[Ipcop-svn] SF.net SVN: ipcop: [405] ipcop/trunk/html/cgi-bin/ids.cgi

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Revision: 405
          http://ipcop.svn.sourceforge.net/ipcop/?rev=405&view=rev
Author:   gespinasse
Date:     2007-06-11 15:07:21 -0700 (Mon, 11 Jun 2007)

Log Message:
-----------
Separate script to load rules from web interface
Now rules are keep in /var/log/snort so it is possible to use loaded rules to merge them more than once.

oinkmaster.pl is no more nobody owned

There is now two main buttons on the page:
first 'Save' register settings
secondly 'Apply' use saved settings to start snort
Rules downloaded with 'Download new ruleset' are merged when 'Apply' is used
A warning is displayed when settings has been saved or new rules loaded to indicate that 'Apply' is needed.

A warning is displayed when swap is in use (more than 1MB) and free memory is low (less than 10 MB) on ids page.

Protect against Snort site 15 mn limit for each download.
snortules.pl does nothing until 15 mn happen after each effective download of md5 or ruleset files

Simplify the form structure with only one table level for data in three columns.

Save log of rules merge on a file and make the last log readable after merge.

Display memory used by each snort instance and running/stopped state
Display date of last md5 and ruleset download
Display date of last snort restart

Modified Paths:
--------------
    ipcop/trunk/html/cgi-bin/ids.cgi

Modified: ipcop/trunk/html/cgi-bin/ids.cgi
===================================================================

--- ipcop/trunk/html/cgi-bin/ids.cgi	2007-06-11 20:31:15 UTC (rev 404)
+++ ipcop/trunk/html/cgi-bin/ids.cgi	2007-06-11 22:07:21 UTC (rev 405)
@@ -9,116 +9,170 @@
 # $Id$
 #
 
-use LWP::UserAgent;
-use File::Copy;
-use File::Temp qw/ tempfile tempdir /;
 use strict;
 
 # enable only the following on debugging purpose
-#use warnings;
+#use warnings; no warnings 'once';# 'redefine', 'uninitialized';
 #use CGI::Carp 'fatalsToBrowser';
 
 require 'CONFIG_ROOT/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
 
-# Using CURRENT for rules is a wrong idea as it will be broken the first day snort.org point CURRENT
-# to another version not compatible with our installed version.
-# But I (Gilles) fail to convince them, so we do not have another solution.
-my $rulesbranch="CURRENT"; # version should match snort branch version
 my %snortsettings=();
+my %snorttags=();	# separate from settings to not been include in backup/restore
 my %checked=();
 my %netsettings=();
 our $errormessage = '';
-our $md5 = '';
-our $realmd5 = 'nothing'; # not '' to avoid displaying the wrong message when INSTALLMD5 not set & loosing real data when no download
-our $results = '';
-our $tempdir = '';
-our $url='';
-&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+my $logfile = '/var/log/snort/lastrulesupdate';
 
-&Header::showhttpheaders();
+# to fill some parts of the <table>
+my $dl_disabled='';
+my $apply_message='';
+my $load_date='';
+my $md5_date='';
 
-$snortsettings{'INSTALLDATE'} = '';
-$snortsettings{'INSTALLMD5'} = '';
-&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
-$snortsettings{'ENABLE_SNORT'} = 'off';
+&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+$snortsettings{'ENABLE_SNORT'} = 'off'; #this is historically for RED
 $snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
 $snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
 $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
 $snortsettings{'ACTION'} = '';
-$snortsettings{'RULESTYPE'} = '';
+$snortsettings{'RULESTYPE'} = 'nothing';
 $snortsettings{'OINKCODE'} = '';
+&Header::getcgihash(\%snortsettings);
 
-&Header::getcgihash(\%snortsettings, {'wantfile' => 1, 'filevar' => 'FH'});
+# Installed rules
+# only one tag for (subscripted|registered) as we update only one at a time
+# if we update both tags, we will not know if the other is more recent or older
+$snorttags{'VRTMERGEDATE'} = '';	# last time oinkmaster merge rules
+ # reading md5 of rules file is allowed only once every 15 mn so we need to track when was the last time to avoid error
+$snorttags{'MD5PROBEVALUE'} = '';		# file md5 value
+$snorttags{'MD5PROBEDATE'} = '';	# last md5 file read date
+$snorttags{'VRTLOADMD5'} = '';		# last loaded VRT file md5
+$snorttags{'VRTLOADDATE'} = '';		# last VRT file load date
 
