#!/usr/bin/perl
#-----------------------------------------------------------------------------#
#  Copyright (C) 2001 - 2002 Multi-Tech Systems Inc., USA
#  All Rights Reserved
#  Multi-Tech Systems, Inc., 2205, Woodale Dr, Mounds View MN USA
#-----------------------------------------------------------------------------#
#  ModName: Web GUI - Interface
#  Version: 3.25
#  Date: 2005-10-05
#  Modification History - Begin
#  Modification History - End

#Description: This file is responsible to enable/disable portscan and add/delete
#	portscan related rules

sub getmask
{	
	my ($Address,$Mask) = @_;
	@MaskValues = split(/\./,$Mask);
	$value = 0;
	for ($i = 0; $i < 4; $i++)
	{
		$quotient = $MaskValues[$i];
		while ($quotient != 0)
		{
			$rem = $quotient % 16;
			if ($rem == 15)
			{
				$value += 4;
			}
			elsif ($rem == 14)
			{
				$value += 3;
			}
			elsif ($rem == 12)
			{
				$value += 2;
			}
			elsif ($rem == 8)
			{
				$value += 1;
			}
			else
			{
				$value += 0;
			}
			$quotient = $quotient / 16;
		}
		if ($value % 8 != 0)
		{
			last;
		}
	}	
	$AddWithMask = "$Address/$value";
	return $AddWithMask;
}

# Packet Filtering Rules
################################################################################
# Add
# $param[0]  - ID passed from WebUI
# $param[1]  - Destination Address
# $param[2]  - Destination Mask
# $param[3]  - Source Address
# $param[4]  - Source Mask
# $param[5]  - Protocol
# $param[6]  - Port
################################################################################

if($ARGV[0] eq "addrule")
{
	$SrcAddr = $ARGV[1];
	$SrcMask = $ARGV[2];
	$DestAddr = $ARGV[3];
	$DestMask = $ARGV[4];
	$Protocol = $ARGV[5];
	$Port = $ARGV[6];
	$DestAddrWithMask = getmask ($DestAddr, $DestMask);
	$SrcAddrWithMask = getmask ($SrcAddr, $SrcMask);
	if (-e "/etc/multiconf/psdrules")
	{
		open (PORTSCANFILE, "/etc/multiconf/psdrules");
		while (<PORTSCANFILE>)
		{
			@splitvals = split (/:/,$_);
			if (($splitvals[0] eq $SrcAddr) &&
				($splitvals[1] eq $SrcMask) &&
				($splitvals[2] eq $DestAddr) &&
				($splitvals[3] eq $DestMask) &&
				($splitvals[4] eq $Protocol) &&
				(/$Port/))
			{
				close (PORTSCANFILE);
				system ("sync");
				exit;
			}
		}
		close (PORTSCANFILE);
	}

	open (SNORTRULE, ">>/usr/local/snort/local.rules");
	if ($Protocol eq "tcp/udp")
	{
		$strtowrite = "alert tcp $SrcAddrWithMask any -> $DestAddrWithMask $Port (msg:\"User Defined\"; classtype:unknown; sid:269; rev:1;)\n";
		print SNORTRULE $strtowrite;
		$strtowrite = "alert udp $SrcAddrWithMask any -> $DestAddrWithMask $Port (msg:\"User Defined\"; classtype:unknown; sid:269; rev:1;)\n";
		print SNORTRULE $strtowrite;
	}
	elsif ($Protocol eq "any")
	{
		$strtowrite = "alert ip $SrcAddrWithMask any -> $DestAddrWithMask $Port (msg:\"User Defined\"; classtype:unknown; sid:269; rev:1;)\n";
		print SNORTRULE $strtowrite;
	}
	else
	{
		$strtowrite = "alert $Protocol $SrcAddrWithMask any -> $DestAddrWithMask $Port (msg:\"User Defined\"; classtype:unknown; sid:269; rev:1;)\n";
		print SNORTRULE $strtowrite;
	}
	close (SNORTRULE); 
	system("/etc/multiconf/scripts/cvscheckin update /usr/local/snort/local.rules");
	open (PORTSCANFILE, ">>/etc/multiconf/psdrules");
	if ($Protocol eq "tcp/udp")
	{
		print PORTSCANFILE "$SrcAddr:$SrcMask:$DestAddr:$DestMask:$Protocol:$Port 2\n";
	}
	else
	{
		print PORTSCANFILE "$SrcAddr:$SrcMask:$DestAddr:$DestMask:$Protocol:$Port 1\n";
	}
	close (PORTSCANFILE);
	system ("/etc/init.d/snort stop");
	system ("/etc/init.d/snort start 1>/dev/null 2>/dev/null");
}

