X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fids.cgi;h=313714486553d5debd53ec67477eb91912370009;hp=1086ae9686e3bcd786246d7944c25b84086540a5;hb=5fbd7b29829caf0bcadcccd6f56ead51e2fb812e;hpb=34a3843865bfcb6c88cb10773570b96cd61363d6

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 1086ae9686..3137144865 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -210,6 +210,22 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq
 	}
 }
 
+# Check if the page is locked, in this case, the ids_page_lock_file exists.
+if (-e $IDS::ids_page_lock_file) {
+	# Lock the webpage and print notice about autoupgrade of the ruleset
+	# is in progess.
+	&working_notice("$Lang::tr{'ids ruleset autoupdate in progress'}");
+
+	# Loop and check if the file still exists.
+	while(-e $IDS::ids_page_lock_file) {
+		# Sleep for a second and re-check.
+		sleep 1;
+	}
+
+	# Page has been unlocked, perform a reload.
+	&reload();
+}
+
 # Check if any error has been stored.
 if (-e $IDS::storederrorfile) {
         # Open file to read in the stored error message.
@@ -225,9 +241,9 @@ if (-e $IDS::storederrorfile) {
         unlink($IDS::storederrorfile);
 }
 
-## Grab all available snort rules and store them in the idsrules hash.
+## Grab all available rules and store them in the idsrules hash.
 #
-# Open snort rules directory and do a directory listing.
+# Open rules directory and do a directory listing.
 opendir(DIR, $IDS::rulespath) or die $!;
 	# Loop through the direcory.
 	while (my $file = readdir(DIR)) {
@@ -296,18 +312,32 @@ if(-f $IDS::used_rulefiles_file) {
 # Save ruleset configuration.
 if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 	my %oldsettings;
+	my %rulesetsources;
 
 	# Read-in current (old) IDS settings.
 	&General::readhash("$IDS::rules_settings_file", \%oldsettings);
 
+	# Get all available ruleset locations.
+	&General::readhash("$IDS::rulesetsourcesfile", \%rulesetsources);
+
 	# Prevent form name from been stored in conf file.
 	delete $cgiparams{'RULESET'};
 
-	# Check if an oinkcode has been provided.
-	if ($cgiparams{'OINKCODE'}) {
-		# Check if the oinkcode contains unallowed chars.
-		unless ($cgiparams{'OINKCODE'} =~ /^[a-z0-9]+$/) {
-			$errormessage = $Lang::tr{'invalid input for oink code'};
+	# Grab the URL based on the choosen vendor.
+	my $url = $rulesetsources{$cgiparams{'RULES'}};
+
+	# Check if the choosen vendor (URL) requires an subscription/oinkcode.
+	if ($url =~ /\<oinkcode\>/ ) {
+		# Check if an subscription/oinkcode has been provided.
+		if ($cgiparams{'OINKCODE'}) {
+			# Check if the oinkcode contains unallowed chars.
+			unless ($cgiparams{'OINKCODE'} =~ /^[a-z0-9]+$/) {
+				$errormessage = $Lang::tr{'invalid input for oink code'};
+			}
+		} else {
+			# Print an error message, that an subsription/oinkcode is required for this
+			# vendor.
+			$errormessage = $Lang::tr{'ids oinkcode required'};
 		}
 	}
 
@@ -315,16 +345,58 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 	if (!$errormessage) {
 		# Store settings into settings file.
 		&General::writehash("$IDS::rules_settings_file", \%cgiparams);
-	}
 
