[people/pmueller/ipfire-2.x.git] / html / cgi-bin / ids.cgi

#!/usr/bin/perl\r
#\r
# SmoothWall CGIs\r
#\r
# This code is distributed under the terms of the GPL\r
#\r
# (c) The SmoothWall Team\r
#\r
# $Id: ids.cgi,v 1.8.2.18 2005/07/27 21:35:22 franck78 Exp $\r
#\r
\r
use LWP::UserAgent;\r
use File::Copy;\r
use File::Temp qw/ tempfile tempdir /;\r
use strict;\r
\r
# enable only the following on debugging purpose\r
#use warnings;\r
#use CGI::Carp 'fatalsToBrowser';\r
\r
require 'CONFIG_ROOT/general-functions.pl';\r
require "${General::swroot}/lang.pl";\r
require "${General::swroot}/header.pl";\r
\r
my %snortsettings=();\r
my %checked=();\r
my %netsettings=();\r
our $errormessage = '';\r
our $md5 = '0';# not '' to avoid displaying the wrong message when INSTALLMD5 not set\r
our $realmd5 = '';\r
our $results = '';\r
our $tempdir = '';\r
our $url='';\r
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);\r
\r
&Header::showhttpheaders();\r
\r
$snortsettings{'ENABLE_SNORT'} = 'off';\r
$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';\r
$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';\r
$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';\r
$snortsettings{'ACTION'} = '';\r
$snortsettings{'RULESTYPE'} = '';\r
$snortsettings{'OINKCODE'} = '';\r
$snortsettings{'INSTALLDATE'} = '';\r
$snortsettings{'INSTALLMD5'} = '';\r
\r
&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});\r
\r
if ($snortsettings{'RULESTYPE'} eq 'subscripted') {\r
	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.3_s.tar.gz";\r
} else {\r
	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.3.tar.gz";\r
}\r
\r
if ($snortsettings{'ACTION'} eq $Lang::tr{'save'})\r
{\r
	$errormessage = $Lang::tr{'invalid input for oink code'} unless (\r
	    ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/)  ||\r
	    ($snortsettings{'RULESTYPE'} eq 'nothing' )       );\r
\r
	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);\r
	if ($snortsettings{'ENABLE_SNORT'} eq 'on')\r
	{\r
		system ('/bin/touch', "${General::swroot}/snort/enable");\r
	} else {\r
		unlink "${General::swroot}/snort/enable";\r
	} \r
	if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')\r
	{\r
		system ('/bin/touch', "${General::swroot}/snort/enable_green");\r
	} else {\r
		unlink "${General::swroot}/snort/enable_green";\r
	} \r
	if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')\r
	{\r
		system ('/bin/touch', "${General::swroot}/snort/enable_blue");\r
	} else {\r
		unlink "${General::swroot}/snort/enable_blue";\r
	} \r
	if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')\r
	{\r
		system ('/bin/touch', "${General::swroot}/snort/enable_orange");\r
	} else {\r
		unlink "${General::swroot}/snort/enable_orange";\r
	}\r
\r
	system('/usr/local/bin/restartsnort','red','orange','blue','green');\r
} else {\r
	 # INSTALLMD5 is not in the form, so not retrieved by getcgihash\r
	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);\r
}\r
\r
if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {\r
	$md5 = &getmd5;\r
	if (($snortsettings{'INSTALLMD5'} ne $md5) && defined $md5 ) {\r
		chomp($md5);\r
		my $filename = &downloadrulesfile();\r
		if (defined $filename) {\r
			# Check MD5sum\r
			$realmd5 = `/usr/bin/md5sum $filename`;\r
			chomp ($realmd5);\r
			$realmd5 =~ s/^(\w+)\s.*$/$1/;\r
			if ($md5 ne $realmd5) {\r
				$errormessage = "$Lang::tr{'invalid md5sum'}";\r
			} else {\r
				$results = "<b>$Lang::tr{'installed updates'}</b>\n<pre>";\r
				$results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipcop/snort/oinkmaster.conf -o /etc/snort 2>&1`;\r
				$results .= "</pre>";\r
			}\r
			unlink ($filename);\r
		}\r
	}\r
}\r
\r
$checked{'ENABLE_SNORT'}{'off'} = '';\r
$checked{'ENABLE_SNORT'}{'on'} = '';\r
$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";\r
$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';\r
$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';\r
$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";\r
