Merge branch 'master' of ssh://glotzi@git.ipfire.org/pub/git/ipfire-2.x

diff --git a/config/rootfiles/core/39/filelists/files b/config/rootfiles/core/39/filelists/files
index 68ce835bf34ce2a96727240555f4dfde4b0ade34..4897120173f1f4df53a5c301a76bb5d711b05e18 100644 (file)
--- a/config/rootfiles/core/39/filelists/files
+++ b/config/rootfiles/core/39/filelists/files
@@ -8,4 +8,9 @@ usr/local/bin/updxlratorctrl
 usr/local/bin/urlfilterctrl
 srv/web/ipfire/cgi-bin/updatexlrator.cgi
 srv/web/ipfire/cgi-bin/urlfilter.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
 /opt/pakfire/lib/functions.pl
+var/ipfire/langs/de.pl
+var/ipfire/langs/en.pl
+var/ipfire/langs/es.pl
+var/ipfire/langs/fr.pl
\ No newline at end of file

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 1d0f4abc81e0a56686deacb7c57c6feeed5008b5..4d66d22d76bee20635896603b64031b50c78ef52 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2005-2010  IPFire Team                                        #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -19,20 +19,21 @@
 #                                                                             #
 ###############################################################################
 
-
-use LWP::UserAgent;
-use File::Copy;
-use File::Temp qw/ tempfile tempdir /;
 use strict;
 
 # enable only the following on debugging purpose
 #use warnings;
 #use CGI::Carp 'fatalsToBrowser';
+use File::Copy;
 
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 
+sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";&Header::closebox();}
+
+$a = new CGI;
+
 my %color = ();
 my %mainsettings = ();
 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
@@ -67,6 +68,8 @@ $snortsettings{'ACTION2'} = '';
 $snortsettings{'RULES'} = '';
 $snortsettings{'OINKCODE'} = '';
 $snortsettings{'INSTALLDATE'} = '';
+$snortsettings{'FILE'} = '';
+$snortsettings{'UPLOAD'} = '';
 
 &Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});
 
@@ -261,11 +264,11 @@ if (-e "/etc/snort/snort.conf") {
 
 if ($snortsettings{'RULES'} eq 'subscripted') {
        #$url="http://dl.snort.org/sub-rules/snortrules-snapshot-2.8_s.tar.gz?oink_code=$snortsettings{'OINKCODE'}";
-       $url="http://dl.snort.org/sub-rules/snortrules-snapshot-2860_s.tar.gz?oink_code=$snortsettings{'OINKCODE'}";
+       $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2860_s.tar.gz/$snortsettings{'OINKCODE'}";
        #$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.8_s.tar.gz";
 } elsif ($snortsettings{'RULES'} eq 'registered') {
        #$url="http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=$snortsettings{'OINKCODE'}";
-       $url="http://dl.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz?oink_code=$snortsettings{'OINKCODE'}";
+       $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/$snortsettings{'OINKCODE'}";
        #$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-2.8.tar.gz";
 } else {
        $url="http://www.emergingthreats.net/rules/emerging.rules.tar.gz";
@@ -344,11 +347,12 @@ END
         # INSTALLMD5 is not in the form, so not retrieved by getcgihash
        &General::readhash("${General::swroot}/snort/settings", \%snortsettings);
 
-if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
+if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} || $snortsettings{'ACTION'} eq $Lang::tr{'upload new ruleset'}) {
 
        my @df = `/bin/df -B M /var`;
        foreach my $line (@df) {
                next if $line =~ m/^Filesystem/;
+               my $return;
 