-if ($snortsettings{'RULESTYPE'} eq 'subscripted') {
-	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-${rulesbranch}_s.tar.gz";
-} else {
-	$url="http://www.snort.org/pub-bin/oinkmaster.cgi/$snortsettings{'OINKCODE'}/snortrules-snapshot-${rulesbranch}.tar.gz";
-}
+ # reading md5 of rules file is allowed only once every 15 mn so we need to track when was the last time to avoid error
+$snorttags{'MD5PROBEVALUE'} = '';		# file md5 value
+$snorttags{'VRTLOADDATE'} = '';		# last VRT file load
+$snorttags{'VRTLOADMD5'} = '';		# last loaded VRT file md5
+$snorttags{'MD5PROBEDATE'} = '';	# last md5 file read
+$snorttags{'APPLY'} = '';
+$snorttags{'MESSAGE'} = '';
+&General::readhash('/etc/snort/rulestags', \%snorttags);
 
-if ($snortsettings{'ACTION'} eq $Lang::tr{'save'})
-{
-	$errormessage = $Lang::tr{'invalid input for oink code'} unless (
-	    ($snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/)  ||
-	    ($snortsettings{'RULESTYPE'} eq 'nothing' )       );
-
+if ($snortsettings{'ACTION'} eq $Lang::tr{'save'}) {
 	&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
-	if ($snortsettings{'ENABLE_SNORT'} eq 'on')
-	{
+	if ($snortsettings{'ENABLE_SNORT'} eq 'on') {
 		system ('/bin/touch', "${General::swroot}/snort/enable");
 	} else {
 		unlink "${General::swroot}/snort/enable";
 	} 
-	if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on')
-	{
+	if ($snortsettings{'ENABLE_SNORT_GREEN'} eq 'on') {
 		system ('/bin/touch', "${General::swroot}/snort/enable_green");
 	} else {
 		unlink "${General::swroot}/snort/enable_green";
 	} 
-	if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on')
-	{
+	if ($snortsettings{'ENABLE_SNORT_BLUE'} eq 'on') {
 		system ('/bin/touch', "${General::swroot}/snort/enable_blue");
 	} else {
 		unlink "${General::swroot}/snort/enable_blue";
 	} 
-	if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on')
-	{
+	if ($snortsettings{'ENABLE_SNORT_ORANGE'} eq 'on') {
 		system ('/bin/touch', "${General::swroot}/snort/enable_orange");
 	} else {
 		unlink "${General::swroot}/snort/enable_orange";
 	}
+	# keep track that settings has been changed until 'apply' is used
+	$snorttags{'APPLY'} = 'NEEDED';
+	&General::writehash('/etc/snort/rulestags', \%snorttags);
+}
+# read settings after 'save' could have written new settings (and possibly unselect checkboxes)
+&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
 
-	system('/usr/local/bin/restartsnort','red','orange','blue','green');
-} else {
-	&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
+# form is empty on first display so check after settings has been read
+if ( ( $snortsettings{'RULESTYPE'} ne 'nothing' && length($snortsettings{'OINKCODE'})!=40 ) ||
+		$snortsettings{'OINKCODE'} !~ /^[a-z0-9]+$/ ) {
+	$errormessage = $Lang::tr{'invalid input for oink code'};
 }
+if ($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) {
+	system('/usr/local/bin/snortrules','--load');
+	# keep track that settings has been changed until 'apply' is used
+	$snorttags{'APPLY'} = 'NEEDED';
+} elsif ($snortsettings{'ACTION'} eq $Lang::tr{'refresh update list'}) {
+	system('/usr/local/bin/snortrules','--md5');
+} elsif ($snortsettings{'ACTION'} eq $Lang::tr{'apply'}) {
+	&General::readhash('/etc/snort/rulestags', \%snorttags);
+	$snorttags{'APPLY'} = '';
+	$snorttags{'MESSAGE'}='';
+	if (!system('/usr/local/bin/snortrules','--merge')) {
+		# write there the tags
+		my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
+		$snorttags{'VRTMERGEDATE'} = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min , $sec);
+		my $fail=(system('/usr/local/bin/restartsnort','red','orange','blue','green')>>8);
+		if ($fail) { $errormessage="$fail $Lang::tr{'snort failure(s) to start'}"; }
+	} else {
+		# should be snortrules run more than once at the same time
+		# hide the log this time as it is not complete before previous action finish
+		$snortsettings{'ACTION'} = '';
+	}
+	&General::writehash('/etc/snort/rulestags', \%snorttags);
+}
+# read tags after they may have been updated by snortrules.pl (load or md5) or erased by apply action
+&General::readhash('/etc/snort/rulestags', \%snorttags);
 
