Added a checkbox that enables/disables the snort http pp.

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index e41d3517c38b3a4c08ef80bca8baba0065aaa569..efd79b58cfaec7a07e1b630d96473da35c9c039b 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -56,6 +56,7 @@ $snortsettings{'ENABLE_SNORT'} = 'off';
 $snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
 $snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
 $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
 $snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
 $snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
 $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';

+$snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} = 'off';

 $snortsettings{'ENABLE_GUARDIAN'} = 'off';
 $snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`;
 $snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1';
 $snortsettings{'ENABLE_GUARDIAN'} = 'off';
 $snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`;
 $snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1';


@@ -108,9 +109,20 @@ if (-e "/etc/snort/snort.conf") {
        
        # Loop over each line
        foreach my $line (@snortconfig) {
        
        # Loop over each line
        foreach my $line (@snortconfig) {

-       # Trim the line
+               # Trim the line

                chomp $line;
 
                chomp $line;
 

+               if ($snortsettings{'ACTION'} eq $Lang::tr{'save'}) {
+                       # Check for preprocessor settings
+                       if ($line =~ /preprocessor http_inspect:/) {
+                               # Strip out leading # from rule line
+                               $line =~ s/\# ?//i;
+                               if (($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'off')) {
+                                       $line = "# $line";
+                               }
+                       }
+               }
+

                # Check for a line with .rules
                if ($line =~ /\.rules$/) {
                        # Parse out rule file name
                # Check for a line with .rules
                if ($line =~ /\.rules$/) {
                        # Parse out rule file name


@@ -226,6 +238,7 @@ if (-e "/etc/snort/snort.conf") {
                                if (!exists $snortsettings{"SNORT_RULE_$rule"}) {
                                        $line = "# $line";
                                }
                                if (!exists $snortsettings{"SNORT_RULE_$rule"}) {
                                        $line = "# $line";
                                }

+                               

                        }
 
                        # Check for rule state
                        }
 
                        # Check for rule state


@@ -301,6 +314,12 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
        } else {
                unlink "${General::swroot}/snort/enable_orange";
        }
        } else {
                unlink "${General::swroot}/snort/enable_orange";
        }

+       if ($snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'} eq 'on')
+       {
+               system ('/usr/bin/touch', "${General::swroot}/snort/enable_preprocessor_http_inspect");
+       } else {
+               unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
+       }               

        if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on')
        {
                system ('/usr/bin/touch', "${General::swroot}/guardian/enable");
        if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on')
        {
                system ('/usr/bin/touch', "${General::swroot}/guardian/enable");


@@ -308,7 +327,7 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
                unlink "${General::swroot}/guardian/enable";
        }
 
                unlink "${General::swroot}/guardian/enable";
        }
 

-               system('/usr/local/bin/snortctrl restart >/dev/null');
+       system('/usr/local/bin/snortctrl restart >/dev/null');

 
 } elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){
                        open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}";
 
 } elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){
                        open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}";


@@ -365,6 +384,9 @@ $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='c
 $checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
 $checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
 $checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";

+$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'off'} = '';
+$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'on'} = '';
+$checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{$snortsettings{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}} = "checked='checked'";

 $checked{'ENABLE_GUARDIAN'}{'off'} = '';
 $checked{'ENABLE_GUARDIAN'}{'on'} = '';
 $checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";
 $checked{'ENABLE_GUARDIAN'}{'off'} = '';
 $checked{'ENABLE_GUARDIAN'}{'on'} = '';
 $checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";


@@ -433,6 +455,14 @@ print <<END
 <tr>
        <td><hr /></td>
 </tr>
 <tr>
        <td><hr /></td>
 </tr>

+<tr>
+       <td><b>$Lang::tr{'ids preprocessor'}</b></td>
+</tr>
+<tr>
+       <td><input type='checkbox' name='ENABLE_PREPROCESSOR_HTTP_INSPECT' $checked{'ENABLE_PREPROCESSOR_HTTP_INSPECT'}{'on'} />  http_inspect
+<tr>
+       <td><hr /></td>
+</tr>

 <tr>
        <td><b>$Lang::tr{'ids rules update'}</b></td>
 </tr>
 <tr>
        <td><b>$Lang::tr{'ids rules update'}</b></td>
 </tr>

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index b47f5ba9167f1e0d06cc356227bf229c8392b153..132137ea19569bd48b72397f7ed557f21ec058f3 100644 (file)
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -852,6 +852,7 @@
 'ids rules license2' => 'Bestätigen Sie die Lizenz, empfangen Sie Ihr Passwort per email und gehen Sie auf die Website. Gehen Sie zu',
 'ids rules license3' => 'klicken Sie den \'Get Code\' Knopf am Fuß und kopieren den 40-Zeichen Oink Code in das untere Feld.',
 'ids rules update' => 'Snort Regeln Update',
 'ids rules license2' => 'Bestätigen Sie die Lizenz, empfangen Sie Ihr Passwort per email und gehen Sie auf die Website. Gehen Sie zu',
 'ids rules license3' => 'klicken Sie den \'Get Code\' Knopf am Fuß und kopieren den 40-Zeichen Oink Code in das untere Feld.',
 'ids rules update' => 'Snort Regeln Update',

+'ids preprocessor' => 'Snort Präprozessor',

 'iface' => 'Iface',
 'ignore filter' => '"Ignorieren"-Filter',
 'ike encryption' => 'IKE Verschlüsselung:',
 'iface' => 'Iface',
 'ignore filter' => '"Ignorieren"-Filter',
 'ike encryption' => 'IKE Verschlüsselung:',

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index fd0579358541188dd3d8d6b8815f180ab2dd10c4..174e26aae1e890492288579e6262d32b616963bb 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -881,6 +881,7 @@
 'ids rules license2' => 'Acknowledge the license, receive your password by email, and connect to the site. Go to',
 'ids rules license3' => 'press the \'Get Code\' button at the bottom and copy the 40 character Oink Code into the field below.',
 'ids rules update' => 'Snort rules update',
 'ids rules license2' => 'Acknowledge the license, receive your password by email, and connect to the site. Go to',
 'ids rules license3' => 'press the \'Get Code\' button at the bottom and copy the 40 character Oink Code into the field below.',
 'ids rules update' => 'Snort rules update',

+'ids preprocessor' => 'Snort preprocessor',

 'iface' => 'Iface',
 'ignore filter' => 'Ignore filter',
 'ike encryption' => 'IKE Encryption:',
 'iface' => 'Iface',
 'ignore filter' => 'Ignore filter',
 'ike encryption' => 'IKE Encryption:',