Fix newlines.

1 files changed, 776 insertions, 776 deletions

diff --git a/config/snort-dev/snort_download_rules.php b/config/snort-dev/snort_download_rules.php
index dd4ca524..521a7b0f 100644
--- a/config/snort-dev/snort_download_rules.php
+++ b/config/snort-dev/snort_download_rules.php
@@ -1,776 +1,776 @@
-<?php

-/*

- snort_download_rules.php

- Copyright (C) 2006 Scott Ullrich

- Copyright (C) 2009 Robert Zelaya

- Copyright (C) 2011 Ermal Luci

- All rights reserved.

-

- Redistribution and use in source and binary forms, with or without

- modification, are permitted provided that the following conditions are met:

-

- 1. Redistributions of source code must retain the above copyright notice,

- this list of conditions and the following disclaimer.

-

- 2. Redistributions in binary form must reproduce the above copyright

- notice, this list of conditions and the following disclaimer in the

- documentation and/or other materials provided with the distribution.

-

- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,

- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,

- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

- POSSIBILITY OF SUCH DAMAGE.

- */

-

-/* Setup enviroment */

-require_once("guiconfig.inc");

-require_once("functions.inc");

-require_once("service-utils.inc");

-require_once("/usr/local/pkg/snort/snort.inc");

-

-if ($_GET['return']) {

-	header("Location: /snort/snort_download_updates.php");

-	exit;

-}

-

-$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";

-$snortdir = "/usr/local/etc/snort";

-$snortdir_wan = "/usr/local/etc/snort";

-$snort_filename_md5 = "{$snort_rules_file}.md5";

-$snort_filename = "{$snort_rules_file}";

-$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";

-$emergingthreats_filename = "emerging.rules.tar.gz";

-$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";

-$pfsense_rules_filename = "pfsense_rules.tar.gz";

-

-/*  Time stamps define */

-$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];

-$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];

-

-/* define checks */

-$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];

-$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];

-$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];

-

-if ($snortdownload == 'off' && $emergingthreats != 'on')

-	$snort_emrging_info = 'stop';

-

-if ($oinkid == "" && $snortdownload != 'off')

-	$snort_oinkid_info = 'stop';

-

-/* check if main rule directory is empty */

-$if_mrule_dir = "/usr/local/etc/snort/rules";

-$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';

-

-if (file_exists('/var/run/snort.conf.dirty'))

-	$snort_dirty_d = 'stop';

-

-$pgtitle = "Services: Snort: Update Rules";

-

-include("head.inc");

-?>

-

-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">

-

-<?php include("fbegin.inc"); ?>

-<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>

-

-<form action="/snort/snort_download_updates.php" method="GET">

-<table width="100%" border="0" cellpadding="0" cellspacing="0">

-<tr>

-	<td>

-	<div id="mainarea">

-		<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">

-		<tr>

-			<td ><!-- progress bar -->

-			<table id="progholder" width='320'

-					style='border-collapse: collapse; border: 1px solid #000000;'

-					cellpadding='2' cellspacing='2'>

-				<tr>

-					<td><img border='0'

-							src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif'

-							width='280' height='23' name='progressbar' id='progressbar'

-							alt='' />

-					</td>

-				</tr>

-			</table>

-			<br />

-			<!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard">

-			<?=gettext("Initializing...");?>

-                      	</textarea>

-		 	<!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard">

-                      	</textarea>

-			</td>

-		</tr>

-		</table>

-	</div>

-	</td>

-</tr>

-<tr><td><input type="submit" Value="Return"></td></tr>

-</table>

-</form>

-<?php include("fend.inc");?>

-</body>

-</html>

-

-<?php

-/* Start of code */

-conf_mount_rw();

-

-if (!is_dir('/usr/local/etc/snort/tmp'))

-	exec('/bin/mkdir -p /usr/local/etc/snort/tmp');

-

-$snort_md5_check_ok = 'off';

-$emerg_md5_check_ok = 'off';

-$pfsense_md5_check_ok = 'off';

-

-/* Set user agent to Mozilla */

-ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');

-ini_set("memory_limit","150M");

-

-/* mark the time update started */

-$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");

-

-/* send current buffer */

-ob_flush();

-

-/* hide progress bar */

-hide_progress_bar_status();

-

-/* send current buffer */

-ob_flush();

-

-/*  remove old $tmpfname files */

-if (is_dir("{$tmpfname}")) {

-	update_status(gettext("Removing old tmp files..."));

-	exec("/bin/rm -r {$tmpfname}");

-	apc_clear_cache();

-}

-

-/*  Make shure snortdir exits */

-exec("/bin/mkdir -p {$snortdir}");

-exec("/bin/mkdir -p {$snortdir}/rules");

-exec("/bin/mkdir -p {$snortdir}/signatures");

-exec("/bin/mkdir -p {$tmpfname}");

-exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");

-

-/* send current buffer */

-ob_flush();

-

-/* unhide progress bar and lets end this party */

-unhide_progress_bar_status();

-

-$pfsensedownload = 'on';

-

-/*  download md5 sig from snort.org */

-if ($snortdownload == 'on')

-{

-	if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&

-	filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {

-		update_status(gettext("snort.org md5 temp file exists..."));

-	} else {

-		update_status(gettext("Downloading snort.org md5 file..."));

-		ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');

-

-		//$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");

-		$image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");

-		@file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);

-		update_status(gettext("Done downloading snort.org md5"));

-	}

-}

-

-/*  download md5 sig from emergingthreats.net */

-if ($emergingthreats == 'on')

-{

-	update_status(gettext("Downloading emergingthreats md5 file..."));

-	ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');

-	// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");

-	$image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');

-	@file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);

-	update_status(gettext("Done downloading emergingthreats md5"));

-}

-

-/*  download md5 sig from pfsense.org */

-if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {

-	update_status(gettext("pfsense md5 temp file exists..."));

-} else {

-	update_status(gettext("Downloading pfsense md5 file..."));

-	ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');

-	//$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");

-	$image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");

-	@file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);

-	update_status(gettext("Done downloading pfsense md5."));

-}

-

-/* If md5 file is empty wait 15min exit */

-if ($snortdownload == 'on')

-{

-	if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))

-	{

-		update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));

-		update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));

-		hide_progress_bar_status();

-		$snortdownload = 'off';

-	}

-}

-

-/* If pfsense md5 file is empty wait 15min exit */

-if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){

-	update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));

-	update_output_window(gettext("Rules are released to support Pfsense packages."));