################################################################################
# Delete 
# $param[0]  - ID passed from WebUI
# $param[1]  - String containing the IP addresses, targets
# $param[2]  - Destination Mask
# $param[3]  - Source Address
# $param[4]  - Source Mask
# $param[5]  - Protocol
################################################################################

elsif($ARGV[0] eq "deleterule")
{
	$SrcAddr = $ARGV[1];
	$SrcMask = $ARGV[2];
	$DestAddr = $ARGV[3];
	$DestMask = $ARGV[4];
	$Protocol = $ARGV[5];
	$Port = $ARGV[6];
	$DestAddrWithMask = getmask ($DestAddr, $DestMask);
	$SrcAddrWithMask = getmask ($SrcAddr, $SrcMask);

	$count = 0;
	open (PORTSCANFILE, "/etc/multiconf/psdrules");
	$tempfile = `/etc/multiconf/scripts/gettempfile`;
	open (TEMPFILE, ">/etc/multiconf/scripts/$tempfile");
	while (<PORTSCANFILE>)
	{
		@splitvals = split (/:/,$_);
		if (($splitvals[0] eq $SrcAddr) &&
			($splitvals[1] eq $SrcMask) &&
			($splitvals[2] eq $DestAddr) &&
			($splitvals[3] eq $DestMask) &&
			($splitvals[4] eq $Protocol) &&
			(/$Port/))
		{
			last;
		}
		else
		{
			print TEMPFILE $_;
			@splitvals = split (/ /,$_);
			chomp ($splitvals[1]);
			$count = $count + $splitvals[1];
		}
	}
	while (<PORTSCANFILE>)
	{
		print TEMPFILE $_;
	}
	close (PORTSCANFILE);
	close (TEMPFILE);
	system ("mv -f /etc/multiconf/scripts/$tempfile /etc/multiconf/psdrules");
	open (PORTSCAN, "/usr/local/snort/local.rules");
	$tempfile = `/etc/multiconf/scripts/gettempfile`;
	open (TEMPFILE, ">/etc/multiconf/scripts/$tempfile");
	$delcount = 0;
	while (<PORTSCAN>)
	{
		if (/User Defined/ && /classtype:unknown/)
		{
			if ($delcount == $count)
			{
				@splitvals = split (/ /,$_);
				if ($Protocol eq "tcp/udp")
				{
					if (($splitvals[2] eq $SrcAddrWithMask) &&
						($splitvals[5] eq $DestAddrWithMask) &&
						($splitvals[1] eq "tcp") &&
						($splitvals[6] eq $Port))
					{
						$_ = <PORTSCAN>;
						last;
					}
					else
					{
						print TEMPFILE $_;
					}
				}
				elsif ($Protocol eq "any")
				{
					if (($splitvals[2] eq $SrcAddrWithMask) &&
						($splitvals[5] eq $DestAddrWithMask) &&
						($splitvals[1] eq "ip") &&
						($splitvals[6] eq $Port))
					{
						last;
					}
					else
					{
						print TEMPFILE $_;
					}
				}
				else
				{
					if (($splitvals[2] eq $SrcAddrWithMask) &&
						($splitvals[5] eq $DestAddrWithMask) &&
						($splitvals[1] eq $Protocol) &&
						($splitvals[6] eq $Port))
					{
						last;
					}
					else
					{
						print TEMPFILE $_;
					}
				}
			}
			else
			{
				print TEMPFILE $_;
				$delcount++;
			}
		}
		else
		{
			print TEMPFILE $_;
		}
	}
	while (<PORTSCAN>)
	{
		print TEMPFILE $_;
	}
	close (TEMPFILE);
	close (PORTSCAN);
	system ("mv -f /etc/multiconf/scripts/$tempfile /usr/local/snort/local.rules");
	system("/etc/multiconf/scripts/cvscheckin update /usr/local/snort/local.rules");
	system ("/etc/init.d/snort stop");
	system ("/etc/init.d/snort start 1>/dev/null 2>/dev/null");
}

