X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fids.cgi;h=4d66d22d76bee20635896603b64031b50c78ef52;hp=353643d736a14332e4f5a03e7ed4e9dc9fb50697;hb=73231650c16d34d8333518acab6a41b8701caa7d;hpb=ce0e83b3badfd2b4048762ffffc8041c7f92cb19 diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 353643d736..4d66d22d76 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2005-2010 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -19,20 +19,21 @@ # # ############################################################################### - -use LWP::UserAgent; -use File::Copy; -use File::Temp qw/ tempfile tempdir /; use strict; # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; +use File::Copy; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +sub refreshpage{&Header::openbox( 'Waiting', 1, "" );print "
"; - $results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules 2>&1`; - $results .= ""; + + if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} ){ + + &downloadrulesfile(); + sleep(3); + $return = `cat /var/tmp/log 2>/dev/null`; + + } elsif ( $snortsettings{'ACTION'} eq $Lang::tr{'upload new ruleset'} ) { + my $upload = $a->param("UPLOAD"); + open UPLOADFILE, ">/var/tmp/snortrules.tar.gz"; + binmode $upload; + while ( <$upload> ) { + print UPLOADFILE; + } + close UPLOADFILE; + } + + if ($return =~ "ERROR"){ + $errormessage = "
".$return.""; + } else { + system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &"); + sleep(2); } - unlink ($filename); } - } } - - } $checked{'ENABLE_SNORT'}{'off'} = ''; @@ -442,6 +459,37 @@ if ($errormessage) { &Header::closebox(); } +my $return = `pidof oinkmaster.pl -x`; +chomp($return); +if ($return) { + &Header::openbox( 'Waiting', 1, "" ); + print <
+END + my @output = `tail -20 /var/tmp/log`; + foreach (@output) { + print "$_"; + } + print <+ +END + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + exit; + refreshpage(); +} + &Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'}); print < @@ -701,56 +749,26 @@ END &Header::closepage(); sub downloadrulesfile { - my $return = &geturl($url); - return undef unless $return; + my $peer; + my $peerport; - if (index($return->content, "\037\213") == -1 ) { # \037\213 is .gz beginning - $errormessage = $Lang::tr{'invalid loaded file'}; - return undef; - } - - my $filename=''; - my $fh=''; - ($fh, $filename) = tempfile('/var/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension - binmode ($fh); - syswrite ($fh, $return->content); - close($fh); - return $filename; -} - -sub geturl ($) { - my $url=$_[0]; + unlink("/var/tmp/log"); unless (-e "${General::swroot}/red/active") { $errormessage = $Lang::tr{'could not download latest updates'}; return undef; } - my $downloader = LWP::UserAgent->new; - $downloader->timeout(5); - my %proxysettings=(); &General::readhash("${General::swroot}/proxy/settings", \%proxysettings); if ($_=$proxysettings{'UPSTREAM_PROXY'}) { - my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); - if ($proxysettings{'UPSTREAM_USER'}) { - $downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/"); - } else { - $downloader->proxy("http","http://$peer:$peerport/"); - } + ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/); } - my $return = $downloader->get($url,'Cache-Control','no-cache'); - - if ($return->code == 403) { - $errormessage = $Lang::tr{'access refused with this oinkcode'}; - return undef; - } elsif (!$return->is_success()) { - $errormessage = $Lang::tr{'could not download latest updates'}; - return undef; + if ($peer) { + system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --no-check-certificate --output-document=/var/tmp/snortrules.tar.gz $url"); + } else { + system("wget -r --no-check-certificate -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url"); } - - return $return; - }