-	hide_progress_bar_status();

-	$pfsensedownload = 'off';

-}

-

-/* Check if were up to date snort.org */

-if ($snortdownload == 'on')

-{

-	if (file_exists("{$snortdir}/{$snort_filename_md5}"))

-	{

-		$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");

-		$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;

-		$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");

-		$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;

-		if ($md5_check_new == $md5_check_old)

-		{

-			update_status(gettext("Your rules are up to date..."));

-			update_output_window(gettext("You may start Snort now, check update."));

-			hide_progress_bar_status();

-			$snort_md5_check_ok = 'on';

-		} else {

-			update_status(gettext("Your rules are not up to date..."));

-			$snort_md5_check_ok = 'off';

-		}

-	}

-}

-

-/* Check if were up to date emergingthreats.net */

-if ($emergingthreats == 'on')

-{

-	if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))

-	{

-		$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");

-		$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;

-		$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");

-		$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;

-		if ($emerg_md5_check_new == $emerg_md5_check_old)

-		{

-			hide_progress_bar_status();

-			$emerg_md5_check_ok = 'on';

-		} else

-			$emerg_md5_check_ok = 'off';

-	}

-}

-

-/* Check if were up to date pfsense.org */

-if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))

-{

-	$pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");

-	$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;

-	$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");

-	$pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;

-	if ($pfsense_md5_check_new == $pfsense_md5_check_old)

-	{

-		hide_progress_bar_status();

-		$pfsense_md5_check_ok = 'on';

-	} else

-		$pfsense_md5_check_ok = 'off';

-}

-

-if ($snortdownload == 'on') {

-	if ($snort_md5_check_ok == 'on')

-	{

-		update_status(gettext("Your snort.org rules are up to date..."));

-		update_output_window(gettext("You may start Snort now..."));

-		$snortdownload = 'off';

-	}

-}

-if ($emergingthreats == 'on') {

-	if ($emerg_md5_check_ok == 'on')

-	{

-		update_status(gettext("Your Emergingthreats rules are up to date..."));

-		update_output_window(gettext("You may start Snort now..."));

-		$emergingthreats = 'off';

-	}

-}

-

-/* download snortrules file */

-if ($snortdownload == 'on')

-{

-	if ($snort_md5_check_ok != 'on') {

-		if (file_exists("{$tmpfname}/{$snort_filename}")) {

-			update_status(gettext("Snortrule tar file exists..."));

-		} else {

-			unhide_progress_bar_status();

-			update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));

-			update_output_window(gettext("May take 4 to 10 min..."));

-			download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");

-			update_all_status($static_output);

-			update_status(gettext("Done downloading rules file."));

-			if (150000 > filesize("{$tmpfname}/$snort_filename")){

-				update_status(gettext("Error with the snort rules download..."));

-

-				update_output_window(gettext("Snort rules file downloaded failed..."));

-				$snortdownload = 'off';

-			}

-		}

-	}

-}

-

-/* download emergingthreats rules file */

-if ($emergingthreats == "on")

-{

-	if ($emerg_md5_check_ok != 'on')

-	{

-		if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))

-		{

-			update_status(gettext('Emergingthreats tar file exists...'));

-		}else{

-			update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));

-			update_output_window(gettext("May take 4 to 10 min..."));

-			download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");

-			update_status(gettext('Done downloading Emergingthreats rules file.'));

-		}

-	}

-}

-

-/* download pfsense rules file */

-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {

-	if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {

-		update_status(gettext("Snortrule tar file exists..."));

-	} else {

-		unhide_progress_bar_status();

-		update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));

-		update_output_window(gettext("May take 4 to 10 min..."));

-		download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");

-		update_all_status($static_output);

-		update_status(gettext("Done downloading rules file."));

-	}

-}

-

-/* Compair md5 sig to file sig */

-

-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];

-//if ($premium_url_chk == on) {

-//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");

-//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;

-// if ($md5 == $file_md5_ondisk) {

-//    update_status(gettext("Valid md5 checksum pass..."));

-//} else {

-//    update_status(gettext("The downloaded file does not match the md5 file...P is ON"));

-//    update_output_window(gettext("Error md5 Mismatch..."));

-//    return;

-//  }

-//}

-

-//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];

-//if ($premium_url_chk != on) {

-//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;

-//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;

-// if ($md55 == $file_md5_ondisk2) {

-//    update_status(gettext("Valid md5 checksum pass..."));

-//} else {

-//    update_status(gettext("The downloaded file does not match the md5 file...Not P"));

-//    update_output_window(gettext("Error md5 Mismatch..."));

-//    return;

-//    }

-//}

-

-/* Untar snort rules file individually to help people with low system specs */

-if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {

-	if (file_exists("{$tmpfname}/{$snort_filename}")) {

-

-		// find out if were in 1.2.3-RELEASE

-		$pfsense_ver_chk = exec('/bin/cat /etc/version');

-		if ($pfsense_ver_chk === '1.2.3-RELEASE') {

-			$pfsense_stable = 'yes';

-		}else{

-			$pfsense_stable = 'no';

-		}

-

-		// get the system arch

-		$snort_arch_ck = exec('/usr/bin/uname -m');

-		if ($snort_arch_ck === 'i386') {

-			$snort_arch = 'i386';

-		}else{

-			$snort_arch = 'x86-64'; // amd64

-		}

-

-		if ($pfsense_stable === 'yes') {

-			$freebsd_version_so = 'FreeBSD-7-3';

-		}else{

-			$freebsd_version_so = 'FreeBSD-8-1';

-		}

-

-		update_status(gettext("Extracting Snort.org rules..."));

-		update_output_window(gettext("May take a while..."));

-		/* extract snort.org rules and  add prefix to all snort.org files*/

-		exec("/bin/rm -r {$snortdir}/rules");

-		sleep(2);

-		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");

-		chdir ("/usr/local/etc/snort/rules");

-		sleep(2);

-

-		$snort_dirList = scandir("{$snortdir}/rules"); // Waning: only in php 5

-		$snortrules_filterList = snortscandirfilter($snort_dirList, '/.*\.rules/', '/\.rules/', '');

-

-		if (!empty($snortrules_filterList)) {

-			foreach ($snortrules_filterList as $snort_rule_move)

-			{

-				exec("/bin/mv -f {$snortdir}/rules/{$snort_rule_move}.rules {$snortdir}/rules/snort_{$snort_rule_move}.rules");

-			}

-		}

-

-		/* extract so_rules */

-

-		// list so_rules and exclude dir

-		exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list);