################################################################################
# Edit IP Address
# $param[0]  - ID passed from WebUI
# $param[1]  - Old Address
# $param[2]  - Old Mask
# $param[3]  - New Address
# $param[4]  - New Mask
################################################################################

elsif($ARGV[0] eq "editaddress")
{
	$OldAddr = $ARGV[1];
	$OldMask = $ARGV[2];
	$NewAddr = $ARGV[3];
	$NewMask = $ARGV[4];
	$OldAddrWithMask = getmask ($OldAddr, $OldMask);
	$NewAddrWithMask = getmask ($NewAddr, $NewMask);

	$Updated = 0;

	open (PORTSCAN, "/usr/local/snort/local.rules");
	$tempfile = `/etc/multiconf/scripts/gettempfile`;
	open (TEMPFILE, ">/etc/multiconf/scripts/$tempfile");
	while (<PORTSCAN>)
	{
		if (/$OldAddrWithMask/)
		{
			s/$OldAddrWithMask/$NewAddrWithMask/;
			s/$OldAddrWithMask/$NewAddrWithMask/;
			print TEMPFILE $_;
			$Updated = 1;
		}
		else
		{
			print TEMPFILE $_;
		}
	}
	close (TEMPFILE);
	close (PORTSCAN);
	system ("mv -f /etc/multiconf/scripts/$tempfile /usr/local/snort/local.rules");
	open (PORTSCANFILE, "/etc/multiconf/psdrules");
	$psdtempfile = `/etc/multiconf/scripts/gettempfile`;
	open (TEMPFILE, ">/etc/multiconf/scripts/$psdtempfile");
	while (<PORTSCANFILE>)
	{
		chomp ($_);
		@splitvals = split (/:/,$_);
		$SrcAddr = $splitvals[0];
		$SrcMask = $splitvals[1];
		$DestAddr = $splitvals[2];
		$DestMask = $splitvals[3];
		if (($SrcAddr eq $OldAddr) && ($SrcMask eq $OldMask))
		{
			$SrcAddr = $NewAddr;
			$SrcMask = $NewMask;
		}
		if (($DestAddr eq $OldAddr) && ($DestMask eq $OldMask))
		{
			$DestAddr = $NewAddr;
			$DestMask = $NewMask;
		}
		if ($splitvals[6] ne "")
		{
			print TEMPFILE "$SrcAddr:$SrcMask:$DestAddr:$DestMask:$splitvals[4]:$splitvals[5]:$splitvals[6]\n";
		}
		else
		{
			print TEMPFILE "$SrcAddr:$SrcMask:$DestAddr:$DestMask:$splitvals[4]:$splitvals[5]\n";
		}
	}
	close (PORTSCANFILE);
	close (TEMPFILE);
	system ("mv -f /etc/multiconf/scripts/$psdtempfile /etc/multiconf/psdrules");
	if ($Updated == 1)
	{
		system("/etc/multiconf/scripts/cvscheckin update /usr/local/snort/local.rules");
		system ("/etc/init.d/snort stop");
		system ("/etc/init.d/snort start 1>/dev/null 2>/dev/null");
	}
}