-	# Check if the the automatic rule update hass been touched.
-	if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldsettings{'AUTOUPDATE_INTERVAL'}) {
-		# Call suricatactrl to set the new interval.
-		&IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'});
+		# Check if the the automatic rule update hass been touched.
+		if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldsettings{'AUTOUPDATE_INTERVAL'}) {
+			# Call suricatactrl to set the new interval.
+			&IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'});
+		}
+
+		# Check if a ruleset is present - if not or the source has been changed download it.
+		if((! %idsrules) || ($oldsettings{'RULES'} ne $cgiparams{'RULES'})) {
+			# Check if the red device is active.
+			unless (-e "${General::swroot}/red/active") {
+				$errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
+			}
+
+			# Check if enought free disk space is availabe.
+			if(&IDS::checkdiskspace()) {
+				$errormessage = "$Lang::tr{'not enough disk space'}";
+			}
+
+			# Check if any errors happend.
+			unless ($errormessage) {
+				# Lock the webpage and print notice about downloading
+				# a new ruleset.
+				&working_notice("$Lang::tr{'ids working'}");
+
+				# Call subfunction to download the ruleset.
+				if(&IDS::downloadruleset()) {
+					$errormessage = $Lang::tr{'could not download latest updates'};
+
+					# Call function to store the errormessage.
+					&IDS::_store_error_message($errormessage);
+				} else {
+					# Call subfunction to launch oinkmaster.
+					&IDS::oinkmaster();
+				}
+
+				# Check if the IDS is running.
+				if(&IDS::ids_is_running()) {
+					# Call suricatactrl to stop the IDS - because of the changed
+					# ruleset - the use has to configure it before suricata can be
+					# used again.
+					&IDS::call_suricatactrl("stop");
+				}
+
+				# Perform a reload of the page.
+				&reload();
+			}
+		}
 	}
 
 # Save ruleset.
-} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
+} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) {
 	# Arrays to store which rulefiles have been enabled and will be used.
 	my @enabled_rulefiles;
 
@@ -425,7 +497,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 	&IDS::write_used_rulefiles_file(@enabled_rulefiles);
 
 	# Lock the webpage and print message.
-	&working_notice("$Lang::tr{'snort working'}");
+	&working_notice("$Lang::tr{'ids apply ruleset changes'}");
 
 	# Call oinkmaster to alter the ruleset.
 	&IDS::oinkmaster();
@@ -440,10 +512,10 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 	&reload();
 
 # Download new ruleset.
-} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'download new ruleset'}) {
+} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'update ruleset'}) {
 	# Check if the red device is active.
 	unless (-e "${General::swroot}/red/active") {
-		$errormessage = $Lang::tr{'could not download latest updates'};
+		$errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
 	}
 
 	# Check if enought free disk space is availabe.
@@ -455,7 +527,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 	unless ($errormessage) {
 		# Lock the webpage and print notice about downloading
 		# a new ruleset.
-		&working_notice("$Lang::tr{'snort working'}");
+		&working_notice("$Lang::tr{'ids download new ruleset'}");
 
 		# Call subfunction to download the ruleset.
 		if(&IDS::downloadruleset()) {
@@ -480,7 +552,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 			&reload();
 		}
 	}
-# Save snort settings.
+# Save IDS settings.
 } elsif ($cgiparams{'IDS'} eq $Lang::tr{'save'}) {
 	my %oldidssettings;
 	my $reload_page;
@@ -545,7 +617,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 		# Check if a ruleset exists.
 		if (%idsrules) {
 			# Lock the webpage and print message.
-			&working_notice("$Lang::tr{'snort working'}");
+			&working_notice("$Lang::tr{'ids working'}");
 
 			# Call oinkmaster to alter the ruleset.
 			&IDS::oinkmaster();
@@ -610,8 +682,13 @@ $selected{'AUTOUPDATE_INTERVAL'}{$rulessettings{'AUTOUPDATE_INTERVAL'}} = "selec
 &Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
 