-

-		$so_rulesPattr = array('/\//', '/\.rules/');

-		$so_rulesPattw = array('', '');

-

-		// build list of so_rules

-		$so_rules_filterList = snortscandirfilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);

-

-		if (!empty($so_rules_filterList)) {

-			// cp rule to so tmp dir

-			foreach ($so_rules_filterList as $so_rule)

-			{

-

-				exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/{$so_rule}.rules");

-

-			}

-			// mv and rename so rules

-			foreach ($so_rules_filterList as $so_rule_move)

-			{

-				exec("/bin/mv -f {$snortdir}/so_rules/{$so_rule_move}.rules {$snortdir}/rules/snort_{$so_rule_move}.so.rules");

-			}

-		}

-

-		/* extract preproc_rules */

-

-		// list so_rules and exclude dir

-		exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} preproc_rules", $preproc_rules_list);

-

-		$preproc_rules_filterList = snortscandirfilter($preproc_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);

-

-		if (!empty($preproc_rules_filterList)) {

-			// cp rule to so tmp dir

-			foreach ($preproc_rules_filterList as $preproc_rule)

-			{

-

-				exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} preproc_rules/{$preproc_rule}.rules");

-

-			}

-			// mv and rename preproc_rules

-			foreach ($preproc_rules_filterList as $preproc_rule_move)

-			{

-				exec("/bin/mv -f {$snortdir}/preproc_rules/{$preproc_rule_move}.rules {$snortdir}/rules/snort_{$preproc_rule_move}.preproc.rules");

-			}

-		}

-

-		/* extract base etc files */

-		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");

-		exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");

-		exec("/bin/rm -r {$snortdir}/etc");

-

-		update_status(gettext("Done extracting Snort.org Rules."));

-	}else{

-		update_status(gettext("Error extracting Snort.org Rules..."));

-		update_output_window(gettext("Error Line 755"));

-		$snortdownload = 'off';

-	}

-}

-

-/* Untar emergingthreats rules to tmp */

-if ($emergingthreats == 'on')

-{

-	if ($emerg_md5_check_ok != 'on')

-	{

-		if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))

-		{

-			update_status(gettext("Extracting rules..."));

-			update_output_window(gettext("May take a while..."));

-			exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");

-		}

-	}

-}

-

-/* Untar Pfsense rules to tmp */

-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {

-	if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {

-		update_status(gettext("Extracting Pfsense rules..."));

-		update_output_window(gettext("May take a while..."));

-		exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");

-	}

-}

-

-/* Untar snort signatures */

-if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {

-	if (file_exists("{$tmpfname}/{$snort_filename}")) {

-		$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];

-		if ($premium_url_chk == 'on') {

-			update_status(gettext("Extracting Signatures..."));

-			update_output_window(gettext("May take a while..."));

-			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");

-			update_status(gettext("Done extracting Signatures."));

-		}

-	}

-}

-

-/*  Copy md5 sig to snort dir */

-if ($snortdownload == 'on')

-{

-	if ($snort_md5_check_ok != 'on') {

-		if (file_exists("{$tmpfname}/$snort_filename_md5")) {

-			update_status(gettext("Copying md5 sig to snort directory..."));

-			exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");

-		}else{

-			update_status(gettext("The md5 file does not exist..."));

-			update_output_window(gettext("Error copying config..."));

-			$snortdownload = 'off';

-		}

-	}

-}

-

-/*  Copy emergingthreats md5 sig to snort dir */

-if ($emergingthreats == "on")

-{

-	if ($emerg_md5_check_ok != 'on')

-	{

-		if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))

-		{

-			update_status(gettext("Copying md5 sig to snort directory..."));

-			exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");

-		}else{

-			update_status(gettext("The emergingthreats md5 file does not exist..."));

-			update_output_window(gettext("Error copying config..."));

-			$emergingthreats = 'off';

-		}

-	}

-}

-

-/*  Copy Pfsense md5 sig to snort dir */

-if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {

-	if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {

-		update_status(gettext("Copying Pfsense md5 sig to snort directory..."));

-		exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");

-	} else {

-		update_status(gettext("The Pfsense md5 file does not exist..."));

-		update_output_window(gettext("Error copying config..."));

-		$pfsensedownload = 'off';

-	}

-}

-

-/*  Copy signatures dir to snort dir */

-if ($snortdownload == 'on')

-{

-	if ($snort_md5_check_ok != 'on')

-	{

-		$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];

-		if ($premium_url_chk == 'on')

-		{

-			if (file_exists("{$snortdir}/doc/signatures")) {

-				update_status(gettext("Copying signatures..."));

-				update_output_window(gettext("May take a while..."));

-				exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");

-				exec("/bin/rm -r {$snortdir}/doc/signatures");

-				update_status(gettext("Done copying signatures."));

-			}else{

-				update_status(gettext("Directory signatures exist..."));

-				update_output_window(gettext("Error copying signature..."));

-				$snortdownload = 'off';

-			}

-		}

-	}

-}

-

-/* double make shure cleanup emerg rules that dont belong */

-if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {

-	apc_clear_cache();

-	@unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");

-	@unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");

-	@unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");

-	@unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");

-	@unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");

-	@unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");

-	@unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");

-}

-

-if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {

-	exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");

-	exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");

-}

-

-/* make shure default rules are in the right format */

-exec("/usr/bin/sed -i '' 's/^[ \t]*//' /usr/local/etc/snort/rules/*.rules"); // remove white spaces from begining of line

-exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");

-exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");

-exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");

-

-/* create a msg-map for snort  */

-update_status(gettext("Updating Alert Messages..."));

-update_output_window(gettext("Please Wait..."));

-exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");

-

-

-//////////////////

-

-/* open oinkmaster_conf for writing" function */

-function oinkmaster_conf($id, $if_real, $iface_uuid)

-{

-	global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;

-

-	@unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");

-

-	/*  enable disable setting will carry over with updates */

-	/*  TODO carry signature changes with the updates */

-	if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {

-

-		$selected_sid_on_sections = "";

-		$selected_sid_off_sections = "";

-

-		if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {

-			$enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);

-			$enabled_sid_on_array = split('\|\|', $enabled_sid_on);

-			foreach($enabled_sid_on_array as $enabled_item_on)

-				$selected_sid_on_sections .= "$enabled_item_on\n";

-		}

-

-		if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {

-			$enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);

-			$enabled_sid_off_array = split('\|\|', $enabled_sid_off);