                if ($line =~ m/dev/ ) {
                $line =~ m/^.* (\d+)M.*$/;
@@ -356,19 +360,32 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
                        if ($1<300) {
                                $errormessage = "$Lang::tr{'not enough disk space'} < 300MB, /var $1MB";
                        } else {
-                               my $filename = &downloadrulesfile();
-                               if (defined $filename) {
-                                               $results = "<b>$Lang::tr{'installed updates'}</b>\n<pre>";
-                                               $results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules 2>&1`;
-                                               $results .= "</pre>";
+
+                               if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} ){
+
+                                       &downloadrulesfile();
+                                       sleep(3);
+                                       $return = `cat /var/tmp/log 2>/dev/null`;
+
+                               } elsif ( $snortsettings{'ACTION'} eq $Lang::tr{'upload new ruleset'} ) {
+                                       my $upload = $a->param("UPLOAD");
+                                       open UPLOADFILE, ">/var/tmp/snortrules.tar.gz";
+                                       binmode $upload;
+                                       while ( <$upload> ) {
+                                       print UPLOADFILE;
+                                       }
+                                       close UPLOADFILE;
+                               }
+
+                                       if ($return =~ "ERROR"){
+                                               $errormessage = "<br /><pre>".$return."</pre>";
+                                       } else {
+                                               system("/usr/local/bin/oinkmaster.pl -v -s -u file:///var/tmp/snortrules.tar.gz -C /var/ipfire/snort/oinkmaster.conf -o /etc/snort/rules >>/var/tmp/log 2>&1 &");
+                                               sleep(2);
                                        }
-                                       unlink ($filename);
                        }
-                       
                }
        }
-
-
 }
 
 $checked{'ENABLE_SNORT'}{'off'} = '';
@@ -442,6 +459,37 @@ if ($errormessage) {
        &Header::closebox();
 }
 
+my $return = `pidof oinkmaster.pl -x`;
+chomp($return);
+if ($return) {
+       &Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" );
+       print <<END;
+       <table>
+               <tr><td>
+                               <img src='/images/indicator.gif' alt='$Lang::tr{'aktiv'}' />&nbsp;
+                       <td>
+                               $Lang::tr{'snort working'}
+               <tr><td colspan='2' align='center'>
+                       <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+                               <input type='image' alt='$Lang::tr{'reload'}' src='/images/view-refresh.png' />
+                       </form>
+               <tr><td colspan='2' align='left'><pre>
+END
+       my @output = `tail -20 /var/tmp/log`;
+       foreach (@output) {
+               print "$_";
+       }
+       print <<END;
+                       </pre>
+               </table>
+END
+       &Header::closebox();
+       &Header::closebigbox();
+       &Header::closepage();
+       exit;
+       refreshpage();
+}
+
 &Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'});
 print <<END
 <form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
@@ -701,56 +749,26 @@ END
 &Header::closepage();
 
 sub downloadrulesfile {
-       my $return = &geturl($url);
-       return undef unless $return;
+       my $peer;
+       my $peerport;
 
-       if (index($return->content, "\037\213") == -1 ) { # \037\213 is .gz beginning
-               $errormessage = $Lang::tr{'invalid loaded file'};
-               return undef;
-       }
-
-       my $filename='';
-       my $fh='';
-       ($fh, $filename) = tempfile('/var/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension
-       binmode ($fh);
-       syswrite ($fh, $return->content);
-       close($fh);
-       return $filename;
-}
-
-sub geturl ($) {
-       my $url=$_[0];
+       unlink("/var/tmp/log");
 
        unless (-e "${General::swroot}/red/active") {
                $errormessage = $Lang::tr{'could not download latest updates'};
                return undef;
        }
 
-       my $downloader = LWP::UserAgent->new;
-       $downloader->timeout(5);
-
        my %proxysettings=();
        &General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
 
        if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
-               my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
-               if ($proxysettings{'UPSTREAM_USER'}) {
-                       $downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/");
-               } else {
-                       $downloader->proxy("http","http://$peer:$peerport/");
-               }
+               ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
        }
 
-       my $return = $downloader->get($url,'Cache-Control','no-cache');
-
-       if ($return->code == 403) {
-               $errormessage = $Lang::tr{'access refused with this oinkcode'};
-               return undef;
-       } elsif (!$return->is_success()) {
-               $errormessage = $Lang::tr{'could not download latest updates'};
-               return undef;
+       if ($peer) {
+               system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --no-check-certificate --output-document=/var/tmp/snortrules.tar.gz $url");
+       } else {
+               system("wget -r --no-check-certificate -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url");
        }
-
-       return $return;
-
 }

