[people/pmueller/ipfire-2.x.git] / html / cgi-bin / ids.cgi

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use strict;

# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
use File::Copy;

require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";

my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);

my %snortsettings=();
my %checked=();
my %selected=();
my %netsettings=();
our $errormessage = '';
our $results = '';
our $tempdir = '';
our $url='';
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);

&Header::showhttpheaders();

$snortsettings{'ENABLE_SNORT'} = 'off';
$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
$snortsettings{'ACTION'} = '';
$snortsettings{'RULES'} = '';
$snortsettings{'OINKCODE'} = '';
$snortsettings{'INSTALLDATE'} = '';
$snortsettings{'FILE'} = '';

&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});

my $snortrulepath = "/etc/snort/rules";
my $restartsnortrequired = 0;
my %snortrules;
my $rule = '';
my $table1colour = '';
my $table2colour = '';
my $var = '';
my $value = '';
my $tmp = '';
my $linkedrulefile = '';
my $border = '';
my $checkboxname = '';

## Grab all available snort rules and store them in the snortrules hash.
#
# Open snort rules directory and do a directory listing.
opendir(DIR, $snortrulepath) or die $!;
	# Loop through the direcory.
	while (my $file = readdir(DIR)) {

		# We only want files.
		next unless (-f "$snortrulepath/$file");

		# Ignore empty files.
		next if (-z "$snortrulepath/$file");

		# Use a regular expression to find files ending in .rules
		next unless ($file =~ m/\.rules$/);

		# Ignore files which are not read-able.
		next unless (-R "$snortrulepath/$file");

		# Call subfunction to read-in rulefile and add rules to
		# the snortrules hash.
		&readrulesfile("$file");
	}

closedir(DIR);

if ($snortsettings{'OINKCODE'} ne "") {
	$errormessage = $Lang::tr{'invalid input for oink code'} unless ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/);
}

if (!$errormessage) {
	if ($snortsettings{'RULES'} eq 'subscripted') {
		$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
	} elsif ($snortsettings{'RULES'} eq 'registered') {
		$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
	} elsif ($snortsettings{'RULES'} eq 'community') {
		$url=" https://www.snort.org/rules/community";
	} else {
		$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
	}

	if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" ) {
		&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
		if ($snortsettings{'ENABLE_SNORT'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable");
		} else {
			unlink "${General::swroot}/snort/enable";
		}
		if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
		} else {
			unlink "${General::swroot}/snort/enable_green";
		}
		if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
		} else {
			unlink "${General::swroot}/snort/enable_blue";
		}
		if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
		} else {
			unlink "${General::swroot}/snort/enable_orange";
		}
		if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
		{
			system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
		} else {
			unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
		}

		system('/usr/local/bin/snortctrl restart >/dev/null');
	}

	# INSTALLMD5 is not in the form, so not retrieved by getcgihash
	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);

	if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
		my @df = `/bin/df -B M /var`;
		foreach my $line (@df) {
			next if $line =~ m/^Filesystem/;
			my $return;

			if ($line =~ m/dev/ ) {
				$line =~ m/^.* (\d+)M.*$/;
				my @temp = split(/ +/,$line);
				if ($1<300) {
					$errormessage = "$Lang::tr{'not enough disk space'} < 300MB, /var $1MB";
				} else {
					if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
						&downloadrulesfile();
						sleep(3);
						$return = `cat /var/tmp/log 2>/dev/null`;

					}

					if ($return =~ "ERROR") {
						$errormessage = "<br /><pre>".$return."</pre>";
					} else {
						system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &");
						sleep(2);
					}
				}
			}
		}
	}
}

$checked{'ENABLE_SNORT'}{'off'} = '';
$checked{'ENABLE_SNORT'}{'on'} = '';
$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'emerging'} = '';
$selected{'RULES'}{'registered'} = '';
$selected{'RULES'}{'subscripted'} = '';
$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";

&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');

### Java Script ###
print <<END
<script>
	// Tiny java script function to show/hide the rules
	// of a given category.
	function showhide(tblname) {
		\$("#" + tblname).toggle();
	}
</script>
END
;

&Header::openbigbox('100%', 'left', '', $errormessage);

