Add support for Emerging Threats Pro ruleset

5 files changed, 200 insertions, 89 deletions

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index bce9c2a3..e6039510 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -67,12 +67,9 @@ else {
 
 /* Define some useful constants for Snort */
 define("SNORTLOGDIR", "/var/log/snort");
-define("VRT_DNLD_FILENAME", "snortrules-snapshot-2946.tar.gz");
-define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/");
-define("ET_VERSION", "2.9.0");
 define("ET_DNLD_FILENAME", "emerging.rules.tar.gz");
+define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
 define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
-define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/");
 define("FLOWBITS_FILENAME", "flowbit-required.rules");
 define("ENFORCING_RULES_FILENAME", "snort.rules");
 define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 30da4b74..21eb7bd2 100755
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -35,29 +35,25 @@ require_once "/usr/local/pkg/snort/snort.inc";
 
 global $g, $pkg_interface, $snort_gui_include, $rebuild_rules;
 
-
-if (!defined("VRT_DNLD_FILENAME"))
-	define("VRT_DNLD_FILENAME", "snortrules-snapshot-2946.tar.gz");
 if (!defined("VRT_DNLD_URL"))
 	define("VRT_DNLD_URL", "https://www.snort.org/reg-rules/");
 if (!defined("ET_VERSION"))
 	define("ET_VERSION", "2.9.0");
 if (!defined("ET_BASE_DNLD_URL"))
 	define("ET_BASE_DNLD_URL", "http://rules.emergingthreats.net/"); 
+if (!defined("ETPRO_BASE_DNLD_URL"))
+	define("ETPRO_BASE_DNLD_URL", "https://rules.emergingthreatspro.com/"); 
 if (!defined("ET_DNLD_FILENAME"))
 	define("ET_DNLD_FILENAME", "emerging.rules.tar.gz");
+if (!defined("ETPRO_DNLD_FILENAME"))
+	define("ETPRO_DNLD_FILENAME", "etpro.rules.tar.gz");
 if (!defined("GPLV2_DNLD_FILENAME"))
 	define("GPLV2_DNLD_FILENAME", "community-rules.tar.gz");
 if (!defined("GPLV2_DNLD_URL"))
 	define("GPLV2_DNLD_URL", "https://s3.amazonaws.com/snort-org/www/rules/community/");
-if (!defined("FLOWBITS_FILENAME"))
-	define("FLOWBITS_FILENAME", "flowbit-required.rules");
-if (!defined("ENFORCING_RULES_FILENAME"))
-	define("ENFORCING_RULES_FILENAME", "snort.rules");
 if (!defined("RULES_UPD_LOGFILE"))
 	define("RULES_UPD_LOGFILE", SNORTLOGDIR . "/snort_rules_update.log");
 
-
 $snortdir = SNORTDIR;
 $snortlibdir = SNORTLIBDIR;
 $snortlogdir = SNORTLOGDIR;
@@ -72,8 +68,10 @@ else
 
 /* define checks */
 $oinkid = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$etproid = $config['installedpackages']['snortglobal']['etpro_code'];
 $snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
 $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
 $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
 $vrt_enabled = $config['installedpackages']['snortglobal']['snortdownload'];
 $et_enabled = $config['installedpackages']['snortglobal']['emergingthreats'];
@@ -81,19 +79,39 @@ $et_enabled = $config['installedpackages']['snortglobal']['emergingthreats'];
 /* Working directory for downloaded rules tarballs */
 $tmpfname = "{$snortdir}/tmp/snort_rules_up";
 
-/* Snort VRT rules filenames and URL */
-$snort_filename = VRT_DNLD_FILENAME;
-$snort_filename_md5 = VRT_DNLD_FILENAME . ".md5";
+/* Grab the Snort binary version programmatically and use it to construct */
+/* the proper Snort VRT rules tarball and md5 filenames.                  */
+exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
+// Save the version with decimal delimiters for use in extracting the rules
+$snort_version = $snortver[0];
+// Create a collapsed version string for use in the tarball filename
+$snortver[0] = str_replace(".", "", $snortver[0]);
+$snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz";
+$snort_filename_md5 = "{$snort_filename}.md5";
 $snort_rule_url = VRT_DNLD_URL;
 
