[people/pmueller/ipfire-2.x.git] / html / cgi-bin / ids.cgi

#!/usr/bin/perl
#
# SmoothWall CGIs
#
# This code is distributed under the terms of the GPL
#
# (c) The SmoothWall Team
#

use LWP::UserAgent;
use File::Copy;
use File::Temp qw/ tempfile tempdir /;
use strict;

# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';

require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";

my %snortsettings=();
my %checked=();
my %selected=();
my %netsettings=();
our $errormessage = '';
our $md5 = '0';# not '' to avoid displaying the wrong message when INSTALLMD5 not set
our $realmd5 = '';
our $results = '';
our $tempdir = '';
our $url='';
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);

&Header::showhttpheaders();

$snortsettings{'ENABLE_SNORT'} = 'off';
$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
$snortsettings{'ACTION'} = '';
$snortsettings{'RULES'} = '';
$snortsettings{'OINKCODE'} = '';
$snortsettings{'INSTALLDATE'} = '';
$snortsettings{'INSTALLMD5'} = '';

&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});

if ($snortsettings{'RULES'} eq 'subscripted') {
	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT_s.tar.gz";
} elsif ($snortsettings{'RULES'} eq 'registered') {
	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT.tar.gz";
} elsif ($snortsettings{'RULES'} eq 'bleeding') {
	$url="http://www.bleedingsnort.com/bleeding.rules.tar.gz";
} else {
	$url="http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz";
}

if ($snortsettings{'ACTION'} eq $Lang::tr{'save'})
{
	$errormessage = $Lang::tr{'invalid input for oink code'} unless (
	    ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/)  ||
	    ($snortsettings{'RULESTYPE'} eq 'nothing' )       );

	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
	if ($snortsettings{'ENABLE_SNORT'} eq 'on')
	{
		system ('/usr/bin/touch', "${General::swroot}/snort/enable");
	} else {
		unlink "${General::swroot}/snort/enable";
	} 
	if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
	{
		system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
	} else {
		unlink "${General::swroot}/snort/enable_green";
	} 
	if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
	{
		system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
	} else {
		unlink "${General::swroot}/snort/enable_blue";
	} 
	if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
	{
		system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
	} else {
		unlink "${General::swroot}/snort/enable_orange";
	}

	system('/usr/local/bin/restartsnort','red','orange','blue','green');
} else {
	 # INSTALLMD5 is not in the form, so not retrieved by getcgihash
	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
}

if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
	$md5 = &getmd5;
	if (($snortsettings{'INSTALLMD5'} ne $md5) && defined $md5 ) {
		chomp($md5);
		my $filename = &downloadrulesfile();
		if (defined $filename) {
			# Check MD5sum
			$realmd5 = `/usr/bin/md5sum $filename`;
			chomp ($realmd5);
			$realmd5 =~ s/^(\w+)\s.*$/$1/;
			if ($md5 ne $realmd5) {
				$errormessage = "$Lang::tr{'invalid md5sum'}";
			} else {
				$results = "<b>$Lang::tr{'installed updates'}</b>\n<pre>";
				$results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules/ 2>&1`;
				$results .= "</pre>";
			}
			unlink ($filename);
		}
	}
}

$checked{'ENABLE_SNORT'}{'off'} = '';
$checked{'ENABLE_SNORT'}{'on'} = '';
$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'bleeding'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'registered'} = '';
$selected{'RULES'}{'subscripted'} = '';
$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";

&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');

&Header::openbigbox('100%', 'left', '', $errormessage);

if ($errormessage) {
	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	print "<class name='base'>$errormessage\n";
	print "&nbsp;</class>\n";
	&Header::closebox();
}

&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
<tr>
	<td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />
		GREEN Snort</td>
</tr>
END
;
if ($netsettings{'BLUE_DEV'} ne '') {
print <<END
<tr>
	<td class='base'><input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />
		BLUE Snort</td>
</tr>
END
;
}
if ($netsettings{'ORANGE_DEV'} ne '') {
print <<END
<tr>
	<td class='base'><input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />
		ORANGE Snort</td>
</tr>
END
;
}
print <<END
<tr>
	<td class='base'><input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />
		RED Snort</td>
</tr>
<tr>
	<td><hr /></td>
</tr>
<tr>
	<td><b>$Lang::tr{'ids rules update'}</b></td>
</tr>
<tr>
	<td><select name='RULES'>
				<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
				<option value='bleeding' $selected{'RULES'}{'bleeding'} >$Lang::tr{'bleeding rules'}</option>
				<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
				<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
				<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
			</select>
	</td>
</tr>
<tr>
	<td><br />
		$Lang::tr{'ids rules license'} <a href='http://www.snort.org/' target='_blank'>http://www.snort.org</a>.<br />
		<br />
		$Lang::tr{'ids rules license2'} <a href='http://www.snort.org/reg-bin/userprefs.cgi' target='_blank'>USER PREFERENCES</a>, $Lang::tr{'ids rules license3'}<br />
	</td>
</tr>
<tr>
	<td nowrap='nowrap'>Oinkcode:&nbsp;<input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
</tr>
<tr>
	<td width='30%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
END
;

