2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2021 IPFire Development Team <info@ipfire.org> #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
26 require '/var/ipfire/general-functions.pl';
27 require '/var/ipfire/ids-functions.pl';
29 # Exit if there is no main oinkmaster config file anymore.
30 exit 0 unless (-f
"$IDS::settingsdir/oinkmaster.conf");
32 # Array of old files, which are safe to drop.
34 # Old settings files of oinkmaster.
35 "$IDS::settingsdir/oinkmaster.conf",
36 "$IDS::settingsdir/oinkmaster-disabled-sids.conf",
37 "$IDS::settingsdir/oinkmaster-enabled-sids.conf",
38 "$IDS::settingsdir/oinkmaster-modify-sids.conf",
39 "$IDS::settingddir/oinkmaster-provider-includes.conf",
41 # Old settingsfiles for suricata.
42 "$IDS::settingsdir/suricata-default-rules.yaml",
43 "$IDS::settingsdir/suricata-static-included-rulefiles.yaml",
44 "$IDS::settingsdir/suricata-used-providers.yaml",
45 "$IDS::settingsdir/suricata-used-rulefiles.yaml"
49 # Step 1: Move downloaded files to new location.
52 my $old_dl_rulesfiles_dir = "/var/tmp";
54 # Open old rules directory and do a directory listsing.
55 opendir(DIR
, "$old_dl_rulesfiles_dir");
57 # Loop through the files of the directory.
58 while (my $file = readdir(DIR
)) {
59 # Check if the file starts with an "idsrules-".
60 if ($file =~ /^idsrules-/) {
61 # Grab the mtime of the file.
62 my $mtime=(stat "$old_dl_rulesfiles_dir/$file")[9];
64 # Move the file to its new location.
65 move
("$old_dl_rulesfiles_dir/$file", "$IDS::dl_rules_path/$file");
67 # Set correct ownership.
68 &IDS
::set_ownership
("$IDS::dl_rules_path/$file");
70 # Restore the mtime on the file.
71 utime(time(), "$mtime", "$IDS::dl_rules_path/$file");
75 # Close directory handle.
78 # Get all supported providers.
79 my @providers = &IDS
::get_ruleset_providers
();
82 ## Step 2: Convert used rules files.
85 # Loop through the array of known providers.
86 foreach my $provider (@providers) {
87 my %used_rulesfiles = ();
89 # Generate old filename which contained the used rulesfile.
90 my $old_used_rulesfiles_file = "$IDS::settingsdir/suricata-$provider\-used-rulefiles.yaml";
92 # Skip the provider if there is no used rulesfiles file available.
93 next unless (-f
$old_used_rulesfiles_file);
95 # Open the used rulesfiles file.
96 open(FILE
, "$old_used_rulesfiles_file");
98 # Read-in the file content.
104 # Loop through the file content.
105 foreach my $line(@file) {
108 # Grab the used rulesfile name from the line.
109 if ($line =~ /^\s-\s(.*)/) {
112 # Add the used rulesfile to the has of used rulesfile for this provider.
113 $used_rulesfiles{$rulesfile} = "enabled";
117 # Get the filename for the new used rulesfiles file.
118 my $used_rulesfiles_file = &IDS
::get_provider_used_rulesfiles_file
($provider);
121 &General
::writehash
("$used_rulesfiles_file", \
%used_rulesfiles);
123 # Set the correct ownership for the new file.
124 &IDS
::set_ownership
("$used_rulesfiles_file");
126 # Delete old used rulesfiles file.
127 unlink("$old_used_rulesfiles_file");
131 ## Step 3: Convert ruleset modifictaion files.
134 # Loop through the array of providers.
135 foreach my $provider (@providers) {
136 my %modifications = ();
138 # Generate old filename which hold the ruleset modifications.
139 my $old_modifications_file = "$IDS::settingsdir/oinkmaster\-$provider\-modified-sids.conf";
141 # Skip provider if there is no modifications file.
142 next unless (-f
$old_modifications_file);
144 # Open modifications file.
145 open(FILE
, "$old_modifications_file");
147 # Read-in file content.
153 # Loop through the file content.
154 foreach my $line (@file) {
157 # Split line and assign to an temporary array.
158 my @tmp = split(/ /, $line);
160 # Assign nice human-readable variables.
161 my $action = $tmp[0];
164 # Process stored rule action and assign to the modifications hash.
165 if ($action eq "enablesid") {
166 $modifications{$sid} = "enabled";
168 } elsif ($action eq "disablesid") {
169 $modifications{$sid} = "disabled";
173 # Get new filename which will hold the ruleset modifications for this provider.
174 my $new_modifications_file = &IDS
::get_provider_ruleset_modifications_file
($provider);
176 # Write new modifications file.
177 &General
::writehash
("$new_modifications_file", \
%modifications);
179 # Set correct ownership for the new modifications file.
180 &IDS
::set_ownership
("$new_modifications_file");
182 # Delete old modifications file.
183 unlink("$old_modifications_file");
187 ## Step 4: Convert MONTIOR_TRAFFIC_ONLY setting.
190 my %ids_settings = ();
191 my %provider_settings = ();
193 &General
::readhash
("$IDS::ids_settings_file", \
%ids_settings);
194 &General
::readhasharray
("$IDS::providers_settings_file", \
%provider_settings);
196 # Default to IPS mode.
199 # Check if MONTOR_TRAFFIC_ONLY has been activated.
200 if(($ids_settings{'MONITOR_TRAFFIC_ONLY'} && $ids_settings{'MONITOR_TRAFFIC_ONLY'} eq "on")) {
204 # Loop through the hash of providers.
205 foreach my $key (keys %provider_settings) {
206 # Get and dereference settings array from hash.
207 my @settings = @
{ $provider_settings{$key} };
209 # Add the mode as last element to the settings array.
210 push(@settings, $mode);
212 # Assign the new settings to the hash.
213 $provider_settings{$key} = [ @settings ];
216 # Write back providers settings.
217 &General
::writehasharray
("$IDS::providers_settings_file", \
%provider_settings);
220 ## Step 5: Regenerate the ruleset.
224 # Call oinkmaster wrapper function.
228 ## Step 6: Write new config file for suricata which contains the used rulesfiles.
231 # Get enabled providers.
232 my @enabled_providers = &IDS
::get_enabled_providers
();
234 # Write used rulesfiles file.
235 &IDS
::write_used_rulefiles_file
(@enabled_providers);
238 ## Step 7: Remove unneeded orphaned files.
241 # Loop through the array of files which are safe to drop.
242 foreach my $file (@files_to_drop) {
243 # Remove the file if it exists.
244 unlink("$file") if (-f
"$file");