ids.cgi: Change RUN_MODE to MONITOR_TRAFFIC_ONLY

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-10 02:55:55 +02:00 · 2018-12-24 10:03:18 +01:00
parent ea5c8eeb83
commit 01d02eb63b
3 changed files with 40 additions and 50 deletions
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -574,23 +574,23 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 	# Generate file to store the home net.
 	&generate_home_net_file();

-	# Check if the runmode has been changed.
-	if($cgiparams{'RUN_MODE'} ne $oldidssettings{'RUN_MODE'}) {
-		# Open modify sid's file for writing.
-		open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n";
+	# Open modify sid's file for writing.
+	open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n";

-		# Write file header.
-		print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+	# Write file header.
+	print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";

-		# Check if the configured runmode is IPS.
-		if ($cgiparams{'RUN_MODE'} eq 'IPS') {
-			# Tell oinkmaster to switch all rules from alert to drop.
-			print FILE "modifysid \* \"alert\" \| \"drop\"\n";
-		}
+	# Check if the traffic only should be monitored.
+	unless($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
+		# Tell oinkmaster to switch all rules from alert to drop.
+		print FILE "modifysid \* \"alert\" \| \"drop\"\n";
+	}

-		# Close file handle.
-		close(FILE);
+	# Close file handle.
+	close(FILE);

+	# Check if "MONITOR_TRAFFIC_ONLY" has been changed.
+	if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {
 		# Check if a ruleset exists.
 		if (%idsrules) {
 			# Lock the webpage and print message.
@@ -630,12 +630,6 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 &General::readhash("$idssettingsfile", \%idssettings);
 &General::readhash("$rulessettingsfile", \%rulessettings);

-# If the runmode has not been configured yet, set default value.
-unless(exists($idssettings{'RUN_MODE'})) {
-        # Set default to IPS.
-        $idssettings{'RUN_MODE'} = 'IPS';
-}
-
 # If no autoupdate intervall has been configured yet, set default value.
 unless(exists($rulessettings{'AUTOUPDATE_INTERVAL'})) {
 	# Set default to "weekly".
@@ -648,9 +642,9 @@ unless(exists($rulessettings{'AUTOUPDATE_INTERVAL'})) {
 $checked{'ENABLE_IDS'}{'off'} = '';
 $checked{'ENABLE_IDS'}{'on'} = '';
 $checked{'ENABLE_IDS'}{$idssettings{'ENABLE_IDS'}} = "checked='checked'";
-$checked{'RUN_MODE'}{'IDS'} = '';
-$checked{'RUN_MODE'}{'IPS'} = '';
-$checked{'RUN_MODE'}{$idssettings{'RUN_MODE'}} = "checked='checked'";
+$checked{'MONITOR_TRAFFIC_ONLY'}{'off'} = '';
+$checked{'MONITOR_TRAFFIC_ONLY'}{'on'} = '';
+$checked{'MONITOR_TRAFFIC_ONLY'}{$idssettings{'MONITOR_TRAFFIC_ONLY'}} = "checked='checked'";
 $selected{'RULES'}{'nothing'} = '';
 $selected{'RULES'}{'community'} = '';
 $selected{'RULES'}{'emerging'} = '';
@@ -737,6 +731,17 @@ END
 }
 &Header::closebox();

+my $rulesdate;
+
+# Check if a ruleset allready has been downloaded.
+if ( -f "$IDS::rulestarball"){
+        # Call stat on the filename to obtain detailed information.
+        my @Info = stat("$IDS::rulestarball");
+
+        # Grab details about the creation time.
+        $rulesdate = localtime($Info[9]);
+}
+
 # Draw elements for IDS configuration.
 &Header::openbox('100%', 'center', $Lang::tr{'settings'});

@@ -744,32 +749,24 @@ print <<END
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
 	<table width='100%' border='0'>
 		<tr>
-			<td class='base' colspan='4'>
+			<td class='base' colspan='2'>
 				<input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}>$Lang::tr{'ids activate'} $Lang::tr{'intrusion detection system'}
 			</td>
-		</tr>

-		<tr>
-			<td colspan='4'><br><br></td>
-		</tr>
-
-		<tr>
-			<td class='base' colspan='4'><b>$Lang::tr{'runmode'}</b></td>
-		</tr>
-
-		<tr>
-			<td class='base' colspan='4'>
-				<input type='radio' name='RUN_MODE' value='IDS' $checked{'RUN_MODE'}{'IDS'}>$Lang::tr{'intrusion detection system2'} &nbsp&nbsp&nbsp
-				<input type='radio' name='RUN_MODE' value='IPS' $checked{'RUN_MODE'}{'IPS'}>$Lang::tr{'intrusion prevention system'}
+			<td class='base' colspan='2'>
+				<input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}>$Lang::tr{'ids monitor traffic only'}
 			</td>
 		</tr>

 		<tr>
-			<td colspan='4'><br></td>
+			<td><br><br></td>
+			<td><br><br></td>
+			<td><br><br></td>
+			<td><br><br></td>
 		</tr>

 		<tr>
-			<td colspan='4'><b>$Lang::tr{'ids traffic analyze'}</b><br></td>
+			<td colspan='4'><b>$Lang::tr{'ids monitored interfaces'}</b><br></td>
 		</tr>

 		<tr>
@@ -790,7 +787,7 @@ foreach my $zone (@network_zones) {
 	}

 	print "<td class='base' width='25%'>\n";
-	print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>$Lang::tr{'enabled on'} $Lang::tr{$zone}\n";
+	print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>$Lang::tr{$zone}\n";
 	print "</td>\n";
 }

@@ -814,17 +811,6 @@ END
 # Draw elements for ruleset configuration.
 &Header::openbox('100%', 'center', $Lang::tr{'ids ruleset settings'});

-my $rulesdate;
-
-# Check if a ruleset allready has been downloaded.
-if ( -f "$IDS::rulestarball"){
-	# Call stat on the filename to obtain detailed information.
-	my @Info = stat("$IDS::rulestarball");
-
-	# Grab details about the creation time.
-	$rulesdate = localtime($Info[9]);
-}
-
 print <<END
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
        <table width='100%' border='0'>
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1329,6 +1329,8 @@
 'ids active on' => 'Aktiv auf',
 'ids log viewer' => 'Ansicht IDS-Protokoll',
 'ids logs' => 'IDS-Protokolldateien',
+'ids monitored interfaces' => 'Überwachte Netzwerkzonen',
+'ids monitor traffic only' => 'Netzwerk-Pakete nur überpfrüfen',
 'ids no network zone' => 'Mindestends eine Netzwerk-Zone muss überwacht werden!',
 'ids no ruleset available' => 'Kein Regelset verfügbar, bitte downloaden Sie eines!',
 'ids ruleset settings' => 'Regelset-Einstellungen',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1359,6 +1359,8 @@
 'ids active on' => 'Active on',
 'ids log viewer' => 'IDS log viewer',
 'ids logs' => 'IDS Logs',
+'ids monitored interfaces' => 'Monitored interfaces',
+'ids monitor traffic only' => 'Monitor traffic only',
 'ids no network zone' => 'At least one network zone has to be monitored!',
 'ids no ruleset available' => 'No ruleset available, please download one!',
 'ids ruleset settings' => 'Ruleset settings',