X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fids.cgi;h=82d79a369b9b0e254535c5961d475731640b8325;hp=151181fdc0087aec0df98309d9c505a06eb857ea;hb=9074e3d74cc931244892d306b38c298ce8dd0f2b;hpb=5709768b0bab2b860911fcad66da8e0aec5c4eaa

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 151181fdc0..82d79a369b 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -210,6 +210,22 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq
 	}
 }
 
+# Check if the page is locked, in this case, the ids_page_lock_file exists.
+if (-e $IDS::ids_page_lock_file) {
+	# Lock the webpage and print notice about autoupgrade of the ruleset
+	# is in progess.
+	&working_notice("$Lang::tr{'ids ruleset autoupdate in progress'}");
+
+	# Loop and check if the file still exists.
+	while(-e $IDS::ids_page_lock_file) {
+		# Sleep for a second and re-check.
+		sleep 1;
+	}
+
+	# Page has been unlocked, perform a reload.
+	&reload();
+}
+
 # Check if any error has been stored.
 if (-e $IDS::storederrorfile) {
         # Open file to read in the stored error message.
@@ -296,18 +312,32 @@ if(-f $IDS::used_rulefiles_file) {
 # Save ruleset configuration.
 if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 	my %oldsettings;
+	my %rulesetsources;
 
 	# Read-in current (old) IDS settings.
 	&General::readhash("$IDS::rules_settings_file", \%oldsettings);
 
+	# Get all available ruleset locations.
+	&General::readhash("$IDS::rulesetsourcesfile", \%rulesetsources);
+
 	# Prevent form name from been stored in conf file.
 	delete $cgiparams{'RULESET'};
 
-	# Check if an oinkcode has been provided.
-	if ($cgiparams{'OINKCODE'}) {
-		# Check if the oinkcode contains unallowed chars.
-		unless ($cgiparams{'OINKCODE'} =~ /^[a-z0-9]+$/) {
-			$errormessage = $Lang::tr{'invalid input for oink code'};
+	# Grab the URL based on the choosen vendor.
+	my $url = $rulesetsources{$cgiparams{'RULES'}};
+
+	# Check if the choosen vendor (URL) requires an subscription/oinkcode.
+	if ($url =~ /\<oinkcode\>/ ) {
+		# Check if an subscription/oinkcode has been provided.
+		if ($cgiparams{'OINKCODE'}) {
+			# Check if the oinkcode contains unallowed chars.
+			unless ($cgiparams{'OINKCODE'} =~ /^[a-z0-9]+$/) {
+				$errormessage = $Lang::tr{'invalid input for oink code'};
+			}
+		} else {
+			# Print an error message, that an subsription/oinkcode is required for this
+			# vendor.
+			$errormessage = $Lang::tr{'ids oinkcode required'};
 		}
 	}
 
@@ -315,45 +345,53 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 	if (!$errormessage) {
 		# Store settings into settings file.
 		&General::writehash("$IDS::rules_settings_file", \%cgiparams);
-	}
 
-	# Check if the the automatic rule update hass been touched.
-	if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldsettings{'AUTOUPDATE_INTERVAL'}) {
-		# Call suricatactrl to set the new interval.
-		&IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'});
-	}
-
-	# Check if a ruleset is present - if not or the source has been changed download it.
-	if((! %idsrules) || ($oldsettings{'RULES'} ne $cgiparams{'RULES'})) {
-		# Check if the red device is active.
-		unless (-e "${General::swroot}/red/active") {
-			$errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
+		# Check if the the automatic rule update hass been touched.
+		if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldsettings{'AUTOUPDATE_INTERVAL'}) {
+			# Call suricatactrl to set the new interval.
+			&IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'});
 		}
 
-		# Check if enought free disk space is availabe.
-		if(&IDS::checkdiskspace()) {
-			$errormessage = "$Lang::tr{'not enough disk space'}";
-		}
+		# Check if a ruleset is present - if not or the source has been changed download it.
+		if((! %idsrules) || ($oldsettings{'RULES'} ne $cgiparams{'RULES'})) {
+			# Check if the red device is active.
+			unless (-e "${General::swroot}/red/active") {
+				$errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
+			}
 
-		# Check if any errors happend.
-		unless ($errormessage) {
-			# Lock the webpage and print notice about downloading
-			# a new ruleset.
-			&working_notice("$Lang::tr{'snort working'}");
+			# Check if enought free disk space is availabe.
+			if(&IDS::checkdiskspace()) {
+				$errormessage = "$Lang::tr{'not enough disk space'}";
+			}
 
-			# Call subfunction to download the ruleset.
-			if(&IDS::downloadruleset()) {
-				$errormessage = $Lang::tr{'could not download latest updates'};
+			# Check if any errors happend.
+			unless ($errormessage) {
+				# Lock the webpage and print notice about downloading
+				# a new ruleset.
+				&working_notice("$Lang::tr{'snort working'}");
 
-				# Call function to store the errormessage.
-				&IDS::_store_error_message($errormessage);
-			} else {
-				# Call subfunction to launch oinkmaster.
-				&IDS::oinkmaster();
-			}
+				# Call subfunction to download the ruleset.
+				if(&IDS::downloadruleset()) {
+					$errormessage = $Lang::tr{'could not download latest updates'};
 
-			# Perform a reload of the page.
-			&reload();
+					# Call function to store the errormessage.
+					&IDS::_store_error_message($errormessage);
+				} else {
+					# Call subfunction to launch oinkmaster.
+					&IDS::oinkmaster();
+				}
+
+				# Check if the IDS is running.
+				if(&IDS::ids_is_running()) {
+					# Call suricatactrl to stop the IDS - because of the changed
+					# ruleset - the use has to configure it before suricata can be
+					# used again.
+					&IDS::call_suricatactrl("stop");
+				}
+
+				# Perform a reload of the page.
+				&reload();
+			}
 		}
 	}
 
@@ -767,11 +805,11 @@ if (%idsrules) {
 		<table width='100%' border='0'>
 			<tr>
 				<td class='base' colspan='2'>
-					<input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}>$Lang::tr{'ids activate'} $Lang::tr{'intrusion detection system'}
+					<input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}>&nbsp;$Lang::tr{'ids enable'}
 				</td>
 
 				<td class='base' colspan='2'>
-					<input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}>$Lang::tr{'ids monitor traffic only'}
+					<input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}>&nbsp;$Lang::tr{'ids monitor traffic only'}
 			</td>
 			</tr>
 
@@ -813,7 +851,7 @@ END
 
 		print "<td class='base' width='25%'>\n";
 		print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n";
-		print "&nbsp$Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n";
+		print "&nbsp;$Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n";
 		print "</td>\n";
 	}
 
@@ -880,8 +918,8 @@ print <<END
 			<td align='right'>
 END
 ;
-			# Check if a ruleset has been downloaded yet.
-			if (%idsrules) {
+			# Show the "Update Ruleset"-Button only if a ruleset has been downloaded yet and automatic updates are disabled.
+			if ((%idsrules) && ($rulessettings{'AUTOUPDATE_INTERVAL'} eq "off")) {
 				# Display button to update the ruleset.
 				print"<input type='submit' name='RULESET' value='$Lang::tr{'update ruleset'}'>\n";
 		}