 if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
196 {
197 system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
198 } else {
199 unlink "${General::swroot}/snort/enable_green";
200 }
201 if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
202 {
203 system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
204 } else {
205 unlink "${General::swroot}/snort/enable_blue";
206 }
207 if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
208 {
209 system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
210 } else {
211 unlink "${General::swroot}/snort/enable_orange";
212 }
213 if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
214 {
215 system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
216 } else {
217 unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
218 }
219
220 system('/usr/local/bin/snortctrl restart >/dev/null');
221 }
222
223 # INSTALLMD5 is not in the form, so not retrieved by getcgihash
224 &General::readhash("${General::swroot}/snort/settings", \%snortsettings);
225
226 if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
227 my @df = `/bin/df -B M /var`;
228 foreach my $line (@df) {
229 next if $line =~ m/^Filesystem/;
230 my $return;
231
232 if ($line =~ m/dev/ ) {
233 $line =~ m/^.* (\d+)M.*$/;
234 my @temp = split(/ +/,$line);
235 if ($1<300) {
236 $errormessage = "$Lang::tr{'not enough disk space'} < 300MB, /var $1MB";
237 } else {
238 if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
239 &downloadrulesfile();
240 sleep(3);
241 $return = `cat /var/tmp/log 2>/dev/null`;
242
243 }
244
245 if ($return =~ "ERROR") {
246 $errormessage = "<br /><pre>".$return."</pre>";
247 } else {
248 system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &");
249 sleep(2);
250 }
251 }
252 }
253 }
254 }
255 }
256
257 $checked{'ENABLE_SNORT'}{'off'} = '';
258 $checked{'ENABLE_SNORT'}{'on'} = '';
259 $checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
260 $checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
261 $checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
262 $checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
263 $checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
264 $checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
265 $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
266 $checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
267 $checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
268 $checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
269 $selected{'RULES'}{'nothing'} = '';
270 $selected{'RULES'}{'community'} = '';
271 $selected{'RULES'}{'emerging'} = '';
272 $selected{'RULES'}{'registered'} = '';
273 $selected{'RULES'}{'subscripted'} = '';
274 $selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
275
276 &Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
277
278 ### Java Script ###
279 print <<END
280 <script>
281 // Tiny java script function to show/hide the rules
282 // of a given category.
283 function showhide(tblname) {
284 \$("#" + tblname).toggle();
285 }
286 </script>
287 END
288 ;
289
290 &Header::openbigbox('100%', 'left', '', $errormessage);
291
292 ###############
293 # DEBUG DEBUG
294 # &Header::openbox('100%', 'left', 'DEBUG');
295 # my $debugCount = 0;
296 # foreach my $line (sort keys %snortsettings) {
297 # print "$line = $snortsettings{$line}<br />\n";
298 # $debugCount++;
299 # }
300 # print "&nbsp;Count: $debugCount\n";
301 # &Header::closebox();
302 # DEBUG DEBUG
303 ###############
304
305 if ($errormessage) {
306 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
307 print "<class name='base'>$errormessage\n";
308 print "&nbsp;</class>\n";
309 &Header::closebox();
310 }
311
312 my $return = `pidof oinkmaster.pl -x`;
313 chomp($return);
314 if ($return) {
315 &Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
316 print <<END;
317 <table>
318 <tr><td>
319 <img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />&nbsp;
320 <td>
321 $Lang::tr{'snort working'}
322 <tr><td colspan='2' align='center'>
323 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
324 <input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
325 </form>
326 <tr><td colspan='2' align='left'><pre>
327 END
328 my @output = `tail -20 /var/tmp/log`;
329 foreach (@output) {
330 print "$_";
331 }
332 print <<END;
333 </pre>
334 </table>
335 END
336 &Header::closebox();
337 &Header::closebigbox();
338 &Header::closepage();
339 exit;
340 refreshpage();
341 }
342
343 &Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
344 print <<END
345 <form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
346 <tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
347 END
348 ;
349 if ($netsettings{'BLUE_DEV'} ne '') {
350 print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} /> BLUE Snort";
351 }
352 if ($netsettings{'ORANGE_DEV'} ne '') {
353 print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} /> ORANGE Snort";
354 }
355 print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} /> RED Snort";
356
357 print <<END
358 </td></tr>
359 <tr>
360 <td><br><br></td>
361 </tr>
362 <tr>
363 <td><b>$Lang::tr{'ids rules update'}</b></td>
364 </tr>
365 <tr>
366 <td><select name='RULES'>
367 <option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
368 <option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
369 <option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
370 <option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
371 <option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
372 </select>
373 </td>
374 </tr>
375 <tr>
376 <td><br />
377 $Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
378 $Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
379 </td>
380 </tr>
381 <tr>
382 <td nowrap='nowrap'>Oinkcode:&nbsp;<input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
383 </tr>
384 <tr>
385 <td width='30%' align='left'><br><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
386 END
387 ;
388 if ( -e "/var/tmp/snortrules.tar.gz"){
389 my @Info = stat("/var/tmp/snortrules.tar.gz");
390 $snortsettings{'INSTALLDATE'} = localtime($Info[9]);
391 }
392 print "&nbsp;$Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";
393
394 print <<END
395 </tr>
396 </table>
397 <br><br>
398 <table width='100%'>
399 <tr>
400 <td align='right'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
401 </tr>
402 </table>
403 </form>
404 END
405 ;
406
407 &Header::closebox();
408
409 &Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
410 print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
411
412 # Output display table for rule files
413 print "<table width='100%'>\n";
414
415 # Local variable required for java script to show/hide
416 # rules of a rulefile.
