From 1139cfef3a327fb1160300f05e8515fd7b7a4574 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Wed, 2 Apr 2014 15:19:39 -0400 Subject: Improve GUI tab for rule package updates and match up with Suricata. --- config/snort/snort_check_for_rule_updates.php | 161 ++++++++----- config/snort/snort_download_updates.php | 314 ++++++++++++++++---------- 2 files changed, 294 insertions(+), 181 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index e13c3bef..f16e3310 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -5,7 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013 Bill Meeks + * Copyright (C) 2013-2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -62,6 +62,8 @@ if (!defined("ET_OPEN_FILE_PREFIX")) define("ET_OPEN_FILE_PREFIX", "emerging-"); if (!defined("ET_PRO_FILE_PREFIX")) define("ET_PRO_FILE_PREFIX", "etpro-"); +if (!defined("IPREP_PATH")) + define("IPREP_PATH", "/var/db/snort/iprep/"); $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; @@ -95,7 +97,7 @@ exec("/usr/local/bin/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26 // Save the version with decimal delimiters for use in extracting the rules $snort_version = $snortver[0]; if (empty($snort_version)) - $snort_version = "2.9.5.6"; + $snort_version = "2.9.6.0"; // Create a collapsed version string for use in the tarball filename $snortver[0] = str_replace(".", "", $snortver[0]); @@ -150,22 +152,54 @@ function snort_download_file_url($url, $file_out) { global $g, $config, $pkg_interface, $last_curl_error, $fout, $ch, $file_size, $downloaded, $first_progress_update; + $rfc2616 = array( + 100 => "100 Continue", + 101 => "101 Switching Protocols", + 200 => "200 OK", + 201 => "201 Created", + 202 => "202 Accepted", + 203 => "203 Non-Authoritative Information", + 204 => "204 No Content", + 205 => "205 Reset Content", + 206 => "206 Partial Content", + 300 => "300 Multiple Choices", + 301 => "301 Moved Permanently", + 302 => "302 Found", + 303 => "303 See Other", + 304 => "304 Not Modified", + 305 => "305 Use Proxy", + 306 => "306 (Unused)", + 307 => "307 Temporary Redirect", + 400 => "400 Bad Request", + 401 => "401 Unauthorized", + 402 => "402 Payment Required", + 403 => "403 Forbidden", + 404 => "404 Not Found", + 405 => "405 Method Not Allowed", + 406 => "406 Not Acceptable", + 407 => "407 Proxy Authentication Required", + 408 => "408 Request Timeout", + 409 => "409 Conflict", + 410 => "410 Gone", + 411 => "411 Length Required", + 412 => "412 Precondition Failed", + 413 => "413 Request Entity Too Large", + 414 => "414 Request-URI Too Long", + 415 => "415 Unsupported Media Type", + 416 => "416 Requested Range Not Satisfiable", + 417 => "417 Expectation Failed", + 500 => "500 Internal Server Error", + 501 => "501 Not Implemented", + 502 => "502 Bad Gateway", + 503 => "503 Service Unavailable", + 504 => "504 Gateway Timeout", + 505 => "505 HTTP Version Not Supported" + ); + // Initialize required variables for the pfSense "read_body()" function $file_size = 1; $downloaded = 1; $first_progress_update = TRUE; - - - // Array of message strings for HTTP Response Codes - $http_resp_msg = array( 200 => "OK", 202 => "Accepted", 204 => "No Content", 205 => "Reset Content", - 206 => "Partial Content", 301 => "Moved Permanently", 302 => "Found", - 305 => "Use Proxy", 307 => "Temporary Redirect", 400 => "Bad Request", - 401 => "Unauthorized", 402 => "Payment Required", 403 => "Forbidden", - 404 => "Not Found", 405 => "Method Not Allowed", 407 => "Proxy Authentication Required", - 408 => "Request Timeout", 410 => "Gone", 500 => "Internal Server Error", - 501 => "Not Implemented", 502 => "Bad Gateway", 503 => "Service Unavailable", - 504 => "Gateway Timeout", 505 => "HTTP Version Not Supported" ); - $last_curl_error = ""; $fout = fopen($file_out, "wb"); @@ -215,8 +249,8 @@ function snort_download_file_url($url, $file_out) { if ($rc === false) $last_curl_error = curl_error($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if (isset($http_resp_msg[$http_code])) - $last_curl_error = $http_resp_msg[$http_code]; + if (isset($rfc2616[$http_code])) + $last_curl_error = $rfc2616[$http_code]; curl_close($ch); fclose($fout); @@ -250,7 +284,7 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") { /* error occurred. */ /**********************************************************/ - global $pkg_interface, $snort_rules_upd_log, $last_curl_error; + global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors; $snortdir = SNORTDIR; $filename_md5 = basename($file_dst); @@ -292,9 +326,9 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") { log_error(gettext("[Snort] {$desc} md5 download failed...")); log_error(gettext("[Snort] Server returned error code {$rc}...")); error_log(gettext("\t{$snort_err_msg}\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tServer error message was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + $update_errors = true; return false; } } @@ -318,7 +352,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { /* FALSE if download was not successful. */ /**********************************************************/ - global $pkg_interface, $snort_rules_upd_log, $last_curl_error; + global $pkg_interface, $snort_rules_upd_log, $last_curl_error, $update_errors; $snortdir = SNORTDIR; $filename = basename($file_dst); @@ -348,6 +382,7 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { error_log(gettext("\tDownloaded {$desc} file MD5: " . md5_file($file_dst) . "\n"), 3, $snort_rules_upd_log); error_log(gettext("\tExpected {$desc} file MD5: {$file_md5}\n"), 3, $snort_rules_upd_log); error_log(gettext("\t{$desc} file download failed. {$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + $update_errors = true; return false; } return true; @@ -357,9 +392,9 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { update_output_window(gettext("{$desc} file download failed...")); log_error(gettext("[Snort] {$desc} file download failed... server returned error '{$rc}'...")); error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, $snort_rules_upd_log); - if ($pkg_interface == "console") - error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); + error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, $snort_rules_upd_log); error_log(gettext("\t{$desc} will not be updated.\n"), 3, $snort_rules_upd_log); + $update_errors = true; return false; } @@ -371,25 +406,27 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { /* remove any old $tmpfname files */ if (is_dir("{$tmpfname}")) - exec("/bin/rm -r {$tmpfname}"); + exec("/bin/rm -rf {$tmpfname}"); /* Make sure required snortdirs exsist */ -exec("/bin/mkdir -p {$snortdir}/rules"); -exec("/bin/mkdir -p {$snortdir}/signatures"); -exec("/bin/mkdir -p {$snortdir}/preproc_rules"); -exec("/bin/mkdir -p {$tmpfname}"); -exec("/bin/mkdir -p {$snortlibdir}/dynamicrules"); -exec("/bin/mkdir -p {$snortlogdir}"); +safe_mkdir("{$snortdir}/rules"); +safe_mkdir("{$snortdir}/signatures"); +safe_mkdir("{$snortdir}/preproc_rules"); +safe_mkdir("{$tmpfname}"); +safe_mkdir("{$snortlibdir}/dynamicrules"); +safe_mkdir("{$snortlogdir}"); +safe_mkdir(IPREP_PATH); /* See if we need to automatically clear the Update Log based on 1024K size limit */ if (file_exists($snort_rules_upd_log)) { if (1048576 < filesize($snort_rules_upd_log)) - exec("/bin/rm -r {$snort_rules_upd_log}"); + @unlink("{$snort_rules_upd_log}"); } /* Log start time for this rules update */ error_log(gettext("Starting rules update... Time: " . date("Y-m-d H:i:s") . "\n"), 3, $snort_rules_upd_log); $last_curl_error = ""; +$update_errors = false; /* Check for and download any new Snort VRT sigs */ if ($snortdownload == 'on') { @@ -430,15 +467,17 @@ if ($emergingthreats == 'on') { /* Untar Snort rules file to tmp and install the rules */ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { - /* Currently, only FreeBSD-8-1 and FreeBSD-9-0 precompiled SO rules exist from Snort.org */ - /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x */ + /* Currently, only FreeBSD-8-1, FreeBSD-9-0 and FreeBSD-10-0 precompiled SO rules exist from Snort.org */ + /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x or FreeBSD 10.x */ $freebsd_version_so = 'FreeBSD-8-1'; if (substr(php_uname("r"), 0, 1) == '9') $freebsd_version_so = 'FreeBSD-9-0'; + elseif (substr(php_uname("r"), 0, 2) == '10') + $freebsd_version_so = 'FreeBSD-10-0'; /* Remove the old Snort rules files */ $vrt_prefix = VRT_FILE_PREFIX; - array_map('unlink', glob("{$snortdir}/rules/{$vrt_prefix}*.rules")); + unlink_if_exists("{$snortdir}/rules/{$vrt_prefix}*.rules"); if ($pkg_interface <> "console") { update_status(gettext("Extracting Snort VRT rules...")); @@ -487,7 +526,7 @@ if ($snortdownload == 'on') { exec("/bin/cp {$tmpfname}/so_rules/precompiled/{$freebsd_version_so}/x86-64/{$snort_version}/*.so {$snortlibdir}/dynamicrules/"); } else $nosorules = true; - exec("rm -r {$tmpfname}/so_rules"); + exec("rm -rf {$tmpfname}/so_rules"); if ($nosorules == false) { /* extract Shared Object stub rules, rename and copy to the rules folder. */ if ($pkg_interface <> "console") @@ -498,7 +537,7 @@ if ($snortdownload == 'on') { $newfile = basename($file, ".rules"); @copy($file, "{$snortdir}/rules/" . VRT_FILE_PREFIX . "{$newfile}.so.rules"); } - exec("rm -r {$tmpfname}/so_rules"); + exec("rm -rf {$tmpfname}/so_rules"); } /* extract base etc files */ if ($pkg_interface <> "console") { @@ -556,7 +595,7 @@ if ($snortcommunityrules == 'on') { update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed...")); } error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, $snort_rules_upd_log); - exec("rm -r {$tmpfname}/community"); + exec("rm -rf {$tmpfname}/community"); } } @@ -574,10 +613,10 @@ if ($emergingthreats == 'on') { /* Remove the old Emerging Threats rules files */ $eto_prefix = ET_OPEN_FILE_PREFIX; $etpro_prefix = ET_PRO_FILE_PREFIX; - array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*.rules")); - array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*.rules")); - array_map('unlink', glob("{$snortdir}/rules/{$eto_prefix}*ips.txt")); - array_map('unlink', glob("{$snortdir}/rules/{$etpro_prefix}*ips.txt")); + unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*.rules"); + unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*.rules"); + unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*ips.txt"); + unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*ips.txt"); $files = glob("{$tmpfname}/emerging/rules/*.rules"); foreach ($files as $file) { @@ -591,10 +630,14 @@ if ($emergingthreats == 'on') { $files = glob("{$tmpfname}/emerging/rules/*ips.txt"); foreach ($files as $file) { $newfile = basename($file); - if ($etpro == "on") + if ($etpro == "on") { + @copy($file, IPREP_PATH . ET_PRO_FILE_PREFIX . "{$newfile}"); @copy($file, "{$snortdir}/rules/" . ET_PRO_FILE_PREFIX . "{$newfile}"); - else + } + else { + @copy($file, IPREP_PATH . ET_OPEN_FILE_PREFIX . "{$newfile}"); @copy($file, "{$snortdir}/rules/" . ET_OPEN_FILE_PREFIX . "{$newfile}"); + } } /* base etc files for Emerging Threats rules */ foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { @@ -613,13 +656,13 @@ if ($emergingthreats == 'on') { update_output_window(gettext("Installation of {$et_name} rules completed...")); } error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, $snort_rules_upd_log); - exec("rm -r {$tmpfname}/emerging"); + exec("rm -rf {$tmpfname}/emerging"); } } function snort_apply_customizations($snortcfg, $if_real) { - global $vrt_enabled; + global $vrt_enabled, $rebuild_rules; $snortdir = SNORTDIR; /* Update the Preprocessor rules from the master configuration for the interface if Snort */ @@ -632,7 +675,8 @@ function snort_apply_customizations($snortcfg, $if_real) { } } - snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}"); + if ($rebuild_rules == true) + snort_prepare_rule_files($snortcfg, "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}"); /* Copy the master config and map files to the interface directory */ @copy("{$snortdir}/classification.config", "{$snortdir}/snort_{$snortcfg['uuid']}_{$if_real}/classification.config"); @@ -688,11 +732,11 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* Create