###############
# DEBUG DEBUG
# &Header::openbox('100%', 'left', 'DEBUG');
# my $debugCount = 0;
# foreach my $line (sort keys %snortsettings) {
# print "$line = $snortsettings{$line}<br />\n";
# $debugCount++;
# }
# print "&nbsp;Count: $debugCount\n";
# &Header::closebox();
# DEBUG DEBUG
###############

if ($errormessage) {
	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	print "<class name='base'>$errormessage\n";
	print "&nbsp;</class>\n";
	&Header::closebox();
}

my $return = `pidof oinkmaster.pl -x`;
chomp($return);
if ($return) {
	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
	print <<END;
	<table>
		<tr><td>
				<img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />&nbsp;
			<td>
				$Lang::tr{'snort working'}
		<tr><td colspan='2' align='center'>
			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
				<input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
			</form>
		<tr><td colspan='2' align='left'><pre>
END
	my @output = `tail -20 /var/tmp/log`;
	foreach (@output) {
		print "$_";
	}
	print <<END;
			</pre>
		</table>
END
	&Header::closebox();
	&Header::closebigbox();
	&Header::closepage();
	exit;
	refreshpage();
}

&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
<tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
END
;
if ($netsettings{'BLUE_DEV'} ne '') {
  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />   BLUE Snort";
}
if ($netsettings{'ORANGE_DEV'} ne '') {
  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />   ORANGE Snort";
}
  print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />   RED Snort";

print <<END
</td></tr>
<tr>
	<td><br><br></td>
</tr>
<tr>
	<td><b>$Lang::tr{'ids rules update'}</b></td>
</tr>
<tr>
	<td><select name='RULES'>
				<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
				<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
				<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
				<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
				<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
			</select>
	</td>
</tr>
<tr>
	<td><br />
		$Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
		$Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
	</td>
</tr>
<tr>
	<td nowrap='nowrap'>Oinkcode:&nbsp;<input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
</tr>
<tr>
	<td width='30%' align='left'><br><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
END
;
if ( -e "/var/tmp/snortrules.tar.gz"){
	my @Info = stat("/var/tmp/snortrules.tar.gz");
	$snortsettings{'INSTALLDATE'} = localtime($Info[9]);
}
print "&nbsp;$Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";

print <<END
</tr>
</table>
<br><br>
<table width='100%'>
<tr>
	<td align='right'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
</tr>
</table>
</form>
END
;

if ($results ne '') {
	print "$results";
}

&Header::closebox();

&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
	# Output display table for rule files
	print "<table width='100%'>\n";

	# Local variable required for java script to show/hide
	# rules of a rulefile.
	my $rulesetcount = 1;

	# Loop over each rule file
	foreach my $rulefile (sort keys(%snortrules)) {
		my $rulechecked = '';

		# Check if rule file is enabled
		if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
			$rulechecked = 'CHECKED';
		}

		# Table and rows for the rule files.
		print"<tr>\n";
		print"<td class='base' width='5%'>\n";
		print"<input type='checkbox' name='SNORT_RULE_$rulefile' $rulechecked>\n";
		print"</td>\n";
		print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
		print"<td class='base' width='5%' align='right'>\n";
		print"<a href=\"javascript:showhide('ruleset$rulesetcount')\">SHOW</a>\n";
		print"</td>\n";
		print"</tr>\n";

		# Rows which will be hidden per default and will contain the single rules.
		print"<tr  style='display:none' id='ruleset$rulesetcount'>\n";
		print"<td colspan='3'>\n";

		# Local vars
		my $lines;
		my $rows;
		my $col;

		# New table for the single rules.
		print "<table width='100%'>\n";

		# Loop over rule file rules
		foreach my $sid (sort {$a <=> $b} keys(%{$snortrules{$rulefile}})) {
			# Local vars
			my $ruledefchecked = '';

			# If 2 rules have been displayed, start a new row
			if (($lines % 2) == 0) {
				print "</tr><tr>\n";

				# Increase rows by once.
				$rows++;
			}

			# Colour lines.
			if ($rows % 2) {
				$col="bgcolor='$color{'color20'}'";
			} else {
				$col="bgcolor='$color{'color22'}'";
			}

			# Set rule state
			if ($snortrules{$rulefile}{$sid}{'State'} eq 'Enabled') {
				$ruledefchecked = 'CHECKED';
			}

			# Create rule checkbox and display rule description
			print "<td class='base' width='5%' align='right' $col>\n";
			print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
			print "</td>\n";
			print "<td class='base' width='45%' $col>$snortrules{$rulefile}{$sid}{'Description'}</td>";