-/* Emerging Threats rules filenames and URL */
-$emergingthreats_filename = ET_DNLD_FILENAME;
-$emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5";
-$emerging_threats_version = ET_VERSION;
-$emergingthreats_url = ET_BASE_DNLD_URL;
-// If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules
-$emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/";
-$emergingthreats_url .= "snort-" . ET_VERSION . "/";
+/* Set up Emerging Threats rules filenames and URL */
+if ($etpro == "on") {
+	$emergingthreats_filename = ETPRO_DNLD_FILENAME;
+	$emergingthreats_filename_md5 = ETPRO_DNLD_FILENAME . ".md5";
+	$emergingthreats_url = ETPRO_BASE_DNLD_URL;
+	$emergingthreats_url .= "{$etproid}/snort-" . ET_VERSION . "/";
+	$emergingthreats = "on";
+	$et_name = "Emerging Threats Pro";
+	$et_md5_remove = ET_DNLD_FILENAME . ".md5";
+	@unlink("{$snortdir}/{$et_md5_remove}");
+}
+else {
+	$emergingthreats_filename = ET_DNLD_FILENAME;
+	$emergingthreats_filename_md5 = ET_DNLD_FILENAME . ".md5";
+	$emergingthreats_url = ET_BASE_DNLD_URL;
+	// If using Sourcefire VRT rules with ET, then we should use the open-nogpl ET rules
+	$emergingthreats_url .= $vrt_enabled == "on" ? "open-nogpl/" : "open/";
+	$emergingthreats_url .= "snort-" . ET_VERSION . "/";
+	$et_name = "Emerging Threats Open";
+	$et_md5_remove = ETPRO_DNLD_FILENAME . ".md5";
+	@unlink("{$snortdir}/{$et_md5_remove}");
+}
 
 /* Snort GPLv2 Community Rules filenames and URL */
 $snort_community_rules_filename = GPLV2_DNLD_FILENAME;
@@ -418,34 +436,34 @@ if ($snortcommunityrules == 'on') {
 /*  download md5 sig from emergingthreats.net */
 if ($emergingthreats == 'on') {
 	if ($pkg_interface <> "console")
-		update_status(gettext("Downloading EmergingThreats md5 file..."));
-	error_log(gettext("\tDownloading EmergingThreats md5 file '{$emergingthreats_filename_md5}'...\n"), 3, $snort_rules_upd_log);
+		update_status(gettext("Downloading {$et_name} md5 file..."));
+	error_log(gettext("\tDownloading {$et_name} md5 file '{$emergingthreats_filename_md5}'...\n"), 3, $snort_rules_upd_log);
 	$rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename_md5}", "{$tmpfname}/{$emergingthreats_filename_md5}");
 	if ($rc === true) {
 		if ($pkg_interface <> "console")
-			update_status(gettext("Done downloading EmergingThreats md5 file {$emergingthreats_filename_md5}"));
-		error_log(gettext("\tChecking EmergingThreats md5.\n"), 3, $snort_rules_upd_log);
+			update_status(gettext("Done downloading {$et_name} md5 file {$emergingthreats_filename_md5}"));
+		error_log(gettext("\tChecking {$et_name} md5.\n"), 3, $snort_rules_upd_log);
 		if (file_exists("{$snortdir}/{$emergingthreats_filename_md5}") && $emergingthreats == "on") {
 			/* Check if were up to date emergingthreats.net */
 			$emerg_md5_check_new = file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}");
 			$emerg_md5_check_old = file_get_contents("{$snortdir}/{$emergingthreats_filename_md5}");
 			if ($emerg_md5_check_new == $emerg_md5_check_old) {
 				if ($pkg_interface <> "console")
-					update_status(gettext("Emerging Threats rules are up to date..."));
-				log_error(gettext("[Snort] Emerging Threat rules are up to date..."));
-				error_log(gettext("\tEmerging Threats rules are up to date.\n"), 3, $snort_rules_upd_log);
+					update_status(gettext("{$et_name} rules are up to date..."));
+				log_error(gettext("[Snort] {$et_name} rules are up to date..."));
+				error_log(gettext("\t{$et_name} rules are up to date.\n"), 3, $snort_rules_upd_log);
 				$emergingthreats = 'off';
 			}
 		}
 	}
 	else {
 		if ($pkg_interface <> "console")
-			update_output_window(gettext("EmergingThreats md5 file download failed.  EmergingThreats rules will not be updated."));
-		log_error(gettext("[Snort] EmergingThreats md5 file download failed.  Server returned error code '{$rc}'."));
-		error_log(gettext("\tEmergingThreats md5 file download failed.  Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log);
+			update_output_window(gettext("{$et_name} md5 file download failed.  {$et_name} rules will not be updated."));
+		log_error(gettext("[Snort] {$et_name} md5 file download failed.  Server returned error code '{$rc}'."));
+		error_log(gettext("\t{$et_name} md5 file download failed.  Server returned error code '{$rc}'.\n"), 3, $snort_rules_upd_log);
 		if ($pkg_interface == "console")
 			error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
-		error_log(gettext("\tEmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\t{$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log);
 		$emergingthreats = 'off';
 	}
 }
@@ -453,9 +471,9 @@ if ($emergingthreats == 'on') {
 /* download emergingthreats rules file */
 if ($emergingthreats == "on") {
 	if ($pkg_interface <> "console")
-		update_status(gettext("There is a new set of EmergingThreats rules posted. Downloading {$emergingthreats_filename}..."));
-	log_error(gettext("[Snort] There is a new set of EmergingThreats rules posted. Downloading..."));
-	error_log(gettext("\tThere is a new set of EmergingThreats rules posted.\n"), 3, $snort_rules_upd_log);
+		update_status(gettext("There is a new set of {$et_name} rules posted. Downloading {$emergingthreats_filename}..."));
+	log_error(gettext("[Snort] There is a new set of {$et_name} rules posted. Downloading..."));
+	error_log(gettext("\tThere is a new set of {$et_name} rules posted.\n"), 3, $snort_rules_upd_log);
 	error_log(gettext("\tDownloading file '{$emergingthreats_filename}'...\n"), 3, $snort_rules_upd_log);
 	$rc = snort_download_file_url("{$emergingthreats_url}{$emergingthreats_filename}", "{$tmpfname}/{$emergingthreats_filename}");
 