################################################################################
# Edit Service (Port number)
# $param[0]  - ID passed from WebUI
# $param[1]  - Old Protocol
# $param[2]  - Old Port
# $param[3]  - New Protocol
# $param[4]  - New Port
################################################################################

elsif($ARGV[0] eq "editservice")
{
	$OldProtocol = $ARGV[1];
	$OldPort = $ARGV[2];
	$NewProtocol = $ARGV[3];
	$NewPort = $ARGV[4];
	open (PORTSCANFILE, "/etc/multiconf/psdrules");
#	$psdtempfile = `/etc/multiconf/scripts/gettempfile`;
#	open (TEMPFILE, ">/etc/multiconf/scripts/$psdtempfile");
#	$strtoreplace = ":$OldPort ";
#	$replacestr = ":$NewPort ";
	while (<PORTSCANFILE>)
	{
		if (/$OldProtocol/ && /$strtoreplace/)
		{
			chomp ($_);
			@splitvals = split (/ /, $_);
			@splitvals = split (/:/, $splitvals[0]);

			$SrcMask = $splitvals[1];

			$DstMask = $splitvals[3];
			$OldProtocol = $splitvals[4];
			$OldDestPort = $splitvals[5];

#			s/$OldProtocol/$NewProtocol/;
#			s/$strtoreplace/$replacestr/;
#			print TEMPFILE $_;
		}
#		else
#		{
#			print TEMPFILE $_;
#		}
	}
	close (PORTSCANFILE);
#	close (TEMPFILE);
	system ("/etc/multiconf/scripts/portscan deleterule $SrcAddr $SrcMask $DstAddr $DstMask $OldProtocol $OldDestPort");
	system ("/etc/multiconf/scripts/portscan addrule $SrcAddr $SrcMask $DstAddr $DstMask $NewProtocol $NewPort");
}
elsif($ARGV[0] eq "oldeditservice")
{
	$OldProtocol = $ARGV[1];
	$OldPort = $ARGV[2];
	$NewProtocol = $ARGV[3];
	$NewPort = $ARGV[4];

	$Updated = 0;

	open (PORTSCAN, "/usr/local/snort/local.rules");
	$tempfile = `/etc/multiconf/scripts/gettempfile`;
	open (TEMPFILE, ">/etc/multiconf/scripts/$tempfile");
	$strtosearch = " $OldPort ";
	$newstr = " $NewPort ";
	while (<PORTSCAN>)
	{
		if (/$OldProtocol/ && /$strtosearch/)
		{
			s/$OldProtocol/$NewProtocol/;
			s/$strtosearch/$newstr/;
			print TEMPFILE $_;
			$Updated = 1;
		}
		else
		{
			print TEMPFILE $_;
		}
	}
	close (TEMPFILE);
	close (PORTSCAN);
	system ("mv -f /etc/multiconf/scripts/$tempfile /usr/local/snort/local.rules");

	open (PORTSCANFILE, "/etc/multiconf/psdrules");
	$psdtempfile = `/etc/multiconf/scripts/gettempfile`;
	open (TEMPFILE, ">/etc/multiconf/scripts/$psdtempfile");
	$strtoreplace = ":$OldPort\n";
	$replacestr = ":$NewPort\n";
	while (<PORTSCANFILE>)
	{
		if (/$OldProtocol/ && /$strtoreplace/)
		{
			s/$OldProtocol/$NewProtocol/;
			s/$strtoreplace/$replacestr/;
			print TEMPFILE $_;
		}
		else
		{
			print TEMPFILE $_;
		}
	}
	close (PORTSCANFILE);
	close (TEMPFILE);
	system ("mv -f /etc/multiconf/scripts/$psdtempfile /etc/multiconf/psdrules");
	if ($Updated == 1)
	{
		system("/etc/multiconf/scripts/cvscheckin update /usr/local/snort/local.rules");
		system ("/etc/init.d/snort stop");
		system ("/etc/init.d/snort start 1>/dev/null 2>/dev/null");
	}
}