if ($snortsettings{'INSTALLMD5'} eq $md5) {
	print "&nbsp;$Lang::tr{'rules already up to date'}</td>";
} else {
	if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} && $md5 eq $realmd5 ) {
		$snortsettings{'INSTALLMD5'} = $realmd5;
		$snortsettings{'INSTALLDATE'} = `/bin/date +'%Y-%m-%d'`;
		&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
	}
	print "&nbsp;$Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";
}
print <<END
</tr>
</table>
<hr />
<table width='100%'>
<tr>
	<td width='55%'>&nbsp;</td>
	<td width='40%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
	<td width='5%'>
		&nbsp; <!-- space for future online help link -->
	</td>
</tr>
</table>
</form>
END
;

if ($results ne '') {
	print "$results";
}

&Header::closebox();
&Header::closebigbox();
&Header::closepage();

sub getmd5 {
	# Retrieve MD5 sum from $url.md5 file
	#
	my $md5buf = &geturl("$url.md5");
	return undef unless $md5buf;

	if (0) { # 1 to debug
		my $filename='';
		my $fh='';
		($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.md5' );
		binmode ($fh);
		syswrite ($fh, $md5buf->content);
		close($fh);
	}
	return $md5buf->content;
}
sub downloadrulesfile {
	my $return = &geturl($url);
	return undef unless $return;

	if (index($return->content, "\037\213") == -1 ) { # \037\213 is .gz beginning
		$errormessage = $Lang::tr{'invalid loaded file'};
		return undef;
	}

	my $filename='';
	my $fh='';
	($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension
	binmode ($fh);
	syswrite ($fh, $return->content);
	close($fh);
	return $filename;
}

sub geturl ($) {
	my $url=$_[0];

	unless (-e "${General::swroot}/red/active") {
		$errormessage = $Lang::tr{'could not download latest updates'};
		return undef;
	}

	my $downloader = LWP::UserAgent->new;
	$downloader->timeout(5);

	my %proxysettings=();
	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);

	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
		my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
		if ($proxysettings{'UPSTREAM_USER'}) {
			$downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/");
		} else {
			$downloader->proxy("http","http://$peer:$peerport/");
		}
	}

	my $return = $downloader->get($url,'Cache-Control','no-cache');

	if ($return->code == 403) {
		$errormessage = $Lang::tr{'access refused with this oinkcode'};
		return undef;
	} elsif (!$return->is_success()) {
		$errormessage = $Lang::tr{'could not download latest updates'};
		return undef;
	}

	return $return;