			# Increment rule count
			$lines++;
		}

		# If do not have a second rule for row, create empty cell
		if (($lines % 2) != 0) {
			print "<td class='base'></td>";
		}

		# Close display table
		print "</tr></table></td></tr>";

		# Finished whith the rule file, increase count.
		$rulesetcount++;
	}

	# Close display table
	print "</table>";

print <<END
<table width='100%'>
<tr>
	<td width='100%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}'>
		&nbsp; <!-- space for future online help link -->
	</td>
</tr>
</table>
END
;
&Header::closebox();

&Header::closebigbox();
&Header::closepage();

sub refreshpage {
	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );
		print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";
	&Header::closebox();
}

sub downloadrulesfile {
	my $peer;
	my $peerport;

	unlink("/var/tmp/log");

	unless (-e "${General::swroot}/red/active") {
		$errormessage = $Lang::tr{'could not download latest updates'};
		return undef;
	}

	my %proxysettings=();
	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);

	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
		($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
	}

	if ($peer) {
		system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
	} else {
		system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
	}
}

sub readrulesfile ($) {
	my $rulefile = shift;

	# Open rule file and read in contents
	open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!";

	# Store file content in an array.
	my @lines = <RULEFILE>;

	# Close file.
	close(RULEFILE);

	# Loop over rule file contents
	foreach my $line (@lines) {
		# Remove whitespaces.
		chomp $line;

		# Skip blank  lines.
		next if ($line =~ /^\s*$/);

		# Local vars.
		my $sid;
		my $msg;

		# Gather rule sid and message from the ruleline.
		if ($line =~ m/.*msg:\"(.*?)\"\; .* sid:(.*?); /) {
			$msg = $1;
			$sid = $2;

			# Check if a rule has been found.
			if ($sid && $msg) {
				# Add rule to the snortrules hash.
				$snortrules{$rulefile}{$sid}{'Description'} = $msg;

