Merge branch 'next'

[people/pmueller/ipfire-2.x.git] / config / suricata / convert-snort

diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort
index ca650b149a212d9f0074297d78626fec96d8fd11..64b6e8b6ab838b436bce6271ef00ea3f1a9e2755 100644 (file)
--- a/config/suricata/convert-snort
+++ b/config/suricata/convert-snort
@@ -196,18 +196,8 @@ if (-f $guardian_meta) {
 ## Step 5: Generate and write the file to modify the ruleset.
 #
 
-# Converters default is to only monitor the traffic, so set the IDS action to
-# "alert".
-my $IDS_action = "alert";
-
-# Check if the traffic only should be monitored.
-if ($idssettings{"MONITOR_TRAFFIC_ONLY"} eq "off") {
-       # Swith IDS action to alert only.
-       $IDS_action = "drop";
-}
-
 # Call subfunction and pass the desired IDS action.
-&IDS::write_modify_sids_file($IDS_action);
+&IDS::write_modify_sids_file();
 
 # Set correct ownership.
 &IDS::set_ownership("$IDS::modify_sids_file");
@@ -231,6 +221,9 @@ if (-f $snort_rules_tarball) {
 } else {
        # Check if enought disk space is available.
        if(&IDS::checkdiskspace()) {
+               # Print error message.
+               print "Could not download ruleset - Not enough free diskspace available.\n";
+       } else {
                # Call the download function and grab the new ruleset.
                &IDS::downloadruleset();
        }
@@ -250,7 +243,37 @@ if (-f $IDS::rulestarball) {
 }
 
 #
-## Step 8: Grab used ruleset files from snort config file and convert
+## Step 8: Generate file for the HOME Net.
+#
+
+# Call subfunction to generate the file.
+&IDS::generate_home_net_file();
+
+# Set correct ownership for the homenet file.
+&IDS::set_ownership("$IDS::homenet_file");
+
+#
+## Step 9: Generate file for the DNS servers.
+#
+
+# Call subfunction to generate the file.
+&IDS::generate_dns_servers_file();
+
+# Set correct ownership for the dns_servers_file.
+&IDS::set_ownership("$IDS::dns_servers_file");
+
+#
+## Step 10: Setup automatic ruleset updates.
+#
+
+# Check if a ruleset is configured.
+if($rulessettings{"RULES"}) {
+       # Call suricatactrl and setup the periodic update mechanism.
+       &IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'});
+}
+
+#
+## Step 11: Grab used ruleset files from snort config file and convert
 ##         them into the new format.
 #
 
@@ -296,24 +319,7 @@ close(SNORTCONF);
 &IDS::write_used_rulefiles_file(@enabled_rule_files);
 
 #
-## Step 9: Generate file for the HOME Net.
-#
-
-# Call subfunction to generate the file.
-&IDS::generate_home_net_file();
-
-#
-## Step 10: Setup automatic ruleset updates.
-#
-
-# Check if a ruleset is configured.
-if($rulessettings{"RULES"}) {
-       # Call suricatactrl and setup the periodic update mechanism.
-       &IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'});
-}
-
-#
-## Step 11: Start the IDS if enabled.
+## Step 12: Start the IDS if enabled.
 #
 
 # Check if the IDS should be started.