}
Commit	Line	Data
	1	#!/usr/bin/perl
	2	#
	3	# SmoothWall CGIs
	4	#
	5	# This code is distributed under the terms of the GPL
	6	#
	7	# (c) The SmoothWall Team
	8	#
	9
	10	use LWP::UserAgent;
	11	use File::Copy;
	12	use File::Temp qw/ tempfile tempdir /;
	13	use strict;
	14
	15	# enable only the following on debugging purpose
	16	#use warnings;
	17	#use CGI::Carp 'fatalsToBrowser';
	18
	19	require '/var/ipfire/general-functions.pl';
	20	require "${General::swroot}/lang.pl";
	21	require "${General::swroot}/header.pl";
	22
	23	my %snortsettings=();
	24	my %checked=();
	25	my %selected=();
	26	my %netsettings=();
	27	our $errormessage = '';
	28	our $md5 = '0';# not '' to avoid displaying the wrong message when INSTALLMD5 not set
	29	our $realmd5 = '';
	30	our $results = '';
	31	our $tempdir = '';
	32	our $url='';
	33	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
	34
	35	&Header::showhttpheaders();
	36
	37	$snortsettings{'ENABLE_SNORT'} = 'off';
	38	$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
	39	$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
	40	$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
	41	$snortsettings{'ACTION'} = '';
	42	$snortsettings{'RULES'} = '';
	43	$snortsettings{'OINKCODE'} = '';
	44	$snortsettings{'INSTALLDATE'} = '';
	45	$snortsettings{'INSTALLMD5'} = '';
	46
	47	&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});
	48
	49	if ($snortsettings{'RULES'} eq 'subscripted') {
	50	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT_s.tar.gz";
	51	} elsif ($snortsettings{'RULES'} eq 'registered') {
	52	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-CURRENT.tar.gz";
	53	} elsif ($snortsettings{'RULES'} eq 'bleeding') {
	54	$url="http://www.bleedingsnort.com/bleeding.rules.tar.gz";
	55	} else {
	56	$url="http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz";
	57	}
	58
	59	if ($snortsettings{'ACTION'} eq $Lang::tr{'save'})
	60	{
	61	$errormessage = $Lang::tr{'invalid input for oink code'} unless (
	62	($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/) \|\|
	63	($snortsettings{'RULESTYPE'} eq 'nothing' ) );
	64
	65	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
	66	if ($snortsettings{'ENABLE_SNORT'} eq 'on')
	67	{
	68	system ('/usr/bin/touch', "${General::swroot}/snort/enable");
	69	} else {
	70	unlink "${General::swroot}/snort/enable";
	71	}
	72	if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
	73	{
	74	system ('/usr/bin/touch', "${General::swroot}/snort/enable_green");
	75	} else {
	76	unlink "${General::swroot}/snort/enable_green";
	77	}
	78	if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
	79	{
	80	system ('/usr/bin/touch', "${General::swroot}/snort/enable_blue");
	81	} else {
	82	unlink "${General::swroot}/snort/enable_blue";
	83	}
	84	if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
	85	{
	86	system ('/usr/bin/touch', "${General::swroot}/snort/enable_orange");
	87	} else {
	88	unlink "${General::swroot}/snort/enable_orange";
	89	}
	90
	91	system('/usr/local/bin/restartsnort','red','orange','blue','green');
	92	} else {
	93	# INSTALLMD5 is not in the form, so not retrieved by getcgihash
	94	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
	95	}
	96
	97	if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
	98	$md5 = &getmd5;
	99	if (($snortsettings{'INSTALLMD5'} ne $md5) && defined $md5 ) {
	100	chomp($md5);
	101	my $filename = &downloadrulesfile();
	102	if (defined $filename) {
	103	# Check MD5sum
	104	$realmd5 = `/usr/bin/md5sum $filename`;
	105	chomp ($realmd5);
	106	$realmd5 =~ s/^(\w+)\s.*$/$1/;
	107	if ($md5 ne $realmd5) {
	108	$errormessage = "$Lang::tr{'invalid md5sum'}";
	109	} else {
	110	$results = "<b>$Lang::tr{'installed updates'}</b>\n<pre>";
	111	$results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules/ 2>&1`;
	112	$results .= "</pre>";
	113	}
	114	unlink ($filename);
	115	}
	116	}
	117	}
	118
	119	$checked{'ENABLE_SNORT'}{'off'} = '';
	120	$checked{'ENABLE_SNORT'}{'on'} = '';
	121	$checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
	122	$checked{'ENABLE_SNORT_GREEN'}{'off'} = '';
	123	$checked{'ENABLE_SNORT_GREEN'}{'on'} = '';
	124	$checked{'ENABLE_SNORT_GREEN'}{$snortsettings{'ENABLE_SNORT_GREEN'}} = "checked='checked'";
	125	$checked{'ENABLE_SNORT_BLUE'}{'off'} = '';
	126	$checked{'ENABLE_SNORT_BLUE'}{'on'} = '';
	127	$checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='checked'";
	128	$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
	129	$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
	130	$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
	131	$selected{'RULES'}{'nothing'} = '';
	132	$selected{'RULES'}{'bleeding'} = '';
	133	$selected{'RULES'}{'community'} = '';
	134	$selected{'RULES'}{'registered'} = '';
	135	$selected{'RULES'}{'subscripted'} = '';
	136	$selected{'RULES'}{$snortsettings{'RULES'}} = "selected='selected'";
	137
	138	&Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
	139
	140	&Header::openbigbox('100%', 'left', '', $errormessage);
	141
	142	if ($errormessage) {
	143	&Header::openbox('100%', 'left', $Lang::tr{'error messages'});