-			foreach($enabled_sid_off_array as $enabled_item_off)

-				$selected_sid_off_sections .= "$enabled_item_off\n";

-		}

-

-		if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) {

-			$snort_sid_text = <<<EOD

-

-###########################################

-#                                         #

-# this is auto generated on snort updates #

-#                                         #

-###########################################

-

-path = /bin:/usr/bin:/usr/local/bin

-

-update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$

-

-url = dir:///usr/local/etc/snort/rules

-

-$selected_sid_on_sections

-

-$selected_sid_off_sections

-

-EOD;

-

-			/* open snort's oinkmaster.conf for writing */

-			@file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);

-		}

-	}

-}

-

-/*  Run oinkmaster to snort_wan and cp configs */

-/*  If oinkmaster is not needed cp rules normally */

-/*  TODO add per interface settings here */

-function oinkmaster_run($id, $if_real, $iface_uuid)

-{

-	global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;

-

-	if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {

-		if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {

-			update_status(gettext("Your first set of rules are being copied..."));

-			update_output_window(gettext("May take a while..."));

-			exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");

-			exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-		} else {

-			update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));

-			update_output_window(gettext("May take a while..."));

-			exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");

-			exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-			exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");

-

-			/*  might have to add a sleep for 3sec for flash drives or old drives */

-			exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");

-		}

-	}

-}

-

-/* Start the proccess for every interface rule */

-/* TODO: try to make the code smother */

-if (is_array($config['installedpackages']['snortglobal']['rule']))

-{

-	foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {

-		$result_lan = $value['interface'];

-		$if_real = snort_get_real_interface($result_lan);

-		$iface_uuid = $value['uuid'];

-

-		/* make oinkmaster.conf for each interface rule */

-		oinkmaster_conf($id, $if_real, $iface_uuid);

-

-		/* run oinkmaster for each interface rule */

-		oinkmaster_run($id, $if_real, $iface_uuid);

-	}

-}

-

-//////////////

-

-/* mark the time update finnished */

-$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");

-

-/*  remove old $tmpfname files */

-if (is_dir('/usr/local/etc/snort/tmp')) {

-	update_status(gettext("Cleaning up..."));

-	exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");

-	sleep(2);

-	exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");

-}

-

-/* XXX: These are needed if snort is run as snort user

-mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);

-mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);

-mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);

-*/

-/* make all dirs snorts */

-mwexec("/bin/chmod -R 755  /var/log/snort", true);

-mwexec("/bin/chmod -R 755  /usr/local/etc/snort", true);

-mwexec("/bin/chmod -R 755  /usr/local/lib/snort", true);

-

-/* hide progress bar and lets end this party */

-hide_progress_bar_status();

-

-if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')

-	update_output_window(gettext("Finished..."));

-else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')

-	update_output_window(gettext("Finished..."));

-else {

-	/* You are Not Up to date, always stop snort when updating rules for low end machines */;

-	update_status(gettext("You are NOT up to date..."));

-	exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");

-	update_status(gettext("The Rules update finished..."));

-	update_output_window(gettext("Snort has restarted with your new set of rules..."));

-	exec("/bin/rm /tmp/snort_download_halt.pid");

-}

-

-update_status(gettext("The Rules update finished..."));

-conf_mount_ro();