$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';\r
$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';\r
$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";\r
$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';\r
$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';\r
$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";\r
$checked{'RULESTYPE'}{'nothing'} = '';\r
$checked{'RULESTYPE'}{'registered'} = '';\r
$checked{'RULESTYPE'}{'subscripted'} = '';\r
$checked{'RULESTYPE'}{$snortsettings{'RULESTYPE'}} = "checked='checked'";\r
\r
&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');\r
\r
&Header::openbigbox('100%', 'left', '', $errormessage);\r
\r
if ($errormessage) {\r
	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});\r
	print "<class name='base'>$errormessage\n";\r
	print "&nbsp;</class>\n";\r
	&Header::closebox();\r
}\r
\r
&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'});\r
print <<END\r
<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>\r
<tr>\r
	<td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />\r
		GREEN Snort</td>\r
</tr>\r
END\r
;\r
if ($netsettings{'BLUE_DEV'} ne '') {\r
print <<END\r
<tr>\r
	<td class='base'><input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />\r
		BLUE Snort</td>\r
</tr>\r
END\r
;\r
}\r
if ($netsettings{'ORANGE_DEV'} ne '') {\r
print <<END\r
<tr>\r
	<td class='base'><input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />\r
		ORANGE Snort</td>\r
</tr>\r
END\r
;\r
}\r
print <<END\r
<tr>\r
	<td class='base'><input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />\r
		RED Snort</td>\r
</tr>\r
<tr>\r
	<td><hr /></td>\r
</tr>\r
<tr>\r
	<td><b>$Lang::tr{'ids rules update'}</b></td>\r
</tr>\r
<tr>\r
	<td><input type='radio' name='RULESTYPE' value='nothing' $checked{'RULESTYPE'}{'nothing'} />\r
		$Lang::tr{'no'}</td>\r
</tr>\r
<tr>\r
	<td><input type='radio' name='RULESTYPE' value='registered' $checked{'RULESTYPE'}{'registered'} />\r
		$Lang::tr{'registered user rules'}</td>\r
</tr>\r
<tr>\r
	<td><input type='radio' name='RULESTYPE' value='subscripted' $checked{'RULESTYPE'}{'subscripted'} />\r
		$Lang::tr{'subscripted user rules'}</td>\r
</tr>\r
<tr>\r
	<td><br />\r
		$Lang::tr{'ids rules license'} <a href='http://www.snort.org/' target='_blank'>http://www.snort.org</a>.<br />\r
		<br />\r
		$Lang::tr{'ids rules license2'} <a href='http://www.snort.org/reg-bin/userprefs.cgi' target='_blank'>USER PREFERENCES</a>, $Lang::tr{'ids rules license3'}<br />\r
	</td>\r
</tr>\r
<tr>\r
	<td nowrap='nowrap'>Oink Code:&nbsp;<input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>\r
</tr>\r
<tr>\r
	<td width='30%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />\r
END\r
;\r
\r
if ($snortsettings{'INSTALLMD5'} eq $md5) {\r
	print "&nbsp;$Lang::tr{'rules already up to date'}</td>";\r
} else {\r
	if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} && $md5 eq $realmd5 ) {\r
		$snortsettings{'INSTALLMD5'} = $realmd5;\r
		$snortsettings{'INSTALLDATE'} = `/bin/date +'%Y-%m-%d'`;\r
		&General::writehash("${General::swroot}/snort/settings", \%snortsettings);\r
	}\r
	print "&nbsp;$Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";\r
}\r
print <<END\r
</tr>\r
</table>\r
<hr />\r
<table width='100%'>\r
<tr>\r
	<td width='55%'>&nbsp;</td>\r
	<td width='40%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>\r
	<td width='5%'>\r
		&nbsp; <!-- space for future online help link -->\r
	</td>\r
</tr>\r
</table>\r
</form>\r
END\r
;\r
\r
if ($results ne '') {\r
	print "$results";\r
}\r
\r
&Header::closebox();\r
&Header::closebigbox();\r
&Header::closepage();\r
\r
sub getmd5 {\r
	# Retrieve MD5 sum from $url.md5 file\r
	#\r
	my $md5buf = &geturl("$url.md5");\r
	return undef unless $md5buf;\r
\r
	if (0) { # 1 to debug\r
		my $filename='';\r
		my $fh='';\r
		($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.md5' );\r
		binmode ($fh);\r
		syswrite ($fh, $md5buf->content);\r
		close($fh);\r