-if (($snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'}) ||
-   ($snortsettings{'ACTION'} eq $Lang::tr{'force update'}) ){
-	$md5 = &getmd5;
-	if ((($snortsettings{'INSTALLMD5'} ne $md5)||($snortsettings{'ACTION'} eq $Lang::tr{'force update'})) && defined $md5 ) {
-		my $filename = &downloadrulesfile();
-		if (defined $filename) {
-			# Check MD5sum
-			$realmd5 = `/usr/bin/md5sum $filename`;
-			chop ($realmd5);
-			$realmd5 =~ s/^(\w+)\s.*$/$1/;
-			if ($md5 ne $realmd5) {
-				$errormessage = "$Lang::tr{'invalid md5sum'}";
-			} else {
-				$results = "<b>$Lang::tr{'installed updates'}</b>\n<pre>";
-				$results .=`/usr/local/bin/oinkmaster.pl -s -u file://$filename -C /var/ipcop/snort/oinkmaster.conf -o /etc/snort/rules 2>&1`;
-				$results .= "</pre>";
-				# we should track if update is a success or a failure and not update INSTALLMD5 and INSTALLDATE in case of failure
-			}
-			unlink ($filename);
+# priority to errormessage from web interface, then from snortrules.pl
+if ($errormessage eq '') { $errormessage=$snorttags{'MESSAGE'}; }
+
+if ($snorttags{'APPLY'} eq 'NEEDED' ) { $apply_message=$Lang::tr{'apply warning'}; }
+
+# prepare tags display for the right place in the table
+if ($snortsettings{'RULESTYPE'} =~ /^(registered|subscripted)$/) {
+	if ($snorttags{'VRTLOADDATE'}!=0) {
+		my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($snorttags{'VRTLOADDATE'});
+		$load_date = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min , $sec);
+	}
+	if ($snorttags{'VRTLOADMD5'} ne $snorttags{'MD5PROBEVALUE'} && $snorttags{'MD5PROBEVALUE'} ne '') {
+		$md5_date=$Lang::tr{'all updates installed'};
+	} else {
+		my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($snorttags{'MD5PROBEDATE'});
+		$md5_date= sprintf("%04d-%02d-%02d %02d:%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min , $sec);
+		if ($snortsettings{'ACTION'} eq $Lang::tr{'refresh update list'}) {
+			$md5_date=$Lang::tr{'rules already up to date'};
 		}
-		$snortsettings{'ACTION'} = $Lang::tr{'download new ruleset'};	# make 'force' equal 'normal' download button
 	}
 }
 
+# enabled download depending of the settings
+unless ($snortsettings{'RULESTYPE'} =~ /^(registered|subscripted)$/ &&
+		length($snortsettings{'OINKCODE'})==40 && $snortsettings{'OINKCODE'} =~ /^[a-z0-9]+$/ ) {
+	$dl_disabled="disabled='disabled'";
+}
+
+# usage warning on low memory
+my ($swapsize, $swapused, $swapfree);
+my ($ram,$size,$used,$free,$shared,$buffers,$cached);
+open(FREE,'/usr/bin/free -o |');
+while(<FREE>) {
+	if ($_ =~ m/^Mem:\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)$/) {
+		($ram,$size,$used,$free,$shared,$buffers,$cached) = ($1,$1,$2,$3,$4,$5,$6);
+	}
+	if ($_ =~ m/^Swap:\s+(\d+)\s+(\d+)\s+(\d+)$/) { ($swapsize,$swapused,$swapfree) = ($1,$2,$3); }
+}
+close FREE;
+
+# display running snort and memory used
+my $iface = '';
+my $red_status = '';
+if (open(FILE, "${General::swroot}/red/iface")) {
+	$iface = <FILE>;
+	close FILE;
+	chomp $iface;
+	$red_status=&General::isrunning("snort_$iface");
+}
+my $green_status=&General::isrunning("snort_$netsettings{'GREEN_DEV'}");
+
 $checked{'ENABLE_SNORT'}{'off'} = '';
 $checked{'ENABLE_SNORT'}{'on'} = '';
 $checked{'ENABLE_SNORT'}{$snortsettings{'ENABLE_SNORT'}} = "checked='checked'";
@@ -136,8 +190,8 @@
 $checked{'RULESTYPE'}{'subscripted'} = '';
 $checked{'RULESTYPE'}{$snortsettings{'RULESTYPE'}} = "checked='checked'";
 