 ### Java Script ###
+print"<script>\n";
+
+# Java script variable declaration for show and hide.
+print"var show = \"$Lang::tr{'ids show'}\"\;\n";
+print"var hide = \"$Lang::tr{'ids hide'}\"\;\n";
+
 print <<END
-<script>
 	// JQuery function to show/hide the text input field for
 	// Oinkcode/Subscription code.
 	\$(function() {
@@ -632,6 +709,15 @@ print <<END
 	// of a given category.
 	function showhide(tblname) {
 		\$("#" + tblname).toggle();
+
+		// Get current content of the span element.
+		var content = document.getElementById("span_" + tblname);
+
+		if (content.innerHTML === show) {
+			content.innerHTML = hide;
+		} else {
+			content.innerHTML = show;
+		}
 	}
 </script>
 END
@@ -697,90 +783,84 @@ END
 END
 }
 
-my $rulesdate;
-
-# Check if a ruleset allready has been downloaded.
-if ( -f "$IDS::rulestarball"){
-        # Call stat on the filename to obtain detailed information.
-        my @Info = stat("$IDS::rulestarball");
-
-        # Grab details about the creation time.
-        $rulesdate = localtime($Info[9]);
-}
+# Only show this area, if a ruleset is present.
+if (%idsrules) {
 
-print <<END
+	print <<END
 
-<br><br><h2>$Lang::tr{'settings'}</h2>
+	<br><br><h2>$Lang::tr{'settings'}</h2>
 
-<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-	<table width='100%' border='0'>
-		<tr>
-			<td class='base' colspan='2'>
-				<input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}>$Lang::tr{'ids activate'} $Lang::tr{'intrusion detection system'}
-			</td>
+	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+		<table width='100%' border='0'>
+			<tr>
+				<td class='base' colspan='2'>
+					<input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}>&nbsp;$Lang::tr{'ids enable'}
+				</td>
 
-			<td class='base' colspan='2'>
-				<input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}>$Lang::tr{'ids monitor traffic only'}
+				<td class='base' colspan='2'>
+					<input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}>&nbsp;$Lang::tr{'ids monitor traffic only'}
 			</td>
-		</tr>
+			</tr>
 
-		<tr>
-			<td><br><br></td>
-			<td><br><br></td>
-			<td><br><br></td>
-			<td><br><br></td>
-		</tr>
+			<tr>
+				<td><br><br></td>
+				<td><br><br></td>
+				<td><br><br></td>
+				<td><br><br></td>
+			</tr>
 
-		<tr>
-			<td colspan='4'><b>$Lang::tr{'ids monitored interfaces'}</b><br></td>
-		</tr>
+			<tr>
+				<td colspan='4'><b>$Lang::tr{'ids monitored interfaces'}</b><br></td>
+			</tr>
 
-		<tr>
+			<tr>
 END
 ;
 
-# Loop through the array of available networks and print config options.
-foreach my $zone (@network_zones) {
-	my $checked_input;
-	my $checked_forward;
+	# Loop through the array of available networks and print config options.
+	foreach my $zone (@network_zones) {
+		my $checked_input;
+		my $checked_forward;
 
-	# Convert current zone name to upper case.
-	my $zone_upper = uc($zone);
+		# Convert current zone name to upper case.
+		my $zone_upper = uc($zone);
 
-	# Set zone name.
-	my $zone_name = $zone;
+		# Set zone name.
+		my $zone_name = $zone;
 
-	# Dirty hack to get the correct language string for the red zone.
-	if ($zone eq "red") {
-		$zone_name = "red1";
-	}
+		# Dirty hack to get the correct language string for the red zone.
+		if ($zone eq "red") {
+			$zone_name = "red1";
+		}
 
-	# Grab checkbox status from settings hash.
-	if ($idssettings{"ENABLE_IDS_$zone_upper"} eq "on") {
-		$checked_input = "checked = 'checked'";
-	}
+		# Grab checkbox status from settings hash.
+		if ($idssettings{"ENABLE_IDS_$zone_upper"} eq "on") {
+			$checked_input = "checked = 'checked'";
+		}
 