				# Grab status of the rule. Check if ruleline starts with a "dash".
				if ($line =~ /^\#/) {
					# If yes, the rule is disabled.
					$snortrules{$rulefile}{$sid}{'State'} = "Disabled";
				} else {
					# Otherwise the rule is enabled.
					$snortrules{$rulefile}{$sid}{'State'} = "Enabled";
				}
			}
		}
        }
}
Commit	Line	Data
ac1cfefa	1	#!/usr/bin/perl
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
b6f571fa	5	# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
70df8302 MT	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
ac1cfefa MT	22	use strict;
	23
	24	# enable only the following on debugging purpose
90c2e164 CS	25	#use warnings;
90c2e164 CS	26	#use CGI::Carp 'fatalsToBrowser';
73231650	27	use File::Copy;
ac1cfefa	28
986e08d9	29	require '/var/ipfire/general-functions.pl';
ac1cfefa MT	30	require "${General::swroot}/lang.pl";
	31	require "${General::swroot}/header.pl";
	32
f2fdd0c1 CS	33	my %color = ();
	34	my %mainsettings = ();
	35	&General::readhash("${General::swroot}/main/settings", \%mainsettings);
	36	&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
	37
ac1cfefa MT	38	my %snortsettings=();
ac1cfefa MT	39	my %checked=();
5a3e0dca	40	my %selected=();
ac1cfefa MT	41	my %netsettings=();
ac1cfefa MT	42	our $errormessage = '';
ac1cfefa MT	43	our $results = '';
	44	our $tempdir = '';
	45	our $url='';
	46	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
	47
	48	&Header::showhttpheaders();
	49
	50	$snortsettings{'ENABLE_SNORT'} = 'off';
	51	$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
	52	$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
	53	$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
	54	$snortsettings{'ACTION'} = '';
5a3e0dca	55	$snortsettings{'RULES'} = '';
ac1cfefa MT	56	$snortsettings{'OINKCODE'} = '';
ac1cfefa MT	57	$snortsettings{'INSTALLDATE'} = '';
73231650	58	$snortsettings{'FILE'} = '';
ac1cfefa MT	59
	60	&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});
	61
422204ff	62	my $snortrulepath = "/etc/snort/rules";
395e3b90 MT	63	my $restartsnortrequired = 0;
	64	my %snortrules;
	65	my $rule = '';
	66	my $table1colour = '';
	67	my $table2colour = '';
	68	my $var = '';
	69	my $value = '';
	70	my $tmp = '';
	71	my $linkedrulefile = '';
	72	my $border = '';
	73	my $checkboxname = '';
	74
3da6e01b SS	75	## Grab all available snort rules and store them in the snortrules hash.
3da6e01b SS	76	#
422204ff SS	77	# Open snort rules directory and do a directory listing.
	78	opendir(DIR, $snortrulepath) or die $!;
	79	# Loop through the direcory.
	80	while (my $file = readdir(DIR)) {
	81
	82	# We only want files.
	83	next unless (-f "$snortrulepath/$file");
	84
	85	# Ignore empty files.
	86	next if (-z "$snortrulepath/$file");
	87
3da6e01b	88	# Use a regular expression to find files ending in .rules
422204ff SS	89	next unless ($file =~ m/\.rules$/);
422204ff SS	90
3da6e01b SS	91	# Ignore files which are not read-able.
3da6e01b SS	92	next unless (-R "$snortrulepath/$file");
395e3b90	93
3da6e01b SS	94	# Call subfunction to read-in rulefile and add rules to
	95	# the snortrules hash.
	96	&readrulesfile("$file");
395e3b90	97	}
395e3b90	98
3da6e01b	99	closedir(DIR);
395e3b90	100
a9a91e5f MT	101	if ($snortsettings{'OINKCODE'} ne "") {
a9a91e5f MT	102	$errormessage = $Lang::tr{'invalid input for oink code'} unless ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/);
ac1cfefa MT	103	}
ac1cfefa MT	104
a9a91e5f MT	105	if (!$errormessage) {
a9a91e5f MT	106	if ($snortsettings{'RULES'} eq 'subscripted') {
9d79aea2	107	$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
a9a91e5f	108	} elsif ($snortsettings{'RULES'} eq 'registered') {
9d79aea2	109	$url=" https://www.snort.org/rules/snortrules-snapshot-29111.tar.gz?oinkcode=$snortsettings{'OINKCODE'}";
a9a91e5f MT	110	} elsif ($snortsettings{'RULES'} eq 'community') {
a9a91e5f MT	111	$url=" https://www.snort.org/rules/community";
ac1cfefa	112	} else {
a9a91e5f	113	$url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz";
f9c2147d	114	}
ac1cfefa	115
a9a91e5f MT	116	if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "snort" ) {
	117	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
	118	if ($snortsettings{'ENABLE_SNORT'} eq 'on')
	119	{
	120	system ('/usr/bin/touch', "${General::swroot}/snort/enable");
	121	} else {
	122	unlink "${General::swroot}/snort/enable";
	123	}
	124	if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