@@ -463,29 +481,29 @@ if ($emergingthreats == "on") {
 	if ($rc === true) {
 		if (trim(file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")) != trim(md5_file("{$tmpfname}/{$emergingthreats_filename}"))){
 			if ($pkg_interface <> "console")
-				update_output_window(gettext("EmergingThreats rules file MD5 checksum failed..."));
-			log_error(gettext("[Snort] EmergingThreats rules file download failed.  Bad MD5 checksum..."));
+				update_output_window(gettext("{$et_name} rules file MD5 checksum failed..."));
+			log_error(gettext("[Snort] {$et_name} rules file download failed.  Bad MD5 checksum..."));
         	        log_error(gettext("[Snort] Failed File MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}")));
 			log_error(gettext("[Snort] Expected File MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}")));
-			error_log(gettext("\tEmergingThreats rules file download failed.  EmergingThreats rules will not be updated.\n"), 3, $snort_rules_upd_log);
+			error_log(gettext("\t{$et_name} rules file download failed.  {$et_name} rules will not be updated.\n"), 3, $snort_rules_upd_log);
 			error_log(gettext("\tDownloaded ET file MD5: " . md5_file("{$tmpfname}/{$emergingthreats_filename}") . "\n"), 3, $snort_rules_upd_log);
 			error_log(gettext("\tExpected ET file MD5: " . file_get_contents("{$tmpfname}/{$emergingthreats_filename_md5}") . "\n"), 3, $snort_rules_upd_log);
 			$emergingthreats = 'off';
 		}
 		else {
 			if ($pkg_interface <> "console")
-				update_status(gettext('Done downloading EmergingThreats rules file.'));
-			log_error("[Snort] EmergingThreats rules file update downloaded successfully");
-			error_log(gettext("\tDone downloading EmergingThreats rules file.\n"), 3, $snort_rules_upd_log);
+				update_status(gettext('Done downloading {$et_name} rules file.'));
+			log_error("[Snort] {$et_name} rules file update downloaded successfully");
+			error_log(gettext("\tDone downloading {$et_name} rules file.\n"), 3, $snort_rules_upd_log);
 		}
 	}
 	else {
 		if ($pkg_interface <> "console") {
-			update_status(gettext("The server returned error code {$rc} ... skipping EmergingThreats update..."));
-			update_output_window(gettext("EmergingThreats rules file download failed..."));
+			update_status(gettext("The server returned error code {$rc} ... skipping {$et_name} update..."));
+			update_output_window(gettext("{$et_name} rules file download failed..."));
 		}
-		log_error(gettext("[Snort] EmergingThreats rules file download failed.  Server returned error '{$rc}'..."));
-		error_log(gettext("\tEmergingThreats rules file download failed.  Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log);
+		log_error(gettext("[Snort] {$et_name} rules file download failed.  Server returned error '{$rc}'..."));
+		error_log(gettext("\t{$et_name} rules file download failed.  Server returned error '{$rc}'...\n"), 3, $snort_rules_upd_log);
 		if ($pkg_interface == "console")
 			error_log(gettext("\tThe error text is '{$last_curl_error}'\n"), 3, $snort_rules_upd_log);
 		$emergingthreats = 'off';
@@ -497,22 +515,34 @@ if ($emergingthreats == 'on') {
 	safe_mkdir("{$snortdir}/tmp/emerging");
 	if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) {
 		if ($pkg_interface <> "console") {
-			update_status(gettext("Extracting EmergingThreats.org rules..."));
-			update_output_window(gettext("Installing EmergingThreats rules..."));
+			update_status(gettext("Extracting {$et_name} rules..."));
+			update_output_window(gettext("Installing {$et_name} rules..."));
 		}
-		error_log(gettext("\tExtracting and installing EmergingThreats.org rules...\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, $snort_rules_upd_log);
 		exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$snortdir}/tmp/emerging rules/");
 