-

-?>

+<?php
+/*
+ snort_download_rules.php
+ Copyright (C) 2006 Scott Ullrich
+ Copyright (C) 2009 Robert Zelaya
+ Copyright (C) 2011 Ermal Luci
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Setup enviroment */
+require_once("guiconfig.inc");
+require_once("functions.inc");
+require_once("service-utils.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if ($_GET['return']) {
+	header("Location: /snort/snort_download_updates.php");
+	exit;
+}
+
+$tmpfname = "/usr/local/etc/snort/tmp/snort_rules_up";
+$snortdir = "/usr/local/etc/snort";
+$snortdir_wan = "/usr/local/etc/snort";
+$snort_filename_md5 = "{$snort_rules_file}.md5";
+$snort_filename = "{$snort_rules_file}";
+$emergingthreats_filename_md5 = "emerging.rules.tar.gz.md5";
+$emergingthreats_filename = "emerging.rules.tar.gz";
+$pfsense_rules_filename_md5 = "pfsense_rules.tar.gz.md5";
+$pfsense_rules_filename = "pfsense_rules.tar.gz";
+
+/*  Time stamps define */
+$last_md5_download = $config['installedpackages']['snortglobal']['last_md5_download'];
+$last_rules_install = $config['installedpackages']['snortglobal']['last_rules_install'];
+
+/* define checks */
+$oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
+$emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+
+if ($snortdownload == 'off' && $emergingthreats != 'on')
+	$snort_emrging_info = 'stop';
+
+if ($oinkid == "" && $snortdownload != 'off')
+	$snort_oinkid_info = 'stop';
+
+/* check if main rule directory is empty */
+$if_mrule_dir = "/usr/local/etc/snort/rules";
+$mfolder_chk = (count(glob("$if_mrule_dir/*")) === 0) ? 'empty' : 'full';
+
+if (file_exists('/var/run/snort.conf.dirty'))
+	$snort_dirty_d = 'stop';
+
+$pgtitle = "Services: Snort: Update Rules";
+
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("fbegin.inc"); ?>
+<?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
+
+<form action="/snort/snort_download_updates.php" method="GET">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr>
+	<td>
+	<div id="mainarea">
+		<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+		<tr>
+			<td ><!-- progress bar -->
+			<table id="progholder" width='320'
+					style='border-collapse: collapse; border: 1px solid #000000;'
+					cellpadding='2' cellspacing='2'>
+				<tr>
+					<td><img border='0'
+							src='../themes/<?= $g['theme']; ?>/images/misc/progress_bar.gif'
+							width='280' height='23' name='progressbar' id='progressbar'
+							alt='' />
+					</td>
+				</tr>
+			</table>
+			<br />
+			<!-- status box --> <textarea cols="60" rows="2" name="status" id="status" wrap="hard">
+			<?=gettext("Initializing...");?>
+                      	</textarea>
+		 	<!-- command output box --> <textarea cols="60" rows="2" name="output" id="output" wrap="hard">
+                      	</textarea>
+			</td>
+		</tr>
+		</table>
+	</div>
+	</td>
+</tr>
+<tr><td><input type="submit" Value="Return"></td></tr>
+</table>
+</form>
+<?php include("fend.inc");?>
+</body>
+</html>
+
+<?php
+/* Start of code */
+conf_mount_rw();
+
+if (!is_dir('/usr/local/etc/snort/tmp'))
+	exec('/bin/mkdir -p /usr/local/etc/snort/tmp');
+
+$snort_md5_check_ok = 'off';
+$emerg_md5_check_ok = 'off';
+$pfsense_md5_check_ok = 'off';
+
+/* Set user agent to Mozilla */
+ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+ini_set("memory_limit","150M");
+
+/* mark the time update started */
+$config['installedpackages']['snortglobal']['last_md5_download'] = date("Y-M-jS-h:i-A");
+
+/* send current buffer */
+ob_flush();
+
+/* hide progress bar */
+hide_progress_bar_status();
+
+/* send current buffer */
+ob_flush();
+
+/*  remove old $tmpfname files */
+if (is_dir("{$tmpfname}")) {
+	update_status(gettext("Removing old tmp files..."));
+	exec("/bin/rm -r {$tmpfname}");
+	apc_clear_cache();
+}
+
+/*  Make shure snortdir exits */
+exec("/bin/mkdir -p {$snortdir}");
+exec("/bin/mkdir -p {$snortdir}/rules");
+exec("/bin/mkdir -p {$snortdir}/signatures");
+exec("/bin/mkdir -p {$tmpfname}");
+exec("/bin/mkdir -p /usr/local/lib/snort/dynamicrules/");
+
+/* send current buffer */
+ob_flush();
+
+/* unhide progress bar and lets end this party */
+unhide_progress_bar_status();
+
+$pfsensedownload = 'on';
+
+/*  download md5 sig from snort.org */
+if ($snortdownload == 'on')
+{
+	if (file_exists("{$tmpfname}/{$snort_filename_md5}") &&
+	filesize("{$tmpfname}/{$snort_filename_md5}") > 0) {
+		update_status(gettext("snort.org md5 temp file exists..."));
+	} else {
+		update_status(gettext("Downloading snort.org md5 file..."));
+		ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+
+		//$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+		$image = @file_get_contents("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename_md5}");
+		@file_put_contents("{$tmpfname}/{$snort_filename_md5}", $image);
+		update_status(gettext("Done downloading snort.org md5"));
+	}
+}
+
+/*  download md5 sig from emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+	update_status(gettext("Downloading emergingthreats md5 file..."));
+	ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+	// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
+	$image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');
+	@file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
+	update_status(gettext("Done downloading emergingthreats md5"));
+}
+
+/*  download md5 sig from pfsense.org */
+if (file_exists("{$tmpfname}/{$pfsense_rules_filename_md5}")) {
+	update_status(gettext("pfsense md5 temp file exists..."));
+} else {
+	update_status(gettext("Downloading pfsense md5 file..."));
+	ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
+	//$image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/pfsense_rules.tar.gz.md5");
+	$image = @file_get_contents("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz.md5");
+	@file_put_contents("{$tmpfname}/pfsense_rules.tar.gz.md5", $image);
+	update_status(gettext("Done downloading pfsense md5."));
+}
+
+/* If md5 file is empty wait 15min exit */
+if ($snortdownload == 'on')
+{
+	if (0 == filesize("{$tmpfname}/{$snort_filename_md5}"))
+	{
+		update_status(gettext("Please wait... You may only check for New Rules every 15 minutes..."));
+		update_output_window(gettext("Rules are released every month from snort.org. You may download the Rules at any time."));
+		hide_progress_bar_status();
+		$snortdownload = 'off';
+	}
+}
+
+/* If pfsense md5 file is empty wait 15min exit */
+if (0 == filesize("{$tmpfname}/$pfsense_rules_filename_md5")){
+	update_status(gettext("Please wait... You may only check for New Pfsense Rules every 15 minutes..."));
+	update_output_window(gettext("Rules are released to support Pfsense packages."));
+	hide_progress_bar_status();
+	$pfsensedownload = 'off';
+}
+
+/* Check if were up to date snort.org */
+if ($snortdownload == 'on')
+{
+	if (file_exists("{$snortdir}/{$snort_filename_md5}"))