configuration for each active Snort interface */ foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { - $if_real = snort_get_real_interface($value['interface']); - $tmp = "Updating rules configuration for: " . snort_get_friendly_interface($value['interface']) . " ..."; + $if_real = get_real_interface($value['interface']); + $tmp = "Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($value['interface']) . " ..."; if ($pkg_interface <> "console"){ update_status(gettext($tmp)); - update_output_window(gettext("Please wait while Snort interface files are being updated...")); + update_output_window(gettext("Please wait while Snort interface files are updated...")); } // Make sure the interface subdirectory and required sub-directories exists. @@ -713,7 +757,7 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = $tmp = "\t" . $tmp . "\n"; if ($value['protect_preproc_rules'] == 'on') { $tmp .= gettext("\tPreprocessor text rules flagged as protected and not updated for "); - $tmp .= snort_get_friendly_interface($value['interface']) . "...\n"; + $tmp .= convert_friendly_interface_to_friendly_descr($value['interface']) . "...\n"; } error_log($tmp, 3, $snort_rules_upd_log); } @@ -729,13 +773,6 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* Clear the rebuild rules flag. */ $rebuild_rules = false; - /* remove old $tmpfname files */ - if (is_dir("{$tmpfname}")) { - if ($pkg_interface <> "console") - update_status(gettext("Cleaning up after rules extraction...")); - exec("/bin/rm -r {$tmpfname}"); - } - /* Restart snort if already running and we are not rebooting to pick up the new rules. */ if (is_process_running("snort") && !$g['booting']) { if ($pkg_interface <> "console") { @@ -755,6 +792,11 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = } } +/* remove $tmpfname files */ +if (is_dir("{$tmpfname}")) { + exec("/bin/rm -rf {$tmpfname}"); +} + if ($pkg_interface <> "console") update_status(gettext("The Rules update has finished...")); log_error(gettext("[Snort] The Rules update has finished.")); @@ -764,4 +806,11 @@ conf_mount_ro(); /* Restore the state of $pkg_interface */ $pkg_interface = $pkg_interface_orig; +/* Save this update status to the configuration file */ +if ($update_errors) + $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("failed"); +else + $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("success"); +$config['installedpackages']['snortglobal']['last_rule_upd_time'] = time(); +write_config(); ?> diff --git a/config/snort/snort_download_updates.php b/config/snort/snort_download_updates.php index 5c9b8210..ecc1e5b5 100755 --- a/config/snort/snort_download_updates.php +++ b/config/snort/snort_download_updates.php @@ -39,7 +39,6 @@ require_once("/usr/local/pkg/snort/snort.inc"); /* Define some locally required variables from Snort constants */ $snortdir = SNORTDIR; $snort_rules_upd_log = RULES_UPD_LOGFILE; -$log = $snort_rules_upd_log; /* Grab the Snort binary version programmatically and */ /* use it to construct the proper Snort VRT rules */ @@ -52,38 +51,71 @@ if (empty($snortver[0])) $snortver[0] = str_replace(".", "", $snortver[0]); $snort_rules_file = "snortrules-snapshot-{$snortver[0]}.tar.gz"; -//$snort_rules_file = VRT_DNLD_FILENAME; $snort_community_rules_filename = GPLV2_DNLD_FILENAME; -/* load only javascript that is needed */ -$snort_load_jquery = 'yes'; -$snort_load_jquery_colorbox = 'yes'; $snortdownload = $config['installedpackages']['snortglobal']['snortdownload']; $emergingthreats = $config['installedpackages']['snortglobal']['emergingthreats']; $etpro = $config['installedpackages']['snortglobal']['emergingthreats_pro']; $snortcommunityrules = $config['installedpackages']['snortglobal']['snortcommunityrules']; +/* Get last update information if available */ +if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_time'])) + $last_rule_upd_time = date('M-d Y H:i', $config['installedpackages']['snortglobal']['last_rule_upd_time']); +else + $last_rule_upd_time = gettext("Unknown"); +if (!empty($config['installedpackages']['snortglobal']['last_rule_upd_status'])) + $last_rule_upd_status = htmlspecialchars($config['installedpackages']['snortglobal']['last_rule_upd_status']); +else + $last_rule_upd_status = gettext("Unknown"); + if ($etpro == "on") { $emergingthreats_filename = ETPRO_DNLD_FILENAME; - $et_name = "EMERGING THREATS PRO RULES"; + $et_name = "Emerging Threats Pro Rules"; } else { $emergingthreats_filename = ET_DNLD_FILENAME; - $et_name = "EMERGING THREATS RULES"; + $et_name = "Emerging Threats Open Rules"; } -/* quick md5s chk */ -$snort_org_sig_chk_local = 'N/A'; -if (file_exists("{$snortdir}/{$snort_rules_file}.md5")) +/* quick md5 chk of downloaded rules */ +if ($snortdownload == 'on') { + $snort_org_sig_chk_local = 'Not Downloaded'; + $snort_org_sig_date = 'Not Downloaded'; +} +else { + $snort_org_sig_chk_local = 'Not Enabled'; + $snort_org_sig_date = 'Not Enabled'; +} +if (file_exists("{$snortdir}/{$snort_rules_file}.md5") && $snortdownload == 'on') { $snort_org_sig_chk_local = file_get_contents("{$snortdir}/{$snort_rules_file}.md5"); + $snort_org_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_rules_file}.md5")); +} -$emergingt_net_sig_chk_local = 'N/A'; -if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5")) +if ($etpro == "on" || $emergingthreats == "on") { + $emergingt_net_sig_chk_local = 'Not Downloaded'; + $emergingt_net_sig_date = 'Not Downloaded'; +} +else { + $emergingt_net_sig_chk_local = 'Not Enabled'; + $emergingt_net_sig_date = 'Not Enabled'; +} +if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5") && ($etpro == "on" || $emergingthreats == "on")) { $emergingt_net_sig_chk_local = file_get_contents("{$snortdir}/{$emergingthreats_filename}.md5"); + $emergingt_net_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$emergingthreats_filename}.md5")); +} -$snort_community_sig_chk_local = 'N/A'; -if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5")) +if ($snortcommunityrules == 'on') { + $snort_community_sig_chk_local = 'Not Downloaded'; + $snort_community_sig_sig_date = 'Not Downloaded'; +} +else { + $snort_community_sig_chk_local = 'Not Enabled'; + $snort_community_sig_sig_date = 'Not Enabled'; +} +if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5") && $snortcommunityrules == 'on') { $snort_community_sig_chk_local = file_get_contents("{$snortdir}/{$snort_community_rules_filename}.md5"); + $snort_community_sig_sig_date = date(DATE_RFC850, filemtime("{$snortdir}/{$snort_community_rules_filename}.md5")); +} /* Check for postback to see if we should clear the update log file. */ if (isset($_POST['clear'])) { @@ -91,7 +123,27 @@ if (isset($_POST['clear'])) { mwexec("/bin/rm -f {$snort_rules_upd_log}"); } -if (isset($_POST['update'])) { +if (isset($_POST['check'])) { + header("Location: /snort/snort_download_rules.php"); + exit; +} + +if ($_POST['force']) { + // Mount file system R/W since we need to remove files + conf_mount_rw(); + + // Remove the existing MD5 signature files to force a download + if (file_exists("{$snortdir}/{$emergingthreats_filename}.md5")) + @unlink("{$snortdir}/{$emergingthreats_filename}.md5"); + if (file_exists("{$snortdir}/{$snort_community_rules_filename}.md5")) + @unlink("{$snortdir}/{$snort_community_rules_filename}.md5"); + if (file_exists("{$snortdir}/{$snort_rules_file}.md5")) + @unlink("{$snortdir}/{$snort_rules_file}.md5"); + + // Revert file system to R/O. + conf_mount_ro(); + + // Go download the updates header("Location: /snort/snort_download_rules.php"); exit; } @@ -101,6 +153,15 @@ $snort_rules_upd_logfile_chk = 'no'; if (file_exists("{$snort_rules_upd_log}")) $snort_rules_upd_logfile_chk = 'yes'; +if ($_POST['view']&& $snort_rules_upd_logfile_chk == 'yes') { + $contents = @file_get_contents($snort_rules_upd_log); + if (empty($contents)) + $input_errors[] = gettext("Unable to read log file: {$snort_rules_upd_log}"); +} + +if ($_POST['hide']) + $contents = ""; + $pgtitle = gettext("Snort: Updates"); include_once("head.inc"); ?> @@ -108,25 +169,6 @@ include_once("head.inc"); -' . $pgtitle . '