elsif($ARGV[0] eq "checkaddress")
{
	$Address = $ARGV[1];
	$Mask = $ARGV[2];
	open (PORTSCANFILE, "/etc/multiconf/psdrules");
	while (<PORTSCANFILE>)
	{
		@splitvals = split (/:/,$_);
		if ((($splitvals[0] eq $Address) && ($splitvals[1] eq $Mask)) ||
		    (($splitvals[2] eq $Address) && ($splitvals[3] eq $Mask)))
		{
			system ("sync");
			print 1;
			exit;
		}
	}
	print 0;
}
elsif($ARGV[0] eq "checkservice")
{
	$Protocol = $ARGV[1];
	$Port = $ARGV[2];

	$portstr = ":" . $Port . " ";
	$protocolstr = ":" . $Protocol . ":";
	open (PORTSCANFILE, "/etc/multiconf/psdrules");
	while (<PORTSCANFILE>)
	{
		if ((/$protocolstr/) && (/$portstr/))
		{
			close (PORTSCANFILE);
			system ("sync");
			print 1;
			exit;
		}
	}
	close (PORTSCANFILE);
	print 0;
}
elsif($ARGV[0] eq "interface")
{
	open (ETH1STAT, "/etc/multiconf/eth1-status");
	while (<ETH1STAT>)
	{
		if (/Current/)
		{
			$CurStr = $_;
		}
	}
	close (ETH1STAT);

	#Get the old IP address, mask values
	@WholeStr = split (/ /,$CurStr);
	$Newlink = $WholeStr[1];

	$strtosearch = "var HOME_NET";
	open (ETH1SNORT, "/usr/local/snort/snort.conf.eth1");
	$tempfile = `/etc/multiconf/scripts/gettempfile`;
	open (TEMPFILE, ">/etc/multiconf/scripts/$tempfile");
	while (<ETH1SNORT>)
	{
		if (/$strtosearch/)
		{
			$strtowrite = "\$" . "$Newlink" . "_ADDRESS";
			print TEMPFILE "var HOME_NET $strtowrite\n";
		}
		else
		{
			print TEMPFILE $_;
		}
	}
	close (ETH1SNORT);
	close (TEMPFILE);
	system ("mv -f /etc/multiconf/scripts/$tempfile /usr/local/snort/snort.conf.eth1");
	system("/etc/multiconf/scripts/CheckIntrusion update 1>/dev/null 2>/dev/null");
	print $Newlink;
}

################################################################################
# Display 
# $param[0]  - ID passed from WebUI
################################################################################

elsif($ARGV[0] eq "disprule")
{
	open (PORTSCANFILE, "/etc/multiconf/psdrules");
	while (<PORTSCANFILE>)
	{
		@splitvals = split (/ /, $_);
		print "$splitvals[0]\n";
	}
	close (PORTSCANFILE);
}

################################################################################
# Enable/disable PortScan Detection 
# $ARGV[0]  - ID passed from WebUI
# $ARGV[1]  - enable/disable
################################################################################