+	{
+		$md5_check_new_parse = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+		$md5_check_new = `/bin/echo "{$md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+		$md5_check_old_parse = file_get_contents("{$snortdir}/{$snort_filename_md5}");
+		$md5_check_old = `/bin/echo "{$md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+		if ($md5_check_new == $md5_check_old)
+		{
+			update_status(gettext("Your rules are up to date..."));
+			update_output_window(gettext("You may start Snort now, check update."));
+			hide_progress_bar_status();
+			$snort_md5_check_ok = 'on';
+		} else {
+			update_status(gettext("Your rules are not up to date..."));
+			$snort_md5_check_ok = 'off';
+		}
+	}
+}
+
+/* Check if were up to date emergingthreats.net */
+if ($emergingthreats == 'on')
+{
+	if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}"))
+	{
+		$emerg_md5_check_new_parse = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
+		$emerg_md5_check_new = `/bin/echo "{$emerg_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+		$emerg_md5_check_old_parse = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
+		$emerg_md5_check_old = `/bin/echo "{$emerg_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+		if ($emerg_md5_check_new == $emerg_md5_check_old)
+		{
+			hide_progress_bar_status();
+			$emerg_md5_check_ok = 'on';
+		} else
+			$emerg_md5_check_ok = 'off';
+	}
+}
+
+/* Check if were up to date pfsense.org */
+if ($pfsensedownload == 'on' && file_exists("{$snortdir}/pfsense_rules.tar.gz.md5"))
+{
+	$pfsense_check_new_parse = file_get_contents("{$tmpfname}/pfsense_rules.tar.gz.md5");
+	$pfsense_md5_check_new = `/bin/echo "{$pfsense_md5_check_new_parse}" | /usr/bin/awk '{ print $1 }'`;
+	$pfsense_md5_check_old_parse = file_get_contents("{$snortdir}/pfsense_rules.tar.gz.md5");
+	$pfsense_md5_check_old = `/bin/echo "{$pfsense_md5_check_old_parse}" | /usr/bin/awk '{ print $1 }'`;
+	if ($pfsense_md5_check_new == $pfsense_md5_check_old)
+	{
+		hide_progress_bar_status();
+		$pfsense_md5_check_ok = 'on';
+	} else
+		$pfsense_md5_check_ok = 'off';
+}
+
+if ($snortdownload == 'on') {
+	if ($snort_md5_check_ok == 'on')
+	{
+		update_status(gettext("Your snort.org rules are up to date..."));
+		update_output_window(gettext("You may start Snort now..."));
+		$snortdownload = 'off';
+	}
+}
+if ($emergingthreats == 'on') {
+	if ($emerg_md5_check_ok == 'on')
+	{
+		update_status(gettext("Your Emergingthreats rules are up to date..."));
+		update_output_window(gettext("You may start Snort now..."));
+		$emergingthreats = 'off';
+	}
+}
+
+/* download snortrules file */
+if ($snortdownload == 'on')
+{
+	if ($snort_md5_check_ok != 'on') {
+		if (file_exists("{$tmpfname}/{$snort_filename}")) {
+			update_status(gettext("Snortrule tar file exists..."));
+		} else {
+			unhide_progress_bar_status();
+			update_status(gettext("There is a new set of Snort.org rules posted. Downloading..."));
+			update_output_window(gettext("May take 4 to 10 min..."));
+			download_file_with_progress_bar("http://www.snort.org/pub-bin/oinkmaster.cgi/{$oinkid}/{$snort_filename}", "{$tmpfname}/{$snort_filename}");
+			update_all_status($static_output);
+			update_status(gettext("Done downloading rules file."));
+			if (150000 > filesize("{$tmpfname}/$snort_filename")){
+				update_status(gettext("Error with the snort rules download..."));
+
+				update_output_window(gettext("Snort rules file downloaded failed..."));
+				$snortdownload = 'off';
+			}
+		}
+	}
+}
+
+/* download emergingthreats rules file */
+if ($emergingthreats == "on")
+{
+	if ($emerg_md5_check_ok != 'on')
+	{
+		if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+		{
+			update_status(gettext('Emergingthreats tar file exists...'));
+		}else{
+			update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
+			update_output_window(gettext("May take 4 to 10 min..."));
+			download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
+			update_status(gettext('Done downloading Emergingthreats rules file.'));
+		}
+	}
+}
+
+/* download pfsense rules file */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+	if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+		update_status(gettext("Snortrule tar file exists..."));
+	} else {
+		unhide_progress_bar_status();
+		update_status(gettext("There is a new set of Pfsense rules posted. Downloading..."));
+		update_output_window(gettext("May take 4 to 10 min..."));
+		download_file_with_progress_bar("http://www.pfsense.com/packages/config/snort/pfsense_rules/pfsense_rules.tar.gz", $tmpfname . "/{$pfsense_rules_filename}");
+		update_all_status($static_output);
+		update_status(gettext("Done downloading rules file."));
+	}
+}
+
+/* Compair md5 sig to file sig */
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk == on) {
+//$md5 = file_get_contents("{$tmpfname}/{$snort_filename_md5}");
+//$file_md5_ondisk = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md5 == $file_md5_ondisk) {
+//    update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+//    update_status(gettext("The downloaded file does not match the md5 file...P is ON"));
+//    update_output_window(gettext("Error md5 Mismatch..."));
+//    return;
+//  }
+//}
+
+//$premium_url_chk = $config['installedpackages']['snort']['config'][0]['subscriber'];
+//if ($premium_url_chk != on) {
+//$md55 = `/bin/cat {$tmpfname}/{$snort_filename_md5} | /usr/bin/awk '{ print $4 }'`;
+//$file_md5_ondisk2 = `/sbin/md5 {$tmpfname}/{$snort_filename} | /usr/bin/awk '{ print $4 }'`;
+// if ($md55 == $file_md5_ondisk2) {
+//    update_status(gettext("Valid md5 checksum pass..."));
+//} else {
+//    update_status(gettext("The downloaded file does not match the md5 file...Not P"));
+//    update_output_window(gettext("Error md5 Mismatch..."));
+//    return;
+//    }
+//}
+
+/* Untar snort rules file individually to help people with low system specs */
+if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
+	if (file_exists("{$tmpfname}/{$snort_filename}")) {
+
+		// find out if were in 1.2.3-RELEASE
+		$pfsense_ver_chk = exec('/bin/cat /etc/version');
+		if ($pfsense_ver_chk === '1.2.3-RELEASE') {
+			$pfsense_stable = 'yes';
+		}else{
+			$pfsense_stable = 'no';
+		}
+
+		// get the system arch
+		$snort_arch_ck = exec('/usr/bin/uname -m');
+		if ($snort_arch_ck === 'i386') {
+			$snort_arch = 'i386';
+		}else{
+			$snort_arch = 'x86-64'; // amd64
+		}
+
+		if ($pfsense_stable === 'yes') {
+			$freebsd_version_so = 'FreeBSD-7-3';
+		}else{
+			$freebsd_version_so = 'FreeBSD-8-1';
+		}
+
+		update_status(gettext("Extracting Snort.org rules..."));
+		update_output_window(gettext("May take a while..."));
+		/* extract snort.org rules and  add prefix to all snort.org files*/
+		exec("/bin/rm -r {$snortdir}/rules");
+		sleep(2);