417 my $rulesetcount = 1;
418
419 # Loop over each rule file
420 foreach my $rulefile (sort keys(%snortrules)) {
421 my $rulechecked = '';
422
423 # Check if rule file is enabled
424 if ($snortrules{$rulefile}{"State"} eq 'On') {
425 $rulechecked = 'CHECKED';
426 }
427
428 # Table and rows for the rule files.
429 print"<tr>\n";
430 print"<td class='base' width='5%'>\n";
431 print"<input type='checkbox' name='SNORT_RULE_$rulefile' $rulechecked>\n";
432 print"</td>\n";
433 print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
434 print"<td class='base' width='5%' align='right'>\n";
435 print"<a href=\"javascript:showhide('ruleset$rulesetcount')\">SHOW</a>\n";
436 print"</td>\n";
437 print"</tr>\n";
438
439 # Rows which will be hidden per default and will contain the single rules.
440 print"<tr style='display:none' id='ruleset$rulesetcount'>\n";
441 print"<td colspan='3'>\n";
442
443 # Local vars
444 my $lines;
445 my $rows;
446 my $col;
447
448 # New table for the single rules.
449 print "<table width='100%'>\n";
450
451 # Loop over rule file rules
452 foreach my $sid (sort {$a <=> $b} keys(%{$snortrules{$rulefile}})) {
453 # Local vars
454 my $ruledefchecked = '';
455
456 # If 2 rules have been displayed, start a new row
457 if (($lines % 2) == 0) {
458 print "</tr><tr>\n";
459
460 # Increase rows by once.
461 $rows++;
462 }
463
464 # Colour lines.
465 if ($rows % 2) {
466 $col="bgcolor='$color{'color20'}'";
467 } else {
468 $col="bgcolor='$color{'color22'}'";
469 }
470
471 # Set rule state
472 if ($snortrules{$rulefile}{$sid}{'State'} eq 'on') {
473 $ruledefchecked = 'CHECKED';
474 }
475
476 # Create rule checkbox and display rule description
477 print "<td class='base' width='5%' align='right' $col>\n";
478 print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
479 print "</td>\n";
480 print "<td class='base' width='45%' $col>$snortrules{$rulefile}{$sid}{'Description'}</td>";
481
482 # Increment rule count
483 $lines++;
484 }
485
486 # If do not have a second rule for row, create empty cell
487 if (($lines % 2) != 0) {
488 print "<td class='base'></td>";
489 }
490
491 # Close display table
492 print "</tr></table></td></tr>";
493
494 # Finished whith the rule file, increase count.
495 $rulesetcount++;
496 }
497
498 # Close display table
499 print "</table>";
500
501 print <<END
502 <table width='100%'>
503 <tr>
504 <td width='100%' align='right'><input type='submit' name='RULESET' value='$Lang::tr{'update'}'>
505 &nbsp; <!-- space for future online help link -->
506 </td>
507 </tr>
508 </table>
509 </form>
510 END
511 ;
512 &Header::closebox();
513
514 &Header::closebigbox();
515 &Header::closepage();
516
517 sub refreshpage {
518 &Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );
519 print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";
520 &Header::closebox();
521 }
522
523 sub downloadrulesfile {
524 my $peer;
525 my $peerport;
526
527 unlink("/var/tmp/log");
528
529 unless (-e "${General::swroot}/red/active") {
530 $errormessage = $Lang::tr{'could not download latest updates'};
531 return undef;
532 }
533
534 my %proxysettings=();
535 &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
536
537 if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
538 ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
539 }
540
541 if ($peer) {
542 system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
543 } else {
544 system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
545 }
546 }
547
548 sub readrulesfile ($) {
549 my $rulefile = shift;
550
551 # Open rule file and read in contents
552 open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!";
553
554 # Store file content in an array.
555 my @lines = <RULEFILE>;
556
557 # Close file.
558 close(RULEFILE);
559
560 # Loop over rule file contents
561 foreach my $line (@lines) {
562 # Remove whitespaces.
563 chomp $line;
564
565 # Skip blank lines.
566 next if ($line =~ /^\s*$/);
567
568 # Local vars.
569 my $sid;
570 my $msg;
571
572 # Gather rule sid and message from the ruleline.
573 if ($line =~ m/.*msg:\"(.*?)\"\; .* sid:(.*?); /) {
574 $msg = $1;
575 $sid = $2;
576
577 # Check if a rule has been found.
578 if ($sid && $msg) {
579 # Add rule to the snortrules hash.
580 $snortrules{$rulefile}{$sid}{'Description'} = $msg;
581
582 # Grab status of the rule. Check if ruleline starts with a "dash".
583 if ($line =~ /^\#/) {
584 # If yes, the rule is disabled.
585 $snortrules{$rulefile}{$sid}{'State'} = "off";
586 } else {
587 # Otherwise the rule is enabled.
588 $snortrules{$rulefile}{$sid}{'State'} = "on";
589 }
590 }
591 }
592 }
593 }
IPFire 2.x development tree