+&Header::showhttpheaders();
 &Header::openpage($Lang::tr{'intrusion detection system'}, 1, '');
-
 &Header::openbigbox('100%', 'left', '', $errormessage);
 
 if ($errormessage) {
@@ -147,189 +201,122 @@
 	&Header::closebox();
 }
 
-&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'});
+if ($swapused>1000 && $free<10_000) {
+	# values are arbitrary
+	&Header::openbox('100%', 'left', $Lang::tr{'swap warning'});
+	print "<class name='base'>$Lang::tr{'swap warning'}<a href='/cgi-bin/status.cgi'>$Lang::tr{'sssystem status'}</a>\n";
+	print "&nbsp;</class>\n";
+	&Header::closebox();
+}
+
+&Header::openbox('100%', 'left', "$Lang::tr{'intrusion detection system'}:");
 print <<END
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 <table border='0' width='100%'>
 <tr>
-	<td valign='top' width='25%'><table border='0'>
-		<tr>
-			<td><b>$Lang::tr{'interfaces'}</b></td>
-		</tr>
-		<tr>
-			<td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />
-				GREEN Snort</td>
-		</tr>
+	<th>$Lang::tr{'interfaces'}</th>
+	<th>$Lang::tr{'status'}:</th>
+	<th>$Lang::tr{'memory'}</th>
+</tr>
+<tr>
+	<td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />
+		GREEN Snort $netsettings{'GREEN_DEV'}</td>
+	$green_status
+</tr>
 END
 ;
 if ($netsettings{'BLUE_DEV'} ne '') {
+	my $blue_status=&General::isrunning("snort_$netsettings{'BLUE_DEV'}");
 	print <<END
-		<tr>
-			<td class='base'><input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />
-				BLUE Snort</td>
-		</tr>
+<tr>
+	<td class='base'><input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />
+		BLUE Snort $netsettings{'BLUE_DEV'}</td>
+	$blue_status
+</tr>
 END
 ;
 }
 if ($netsettings{'ORANGE_DEV'} ne '') {
+	my $orange_status=&General::isrunning("snort_$netsettings{'ORANGE_DEV'}");
 	print <<END
-		<tr>
-			<td class='base'><input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />
-				ORANGE Snort</td>
-		</tr>
+<tr>
+	<td class='base'><input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />
+		ORANGE Snort $netsettings{'ORANGE_DEV'}</td>
+	$orange_status
+</tr>
 END
 ;
 }
 print <<END
-		<tr>
-			<td class='base'><input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />
-				RED Snort</td>
-		</tr>
-	</table></td>
-	<td><table border='0'>
-		<tr>
-			<td><b>$Lang::tr{'ids rules update'}</b></td>
-			<td align='right'><a href='${General::adminmanualurl}/services.html#services_ids' target='_blank'>
-				<img src='/images/web-support.png' alt='$Lang::tr{'online help en'}' title='$Lang::tr{'online help en'}' /></a>	
-			</td>
-		</tr>
-		<tr>
-			<td colspan='2'><input type='radio' name='RULESTYPE' value='nothing' $checked{'RULESTYPE'}{'nothing'} />
-				$Lang::tr{'no'}</td>
-		</tr>
-		<tr>
-			<td colspan='2'><input type='radio' name='RULESTYPE' value='registered' $checked{'RULESTYPE'}{'registered'} />
-				$Lang::tr{'registered user rules'}</td>
-		</tr>
-		<tr>
-			<td colspan='2'><input type='radio' name='RULESTYPE' value='subscripted' $checked{'RULESTYPE'}{'subscripted'} />
-				$Lang::tr{'subscripted user rules'}</td>
-		</tr>
-		<tr>
-			<td colspan='2'><br />
-				$Lang::tr{'ids rules license'} <a href='http://www.snort.org/' target='_blank'>http://www.snort.org</a>.<br />
-				<br />
-				$Lang::tr{'ids rules license2'} <a href='http://www.snort.org/reg-bin/userprefs.cgi' target='_blank'>USER PREFERENCES</a>, $Lang::tr{'ids rules license3'}<br />