+		/* Remove the old Emerging Threats rules files */
+		array_map('unlink', glob("{$snortdir}/rules/emerging-*.rules"));
+		array_map('unlink', glob("{$snortdir}/rules/etpro-*.rules"));
+		array_map('unlink', glob("{$snortdir}/rules/emerging-*ips.txt"));
+		array_map('unlink', glob("{$snortdir}/rules/etpro-*ips.txt"));
+
 		$files = glob("{$snortdir}/tmp/emerging/rules/*.rules");
 		foreach ($files as $file) {
 			$newfile = basename($file);
-			@copy($file, "{$snortdir}/rules/{$newfile}");
+			if ($etpro == "on")
+				@copy($file, "{$snortdir}/rules/etpro-{$newfile}");
+			else
+				@copy($file, "{$snortdir}/rules/{$newfile}");
 		}
 		/* IP lists for Emerging Threats rules */
 		$files = glob("{$snortdir}/tmp/emerging/rules/*ips.txt");
 		foreach ($files as $file) {
 			$newfile = basename($file);
-			@copy($file, "{$snortdir}/rules/{$newfile}");
+			if ($etpro == "on")
+				@copy($file, "{$snortdir}/rules/etpro-{$newfile}");
+			else
+				@copy($file, "{$snortdir}/rules/emerging-{$newfile}");
 		}
                 /* base etc files for Emerging Threats rules */
 		foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) {
@@ -527,10 +557,10 @@ if ($emergingthreats == 'on') {
 			@copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$snortdir}/{$emergingthreats_filename_md5}");
 		}
 		if ($pkg_interface <> "console") {
-			update_status(gettext("Extraction of EmergingThreats.org rules completed..."));
-			update_output_window(gettext("Installation of EmergingThreats rules completed..."));
+			update_status(gettext("Extraction of {$et_name} rules completed..."));
+			update_output_window(gettext("Installation of {$et_name} rules completed..."));
 		}
-		error_log(gettext("\tInstallation of EmergingThreats.org rules completed.\n"), 3, $snort_rules_upd_log);
+		error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log);
 		exec("rm -r {$snortdir}/tmp/emerging");
 	}
 }
@@ -544,6 +574,9 @@ if ($snortdownload == 'on') {
 		if (substr(php_uname("r"), 0, 1) == '9')
 			$freebsd_version_so = 'FreeBSD-9-0';
 