#if($ARGV[0] eq "status")
#{
#	if ($ARGV[1] eq "enable")
#	{
#		$result = `iptables -nL | grep "PORTSCAN_CHAIN  all"`;
#		if ($result eq "")
#		{
#			`iptables -I INPUT 1 -d 0/0 -s 0/0 -j PORTSCAN_CHAIN`;
#		}
#	}
#	elsif ($ARGV[1] eq "disable")
#	{
#		`iptables -D INPUT -d 0/0 -s 0/0 -j PORTSCAN_CHAIN`;
#	}
#}
#
#if($ARGV[0] eq "dispstatus")
#{
#	$result = `iptables -nL | grep "PORTSCAN_CHAIN  all"`;
#	if ($result ne "")
#	{
#		print "enable";
#
#	}
#	else
#	{
#		print "disable";
#	}
#}
elsif ($ARGV[0] eq "status")
{
	open (PROCESSSTATUS, "/etc/multiconf/processstatus");
	$tempfile = `/etc/multiconf/scripts/gettempfile`;
	open (TEMPFILE, ">/etc/multiconf/scripts/$tempfile");
	$if = $ARGV[1];
	while (<PROCESSSTATUS>)
	{
		if (/SNORT$if/)
		{
			if ($ARGV[2] eq "enable")
			{
				@values = split (/=/,$_);
				chomp ($values[1]);
				if ($values[1] eq "ON")
				{
					close (TEMPFILE);
					close (PROCESSSTATUS);
					system ("rm -f /etc/multiconf/scripts/$tempfile");
					system ("sync");
					exit;
				}
				print TEMPFILE "SNORT$if=ON\n";
			}
			elsif ($ARGV[2] eq "disable")
			{
				print TEMPFILE "SNORT$if=OFF\n";
			}
			else
			{
				print TEMPFILE $_;
			}
		}
		else
		{
			print TEMPFILE $_;
		}
	}
	close (TEMPFILE);
	close (PROCESSSTATUS);
	system ("mv -f /etc/multiconf/scripts/$tempfile /etc/multiconf/processstatus");
	if ($ARGV[2] eq "enable")
	{
		system ("/etc/init.d/snort stop");
		system ("/etc/init.d/snort start 1>/dev/null 2>/dev/null");
	}
	elsif ($ARGV[2] eq "disable")
	{
		system ("/etc/init.d/snort stop");
		system ("/etc/init.d/snort start 1>/dev/null 2>/dev/null");
	}
}
elsif ($ARGV[0] eq "dispstatus")
{
	open (AIDECONF, "/etc/multiconf/processstatus");
	while (<AIDECONF>)
	{
		if (/SNORT0/)
		{
			@values = split (/=/,$_);
			$status0 = $values[1];
		}
		elsif (/SNORT1/)
		{
			@values = split (/=/,$_);
			$status1 = $values[1];
		}
		elsif (/SNORT2/)
		{
			@values = split (/=/,$_);
			$status2 = $values[1];
		}
	}
	print $status0;
	print $status1;
	print $status2;
}
#M4 LVPNVer 2.0...
elsif ($ARGV[0] eq "sendlog")
{
	#This option is to send the log file as a mail to the administrator
	#This will be called whenever the log file is rotated

	#First, check out if the alert file is empty. If so, return
	$presentline = `cat /var/log/snort/alert | wc -l | tr -s " " | cut -d " " -f2`;
	chomp ($presentline);

	if ($presentline eq "0")
	{
		exit;
	}

	#Last time when the file was sent to the admin, we would have stored 
	#the date in /etc/multiconf/portscanlog

	$lastdate = "";

	if (-e "/etc/multiconf/portscanlog")
	{
		open (SNORTDATE, "/etc/multiconf/portscanlog");
		$lastdate = <SNORTDATE>;
		close (SNORTDATE);
		chomp ($lastdate);
	}

	$presentdate = `date +%d-%b-%Y,%X`;
	chomp ($presentdate);
	#Write the present line number and date into the portscanlog file
	open (SNORTDATE, ">/etc/multiconf/portscanlog");
	print SNORTDATE "$presentdate\n";
	close (SNORTDATE);
	
	my $NotifyUser = `/etc/multiconf/scripts/settings emailnotify check 'Port Intrusion Detected'`;
	