	125	{
	126	system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
	127	} else {
	128	unlink "${General::swroot}/snort/enable_green";
	129	}
	130	if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
	131	{
	132	system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
	133	} else {
	134	unlink "${General::swroot}/snort/enable_blue";
	135	}
	136	if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
	137	{
	138	system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
	139	} else {
	140	unlink "${General::swroot}/snort/enable_orange";
	141	}
	142	if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
	143	{
	144	system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
	145	} else {
	146	unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
	147	}
395e3b90	148
a9a91e5f MT	149	system('/usr/local/bin/snortctrl restart >/dev/null');
a9a91e5f MT	150	}
a27c40a0	151
a9a91e5f	152	# INSTALLMD5 is not in the form, so not retrieved by getcgihash
ac1cfefa	153	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
ac1cfefa	154
fbd43017	155	if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
a9a91e5f MT	156	my @df = `/bin/df -B M /var`;
	157	foreach my $line (@df) {
	158	next if $line =~ m/^Filesystem/;
	159	my $return;
	160
	161	if ($line =~ m/dev/ ) {
	162	$line =~ m/^.* (\d+)M.*$/;
	163	my @temp = split(/ +/,$line);
	164	if ($1<300) {
	165	$errormessage = "$Lang::tr{'not enough disk space'} < 300MB, /var $1MB";
	166	} else {
	167	if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
	168	&downloadrulesfile();
	169	sleep(3);
	170	$return = `cat /var/tmp/log 2>/dev/null`;
	171
73231650	172	}
73231650	173
a9a91e5f	174	if ($return =~ "ERROR") {
73231650 CS	175	$errormessage = "<br /><pre>".$return."</pre>";
	176	} else {
	177	system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &");
	178	sleep(2);
32810952	179	}
a9a91e5f	180	}
ac1cfefa	181	}
ac1cfefa MT	182	}
	183	}
	184	}
	185
	186	$checked{'ENABLE_SNORT'}{'off'} = '';
	187	$checked{'ENABLE_SNORT'}{'on'} = '';
	188	$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
	189	$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
	190	$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
	191	$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
	192	$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
	193	$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
	194	$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
	195	$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
	196	$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
	197	$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
5a3e0dca	198	$selected{'RULES'}{'nothing'} = '';
5a3e0dca	199	$selected{'RULES'}{'community'} = '';
a0fa489f	200	$selected{'RULES'}{'emerging'} = '';
5a3e0dca MT	201	$selected{'RULES'}{'registered'} = '';
	202	$selected{'RULES'}{'subscripted'} = '';
	203	$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
ac1cfefa MT	204
	205	&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
	206
17726644 SS	207	### Java Script ###
	208	print <<END
	209	<script>
	210	// Tiny java script function to show/hide the rules
	211	// of a given category.
	212	function showhide(tblname) {
	213	\$("#" + tblname).toggle();
	214	}
	215	</script>
	216	END
	217	;
	218
ac1cfefa MT	219	&Header::openbigbox('100%', 'left', '', $errormessage);
ac1cfefa MT	220
90c2e164 CS	221	###############
	222	# DEBUG DEBUG
	223	# &Header::openbox('100%', 'left', 'DEBUG');
	224	# my $debugCount = 0;
	225	# foreach my $line (sort keys %snortsettings) {
	226	# print "$line = $snortsettings{$line}<br />\n";
	227	# $debugCount++;
	228	# }
	229	# print " Count: $debugCount\n";
	230	# &Header::closebox();
	231	# DEBUG DEBUG
	232	###############
	233
ac1cfefa MT	234	if ($errormessage) {
	235	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	236	print "<class name='base'>$errormessage\n";
	237	print " </class>\n";
	238	&Header::closebox();
	239	}
	240
73231650 CS	241	my $return = `pidof oinkmaster.pl -x`;
	242	chomp($return);
	243	if ($return) {
	244	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
	245	print <<END;
	246	<table>
	247	<tr><td>
	248	<img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />
	249	<td>
	250	$Lang::tr{'snort working'}
	251	<tr><td colspan='2' align='center'>
	252	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
f8aa0679	253	<input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