	}\r
	return $md5buf->content;\r
}\r
sub downloadrulesfile {\r
	my $return = &geturl($url);\r
	return undef unless $return;\r
\r
	if (index($return->content, "\037\213") == -1 ) { # \037\213 is .gz beginning\r
		$errormessage = $Lang::tr{'invalid loaded file'};\r
		return undef;\r
	}\r
\r
	my $filename='';\r
	my $fh='';\r
	($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension\r
	binmode ($fh);\r
	syswrite ($fh, $return->content);\r
	close($fh);\r
	return $filename;\r
}\r
\r
sub geturl ($) {\r
	my $url=$_[0];\r
\r
	unless (-e "${General::swroot}/red/active") {\r
		$errormessage = $Lang::tr{'could not download latest updates'};\r
		return undef;\r
	}\r
\r
	my $downloader = LWP::UserAgent->new;\r
	$downloader->timeout(5);\r
\r
	my %proxysettings=();\r
	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);\r
\r
	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {\r
		my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);\r
		if ($proxysettings{'UPSTREAM_USER'}) {\r
			$downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/");\r
		} else {\r
			$downloader->proxy("http","http://$peer:$peerport/");\r
		}\r
	}\r
\r
	my $return = $downloader->get($url,'Cache-Control','no-cache');\r
\r
	if ($return->code == 403) {\r
		$errormessage = $Lang::tr{'access refused with this oinkcode'};\r
		return undef;\r
	} elsif (!$return->is_success()) {\r
		$errormessage = $Lang::tr{'could not download latest updates'};\r
		return undef;\r
	}\r
\r
	return $return;\r
\r
}\r
Commit	Line	Data
cd1a2927 MT	1	#!/usr/bin/perl\r
	2	#\r
	3	# SmoothWall CGIs\r
	4	#\r
	5	# This code is distributed under the terms of the GPL\r
	6	#\r
	7	# (c) The SmoothWall Team\r
	8	#\r
	9	# $Id: ids.cgi,v 1.8.2.18 2005/07/27 21:35:22 franck78 Exp $\r
	10	#\r
	11	\r
	12	use LWP::UserAgent;\r
	13	use File::Copy;\r
	14	use File::Temp qw/ tempfile tempdir /;\r
	15	use strict;\r
	16	\r
	17	# enable only the following on debugging purpose\r
	18	#use warnings;\r
	19	#use CGI::Carp 'fatalsToBrowser';\r
	20	\r
	21	require 'CONFIG_ROOT/general-functions.pl';\r
	22	require "${General::swroot}/lang.pl";\r
	23	require "${General::swroot}/header.pl";\r
	24	\r
	25	my %snortsettings=();\r
	26	my %checked=();\r
	27	my %netsettings=();\r
	28	our $errormessage = '';\r
	29	our $md5 = '0';# not '' to avoid displaying the wrong message when INSTALLMD5 not set\r
	30	our $realmd5 = '';\r
	31	our $results = '';\r
	32	our $tempdir = '';\r
	33	our $url='';\r
	34	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);\r
	35	\r
	36	&Header::showhttpheaders();\r
	37	\r
	38	$snortsettings{'ENABLE_SNORT'} = 'off';\r
	39	$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';\r
	40	$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';\r
	41	$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';\r
	42	$snortsettings{'ACTION'} = '';\r
	43	$snortsettings{'RULESTYPE'} = '';\r
	44	$snortsettings{'OINKCODE'} = '';\r
	45	$snortsettings{'INSTALLDATE'} = '';\r
	46	$snortsettings{'INSTALLMD5'} = '';\r
	47	\r
	48	&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});\r
	49	\r
	50	if ($snortsettings{'RULESTYPE'} eq 'subscripted') {\r
	51	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.3_s.tar.gz";\r
	52	} else {\r
	53	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.3.tar.gz";\r
	54	}\r
	55	\r
	56	if ($snortsettings{'ACTION'} eq $Lang::tr{'save'})\r
	57	{\r
	58	$errormessage = $Lang::tr{'invalid input for oink code'} unless (\r
	59	($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/) \|\|\r
	60	($snortsettings{'RULESTYPE'} eq 'nothing' ) );\r
	61	\r
	62	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);\r
	63	if ($snortsettings{'ENABLE_SNORT'} eq 'on')\r
	64	{\r
65	system ('/bin/touch', "${General::swroot}/snort/enable");\r
66	} else {\r
67	unlink "${General::swroot}/snort/enable";\r
68	} \r
69	if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')\r
70	{\r
71	system ('/bin/touch', "${General::swroot}/snort/enable_green");\r