	if (-e "/etc/multiconf/mailids/email.conf" && ($NotifyUser eq 'yes'))
	{
		open (MAILIDS, "/etc/multiconf/mailids/email.conf") || die "Cannot open mail id list file\n";
		$maillist = "";
		$AdminIdPresent = 0;
		while (<MAILIDS>)
		{
			$AdminIdPresent = 1;
			$mailid = $_;
			chomp ($mailid);
			if ($maillist eq "")
			{
				$maillist = $mailid;
			}
			else
			{
				$maillist = $maillist . " " . $mailid;
			}
		} 
		close (MAILIDS);
		if ($AdminIdPresent == 1)
		{
			$datetoprint = `date`;
			chomp ($datetoprint);
			$hostname = `hostname`;
			chomp ($hostname);
			$subject = $hostname . " - Network Intrusion Detection";
	`cd /usr/local/snortalog;/usr/local/snortalog/snortalog.pl -r -n 50 -h /var/log/snort/alert > /etc/multiconf/psdlivelog.html`;
			system("cp -f /var/log/snort/alert /var/log/snort/alert.txt");
			chdir("/var/log/snort");
			system("zip /var/log/snort/alert.zip alert.txt");
			system("rm -f /var/log/snort/alert.txt");
			`echo "$datetoprint\nThis message is generated by the Network Intrusion Detection module.\nThe attached file contains the intrusions detected by $hostname from $lastdate." | mutt -s "$subject" -a /var/log/snort/alert.zip -a /etc/multiconf/psdlivelog.html $maillist`;
			system("rm -f /var/log/snort/alert.zip");
			system("rm -f /etc/multiconf/psdlivelog.html");
		}
	}
}
elsif ($ARGV[0] eq "sethomenet")
{
	$homenetstr = "var HOME_NET";
	$rulepathstr = "var RULE_PATH";
	for ($i = 0; $i < 3; $i++)
	{
		open (SNORTCONF, "/usr/local/snort/snort.conf.eth$i");
		$tempfile = `/etc/multiconf/scripts/gettempfile`;
		open (TEMPFILE, ">/etc/multiconf/scripts/$tempfile");
		while (<SNORTCONF>)
		{
			if ((/$homenetstr/) && (!(/\#/)))
			{
				$printstr = "$homenetstr \$eth" . $i . "_ADDRESS\n";
				print TEMPFILE $printstr;
print $printstr;
			}
			elsif ((/$rulepathstr/) && (!(/\#/)))
			{
				print TEMPFILE "var RULE_PATH \/usr\/local\/snort\/\n";
			}
			else
			{
				print TEMPFILE $_;
			}
		}
		close (SNORTCONF);
		rename ("/etc/multiconf/scripts/$tempfile", "/usr/local/snort/snort.conf.eth$i");
	}
	system("/etc/multiconf/scripts/CheckIntrusion update");
}
#This will get called whenever the snort alert file is rotated.
#The part of the file not sent to the admin as mail till now will be copied
#to a temporary file. This file will be sent during the next hourly cron job.
elsif ($ARGV[0] eq "logrotate")
{
	if (-e "/etc/multiconf/portscanlog")
	{
		open (SNORTDATE, "/etc/multiconf/portscanlog");
		$lastdate = <SNORTDATE>;
		$lastline = <SNORTDATE>;
		close (SNORTDATE);
		chomp ($lastdate);
		chomp ($lastline);
	}
	$presentline = `cat /var/log/snort/alert | wc -l | tr -s " " | cut -d " " -f2`;
	chomp ($presentline);

	#Get part of the file not sent and copy it into /var/log/snort/rotated
	$leftlines = $presentline - $lastline;
	if ($leftlines > 0)
	{
		`tail -$leftlines /var/log/snort/alert >/var/log/snort/rotated`;
	}
	open (SNORTDATE, ">/etc/multiconf/portscanlog");
	print SNORTDATE "$lastdate\n";
	print SNORTDATE "0\n";
	close (SNORTDATE);
}
#...M4 LVPNVer 2.0
system ("sync");
