###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
require "${General::swroot}/ids-functions.pl";
+require "${General::swroot}/network-functions.pl";
my %color = ();
my %mainsettings = ();
# Read-in main settings, for language, theme and colors.
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
# Get the available network zones, based on the config type of the system and store
# the list of zones in an array.
-my @network_zones = &IDS::get_available_network_zones();
+my @network_zones = &Network::get_available_network_zones();
+
+# Check if openvpn is started and add it to the array of network zones.
+if ( -e "/var/run/openvpn.pid") {
+ push(@network_zones, "ovpn");
+}
my $errormessage;
'red' => $Header::colourred,
'green' => $Header::colourgreen,
'blue' => $Header::colourblue,
- 'orange' => $Header::colourorange
+ 'orange' => $Header::colourorange,
+ 'ovpn' => $Header::colourovpn
);
&Header::showhttpheaders();
$errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
}
- # Check if enought free disk space is availabe.
+ # Check if enough free disk space is availabe.
if(&IDS::checkdiskspace()) {
$errormessage = "$Lang::tr{'not enough disk space'}";
}
# a new ruleset.
&working_notice("$Lang::tr{'ids working'}");
+ # Write the modify sid's file and pass the taken ruleaction.
+ &IDS::write_modify_sids_file();
+
# Call subfunction to download the ruleset.
if(&IDS::downloadruleset()) {
$errormessage = $Lang::tr{'could not download latest updates'};
# Hash to store the user-enabled and disabled sids.
my %enabled_disabled_sids;
+ # Store if a restart of suricata is required.
+ my $suricata_restart_required;
+
# Loop through the hash of idsrules.
foreach my $rulefile(keys %idsrules) {
+ # Check if the state of the rulefile has been changed.
+ unless ($cgiparams{$rulefile} eq $idsrules{$rulefile}{'Rulefile'}{'State'}) {
+ # A restart of suricata is required to apply the changes of the used rulefiles.
+ $suricata_restart_required = 1;
+ }
+
# Check if the rulefile is enabled.
if ($cgiparams{$rulefile} eq "on") {
# Add rulefile to the array of enabled rulefiles.
# Check if the IDS is running.
if(&IDS::ids_is_running()) {
- # Call suricatactrl to perform a reload.
- &IDS::call_suricatactrl("reload");
+ # Check if a restart of suricata is required.
+ if ($suricata_restart_required) {
+ # Call suricatactrl to perform the restart.
+ &IDS::call_suricatactrl("restart");
+ } else {
+ # Call suricatactrl to perform a reload.
+ &IDS::call_suricatactrl("reload");
+ }
}
# Reload page.
# Generate file to store the home net.
&IDS::generate_home_net_file();
- # Temporary variable to set the ruleaction.
- # Default is "drop" to use suricata as IPS.
- my $ruleaction="drop";
+ # Generate file to the store the DNS servers.
+ &IDS::generate_dns_servers_file();
- # Check if the traffic only should be monitored.
- if($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
- # Switch the ruleaction to "alert".
- # Suricata acts as an IDS only.
- $ruleaction="alert";
- }
+ # Generate file to store the HTTP ports.
+ &IDS::generate_http_ports_file();
# Write the modify sid's file and pass the taken ruleaction.
- &IDS::write_modify_sids_file($ruleaction);
+ &IDS::write_modify_sids_file();
# Check if "MONITOR_TRAFFIC_ONLY" has been changed.
if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {
print"var hide = \"$Lang::tr{'ids hide'}\"\;\n";
print <<END
- // JQuery function to show/hide the text input field for
+ // Java Script function to show/hide the text input field for
// Oinkcode/Subscription code.
- \$(function() {
- \$('#RULES').change(function(){
- if(\$('#RULES').val() == 'registered') {
- \$('#code').show();
- } else if(\$('#RULES').val() == 'subscripted') {
- \$('#code').show();
- } else if(\$('#RULES').val() == 'emerging_pro') {
- \$('#code').show();
- } else {
- \$('#code').hide();
- }
- });
+ var update_code = function() {
+ if(\$('#RULES').val() == 'registered') {
+ \$('#code').show();
+ } else if(\$('#RULES').val() == 'subscripted') {
+ \$('#code').show();
+ } else if(\$('#RULES').val() == 'emerging_pro') {
+ \$('#code').show();
+ } else {
+ \$('#code').hide();
+ }
+ };
+
+ // JQuery function to call corresponding function when
+ // the ruleset is changed or the page is loaded for showing/hiding
+ // the code area.
+ \$(document).ready(function() {
+ \$('#RULES').change(update_code);
+ update_code();
});
// Tiny java script function to show/hide the rules
END
}
-my $rulesdate;
-
-# Check if a ruleset allready has been downloaded.
-if ( -f "$IDS::rulestarball"){
- # Call stat on the filename to obtain detailed information.
- my @Info = stat("$IDS::rulestarball");
-
- # Grab details about the creation time.
- $rulesdate = localtime($Info[9]);
-}
-
# Only show this area, if a ruleset is present.
if (%idsrules) {
$checked_input = "checked = 'checked'";
}
- print "<td class='base' width='25%'>\n";
+ print "<td class='base' width='20%'>\n";
print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n";
print " $Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n";
print "</td>\n";
#
# Whitelist / Ignorelist
#
-&Header::openbox('100%', 'center', $Lang::tr{'guardian ignored hosts'});
+&Header::openbox('100%', 'center', $Lang::tr{'ids ignored hosts'});
print <<END;
<table width='100%'>
# Only show the section for configuring the ruleset if one is present.
if (%idsrules) {
- &Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});
+ # Load neccessary perl modules for file stat and to format the timestamp.
+ use File::stat;
+ use POSIX qw( strftime );
+
+ # Call stat on the rulestarball.
+ my $stat = stat("$IDS::rulestarball");
+
+ # Get timestamp the file creation.
+ my $mtime = $stat->mtime;
+
+ # Convert into human read-able format.
+ my $rulesdate = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime));
+
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'} ($rulesdate)" );
print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";