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 6d15fb2883cae1f345077f6b2fd9dd7e11812273..1cdd90489bc8d8156f7b33233a12a097a55c0adf 100644 (file)
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -688,6 +688,7 @@
 'download certificate' => 'Zertifikate herunterladen',
 'download host certificate' => 'Host Zertifikat herunterladen',
 'download new ruleset' => 'Neuen Regelsatz herunterladen',
+'upload new ruleset' => 'Neuen Regelsatz hochladen',
 'download pkcs12 file' => 'PKCS12 Datei herunterladen',
 'download root certificate' => 'Root Zertifikat herunterladen',
 'dpd action' => 'Aktion für Dead Peer Detection',
@@ -1336,6 +1337,7 @@
 'pakfire update daily' => 'Täglich nach Updates suchen:',
 'pakfire updates' => 'Zur Verfügung stehende Updates:',
 'pakfire working' => 'Pakfire führt gerade eine Aufgabe aus... Bitte warten sie, bis diese erfolgreich beendet wurde.',
+'snort working' => 'Snort führt gerade eine Aufgabe aus... Bitte warten sie, bis diese erfolgreich beendet wurde.',
 'pap or chap' => 'PAP oder CHAP',
 'parentclass' => 'Parentklasse',
 'password' => 'Passwort:',

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index cc75bd9578286466969e20af34c0e7d37ffed763..4ca14d486144905ca5caadaac182f52eb04df519 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -716,6 +716,7 @@
 'download certificate' => 'Download certificate',
 'download host certificate' => 'Download host certificate',
 'download new ruleset' => 'Download new ruleset',
+'upload new ruleset' => 'Upload new ruleset',
 'download pkcs12 file' => 'Download PKCS12 file',
 'download root certificate' => 'Download root certificate',
 'dpd action' => 'Dead Peer Detection action',
@@ -1365,6 +1366,7 @@
 'pakfire update daily' => 'Search for updates daily:',
 'pakfire updates' => 'Available Update:',
 'pakfire working' => 'Pakfire is working ... Please wait until all operations have completed successfully.',
+'snort working' => 'Snort is working ... Please wait until all operations have completed successfully.',
 'pap or chap' => 'PAP or CHAP',
 'parentclass' => 'Parentclass',
 'password' => 'Password:',

diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
index 844cb0a8d6e43a2adc25d49e90fd07271c1a5e2d..347705379789450a1e52850ee856f81625503475 100644 (file)
--- a/langs/es/cgi-bin/es.pl
+++ b/langs/es/cgi-bin/es.pl
@@ -714,6 +714,7 @@
 'download certificate' => 'Descargar certificado',
 'download host certificate' => 'Descargar certificado de host',
 'download new ruleset' => 'Descargar nuevo grupo de reglas',
+'upload new ruleset' => 'Subir nuevo grupo de reglas',
 'download pkcs12 file' => 'Descargar archivo PKCS12',
 'download root certificate' => 'Descargar certificado root',
 'dpd action' => 'Acción al detectar Dead Peer',
@@ -1355,6 +1356,7 @@
 'pakfire update daily' => 'Buscar actualizaciones diariamente:',
 'pakfire updates' => 'Actualización disponible:',
 'pakfire working' => 'Pakfire está trabajando… Por favor espere hasta que todas las operaciones se hallan completado exitosamente.',
+'snort working' => 'Snort está trabajando… Por favor espere hasta que todas las operaciones se hallan completado exitosamente.',
 'pap or chap' => 'PAP o CHAP',
 'parentclass' => 'Parentclass',
 'password' => 'Contraseña',

diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
index 6881d1313966b2222d94a948c26826615f318a08..4011723959d1035d115ead60399478514c4a1583 100644 (file)
--- a/langs/fr/cgi-bin/fr.pl
+++ b/langs/fr/cgi-bin/fr.pl
@@ -716,6 +716,7 @@
 'download certificate' => 'Download certificate',
 'download host certificate' => 'Download host certificate',
 'download new ruleset' => 'Download new ruleset',
+'upload new ruleset' => 'Upload new ruleset',
 'download pkcs12 file' => 'Download PKCS12 file',
 'download root certificate' => 'Download root certificate',
 'dpd action' => 'Dead Peer Detection action',
@@ -1365,6 +1366,7 @@
 'pakfire update daily' => 'Search for updates daily:',
 'pakfire updates' => 'Available Update:',
 'pakfire working' => 'Pakfire is working ... Please wait until all operations have completed successfully.',
+'snort working' => 'Snort is working ... Please wait until all operations have completed successfully.',
 'pap or chap' => 'PAP or CHAP',
 'parentclass' => 'Parentclass',
 'password' => 'Password:',