+		/* Remove the old Snort rules files */
+		array_map('unlink', glob("{$snortdir}/rules/snort_*.rules"));
+
 		if ($pkg_interface <> "console") {
 			update_status(gettext("Extracting Snort VRT rules..."));
 			update_output_window(gettext("Installing Sourcefire VRT rules..."));
diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php
index 1f87fbbc..09ab646a 100755
--- a/config/snort/snort_download_updates.php
+++ b/config/snort/snort_download_updates.php
@@ -40,8 +40,14 @@ require_once("/usr/local/pkg/snort/snort.inc");
 $snortdir = SNORTDIR;
 $snort_rules_upd_log = RULES_UPD_LOGFILE;
 $log = $snort_rules_upd_log;
-$snort_rules_file = VRT_DNLD_FILENAME;
-$emergingthreats_filename = ET_DNLD_FILENAME;
+
+/* Grab the Snort binary version programmatically and */
+/* use it to construct the proper Snort VRT rules     */
+/* tarball filename.                                  */
+exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver);
+$snortver[0] = str_replace(".", "", $snortver[0]);
+$snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz";
+//$snort_rules_file = VRT_DNLD_FILENAME;
 $snort_community_rules_filename = GPLV2_DNLD_FILENAME;
 
 /* load only javascript that is needed */
@@ -49,8 +55,18 @@ $snort_load_jquery = 'yes';
 $snort_load_jquery_colorbox = 'yes';
 $snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
 $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
 $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules'];
 
+if ($etpro == "on") {
+	$emergingthreats_filename = ETPRO_DNLD_FILENAME;
+	$et_name = "EMERGING THREATS PRO RULES";
+}
+else {
+	$emergingthreats_filename = ET_DNLD_FILENAME;
+	$et_name = "EMERGING THREATS RULES";
+}
+
 /* quick md5s chk */
 $snort_org_sig_chk_local = 'N/A';
 if (file_exists("{$snortdir}/{$snort_rules_file}.md5"))
@@ -138,9 +154,9 @@ h += 96;
 						<p style="text-align: left; margin-left: 225px;">
 							<font color="#777777" size="2.5px">
 							<b><?php echo gettext("INSTALLED RULESET SIGNATURES"); ?></b></font><br/><br/>
-							<font color="#FF850A" size="1px"><b>SNORT.ORG&nbsp;&nbsp;--></b></font>
+							<font color="#FF850A" size="1px"><b>SNORT VRT RULES&nbsp;&nbsp;--></b></font>
 							<font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_org_sig_chk_local; ?></font><br/>
-							<font color="#FF850A" size="1px"><b>EMERGINGTHREATS.NET&nbsp;&nbsp;--></b></font>
+							<font color="#FF850A" size="1px"><b><?=$et_name;?>&nbsp;&nbsp;--></b></font>
 							<font size="1px" color="#000000">&nbsp;&nbsp;<? echo $emergingt_net_sig_chk_local; ?></font><br/>
 							<font color="#FF850A" size="1px"><b>SNORT GPLv2 COMMUNITY RULES&nbsp;&nbsp;--></b></font>
 							<font size="1px" color="#000000">&nbsp;&nbsp;<? echo $snort_community_sig_chk_local; ?></font><br/>
@@ -160,7 +176,7 @@ h += 96;
 
 			<?php
 
-						if ($snortdownload != 'on' && $emergingthreats != 'on') {
+						if ($snortdownload != 'on' && $emergingthreats != 'on' && $etpro != 'on') {
 							echo '
 			<button disabled="disabled"><span class="download">' . gettext("Update Rules") . '</span></button><br/>
 			<p style="text-align:left; margin-left:150px;">
diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php
index d28ec2b4..089255b6 100644
--- a/config/snort/snort_interfaces_global.php
+++ b/config/snort/snort_interfaces_global.php
@@ -44,7 +44,9 @@ $snortdir = SNORTDIR;
 /* make things short  */
 $pconfig['snortdownload'] = $config['installedpackages']['snortglobal']['snortdownload'];
 $pconfig['oinkmastercode'] = $config['installedpackages']['snortglobal']['oinkmastercode'];
+$pconfig['etpro_code'] = $config['installedpackages']['snortglobal']['etpro_code'];
 $pconfig['emergingthreats'] = $config['installedpackages']['snortglobal']['emergingthreats'];
+$pconfig['emergingthreats_pro'] = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
 $pconfig['rm_blocked'] = $config['installedpackages']['snortglobal']['rm_blocked'];
 $pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit'];
 $pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize'];
@@ -63,14 +65,22 @@ if ($_POST['rule_update_starttime']) {
 		$input_errors[] = "Invalid Rule Update Start Time!  Please supply a value in 24-hour format as 'HH:MM'.";
 }
 