';}?> - -
@@ -139,111 +181,134 @@ h += 96; $tab_array[2] = array(gettext("Updates"), true, "/snort/snort_download_updates.php"); $tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php"); $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php"); - $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php"); + $tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php"); $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php"); - $tab_array[7] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); - display_top_tabs($tab_array); + $tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php"); + $tab_array[8] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml"); + display_top_tabs($tab_array, true); ?>
- - + + + + + + + + + + -
-
- + + + + +

+ + + + + + + + - + + + -
-
-

- -

- SNORT VRT RULES  --> -   
-   --> -   
- SNORT GPLv2 COMMUNITY RULES  --> -   
-

-
-
Snort VRT Rules
-
- - + + + -
-
-

-
-
- - ' . gettext("Update Rules") . '
-

- ' . gettext("WARNING:") . '  ' . gettext('No rule types have been selected for download. ') . - gettext('Visit the ') . 'Global Settings Tab' . gettext(' to select rule types.') . '
'; - - echo '

' . "\n"; - } else { - - echo ' -
' . "\n"; - - } - - ?>
-

-
-
Snort GPLv2 Community Rules
-
- - + + + -
-
-

-
-
- " . gettext("View Log") . ""; - echo "          \n"; - }else{ - echo " -    " . gettext("Log is empty.") . "\n"; - } - echo '

' . gettext("The log file is limited to 1024K in size and automatically clears when the limit is exceeded."); - ?> -
-

-
-
- -
+

+
+ + + + + + + + + + + +
+
+ +
     + +
+

+   + Global Settings Tab' . gettext(' to select rule types.'); ?> +

+ +
+ " name="check" id="check" class="formbtn" + title=""/>     + " name="force" id="force" class="formbtn" + title="" + onclick="return confirm('');"/> +

+ +
- - + + + + + + + + + + + - -
-
- -   " . - gettext(" and ") . "" . gettext("EmergingThreats.net") . "" . - gettext(" will go down from time to time. Please be patient."); ?> +
+ +
+ + " name="hide" id="hide" class="formbtn" + title=""/> + + " name="view" id="view" class="formbtn" + title=""/> + +      + " name="clear" id="clear" class="formbtn" + title="" onClick="return confirm('Are you sure you want to delete the log contents?\nOK to confirm, or CANCEL to quit');"/> +
+ +
+

+ +


+
+
+
-
- + + + + + +
+ +  " . + gettext(" and ") . "" . gettext("EmergingThreats.net") . "" . + gettext(" will go down from time to time. Please be patient."); ?>

@@ -252,7 +317,6 @@ h += 96; - -- cgit v1.2.3