&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
my %snortsettings=();
+my %cgiparams=();
my %checked=();
my %selected=();
my %netsettings=();
$snortsettings{'INSTALLDATE'} = '';
$snortsettings{'FILE'} = '';
-&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});
+#Get GUI values
+&Header::getcgihash(\%cgiparams);
my $snortrulepath = "/etc/snort/rules";
my $restartsnortrequired = 0;
closedir(DIR);
+# Save ruleset.
+if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
+ my $enabled_sids_file = "${General::swroot}/snort/oinkmaster-enabled-sids.conf";
+ my $disabled_sids_file = "${General::swroot}/snort/oinkmaster-disabled-sids.conf";
+
+ # Arrays to store sid which should be added to the corresponding files.
+ my @enabled_sids;
+ my @disabled_sids;
+
+ # Loop through the hash of snortrules.
+ foreach my $rulefile(keys %snortrules) {
+ # Loop through the single rules of the rulefile.
+ foreach my $sid (keys %{$snortrules{$rulefile}}) {
+ # Check if there exists a key in the cgiparams hash for this sid.
+ if (exists($cgiparams{$sid})) {
+ # Look if the rule is disabled.
+ if ($snortrules{$rulefile}{$sid}{'State'} eq "off") {
+ # Check if the state has been set to 'on'.
+ if ($cgiparams{$sid} eq "on") {
+ # Add the sid to the enabled_sids array.
+ push(@enabled_sids, $sid);
+
+ # Drop item from cgiparams hash.
+ delete $cgiparams{$sid};
+ }
+ }
+ } else {
+ # Look if the rule is enabled.
+ if ($snortrules{$rulefile}{$sid}{'State'} eq "on") {
+ # Check if the state is 'on' and should be disabled.
+ # In this case there is no entry
+ # for the sid in the cgiparams hash.
+ # Add it to the disabled_sids array.
+ push(@disabled_sids, $sid);
+
+ # Drop item from cgiparams hash.
+ delete $cgiparams{$sid};
+ }
+ }
+ }
+ }
+
+ # Check if the enabled_sids array contains any sid's.
+ if (@enabled_sids) {
+ # Open enabled sid's file for writing.
+ open(FILE, ">$enabled_sids_file") or die "Could not write to $enabled_sids_file. $!\n";
+
+ # Write header to file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Loop through the array of enabled sids and write them to the file.
+ foreach my $sid (@enabled_sids) {
+ print FILE "enable_sid $sid\n";
+ }
+
+ # Close file after writing.
+ close(FILE);
+ }
+
+ # Check if the enabled_sids array contains any sid's.
+ if (@disabled_sids) {
+ # Open disabled sid's file for writing.
+ open(FILE, ">$disabled_sids_file") or die "Could not write to $disabled_sids_file. $!\n";
+
+ # Write header to file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Loop through the array of disabled sids and write them to the file.
+ foreach my $sid (@disabled_sids) {
+ print FILE "disable_sid $sid\n";
+ }
+
+ # Close file after writing.
+ close(FILE);
+ }
+}
+
if ($snortsettings{'OINKCODE'} ne "") {
$errormessage = $Lang::tr{'invalid input for oink code'} unless ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/);
}
&Header::closebox();
&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
+ print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
+
# Output display table for rule files
print "<table width='100%'>\n";
my $rulechecked = '';
# Check if rule file is enabled
- if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
+ if ($snortrules{$rulefile}{"State"} eq 'On') {
$rulechecked = 'CHECKED';
}
}
# Set rule state
- if ($snortrules{$rulefile}{$sid}{'State'} eq 'Enabled') {
+ if ($snortrules{$rulefile}{$sid}{'State'} eq 'on') {
$ruledefchecked = 'CHECKED';
}
print <<END
<table width='100%'>
<tr>
- <td width='100%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}'>
+ <td width='100%' align='right'><input type='submit' name='RULESET' value='$Lang::tr{'update'}'>
<!-- space for future online help link -->
</td>
</tr>
</table>
+</form>
END
;
&Header::closebox();
# Grab status of the rule. Check if ruleline starts with a "dash".
if ($line =~ /^\#/) {
# If yes, the rule is disabled.
- $snortrules{$rulefile}{$sid}{'State'} = "Disabled";
+ $snortrules{$rulefile}{$sid}{'State'} = "off";
} else {
# Otherwise the rule is enabled.
- $snortrules{$rulefile}{$sid}{'State'} = "Enabled";
+ $snortrules{$rulefile}{$sid}{'State'} = "on";
}
}
}