72	} else {\r
73	unlink "${General::swroot}/snort/enable_green";\r
74	} \r
75	if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')\r
76	{\r
77	system ('/bin/touch', "${General::swroot}/snort/enable_blue");\r
78	} else {\r
79	unlink "${General::swroot}/snort/enable_blue";\r
80	} \r
81	if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')\r
82	{\r
83	system ('/bin/touch', "${General::swroot}/snort/enable_orange");\r
84	} else {\r
85	unlink "${General::swroot}/snort/enable_orange";\r
86	}\r
87	\r
88	system('/usr/local/bin/restartsnort','red','orange','blue','green');\r
89	} else {\r
90	# INSTALLMD5 is not in the form, so not retrieved by getcgihash\r
91	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);\r
92	}\r
93	\r
94	if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {\r
95	$md5 = &getmd5;\r
96	if (($snortsettings{'INSTALLMD5'} ne $md5) && defined $md5 ) {\r
97	chomp($md5);\r
98	my $filename = &downloadrulesfile();\r
99	if (defined $filename) {\r
100	# Check MD5sum\r
101	$realmd5 = `/usr/bin/md5sum $filename`;\r
102	chomp ($realmd5);\r
103	$realmd5 =~ s/^(\w+)\s.*$/$1/;\r
104	if ($md5 ne $realmd5) {\r
105	$errormessage = "$Lang::tr{'invalid md5sum'}";\r
106	} else {\r
107	$results = "<b>$Lang::tr{'installed updates'}</b>\n<pre>";\r
108	$results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipcop/snort/oinkmaster.conf -o /etc/snort 2>&1`;\r
109	$results .= "</pre>";\r
110	}\r
111	unlink ($filename);\r
112	}\r
113	}\r
114	}\r
115	\r
116	$checked{'ENABLE_SNORT'}{'off'} = '';\r
117	$checked{'ENABLE_SNORT'}{'on'} = '';\r
118	$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";\r
119	$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';\r
120	$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';\r
121	$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";\r
122	$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';\r
123	$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';\r
124	$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";\r
125	$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';\r
126	$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';\r
127	$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";\r
128	$checked{'RULESTYPE'}{'nothing'} = '';\r
129	$checked{'RULESTYPE'}{'registered'} = '';\r
130	$checked{'RULESTYPE'}{'subscripted'} = '';\r
131	$checked{'RULESTYPE'}{$snortsettings{'RULESTYPE'}} = "checked='checked'";\r
132	\r
133	&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');\r
134	\r
135	&Header::openbigbox('100%', 'left', '', $errormessage);\r
136	\r
137	if ($errormessage) {\r
138	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});\r
139	print "<class name='base'>$errormessage\n";\r
140	print " </class>\n";\r
141	&Header::closebox();\r
142	}\r
143	\r
144	&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'});\r
145	print <<END\r
146	<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>\r
147	<tr>\r
148	<td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />\r
149	GREEN Snort</td>\r
150	</tr>\r
151	END\r
152	;\r
153	if ($netsettings{'BLUE_DEV'} ne '') {\r
154	print <<END\r
155	<tr>\r
156	<td class='base'><input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />\r
157	BLUE Snort</td>\r
158	</tr>\r
159	END\r
160	;\r
161	}\r
162	if ($netsettings{'ORANGE_DEV'} ne '') {\r
163	print <<END\r
164	<tr>\r
165	<td class='base'><input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />\r
166	ORANGE Snort</td>\r
167	</tr>\r
168	END\r
169	;\r
170	}\r
171	print <<END\r
172	<tr>\r
173	<td class='base'><input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />\r
174	RED Snort</td>\r
175	</tr>\r
176	<tr>\r
177	<td><hr /></td>\r
178	</tr>\r
179	<tr>\r
180	<td><b>$Lang::tr{'ids rules update'}</b></td>\r
181	</tr>\r
182	<tr>\r
183	<td><input type='radio' name='RULESTYPE' value='nothing' $checked{'RULESTYPE'}{'nothing'} />\r
184	$Lang::tr{'no'}</td>\r
185	</tr>\r
186	<tr>\r