+		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} rules/");
+		chdir ("/usr/local/etc/snort/rules");
+		sleep(2);
+
+		$snort_dirList = scandir("{$snortdir}/rules"); // Waning: only in php 5
+		$snortrules_filterList = snortscandirfilter($snort_dirList, '/.*\.rules/', '/\.rules/', '');
+
+		if (!empty($snortrules_filterList)) {
+			foreach ($snortrules_filterList as $snort_rule_move)
+			{
+				exec("/bin/mv -f {$snortdir}/rules/{$snort_rule_move}.rules {$snortdir}/rules/snort_{$snort_rule_move}.rules");
+			}
+		}
+
+		/* extract so_rules */
+
+		// list so_rules and exclude dir
+		exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} so_rules", $so_rules_list);
+
+		$so_rulesPattr = array('/\//', '/\.rules/');
+		$so_rulesPattw = array('', '');
+
+		// build list of so_rules
+		$so_rules_filterList = snortscandirfilter($so_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
+
+		if (!empty($so_rules_filterList)) {
+			// cp rule to so tmp dir
+			foreach ($so_rules_filterList as $so_rule)
+			{
+
+				exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/{$so_rule}.rules");
+
+			}
+			// mv and rename so rules
+			foreach ($so_rules_filterList as $so_rule_move)
+			{
+				exec("/bin/mv -f {$snortdir}/so_rules/{$so_rule_move}.rules {$snortdir}/rules/snort_{$so_rule_move}.so.rules");
+			}
+		}
+
+		/* extract preproc_rules */
+
+		// list so_rules and exclude dir
+		exec("/usr/bin/tar --exclude='precompiled' --exclude='src' -tf {$tmpfname}/{$snort_filename} preproc_rules", $preproc_rules_list);
+
+		$preproc_rules_filterList = snortscandirfilter($preproc_rules_list, '/\/.*\.rules/', $so_rulesPattr, $so_rulesPattw);
+
+		if (!empty($preproc_rules_filterList)) {
+			// cp rule to so tmp dir
+			foreach ($preproc_rules_filterList as $preproc_rule)
+			{
+
+				exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} preproc_rules/{$preproc_rule}.rules");
+
+			}
+			// mv and rename preproc_rules
+			foreach ($preproc_rules_filterList as $preproc_rule_move)
+			{
+				exec("/bin/mv -f {$snortdir}/preproc_rules/{$preproc_rule_move}.rules {$snortdir}/rules/snort_{$preproc_rule_move}.preproc.rules");
+			}
+		}
+
+		/* extract base etc files */
+		exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} etc/");
+		exec("/bin/mv -f {$snortdir}/etc/* {$snortdir}");
+		exec("/bin/rm -r {$snortdir}/etc");
+
+		update_status(gettext("Done extracting Snort.org Rules."));
+	}else{
+		update_status(gettext("Error extracting Snort.org Rules..."));
+		update_output_window(gettext("Error Line 755"));
+		$snortdownload = 'off';
+	}
+}
+
+/* Untar emergingthreats rules to tmp */
+if ($emergingthreats == 'on')
+{
+	if ($emerg_md5_check_ok != 'on')
+	{
+		if (file_exists("{$tmpfname}/{$emergingthreats_filename}"))
+		{
+			update_status(gettext("Extracting rules..."));
+			update_output_window(gettext("May take a while..."));
+			exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir} rules/");
+		}
+	}
+}
+
+/* Untar Pfsense rules to tmp */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+	if (file_exists("{$tmpfname}/{$pfsense_rules_filename}")) {
+		update_status(gettext("Extracting Pfsense rules..."));
+		update_output_window(gettext("May take a while..."));
+		exec("/usr/bin/tar xzf {$tmpfname}/{$pfsense_rules_filename} -C {$snortdir} rules/");
+	}
+}
+
+/* Untar snort signatures */
+if ($snortdownload == 'on' && $snort_md5_check_ok != 'on') {
+	if (file_exists("{$tmpfname}/{$snort_filename}")) {
+		$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+		if ($premium_url_chk == 'on') {
+			update_status(gettext("Extracting Signatures..."));
+			update_output_window(gettext("May take a while..."));
+			exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} doc/signatures/");
+			update_status(gettext("Done extracting Signatures."));
+		}
+	}
+}
+
+/*  Copy md5 sig to snort dir */
+if ($snortdownload == 'on')
+{
+	if ($snort_md5_check_ok != 'on') {
+		if (file_exists("{$tmpfname}/$snort_filename_md5")) {
+			update_status(gettext("Copying md5 sig to snort directory..."));
+			exec("/bin/cp {$tmpfname}/$snort_filename_md5 {$snortdir}/$snort_filename_md5");
+		}else{
+			update_status(gettext("The md5 file does not exist..."));
+			update_output_window(gettext("Error copying config..."));
+			$snortdownload = 'off';
+		}
+	}
+}
+
+/*  Copy emergingthreats md5 sig to snort dir */
+if ($emergingthreats == "on")
+{
+	if ($emerg_md5_check_ok != 'on')
+	{
+		if (file_exists("{$tmpfname}/$emergingthreats_filename_md5"))
+		{
+			update_status(gettext("Copying md5 sig to snort directory..."));
+			exec("/bin/cp {$tmpfname}/$emergingthreats_filename_md5 {$snortdir}/$emergingthreats_filename_md5");
+		}else{
+			update_status(gettext("The emergingthreats md5 file does not exist..."));
+			update_output_window(gettext("Error copying config..."));
+			$emergingthreats = 'off';
+		}
+	}
+}
+
+/*  Copy Pfsense md5 sig to snort dir */
+if ($pfsensedownload == 'on' && $pfsense_md5_check_ok != 'on') {
+	if (file_exists("{$tmpfname}/$pfsense_rules_filename_md5")) {
+		update_status(gettext("Copying Pfsense md5 sig to snort directory..."));
+		exec("/bin/cp {$tmpfname}/$pfsense_rules_filename_md5 {$snortdir}/$pfsense_rules_filename_md5");
+	} else {
+		update_status(gettext("The Pfsense md5 file does not exist..."));
+		update_output_window(gettext("Error copying config..."));
+		$pfsensedownload = 'off';
+	}
+}
+
+/*  Copy signatures dir to snort dir */
+if ($snortdownload == 'on')
+{
+	if ($snort_md5_check_ok != 'on')
+	{
+		$signature_info_chk = $config['installedpackages']['snortglobal']['signatureinfo'];
+		if ($premium_url_chk == 'on')
+		{
+			if (file_exists("{$snortdir}/doc/signatures")) {
+				update_status(gettext("Copying signatures..."));
+				update_output_window(gettext("May take a while..."));
+				exec("/bin/mv -f {$snortdir}/doc/signatures {$snortdir}/signatures");
+				exec("/bin/rm -r {$snortdir}/doc/signatures");
+				update_status(gettext("Done copying signatures."));
+			}else{
+				update_status(gettext("Directory signatures exist..."));
+				update_output_window(gettext("Error copying signature..."));
+				$snortdownload = 'off';
+			}
+		}
+	}
+}
+
+/* double make shure cleanup emerg rules that dont belong */
+if (file_exists("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules")) {
+	apc_clear_cache();
+	@unlink("/usr/local/etc/snort/rules/emerging-botcc-BLOCK.rules");
+	@unlink("/usr/local/etc/snort/rules/emerging-botcc.rules");
+	@unlink("/usr/local/etc/snort/rules/emerging-compromised-BLOCK.rules");
+	@unlink("/usr/local/etc/snort/rules/emerging-drop-BLOCK.rules");
+	@unlink("/usr/local/etc/snort/rules/emerging-dshield-BLOCK.rules");
+	@unlink("/usr/local/etc/snort/rules/emerging-rbn-BLOCK.rules");
+	@unlink("/usr/local/etc/snort/rules/emerging-tor-BLOCK.rules");
+}
+
+if (file_exists("/usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so")) {