-			</td>
-		</tr>
-		<tr>
-			<td nowrap='nowrap' colspan='2'>Oink Code:
-				<input type='text' size='45' name='OINKCODE' value='$snortsettings{'OINKCODE'}' />
-			</td>
-		</tr>
-	</table></td>
+<tr>
+	<td class='base'><input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />
+		RED Snort $iface</td>
+	$red_status
 </tr>
 <tr>
-	<td align='center' colspan='2'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+	<td colspan='3'><hr /></td>
 </tr>
-</table>
-<hr />
-<table border='0' width='100%'>
 <tr>
-	<td width='30%'><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' /></td>
-	<td width='30%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'force update'}' /></td>
-	<td width='40%'>
-END
-;
-
-if ($snortsettings{'INSTALLMD5'} eq $md5 && $md5 ne '' ) {
-	print "<font color='GREEN'>$Lang::tr{'rules already up to date'}</font></td>";
-} else {
-	if ( $snortsettings{'ACTION'} eq $Lang::tr{'download new ruleset'} && $md5 eq $realmd5 ) {
-		$snortsettings{'INSTALLMD5'} = $realmd5;
-		$snortsettings{'INSTALLDATE'} = `/bin/date +'%Y-%m-%d'`;
-		chop ($snortsettings{'INSTALLDATE'});
-		&General::writehash("${General::swroot}/snort/settings", \%snortsettings);
-	}
-	print "$Lang::tr{'updates installed'}: $snortsettings{'INSTALLDATE'}</td>";
-}
-print <<END
+	<td colspan='3'>$Lang::tr{'ids rules license'} <a href='http://www.snort.org/' target='_blank'>http://www.snort.org</a>.<br />
+		$Lang::tr{'ids rules license2'} <a href='http://www.snort.org/reg-bin/userprefs.cgi' target='_blank'>USER PREFERENCES</a>,
+		$Lang::tr{'ids rules license3'}</td>
 </tr>
+<tr>
+	<td nowrap='nowrap' colspan='3'>Oink Code:
+		<input type='text' size='45' name='OINKCODE' value='$snortsettings{'OINKCODE'}' />
+	</td>
+</tr>
+<tr>
+	<th colspan='3'>$Lang::tr{'ids rules update'}:</th>
+</tr>
+<tr>
+	<td nowrap='nowrap'><input type='radio' name='RULESTYPE' value='registered' $checked{'RULESTYPE'}{'registered'} />
+		$Lang::tr{'registered user rules'}</td>
+	<td><input type='submit' name='ACTION' value='$Lang::tr{'refresh update list'}' $dl_disabled />
+		&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td>$md5_date</td>
+</tr>
+<tr>
+	<td nowrap='nowrap'><input type='radio' name='RULESTYPE' value='subscripted' $checked{'RULESTYPE'}{'subscripted'} />
+		$Lang::tr{'subscripted user rules'}</td>
+	<td><input type='submit' name='ACTION' value='$Lang::tr{'download new ruleset'}' $dl_disabled />
+		&nbsp;<img src='/blob.gif' alt='*' /></td>
+	<td>$load_date</td>
+</tr>
+<tr>
+	<td><input type='radio' name='RULESTYPE' value='nothing' $checked{'RULESTYPE'}{'nothing'} />$Lang::tr{'no'}</td>
+	<td><img src='/blob.gif' alt='*' />$Lang::tr{'only one download every 15 mn'}</td>
+	<td>$Lang::tr{'last snort restart'}:$snorttags{'VRTMERGEDATE'}</td>
+</tr>
+<tr>
+	<td colspan='3'><hr /></td>
+</tr>
+<tr>
+	<td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
+	<td><input type='submit' name='ACTION' value='$Lang::tr{'apply'}' /></td>
+	<td><input type='submit' name='ACTION' value='$Lang::tr{'read last rules installation log'}' $dl_disabled /></td>
+</tr>
+<tr>
+	<td colspan='2'>$apply_message</td>
+	<td align='right'><a href='${General::adminmanualurl}/services.html#services_ids' target='_blank'>
+		<img src='/images/web-support.png' alt='$Lang::tr{'online help en'}' title='$Lang::tr{'online help en'}' /></a>
+	</td>
+</tr>
 </table>
 </form>
 END
 ;
 