+if ($_POST['snortdownload'] == "on" && empty($_POST['oinkmastercode']))
+		$input_errors[] = "You must supply an Oinkmaster code in the box provided in order to enable Snort VRT rules!";
+
+if ($_POST['emergingthreats_pro'] == "on" && empty($_POST['etpro_code']))
+		$input_errors[] = "You must supply a subscription code in the box provided in order to enable Emerging Threats Pro rules!";
+
 /* if no errors move foward */
 if (!$input_errors) {
 	if ($_POST["Submit"]) {
 
-		$config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'];
+		$config['installedpackages']['snortglobal']['snortdownload'] = $_POST['snortdownload'] ? 'on' : 'off';
 		$config['installedpackages']['snortglobal']['oinkmastercode'] = $_POST['oinkmastercode'];
 		$config['installedpackages']['snortglobal']['snortcommunityrules'] = $_POST['snortcommunityrules'] ? 'on' : 'off';
 		$config['installedpackages']['snortglobal']['emergingthreats'] = $_POST['emergingthreats'] ? 'on' : 'off';
+		$config['installedpackages']['snortglobal']['emergingthreats_pro'] = $_POST['emergingthreats_pro'] ? 'on' : 'off';
+		$config['installedpackages']['snortglobal']['etpro_code'] = $_POST['etpro_code'];
 