+	exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example_rule.so");
+	exec("/bin/rm /usr/local/lib/snort/dynamicrules/lib_sfdynamic_example\*");
+}
+
+/* make shure default rules are in the right format */
+exec("/usr/bin/sed -i '' 's/^[ \t]*//' /usr/local/etc/snort/rules/*.rules"); // remove white spaces from begining of line
+exec("/usr/bin/sed -i '' 's/^#alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/bin/sed -i '' 's/^##alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
+exec("/usr/bin/sed -i '' 's/^## alert*/\# alert/' /usr/local/etc/snort/rules/*.rules");
+
+/* create a msg-map for snort  */
+update_status(gettext("Updating Alert Messages..."));
+update_output_window(gettext("Please Wait..."));
+exec("/usr/local/bin/perl /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules > /usr/local/etc/snort/sid-msg.map");
+
+
+//////////////////
+
+/* open oinkmaster_conf for writing" function */
+function oinkmaster_conf($id, $if_real, $iface_uuid)
+{
+	global $config, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+	@unlink("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf");
+
+	/*  enable disable setting will carry over with updates */
+	/*  TODO carry signature changes with the updates */
+	if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+
+		$selected_sid_on_sections = "";
+		$selected_sid_off_sections = "";
+
+		if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on'])) {
+			$enabled_sid_on = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']);
+			$enabled_sid_on_array = split('\|\|', $enabled_sid_on);
+			foreach($enabled_sid_on_array as $enabled_item_on)
+				$selected_sid_on_sections .= "$enabled_item_on\n";
+		}
+
+		if (!empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+			$enabled_sid_off = trim($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off']);
+			$enabled_sid_off_array = split('\|\|', $enabled_sid_off);
+			foreach($enabled_sid_off_array as $enabled_item_off)
+				$selected_sid_off_sections .= "$enabled_item_off\n";
+		}
+
+		if (!empty($selected_sid_on_sections) || !empty($selected_sid_off_sections)) {
+			$snort_sid_text = <<<EOD
+
+###########################################
+#                                         #
+# this is auto generated on snort updates #
+#                                         #
+###########################################
+
+path = /bin:/usr/bin:/usr/local/bin
+
+update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
+
+url = dir:///usr/local/etc/snort/rules
+
+$selected_sid_on_sections
+
+$selected_sid_off_sections
+
+EOD;
+
+			/* open snort's oinkmaster.conf for writing */
+			@file_put_contents("/usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf", $snort_sid_text);
+		}
+	}
+}
+
+/*  Run oinkmaster to snort_wan and cp configs */
+/*  If oinkmaster is not needed cp rules normally */
+/*  TODO add per interface settings here */
+function oinkmaster_run($id, $if_real, $iface_uuid)
+{
+	global $config, $g, $snortdir_wan, $snortdir, $snort_md5_check_ok, $emerg_md5_check_ok, $pfsense_md5_check_ok;
+
+	if ($snort_md5_check_ok != 'on' || $emerg_md5_check_ok != 'on' || $pfsense_md5_check_ok != 'on') {
+		if (empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_on']) && empty($config['installedpackages']['snortglobal']['rule'][$id]['rule_sid_off'])) {
+			update_status(gettext("Your first set of rules are being copied..."));
+			update_output_window(gettext("May take a while..."));
+			exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+			exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+		} else {
+			update_status(gettext("Your enable and disable changes are being applied to your fresh set of rules..."));
+			update_output_window(gettext("May take a while..."));
+			exec("/bin/cp {$snortdir}/rules/* {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}/rules/");
+			exec("/bin/cp {$snortdir}/classification.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/gen-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/generators {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/reference.config {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/sid {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/sid-msg.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+			exec("/bin/cp {$snortdir}/unicode.map {$snortdir_wan}/snort_{$iface_uuid}_{$if_real}");
+
+			/*  might have to add a sleep for 3sec for flash drives or old drives */
+			exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
+		}
+	}
+}
+
+/* Start the proccess for every interface rule */
+/* TODO: try to make the code smother */
+if (is_array($config['installedpackages']['snortglobal']['rule']))
+{
+	foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) {
+		$result_lan = $value['interface'];
+		$if_real = snort_get_real_interface($result_lan);
+		$iface_uuid = $value['uuid'];
+
+		/* make oinkmaster.conf for each interface rule */
+		oinkmaster_conf($id, $if_real, $iface_uuid);
+
+		/* run oinkmaster for each interface rule */
+		oinkmaster_run($id, $if_real, $iface_uuid);
+	}
+}
+
+//////////////
+
+/* mark the time update finnished */
+$config['installedpackages']['snortglobal']['last_rules_install'] = date("Y-M-jS-h:i-A");
+
+/*  remove old $tmpfname files */
+if (is_dir('/usr/local/etc/snort/tmp')) {
+	update_status(gettext("Cleaning up..."));
+	exec("/bin/rm -r /usr/local/etc/snort/tmp/snort_rules_up");
+	sleep(2);
+	exec("/bin/rm -r /usr/local/etc/snort/tmp/rules_bk");
+}
+
+/* XXX: These are needed if snort is run as snort user
+mwexec("/usr/sbin/chown -R snort:snort /var/log/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/etc/snort", true);
+mwexec("/usr/sbin/chown -R snort:snort /usr/local/lib/snort", true);
+*/
+/* make all dirs snorts */
+mwexec("/bin/chmod -R 755  /var/log/snort", true);
+mwexec("/bin/chmod -R 755  /usr/local/etc/snort", true);
+mwexec("/bin/chmod -R 755  /usr/local/lib/snort", true);
+
+/* hide progress bar and lets end this party */
+hide_progress_bar_status();
+
+if ($snortdownload == 'off' && $emergingthreats == 'off' && $pfsensedownload == 'off')
+	update_output_window(gettext("Finished..."));
+else if ($snort_md5_check_ok == 'on' && $emerg_md5_check_ok == 'on' && $pfsense_md5_check_ok == 'on')
+	update_output_window(gettext("Finished..."));
+else {
+	/* You are Not Up to date, always stop snort when updating rules for low end machines */;
+	update_status(gettext("You are NOT up to date..."));
+	exec("/bin/sh /usr/local/etc/rc.d/snort.sh start");
+	update_status(gettext("The Rules update finished..."));
+	update_output_window(gettext("Snort has restarted with your new set of rules..."));
+	exec("/bin/rm /tmp/snort_download_halt.pid");
+}
+
+update_status(gettext("The Rules update finished..."));
+conf_mount_ro();
+
+?>