	144	print "<class name='base'>$errormessage\n";
	145	print " </class>\n";
	146	&Header::closebox();
	147	}
	148
	149	&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'});
	150	print <<END
	151	<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
	152	<tr>
	153	<td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />
	154	GREEN Snort</td>
	155	</tr>
	156	END
	157	;
	158	if ($netsettings{'BLUE_DEV'} ne '') {
	159	print <<END
	160	<tr>
	161	<td class='base'><input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />
	162	BLUE Snort</td>
	163	</tr>
	164	END
	165	;
	166	}
	167	if ($netsettings{'ORANGE_DEV'} ne '') {
	168	print <<END
	169	<tr>
	170	<td class='base'><input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />
	171	ORANGE Snort</td>
	172	</tr>
	173	END
	174	;
	175	}
	176	print <<END
	177	<tr>
	178	<td class='base'><input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />
	179	RED Snort</td>
	180	</tr>
	181	<tr>
	182	<td><hr /></td>
	183	</tr>
	184	<tr>
	185	<td><b>$Lang::tr{'ids rules update'}</b></td>
	186	</tr>
	187	<tr>
	188	<td><select name='RULES'>
	189	<option value='nothing' $selected{'RULES'}{'nothing'} >$Lang::tr{'no'}</option>
	190	<option value='bleeding' $selected{'RULES'}{'bleeding'} >$Lang::tr{'bleeding rules'}</option>
	191	<option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option>
	192	<option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option>
	193	<option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option>
	194	</select>
	195	</td>
	196	</tr>
	197	<tr>
	198	<td><br />
	199	$Lang::tr{'ids rules license'} <a href='http://www.snort.org/' target='_blank'>http://www.snort.org</a>.<br />
	200	<br />
	201	$Lang::tr{'ids rules license2'} <a href='http://www.snort.org/reg-bin/userprefs.cgi' target='_blank'>USER PREFERENCES</a>, $Lang::tr{'ids rules license3'}<br />
	202	</td>
	203	</tr>
	204	<tr>
	205	<td nowrap='nowrap'>Oinkcode: <input type='text' size='40' name='OINKCODE' value='$snortsettings{'OINKCODE'}' /></td>
	206	</tr>
	207	<tr>
	208	<td width='30%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' />
	209	END
	210	;
	211
	212	if ($snortsettings{'INSTALLMD5'} eq $md5) {
	213	print " $Lang::tr{'rules already up to date'}</td>";
	214	} else {
	215	if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} && $md5 eq $realmd5 ) {
	216	$snortsettings{'INSTALLMD5'} = $realmd5;
	217	$snortsettings{'INSTALLDATE'} = `/bin/date +'%Y-%m-%d'`;
	218	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
	219	}
	220	print " $Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";
	221	}
	222	print <<END
	223	</tr>
	224	</table>
	225	<hr />
	226	<table width='100%'>
	227	<tr>
	228	<td width='55%'> </td>
	229	<td width='40%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
	230	<td width='5%'>
	231	<!-- space for future online help link -->
	232	</td>
	233	</tr>
	234	</table>
	235	</form>
	236	END
	237	;
	238
	239	if ($results ne '') {
	240	print "$results";
	241	}
	242
	243	&Header::closebox();
	244	&Header::closebigbox();
	245	&Header::closepage();
	246
	247	sub getmd5 {
	248	# Retrieve MD5 sum from $url.md5 file
	249	#
	250	my $md5buf = &geturl("$url.md5");
	251	return undef unless $md5buf;
	252
	253	if (0) { # 1 to debug
	254	my $filename='';
	255	my $fh='';
	256	($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.md5' );
	257	binmode ($fh);
	258	syswrite ($fh, $md5buf->content);
	259	close($fh);
	260	}
	261	return $md5buf->content;
	262	}
	263	sub downloadrulesfile {
	264	my $return = &geturl($url);
	265	return undef unless $return;
	266
	267	if (index($return->content, "\037\213") == -1 ) { # \037\213 is .gz beginning
	268	$errormessage = $Lang::tr{'invalid loaded file'};
	269	return undef;
	270	}
	271
	272	my $filename='';
	273	my $fh='';
	274	($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension
	275	binmode ($fh);
	276	syswrite ($fh, $return->content);
	277	close($fh);
	278	return $filename;
	279	}
	280
	281	sub geturl ($) {
	282	my $url=$_[0];
	283
	284	unless (-e "${General::swroot}/red/active") {
	285	$errormessage = $Lang::tr{'could not download latest updates'};
	286	return undef;
	287	}
	288
	289	my $downloader = LWP::UserAgent->new;
	290	$downloader->timeout(5);
	291
	292	my %proxysettings=();
	293	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
	294
	295	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
	296	my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]?(?:\:[A-Za-z0-9\_\.\-]?)?\@)?([a-zA-Z0-9\.\_\-]?)(?:\:([0-9]{1,5}))?(?:\/.?)?$/);
	297	if ($proxysettings{'UPSTREAM_USER'}) {
	298	$downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/");
	299	} else {
	300	$downloader->proxy("http","http://$peer:$peerport/");
	301	}
	302	}
	303
	304	my $return = $downloader->get($url,'Cache-Control','no-cache');
	305
	306	if ($return->code == 403) {
	307	$errormessage = $Lang::tr{'access refused with this oinkcode'};
	308	return undef;
	309	} elsif (!$return->is_success()) {
	310	$errormessage = $Lang::tr{'could not download latest updates'};
	311	return undef;
	312	}
	313
	314	return $return;
	315
	316	}