require '/var/ipfire/general-functions.pl';
require "${General::swroot}/network-functions.pl";
-require "${General::swroot}/suricata/ruleset-sources";
+require "${General::swroot}/suricata/ruleset-sources-new";
# Location where all config and settings files are stored.
our $settingsdir = "${General::swroot}/suricata";
-# File where the used rulefiles are stored.
+# File where the main file for providers ruleset inclusion exists.
+our $suricata_used_providers_file = "$settingsdir/suricata-used-providers.yaml";
+
+# DEPRECATED - File where the used rulefiles are stored.
our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml";
# File where the addresses of the homenet are stored.
unless (-f "$enabled_sids_file") { &create_empty_file($enabled_sids_file); }
unless (-f "$disabled_sids_file") { &create_empty_file($disabled_sids_file); }
unless (-f "$modify_sids_file") { &create_empty_file($modify_sids_file); }
- unless (-f "$used_rulefiles_file") { &create_empty_file($used_rulefiles_file); }
+ unless (-f "$suricata_used_providers_file") { &create_empty_file($suricata_used_providers_file); }
unless (-f "$ids_settings_file") { &create_empty_file($ids_settings_file); }
unless (-f "$providers_settings_file") { &create_empty_file($providers_settings_file); }
unless (-f "$ignored_file") { &create_empty_file($ignored_file); }
&_cleanup_rulesdir();
# Get all enabled providers.
- my @enabled_provides = &get_enabled_providers();
+ my @enabled_providers = &get_enabled_providers();
# Loop through the array of enabled providers.
foreach my $provider (@enabled_providers) {
close(FILE);
}
+#
+## A very tiny function to move an extracted ruleset from the temporary directory into
+## the rules directory.
+#
+sub move_tmp_ruleset() {
+ # Load perl module.
+ use File::Copy;
+
+ # Do a directory listing of the temporary directory.
+ opendir DH, $tmp_rules_directory;
+
+ # Loop over all files.
+ while(my $file = readdir DH) {
+ # Move them to the rules directory.
+ move "$tmp_rules_directory/$file" , "$rulespath/$file";
+ }
+
+ # Close directory handle.
+ closedir DH;
+}
+
#
## Function to cleanup the temporary IDS directroy.
#
}
#
-## Function to generate and write the file for used rulefiles.
+## Function to generate and write the file for used rulefiles file for a given provider.
+##
+## The function requires as first argument a provider handle, and as second an array with files.
#
-sub write_used_rulefiles_file(@) {
- my @files = @_;
+sub write_used_provider_rulefiles_file($@) {
+ my ($provider, @files) = @_;
+
+ # Get the path and file for the provider specific used rulefiles file.
+ my $used_provider_rulesfile_file = &get_used_provider_rulesfile_file($provider);
# Open file for used rulefiles.
- open (FILE, ">$used_rulefiles_file") or die "Could not write to $used_rulefiles_file. $!\n";
+ open (FILE, ">$used_provider_rulesfile_file") or die "Could not write to $used_provider_rulesfile_file. $!\n";
# Write yaml header to the file.
print FILE "%YAML 1.1\n";
# Write header to file.
print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
- # Allways use the whitelist.
- print FILE " - whitelist.rules\n";
-
# Loop through the array of given files.
foreach my $file (@files) {
# Check if the given filename exists and write it to the file of used rulefiles.
close(FILE);
}
+#
+## Function to write the main file for provider rulesfiles inclusions.
+##
+## This function requires an array of provider handles.
+#
+sub write_main_used_rulefiles_file (@) {
+ my (@providers) = @_;
+
+ # Open file for used rulefils inclusion.
+ open (FILE, ">", "$suricata_used_providers_file") or die "Could not write to $suricata_used_providers_file. $!\n";
+
+ # Write yaml header to the file.
+ print FILE "%YAML 1.1\n";
+ print FILE "---\n\n";
+
+ # Write header to file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Loop through the list of given providers.
+ foreach my $provider (@providers) {
+ # Call function to get the providers used rulefiles file.
+ my $filename = &get_used_provider_rulesfile_file($provider);
+
+ # Print the provider to the file.
+ print FILE "include\: $filename\n";
+ }
+
+ # XXX - whitelist.rules is not allowed directly, needs to be in a yaml file which has to be included.
+ # Always use the whitelist file.
+ #print FILE "\n - whitelist.rules\n";
+
+ # Close the filehandle after writing.
+ close(FILE);
+}
+
+#
+## Tiny function to generate the full path and name for the used_provider_rulesfile file of a given provider.
+#
+sub get_used_provider_rulesfile_file ($) {
+ my ($provider) = @_;
+
+ my $filename = "$settingsdir/suricata\-$provider\-used\-rulefiles.yaml";
+
+ # Return the gernerated file.
+ return $filename;
+}
+
#
## Function to generate and write the file for modify the ruleset.
#
}
#
-## Function to get all used rulesfiles files.
+## Function to get the used rules files of a given provider.
#
-sub get_used_rulesfiles() {
+sub read_used_provider_rulesfiles($) {
+ my ($provider) = @_;
+
# Array to store the used rulefiles.
my @used_rulesfiles = ();
+ # Get the used rulesefile file for the provider.
+ my $rulesfile_file = &get_used_provider_rulesfile_file($provider);
+
# Check if the used rulesfile is empty.
- unless (-z $used_rulefiles_file) {
+ unless (-z $rulesfile_file) {
# Open the file or used rulefiles and read-in content.
- open(FILE, $used_rulefiles_file) or die "Could not open $used_rulefiles_file. $!\n";
+ open(FILE, $rulesfile_file) or die "Could not open $rulesfile_file. $!\n";
while (<FILE>) {
# Assign the current line to a nice variable.