From 01d02eb63bbb2142b5f154f75f028448bdd47ca5 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Mon, 24 Dec 2018 10:03:18 +0100 Subject: [PATCH] ids.cgi: Change RUN_MODE to MONITOR_TRAFFIC_ONLY Signed-off-by: Stefan Schantl --- html/cgi-bin/ids.cgi | 90 ++++++++++++++++++------------------------ langs/de/cgi-bin/de.pl | 2 + langs/en/cgi-bin/en.pl | 2 + 3 files changed, 42 insertions(+), 52 deletions(-) diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index ffbe0e2396..f2362d2dc4 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -574,23 +574,23 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Generate file to store the home net. &generate_home_net_file(); - # Check if the runmode has been changed. - if($cgiparams{'RUN_MODE'} ne $oldidssettings{'RUN_MODE'}) { - # Open modify sid's file for writing. - open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n"; - - # Write file header. - print FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; - - # Check if the configured runmode is IPS. - if ($cgiparams{'RUN_MODE'} eq 'IPS') { - # Tell oinkmaster to switch all rules from alert to drop. - print FILE "modifysid \* \"alert\" \| \"drop\"\n"; - } + # Open modify sid's file for writing. + open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n"; - # Close file handle. - close(FILE); + # Write file header. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Check if the traffic only should be monitored. + unless($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') { + # Tell oinkmaster to switch all rules from alert to drop. + print FILE "modifysid \* \"alert\" \| \"drop\"\n"; + } + + # Close file handle. + close(FILE); + # Check if "MONITOR_TRAFFIC_ONLY" has been changed. + if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) { # Check if a ruleset exists. if (%idsrules) { # Lock the webpage and print message. @@ -630,12 +630,6 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { &General::readhash("$idssettingsfile", \%idssettings); &General::readhash("$rulessettingsfile", \%rulessettings); -# If the runmode has not been configured yet, set default value. -unless(exists($idssettings{'RUN_MODE'})) { - # Set default to IPS. - $idssettings{'RUN_MODE'} = 'IPS'; -} - # If no autoupdate intervall has been configured yet, set default value. unless(exists($rulessettings{'AUTOUPDATE_INTERVAL'})) { # Set default to "weekly". @@ -648,9 +642,9 @@ unless(exists($rulessettings{'AUTOUPDATE_INTERVAL'})) { $checked{'ENABLE_IDS'}{'off'} = ''; $checked{'ENABLE_IDS'}{'on'} = ''; $checked{'ENABLE_IDS'}{$idssettings{'ENABLE_IDS'}} = "checked='checked'"; -$checked{'RUN_MODE'}{'IDS'} = ''; -$checked{'RUN_MODE'}{'IPS'} = ''; -$checked{'RUN_MODE'}{$idssettings{'RUN_MODE'}} = "checked='checked'"; +$checked{'MONITOR_TRAFFIC_ONLY'}{'off'} = ''; +$checked{'MONITOR_TRAFFIC_ONLY'}{'on'} = ''; +$checked{'MONITOR_TRAFFIC_ONLY'}{$idssettings{'MONITOR_TRAFFIC_ONLY'}} = "checked='checked'"; $selected{'RULES'}{'nothing'} = ''; $selected{'RULES'}{'community'} = ''; $selected{'RULES'}{'emerging'} = ''; @@ -737,6 +731,17 @@ END } &Header::closebox(); +my $rulesdate; + +# Check if a ruleset allready has been downloaded. +if ( -f "$IDS::rulestarball"){ + # Call stat on the filename to obtain detailed information. + my @Info = stat("$IDS::rulestarball"); + + # Grab details about the creation time. + $rulesdate = localtime($Info[9]); +} + # Draw elements for IDS configuration. &Header::openbox('100%', 'center', $Lang::tr{'settings'}); @@ -744,32 +749,24 @@ print < - - - - - - - - - - - - - + + + + - + @@ -790,7 +787,7 @@ foreach my $zone (@network_zones) { } print "\n"; } @@ -814,17 +811,6 @@ END # Draw elements for ruleset configuration. &Header::openbox('100%', 'center', $Lang::tr{'ids ruleset settings'}); -my $rulesdate; - -# Check if a ruleset allready has been downloaded. -if ( -f "$IDS::rulestarball"){ - # Call stat on the filename to obtain detailed information. - my @Info = stat("$IDS::rulestarball"); - - # Grab details about the creation time. - $rulesdate = localtime($Info[9]); -} - print <
+ $Lang::tr{'ids activate'} $Lang::tr{'intrusion detection system'}


$Lang::tr{'runmode'}
- $Lang::tr{'intrusion detection system2'}     - $Lang::tr{'intrusion prevention system'} + + $Lang::tr{'ids monitor traffic only'}









$Lang::tr{'ids traffic analyze'}
$Lang::tr{'ids monitored interfaces'}
\n"; - print "$Lang::tr{'enabled on'} $Lang::tr{$zone}\n"; + print "$Lang::tr{$zone}\n"; print "
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 43fd917a03..bba1912939 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1329,6 +1329,8 @@ 'ids active on' => 'Aktiv auf', 'ids log viewer' => 'Ansicht IDS-Protokoll', 'ids logs' => 'IDS-Protokolldateien', +'ids monitored interfaces' => 'Überwachte Netzwerkzonen', +'ids monitor traffic only' => 'Netzwerk-Pakete nur überpfrüfen', 'ids no network zone' => 'Mindestends eine Netzwerk-Zone muss überwacht werden!', 'ids no ruleset available' => 'Kein Regelset verfügbar, bitte downloaden Sie eines!', 'ids ruleset settings' => 'Regelset-Einstellungen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 467bd2351c..fa701f53a0 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1359,6 +1359,8 @@ 'ids active on' => 'Active on', 'ids log viewer' => 'IDS log viewer', 'ids logs' => 'IDS Logs', +'ids monitored interfaces' => 'Monitored interfaces', +'ids monitor traffic only' => 'Monitor traffic only', 'ids no network zone' => 'At least one network zone has to be monitored!', 'ids no ruleset available' => 'No ruleset available, please download one!', 'ids ruleset settings' => 'Ruleset settings', -- 2.39.2