-	print "<td class='base' width='25%'>\n";
-	print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n";
-	print "&nbsp$Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n";
-	print "</td>\n";
-}
+		print "<td class='base' width='25%'>\n";
+		print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n";
+		print "&nbsp;$Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n";
+		print "</td>\n";
+	}
 
 print <<END
-		</tr>
-        </table>
+			</tr>
+		</table>
 
-        <br><br>
+		<br><br>
 
-        <table width='100%'>
-                <tr>
-                        <td align='right'><input type='submit' name='IDS' value='$Lang::tr{'save'}' /></td>
-                </tr>
-        </table>
-</form>
+		<table width='100%'>
+			<tr>
+				<td align='right'><input type='submit' name='IDS' value='$Lang::tr{'save'}' /></td>
+			</tr>
+		</table>
+	</form>
 END
 ;
 
+}
+
 &Header::closebox();
 
 # Draw elements for ruleset configuration.
@@ -806,9 +886,9 @@ print <<END
 
 			<td>
 				<select name='AUTOUPDATE_INTERVAL'>
-					<option value='off' $selected{'AUTOUPDATE_INTERVAL'}{'off'} >$Lang::tr{'no'}</option>
-					<option value='daily' $selected{'AUTOUPDATE_INTERVAL'}{'daily'} >$Lang::tr{'urlfilter daily'}</option>
-					<option value='weekly' $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} >$Lang::tr{'urlfilter weekly'}</option>
+					<option value='off' $selected{'AUTOUPDATE_INTERVAL'}{'off'} >- $Lang::tr{'Disabled'} -</option>
+					<option value='daily' $selected{'AUTOUPDATE_INTERVAL'}{'daily'} >$Lang::tr{'Daily'}</option>
+					<option value='weekly' $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} >$Lang::tr{'Weekly'}</option>
 				</select>
 			</td>
 		</tr>
@@ -827,8 +907,8 @@ print <<END
 			<td align='right'>
 END
 ;
-			# Check if a ruleset has been downloaded yet.
-			if (%idsrules) {
+			# Show the "Update Ruleset"-Button only if a ruleset has been downloaded yet and automatic updates are disabled.
+			if ((%idsrules) && ($rulessettings{'AUTOUPDATE_INTERVAL'} eq "off")) {
 				# Display button to update the ruleset.
 				print"<input type='submit' name='RULESET' value='$Lang::tr{'update ruleset'}'>\n";
 		}
@@ -978,7 +1058,20 @@ END
 
 # Only show the section for configuring the ruleset if one is present.
 if (%idsrules) {
-	&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
+	# Load neccessary perl modules for file stat and to format the timestamp.
+	use File::stat;
+	use POSIX qw( strftime );
+
+	# Call stat on the rulestarball.
+	my $stat = stat("$IDS::rulestarball");
+
+	# Get timestamp the file creation.
+	my $mtime = $stat->mtime;
+
+	# Convert into human read-able format.
+	my $rulesdate = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime));
+
+	&Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'} ($rulesdate)" );
 
 		print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
 
@@ -1004,7 +1097,7 @@ if (%idsrules) {
 			print"</td>\n";
 			print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
 			print"<td class='base' width='5%' align='right'>\n";
-			print"<a href=\"javascript:showhide('$categoryname')\">SHOW</a>\n";
+			print"<a href=\"javascript:showhide('$categoryname')\"><span id='span_$categoryname'>$Lang::tr{'ids show'}</span></a>\n";
 			print"</td>\n";
 			print"</tr>\n";
 
@@ -1073,9 +1166,7 @@ if (%idsrules) {
 print <<END
 <table width='100%'>
 <tr>
-	<td width='100%' align='right'><input type='submit' name='RULESET' value='$Lang::tr{'update'}'>
-		&nbsp; <!-- space for future online help link -->
-	</td>
+	<td width='100%' align='right'><input type='submit' name='RULESET' value='$Lang::tr{'ids apply'}'></td>
 </tr>
 </table>
 </form>