Added a checkbox that enables/disables the snort http pp.
authorDaniel Glanzmann <dg@ipfire.org>
Thu, 25 Sep 2008 19:11:46 +0000 (19:11 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 25 Sep 2008 19:11:46 +0000 (19:11 +0000)
html/cgi-bin/ids.cgi
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl

index e41d351..efd79b5 100644 (file)
@@ -56,6 +56,7 @@ $snortsettings{'ENABLE_SNORT'} = 'off';
 $snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
 $snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
 $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
+$snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} = 'off';
 $snortsettings{'ENABLE_GUARDIAN'} = 'off';
 $snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`;
 $snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1';
@@ -108,9 +109,20 @@ if (-e "/etc/snort/snort.conf") {
        
        # Loop over each line
        foreach my $line (@snortconfig) {
-       # Trim the line
+               # Trim the line
                chomp $line;
 
+               if ($snortsettings{'ACTION'} eq $Lang::tr{'save'}) {
+                       # Check for preprocessor settings
+                       if ($line =~ /preprocessor http_inspect:/) {
+                               # Strip out leading # from rule line
+                               $line =~ s/\# ?//i;
+                               if (($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'off')) {
+                                       $line = "# $line";
+                               }
+                       }
+               }
+
                # Check for a line with .rules
                if ($line =~ /\.rules$/) {
                        # Parse out rule file name
@@ -226,6 +238,7 @@ if (-e "/etc/snort/snort.conf") {
                                if (!exists $snortsettings{"SNORT_RULE_$rule"}) {
                                        $line = "# $line";
                                }
+                               
                        }
 
                        # Check for rule state
@@ -301,6 +314,12 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
        } else {
                unlink "${General::swroot}/snort/enable_orange";
        }
+       if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
+       {
+               system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
+       } else {
+               unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
+       }               
        if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on')
        {
                system ('/usr/bin/touch', "${General::swroot}/guardian/enable");
@@ -308,7 +327,7 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
                unlink "${General::swroot}/guardian/enable";
        }
 
-               system('/usr/local/bin/snortctrl restart >/dev/null');
+       system('/usr/local/bin/snortctrl restart >/dev/null');
 
 } elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){
                        open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}";
@@ -365,6 +384,9 @@ $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='c
 $checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
+$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'off'} = '';
+$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'on'} = '';
+$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{$snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}} = "checked='checked'";
 $checked{'ENABLE_GUARDIAN'}{'off'} = '';
 $checked{'ENABLE_GUARDIAN'}{'on'} = '';
 $checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";
@@ -433,6 +455,14 @@ print <<END
 <tr>
        <td><hr /></td>
 </tr>
+<tr>
+       <td><b>$Lang::tr{'ids preprocessor'}</b></td>
+</tr>
+<tr>
+       <td><input type='checkbox' name='ENABLE_PREPROCESSOR_HTTP_INSPECT' $checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'on'} />  http_inspect
+<tr>
+       <td><hr /></td>
+</tr>
 <tr>
        <td><b>$Lang::tr{'ids rules update'}</b></td>
 </tr>
index b47f5ba..132137e 100644 (file)
 'ids rules license2' => 'Bestätigen Sie die Lizenz, empfangen Sie Ihr Passwort per email und gehen Sie auf die Website. Gehen Sie zu',
 'ids rules license3' => 'klicken Sie den \'Get Code\' Knopf am Fuß und kopieren den 40-Zeichen Oink Code in das untere Feld.',
 'ids rules update' => 'Snort Regeln Update',
+'ids preprocessor' => 'Snort Präprozessor',
 'iface' => 'Iface',
 'ignore filter' => '&quot;Ignorieren&quot;-Filter',
 'ike encryption' => 'IKE Verschlüsselung:',
index fd05793..174e26a 100644 (file)
 'ids rules license2' => 'Acknowledge the license, receive your password by email, and connect to the site. Go to',
 'ids rules license3' => 'press the \'Get Code\' button at the bottom and copy the 40 character Oink Code into the field below.',
 'ids rules update' => 'Snort rules update',
+'ids preprocessor' => 'Snort preprocessor',
 'iface' => 'Iface',
 'ignore filter' => 'Ignore filter',
 'ike encryption' => 'IKE Encryption:',