73231650 CS	254	</form>
	255	<tr><td colspan='2' align='left'><pre>
	256	END
	257	my @output = `tail -20 /var/tmp/log`;
	258	foreach (@output) {
	259	print "$_";
	260	}
	261	print <<END;
	262	</pre>
	263	</table>
	264	END
	265	&Header::closebox();
	266	&Header::closebigbox();
	267	&Header::closepage();
	268	exit;
	269	refreshpage();
	270	}
	271
7cc8a0e5	272	&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
ac1cfefa MT	273	print <<END
ac1cfefa MT	274	<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
1b73b07e	275	<tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
ac1cfefa MT	276	END
	277	;
	278	if ($netsettings{'BLUE_DEV'} ne '') {
1b73b07e	279	print "      <input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} /> BLUE Snort";
ac1cfefa MT	280	}
ac1cfefa MT	281	if ($netsettings{'ORANGE_DEV'} ne '') {
1b73b07e	282	print "      <input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} /> ORANGE Snort";
ac1cfefa	283	}
1b73b07e	284	print "      <input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} /> RED Snort";
1b73b07e	285
ac1cfefa	286	print <<END
1b73b07e	287	</td></tr>
ac1cfefa	288	<tr>
7cc8a0e5	289	<td><br><br></td>
ac1cfefa MT	290	</tr>
	291	<tr>
	292	<td><b>$Lang::tr{'ids rules update'}</b></td>
	293	</tr>
	294	<tr>
5a3e0dca MT	295	<td><select name='RULES'>
5a3e0dca MT	296	<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
a0fa489f	297	<option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option>
5a3e0dca MT	298	<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
	299	<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
	300	<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
	301	</select>
	302	</td>
ac1cfefa MT	303	</tr>
	304	<tr>
	305	<td><br />
8d29504c	306	$Lang::tr{'ids rules license'} <a href='https://www.snort.org/subscribe' target='_blank'>www.snort.org</a>$Lang::tr{'ids rules license1'}<br /><br />
4935eb8b	307	$Lang::tr{'ids rules license2'} <a href='https://www.snort.org/account/oinkcode' target='_blank'>Get an Oinkcode</a>, $Lang::tr{'ids rules license3'}
ac1cfefa MT	308	</td>
	309	</tr>
	310	<tr>
5a3e0dca	311	<td nowrap='nowrap'>Oinkcode: <input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
ac1cfefa MT	312	</tr>
ac1cfefa MT	313	<tr>
7cc8a0e5	314	<td width='30%' align='left'><br><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
ac1cfefa MT	315	END
ac1cfefa MT	316	;
42d9192e	317	if ( -e "/var/tmp/snortrules.tar.gz"){
0972c650 CS	318	my @Info = stat("/var/tmp/snortrules.tar.gz");
0972c650 CS	319	$snortsettings{'INSTALLDATE'} = localtime($Info[9]);
ac1cfefa	320	}
32810952 CS	321	print " $Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";
32810952 CS	322
ac1cfefa MT	323	print <<END
	324	</tr>
	325	</table>
7cc8a0e5	326	<br><br>
ac1cfefa MT	327	<table width='100%'>
ac1cfefa MT	328	<tr>
7cc8a0e5	329	<td align='right'><input type='hidden' name='ACTION2' value='snort' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
ac1cfefa MT	330	</tr>
	331	</table>
	332	</form>
	333	END
	334	;
	335
	336	if ($results ne '') {
	337	print "$results";
	338	}
	339
	340	&Header::closebox();
fbfdb241	341
f7fcd1c0 SS	342	&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
f7fcd1c0 SS	343	# Output display table for rule files
17726644	344	print "<table width='100%'>\n";
ce0e83b3	345
17726644 SS	346	# Local variable required for java script to show/hide
	347	# rules of a rulefile.
	348	my $rulesetcount = 1;
f7fcd1c0 SS	349
	350	# Loop over each rule file
	351	foreach my $rulefile (sort keys(%snortrules)) {
	352	my $rulechecked = '';
	353
f7fcd1c0 SS	354	# Check if rule file is enabled
	355	if ($snortrules{$rulefile}{"State"} eq 'Enabled') {
	356	$rulechecked = 'CHECKED';
	357	}
3ffee04b	358
17726644 SS	359	# Table and rows for the rule files.
	360	print"<tr>\n";
	361	print"<td class='base' width='5%'>\n";
	362	print"<input type='checkbox' name='SNORT_RULE_$rulefile' $rulechecked>\n";
	363	print"</td>\n";
	364	print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
	365	print"<td class='base' width='5%' align='right'>\n";
	366	print"<a href=\"javascript:showhide('ruleset$rulesetcount')\">SHOW</a>\n";
	367	print"</td>\n";
	368	print"</tr>\n";
	369
	370	# Rows which will be hidden per default and will contain the single rules.
	371	print"<tr style='display:none' id='ruleset$rulesetcount'>\n";
	372	print"<td colspan='3'>\n";
	373
	374	# Local vars