-if ($results ne '') {
-	print "$results";
+# display update log
+if ($snortsettings{'ACTION'} eq $Lang::tr{'read last rules installation log'} || $snortsettings{'ACTION'} eq $Lang::tr{'apply'} ) {
+	print "<b>$Lang::tr{'installed updates'}</b>\n<pre>";
+	open(FILE,$logfile) or die "Unable to open $logfile";
+	my @log=<FILE>;
+	close FILE;
+	foreach my $line (@log) { print &Header::cleanhtml($line); }
+	print "</pre>";
 }
 
 &Header::closebox();
 &Header::closebigbox();
 &Header::closepage();
-
-sub getmd5 {
-	# Retrieve MD5 sum from $url.md5 file
-	#
-	my $md5buf = &geturl("$url.md5");
-	return undef unless $md5buf;
-	if (0) { # 1 to debug
-		my $filename='';
-		my $fh='';
-		($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.md5' );
-		binmode ($fh);
-		syswrite ($fh, $md5buf->content);
-		close($fh);
-	}
-	my $md5 = $md5buf->content;
-	return substr ($md5,0,32);	#md5 is 32 chars (remove trailing spaces or newline)
-}
-sub downloadrulesfile {
-	my $return = &geturl($url);
-	return undef unless $return;
-
-	if (index($return->content, "\037\213") == -1 ) { # \037\213 is .gz beginning
-		$errormessage = $Lang::tr{'invalid loaded file'};
-		return undef;
-	}
-
-	my $filename='';
-	my $fh='';
-	($fh, $filename) = tempfile('/tmp/XXXXXXXX',SUFFIX => '.tar.gz' );#oinkmaster work only with this extension
-	binmode ($fh);
-	syswrite ($fh, $return->content);
-	close($fh);
-	return $filename;
-}
-
-sub geturl ($) {
-	my $url=$_[0];
-
-	unless (-e "${General::swroot}/red/active") {
-		$errormessage = $Lang::tr{'could not download latest updates'};
-		return undef;
-	}
-
-	my $downloader = LWP::UserAgent->new;
-	$downloader->timeout(5);
-
-	my %proxysettings=();
-	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
-
-	if ($_=$proxysettings{'UPSTREAM_PROXY'}) {
-		my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
-		if ($proxysettings{'UPSTREAM_USER'}) {
-			$downloader->proxy("http","http://$proxysettings{'UPSTREAM_USER'}:$proxysettings{'UPSTREAM_PASSWORD'}@"."$peer:$peerport/");
-		} else {
-			$downloader->proxy("http","http://$peer:$peerport/");
-		}
-	}
-
-	my $return = $downloader->get($url,'Cache-Control','no-cache');
-
-
-	if ($return->code == 200) {
-		return $return;
-	} elsif ($return->code == 403) {	#specifics messages
-		$return->content =~ /<title>(.*)<\/title>/;
-		$errormessage = $1;
-		##$errormessage = $Lang::tr{'access refused with this oinkcode'};
-	} elsif ($return->code == 500) {	#connection to server problems
-		$errormessage = $Lang::tr{'could not download latest updates'};	
-	} else {				#unknown message
-		$errormessage = $Lang::tr{'bad return code'} . ':' . $return->code;
-		General::log('snort',$return->code);
-		General::log('snort',$return->content);
-	}
-	return undef;
-}


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




[Ipcop-svn] SF.net SVN: ipcop: [405] ipcop/trunk/html/cgi-bin/ids.cgi

Linux firewall distribution geared towards home and SOHO users.

[Ipcop-svn] SF.net SVN: ipcop: [405] ipcop/trunk/html/cgi-bin/ids.cgi