The control file are not longer required, because the
initscript uses the settings file to determine if snort
should be started and binded to which interfaches.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This new file will contain the vendor information and url
for downloading their ruleset. In future if the download location
or filename changes, we only need to adjust this one file and ship
it via a core update.
Also extend the downloadrulesfile to be able to directly call the
subfunction.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Move the code for displaying a notice that snort currently is working
into an own subfunction which will be called if oinkmaster currently
is started.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
If a single sid has been activated and then disabled without doing
any other ruleset modifications only one of the oinkmaster files
for enabled / disabled rules has been modified.
In this case it was possible, that the same sid, was part of the
file for enabled rules and part of the file for disabled rules at the
same time.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The enabled rulefiles (rule categories) now will be added
to an own file, which will be included by the snort main config
file.
This will allow us to update snort and push the new main config file
without loosing the activated rulesets anymore.
* Introducing snort-used-rulefiles.conf
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Drop a lot of unused variables and code.
* Re-ordering some code parts.
* Add a lot of comments.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The manually enabled or disabled rules by the user now will be written
to own config files, which will be used by oinkmaster to keep these rules
in the same state after a rules update has been performed.
In short words, if you adjust your ruleset, the changes will not be lost
again if you perform an update of your ruleset.
* Grabbing and storing the cgi values now in an own hash (%cgiparams)
* Introducing oinkmaster config files for enabled and disabled rules.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The complete ruleset will be grouped as categories by it's
corresponding rulefile and printed in hidden tables.
They easiely can be displayed by klicking on the show link and
vice-versa.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Move the code for reading and parsing the snort rule files
into an own subfunction.
* Drop code for reading in and modifying the snort main config file.
* Rework code for parsing and adding the snort rules to the snortrules hash.
* Drop code for gathering a description for the rule files, which does not
because of a file layout change and sadly there is not suitable description
shipped anymore by the snort team.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Move the function for doing the page refresh stuff to the end of the file and
do some layout changes for better reading the code.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Use pure perl for getting the filelist of available
rule files instead of using a sub-shell and unix commands.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The OINKCODE variable was only validated for proper input
when the Save button was clicked.
Did the user demand to download new rules instead, the
content of that variable was not being validated (again)
and was passed to wget on the shell.
This was done with privileges of the "nobody" user.
Fixes#11401
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Release notes:
2016-03-09 - Snort 2.9.8.2
[*] New additions
* Future-flow and DNS API exposed to lua detector.
* Double VLAN tagging support.
[*] Improvements
* Performance improvements to AppID.
* Stability improvements to file and ftp_telnet preprocessor.
* Fixed several issues with SDF and obfuscation.
* Resolved an issue of improper handling of malformed DNS host
in AppID.
* HTTP PAF accepts all tokens between method and version strings
in a request URI.
* Resolved snort build issue with "--disable-perfprofiling" configure
option.
* Enhanced mime parsing by adding support for detecting files
after unknown headers and no headers.
* Fixed issue with gzip decompression. If the server response specifies
Content-Encoding as GZIP, but no Content-Length field for HTTP ver 1.0.
* End of Header(EOH) identification for HTTP response header spanning multiple
packets.
* Improved packet reassembly for HTTP.
* Fixed Flash LZMA decompression issue.
For details see:
https://www.snort.org/downloads/snort/changelog_2.9.8.2.txt
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Almost all of <input type="image"... has both an alt and a
title attribute, but some are missing title, and when the icon
is not very clear, it makes it harder to understand what the icon
does. By adding title, the browser displays text when mouse pointer
is over the icon.
Also add missing quotes for alt and title attributes where needed.