	375	my $lines;
	376	my $rows;
	377	my $col;
	378
	379	# New table for the single rules.
	380	print "<table width='100%'>\n";
	381
	382	# Loop over rule file rules
	383	foreach my $sid (sort {$a <=> $b} keys(%{$snortrules{$rulefile}})) {
f7fcd1c0	384	# Local vars
17726644	385	my $ruledefchecked = '';
f9c2147d	386
17726644 SS	387	# If 2 rules have been displayed, start a new row
	388	if (($lines % 2) == 0) {
	389	print "</tr><tr>\n";
3ffee04b	390
17726644 SS	391	# Increase rows by once.
	392	$rows++;
	393	}
f7fcd1c0	394
17726644 SS	395	# Colour lines.
	396	if ($rows % 2) {
	397	$col="bgcolor='$color{'color20'}'";
	398	} else {
	399	$col="bgcolor='$color{'color22'}'";
f7fcd1c0 SS	400	}
f7fcd1c0 SS	401
17726644 SS	402	# Set rule state
	403	if ($snortrules{$rulefile}{$sid}{'State'} eq 'Enabled') {
	404	$ruledefchecked = 'CHECKED';
f7fcd1c0	405	}
3ffee04b	406
17726644 SS	407	# Create rule checkbox and display rule description
	408	print "<td class='base' width='5%' align='right' $col>\n";
	409	print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
	410	print "</td>\n";
	411	print "<td class='base' width='45%' $col>$snortrules{$rulefile}{$sid}{'Description'}</td>";
	412
	413	# Increment rule count
	414	$lines++;
	415	}
	416
	417	# If do not have a second rule for row, create empty cell
	418	if (($lines % 2) != 0) {
	419	print "<td class='base'></td>";
f7fcd1c0 SS	420	}
	421
	422	# Close display table
17726644	423	print "</tr></table></td></tr>";
3ffee04b	424
17726644 SS	425	# Finished whith the rule file, increase count.
17726644 SS	426	$rulesetcount++;
f7fcd1c0	427	}
17726644 SS	428
	429	# Close display table
	430	print "</table>";
	431
f7fcd1c0	432	print <<END
2999f1d2 CS	433	<table width='100%'>
2999f1d2 CS	434	<tr>
17726644	435	<td width='100%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'update'}'>
3ffee04b CS	436	<!-- space for future online help link -->
3ffee04b CS	437	</td>
2999f1d2 CS	438	</tr>
2999f1d2 CS	439	</table>
3ffee04b CS	440	END
3ffee04b CS	441	;
f7fcd1c0	442	&Header::closebox();
395e3b90	443
ac1cfefa MT	444	&Header::closebigbox();
	445	&Header::closepage();
	446
a70d269a SS	447	sub refreshpage {
	448	&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );
	449	print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";
	450	&Header::closebox();
	451	}
	452
ac1cfefa	453	sub downloadrulesfile {
73231650 CS	454	my $peer;
73231650 CS	455	my $peerport;
ac1cfefa	456
73231650	457	unlink("/var/tmp/log");
ac1cfefa MT	458
	459	unless (-e "${General::swroot}/red/active") {
	460	$errormessage = $Lang::tr{'could not download latest updates'};
	461	return undef;
	462	}
	463
ac1cfefa MT	464	my %proxysettings=();
	465	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
	466
	467	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
73231650	468	($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]?(?:\:[A-Za-z0-9\_\.\-]?)?\@)?([a-zA-Z0-9\.\_\-]?)(?:\:([0-9]{1,5}))?(?:\/.?)?$/);
ac1cfefa MT	469	}
ac1cfefa MT	470
73231650	471	if ($peer) {
1f606aef	472	system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
73231650	473	} else {
1f606aef	474	system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
ac1cfefa	475	}
ac1cfefa	476	}
3da6e01b SS	477
	478	sub readrulesfile ($) {
	479	my $rulefile = shift;
	480
	481	# Open rule file and read in contents
	482	open(RULEFILE, "$snortrulepath/$rulefile") or die "Unable to read $rulefile!";
	483
	484	# Store file content in an array.
	485	my @lines = <RULEFILE>;
	486
	487	# Close file.
	488	close(RULEFILE);
	489
	490	# Loop over rule file contents
	491	foreach my $line (@lines) {
	492	# Remove whitespaces.
	493	chomp $line;
	494
	495	# Skip blank lines.
	496	next if ($line =~ /^\s*$/);
	497
	498	# Local vars.
	499	my $sid;
	500	my $msg;
	501
	502	# Gather rule sid and message from the ruleline.
	503	if ($line =~ m/.msg:\"(.?)\"\; .* sid:(.*?); /) {
	504	$msg = $1;
	505	$sid = $2;
	506
	507	# Check if a rule has been found.
	508	if ($sid && $msg) {
	509	# Add rule to the snortrules hash.
	510	$snortrules{$rulefile}{$sid}{'Description'} = $msg;
	511
	512	# Grab status of the rule. Check if ruleline starts with a "dash".
	513	if ($line =~ /^\#/) {
	514	# If yes, the rule is disabled.
	515	$snortrules{$rulefile}{$sid}{'State'} = "Disabled";
	516	} else {
	517	# Otherwise the rule is enabled.
	518	$snortrules{$rulefile}{$sid}{'State'} = "Enabled";
	519	}
	520	}
	521	}
	522	}
	523	}