187	<td><input type='radio' name='RULESTYPE' value='registered' $checked{'RULESTYPE'}{'registered'} />\r
188	$Lang::tr{'registered user rules'}</td>\r
189	</tr>\r
190	<tr>\r
191	<td><input type='radio' name='RULESTYPE' value='subscripted' $checked{'RULESTYPE'}{'subscripted'} />\r
192	$Lang::tr{'subscripted user rules'}</td>\r
193	</tr>\r
194	<tr>\r
195	<td><br />\r
196	$Lang::tr{'ids rules license'} <a href='http://www.snort.org/' target='_blank'>http://www.snort.org</a>.<br />\r
197	<br />\r
198	$Lang::tr{'ids rules license2'} <a href='http://www.snort.org/reg-bin/userprefs.cgi' target='_blank'>USER PREFERENCES</a>, $Lang::tr{'ids rules license3'}<br />\r
199	</td>\r
200	</tr>\r
201	<tr>\r
202	<td nowrap='nowrap'>Oink Code: <input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>\r
203	</tr>\r
204	<tr>\r
205	<td width='30%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />\r
206	END\r
207	;\r
208	\r
209	if ($snortsettings{'INSTALLMD5'} eq $md5) {\r
210	print " $Lang::tr{'rules already up to date'}</td>";\r
211	} else {\r
212	if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} && $md5 eq $realmd5 ) {\r
213	$snortsettings{'INSTALLMD5'} = $realmd5;\r
214	$snortsettings{'INSTALLDATE'} = `/bin/date +'%Y-%m-%d'`;\r
215	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);\r
216	}\r
217	print " $Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";\r
218	}\r
219	print <<END\r
220	</tr>\r
221	</table>\r
222	<hr />\r
223	<table width='100%'>\r
224	<tr>\r
225	<td width='55%'> </td>\r
226	<td width='40%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>\r
227	<td width='5%'>\r
228	<!-- space for future online help link -->\r
229	</td>\r
230	</tr>\r
231	</table>\r
232	</form>\r
233	END\r
234	;\r
235	\r
236	if ($results ne '') {\r
237	print "$results";\r
238	}\r
239	\r
240	&Header::closebox();\r
241	&Header::closebigbox();\r
242	&Header::closepage();\r
243	\r
244	sub getmd5 {\r
245	# Retrieve MD5 sum from $url.md5 file\r
246	#\r
247	my $md5buf = &geturl("$url.md5");\r
248	return undef unless $md5buf;\r
249	\r
250	if (0) { # 1 to debug\r
251	my $filename='';\r
252	my $fh='';\r
253	($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.md5' );\r
254	binmode ($fh);\r
255	syswrite ($fh, $md5buf->content);\r
256	close($fh);\r
257	}\r
258	return $md5buf->content;\r
259	}\r
260	sub downloadrulesfile {\r
261	my $return = &geturl($url);\r
262	return undef unless $return;\r
263	\r
264	if (index($return->content, "\037\213") == -1 ) { # \037\213 is .gz beginning\r
265	$errormessage = $Lang::tr{'invalid loaded file'};\r
266	return undef;\r
267	}\r
268	\r
269	my $filename='';\r
270	my $fh='';\r
271	($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension\r
272	binmode ($fh);\r
273	syswrite ($fh, $return->content);\r
274	close($fh);\r
275	return $filename;\r
276	}\r
277	\r
278	sub geturl ($) {\r
279	my $url=$_[0];\r
280	\r
281	unless (-e "${General::swroot}/red/active") {\r
282	$errormessage = $Lang::tr{'could not download latest updates'};\r
283	return undef;\r
284	}\r
285	\r
286	my $downloader = LWP::UserAgent->new;\r
287	$downloader->timeout(5);\r
288	\r
289	my %proxysettings=();\r
290	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);\r
291	\r
292	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {\r
293	my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]?(?:\:[A-Za-z0-9\_\.\-]?)?\@)?([a-zA-Z0-9\.\_\-]?)(?:\:([0-9]{1,5}))?(?:\/.?)?$/);\r
294	if ($proxysettings{'UPSTREAM_USER'}) {\r
295	$downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/");\r
296	} else {\r
297	$downloader->proxy("http","http://$peer:$peerport/");\r
298	}\r
299	}\r
300	\r
301	my $return = $downloader->get($url,'Cache-Control','no-cache');\r
302	\r
303	if ($return->code == 403) {\r
304	$errormessage = $Lang::tr{'access refused with this oinkcode'};\r
305	return undef;\r
306	} elsif (!$return->is_success()) {\r
307	$errormessage = $Lang::tr{'could not download latest updates'};\r
308	return undef;\r
309	}\r
310	\r
311	return $return;\r
312	\r
313	}\r