 		$config['installedpackages']['snortglobal']['rm_blocked'] = $_POST['rm_blocked'];
 		if ($_POST['snortloglimitsize']) {
@@ -160,19 +170,14 @@ if ($input_errors)
 	<td width="78%" class="vtable">
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
 		<tr>
-			<td><input name="snortdownload" type="radio" id="snortdownload" value="off" onclick="enable_snort_vrt('off')"  
-			<?php if($pconfig['snortdownload']=='off' || $pconfig['snortdownload']=='') echo 'checked'; ?> >&nbsp;&nbsp;</td>
-			<td><span class="vexpl"><?php printf(gettext("Do %sNOT%s Install"), '<strong>',  '</strong>'); ?></span></td>
-		</tr>
-		<tr>
-			<td><input name="snortdownload" type="radio" id="snortdownload" value="on" onclick="enable_snort_vrt('on')" 
+			<td><input name="snortdownload" type="checkbox" id="snortdownload" value="on" onclick="enable_snort_vrt();" 
 			<?php if($pconfig['snortdownload']=='on') echo 'checked'; ?>></td>
-			<td><span class="vexpl"><?php echo gettext("Install Basic Rules or Premium rules"); ?></span></td>
+			<td><span class="vexpl"><?php echo gettext("Snort VRT free Registered User or paid Subscriber rules"); ?></span></td>
 		<tr>
 			<td>&nbsp;</td>
-			<td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a Basic Rule Account"); ?> </a><br>
+			<td><a href="https://www.snort.org/signup" target="_blank"><?php echo gettext("Sign Up for a free Registered User Rule Account"); ?> </a><br>
 			<a href="http://www.snort.org/vrt/buy-a-subscription" target="_blank">
-			<?php echo gettext("Sign Up for Sourcefire VRT Certified Premium Rules.  This Is Highly Recommended"); ?></a></td>
+			<?php echo gettext("Sign Up for paid Sourcefire VRT Certified Subscriber Rules"); ?></a></td>
 		</tr>
 		<tr>
 			<td colspan="2">&nbsp;</td>
@@ -180,17 +185,17 @@ if ($input_errors)
 		</table>
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
 		<tr>
-			<td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Oinkmaster Configuration"); ?></span></b></td>
+			<td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("Snort VRT Oinkmaster Configuration"); ?></span></b></td>
 		</tr>
 		<tr>
-			<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code"); ?></strong></span></td>
+			<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
 			<td><input name="oinkmastercode" type="text"
 				class="formfld" id="oinkmastercode" size="52"
 				value="<?=htmlspecialchars($pconfig['oinkmastercode']);?>" 
 				<?php if($pconfig['snortdownload']<>'on') echo 'disabled'; ?>><br>
 			<?php echo gettext("Obtain a snort.org Oinkmaster code and paste it here."); ?></td>
 		</tr>
-	</table>
+		</table>
 </tr>
 <tr>
 	<td width="22%" valign="top" class="vncell"><?php printf(gettext("Install %sSnort Community%s " .
@@ -198,7 +203,7 @@ if ($input_errors)
 	<td width="78%" class="vtable">
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
 			<tr>
-				<td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="yes"
+				<td valign="top" width="8%"><input name="snortcommunityrules" type="checkbox" value="on"
 				<?php if ($config['installedpackages']['snortglobal']['snortcommunityrules']=="on") echo "checked"; ?> ></td>
 				<td><span class="vexpl"><?php echo gettext("The Snort Community Ruleset is a GPLv2 VRT certified ruleset that is distributed free of charge " .
 				"without any VRT License restrictions.  This ruleset is updated daily and is a subset of the subscriber ruleset."); ?>
@@ -212,11 +217,41 @@ if ($input_errors)
 	<td width="78%" class="vtable">
 		<table width="100%" border="0" cellpadding="2" cellspacing="0">
 			<tr>
-				<td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="yes" 
-				<?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>>
-				<td><span class="vexpl"><?php echo gettext("Emerging Threats is an open source community that produces fast " .
-				"moving and diverse Snort Rules."); ?></span></td>
+				<td valign="top" width="8%"><input name="emergingthreats" type="checkbox" value="on" onclick="enable_et_rules();" 
+				<?php if ($config['installedpackages']['snortglobal']['emergingthreats']=="on") echo "checked"; ?>></td>
+				<td><span class="vexpl"><?php echo gettext("ETOpen is an open source set of Snort rules whose coverage " .
+				"is more limited than ETPro."); ?></span></td>
+			</tr>
+			<tr>
+				<td valign="top" width="8%"><input name="emergingthreats_pro" type="checkbox" value="on" onclick="enable_etpro_rules();" 
+				<?php if ($config['installedpackages']['snortglobal']['emergingthreats_pro']=="on") echo "checked"; ?>></td>
+				<td><span class="vexpl"><?php echo gettext("ETPro for Snort offers daily updates and extensive coverage of current malware threats."); ?></span></td>
 			</tr>
+		<tr>
+			<td>&nbsp;</td>
+			<td><a href="http://www.emergingthreats.net/solutions/etpro-ruleset/" target="_blank"><?php echo gettext("Sign Up for an ETPro Account"); ?> </a></td>
+		</tr>
+		<tr>
+			<td>&nbsp;</td>
+			<td class="vexpl"><?php echo "<span class='red'><strong>" . gettext("Note:") . "</strong></span>" . "&nbsp;" . 
+			gettext("The ETPro rules contain all of the ETOpen rules, so the ETOpen rules are not required and are disabled when the ETPro rules are selected."); ?></td>
+		</tr>
+		<tr>
+			<td colspan="2">&nbsp;</td>
+		</tr>
+		</table>
+		<table width="100%" border="0" cellpadding="2" cellspacing="0">
+		<tr>
+			<td colspan="2" valign="top"><b><span class="vexpl"><?php echo gettext("ETPro Subscription Configuration"); ?></span></b></td>
+		</tr>
+		<tr>
+			<td valign="top"><span class="vexpl"><strong><?php echo gettext("Code:"); ?></strong></span></td>
+			<td><input name="etpro_code" type="text"
+				class="formfld" id="etpro_code" size="52"
+				value="<?=htmlspecialchars($pconfig['etpro_code']);?>" 
+				<?php if($pconfig['emergingthreats_pro']<>'on') echo 'disabled'; ?>><br>
+			<?php echo gettext("Obtain an ETPro subscription code and paste it here."); ?></td>
+		</tr>
 		</table>
 	</td>
 </tr>
@@ -330,13 +365,28 @@ if ($input_errors)
 
 <script language="JavaScript">
 <!--
-function enable_snort_vrt(btn) {
-	if (btn == 'off') {
-		document.iform.oinkmastercode.disabled = "true";
+function enable_snort_vrt() {
+	var endis = !(document.iform.snortdownload.checked);
+	document.iform.oinkmastercode.disabled = endis;
+	document.iform.etpro_code.disabled = endis;
+}
+
+function enable_et_rules() {
+	var endis = document.iform.emergingthreats.checked;
+	if (endis) {
+		document.iform.emergingthreats_pro.checked = !(endis);
+		document.iform.etpro_code.disabled = "true";
 	}
-	if (btn == 'on') {
-		document.iform.oinkmastercode.disabled = "";
-	}	
+}
+
+function enable_etpro_rules() {
+	var endis = document.iform.emergingthreats_pro.checked;
+	if (endis) {
+		document.iform.emergingthreats.checked = !(endis);
+		document.iform.etpro_code.disabled = "";
+	}
+	else
+		document.iform.etpro_code.disabled = "true";
 }
 
 function enable_change_rules_upd() {
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 7ec0edbd..3c613f84 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -63,6 +63,7 @@ $if_real = snort_get_real_interface($pconfig['interface']);
 $snort_uuid = $a_nat[$id]['uuid'];
 $snortdownload = $config['installedpackages']['snortglobal']['snortdownload'];
 $emergingdownload = $config['installedpackages']['snortglobal']['emergingthreats'];
+$etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro'];
 $snortcommunitydownload = $config['installedpackages']['snortglobal']['snortcommunityrules'];
 
 $no_emerging_files = false;
@@ -70,10 +71,13 @@ $no_snort_files = false;
 $no_community_files = false;
 
 /* Test rule categories currently downloaded to $SNORTDIR/rules and set appropriate flags */
-$test = glob("{$snortdir}/rules/emerging-*.rules");
+if (($etpro == 'off' || empty($etpro)) && $emergingdownload == 'on')
+	$test = glob("{$snortdir}/rules/emerging-*.rules");
+elseif ($etpro == 'on' && ($emergingdownload == 'off' || empty($emergingdownload)))
+	$test = glob("{$snortdir}/rules/etpro-*.rules");
 if (empty($test))
 	$no_emerging_files = true;
-$test = glob("{$snortdir}/rules/snort_*.rules");
+$test = glob("{$snortdir}/rules/snort*.rules");
 if (empty($test))
 	$no_snort_files = true;
 if (!file_exists("{$snortdir}/rules/GPLv2_community.rules"))
@@ -184,10 +188,16 @@ if ($_POST['selectall']) {
 	}
 
 	if ($emergingdownload == 'on') {
-		$files = glob("{$snortdir}/rules/emerging*.rules");
+		$files = glob("{$snortdir}/rules/emerging-*.rules");
 		foreach ($files as $file)
 			$rulesets[] = basename($file);
 	}
+	elseif ($etpro == 'on') {
+		$files = glob("{$snortdir}/rules/etpro-*.rules");
+		foreach ($files as $file)
+			$rulesets[] = basename($file);
+	}
+
 	if ($snortcommunitydownload == 'on') {
 		$files = glob("{$snortdir}/rules/*_community.rules");
 		foreach ($files as $file)
@@ -421,7 +431,10 @@ if ($savemsg) {
 			<tr id="frheader">
 				<?php if ($emergingdownload == 'on' && !$no_emerging_files): ?>
 					<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
-					<td width="25%" class="listhdrr"><?php echo gettext('Ruleset: Emerging Threats');?></td>
+					<td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Open Rules');?></td>
+				<?php elseif ($etpro == 'on' && !$no_emerging_files): ?>
+					<td width="5%" class="listhdrr" align="center"><?php echo gettext("Enabled"); ?></td>
+					<td width="25%" class="listhdrr"><?php echo gettext('Ruleset: ET Pro Rules');?></td>
 				<?php else: ?>
 					<td colspan="2" align="center" width="30%" class="listhdrr"><?php echo gettext("Emerging Threats rules not {$msg_emerging}"); ?></td>
 				<?php endif; ?>
@@ -446,7 +459,9 @@ if ($savemsg) {
 					$filename = basename($filename);
 					if (substr($filename, -5) != "rules")
 						continue;
-					if (strstr($filename, "emerging") && $emergingdownload == 'on')
+					if (strstr($filename, "emerging-") && $emergingdownload == 'on')
+						$emergingrules[] = $filename;
+					else if (strstr($filename, "etpro-") && $etpro == 'on')
 						$emergingrules[] = $filename;
 					else if (strstr($filename, "snort") && $snortdownload == 'on') {
 						if (strstr($filename, ".so.rules"))