From a15c9b16b404bc1970fd016104560e8fd24b5edb Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 15 Apr 2022 05:59:33 +0200
Subject: [PATCH 1/1] IDS: Move autoupdate logic to cron.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/cfgroot/ids-functions.pl | 37 ++++++---------------------------
 config/cron/crontab             |  3 +++
 html/cgi-bin/ids.cgi            | 26 -----------------------
 3 files changed, 9 insertions(+), 57 deletions(-)

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index b433ee90f7..8e1137ce01 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -143,10 +143,7 @@ my $tmp_rules_directory = "$tmp_directory/rules";
 my $tmp_conf_directory = "$tmp_directory/conf";
 
 # Array with allowed commands of suricatactrl.
-my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir', 'cron' );
-
-# Array with supported cron intervals.
-my @cron_intervals = ('off', 'daily', 'weekly' );
+my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir' );
 
 # Array which contains the HTTP ports, which statically will be declared as HTTP_PORTS in the
 # http_ports_file.
@@ -1172,34 +1169,12 @@ sub call_suricatactrl ($) {
 		# Skip current command unless the given one has been found.
 		next unless($cmd eq $option);
 
-		# Check if the given command is "cron".
-		if ($option eq "cron") {
-			# Check if an interval has been given.
-			if ($interval) {
-				# Check if the given interval is valid.
-				foreach my $element (@cron_intervals) {
-					# Skip current element until the given one has been found.
-					next unless($element eq $interval);
-
-					# Call the suricatactrl binary and pass the "cron" command
-					# with the requrested interval.
-					&General::system("$suricatactrl", "$option", "$interval");
-
-					# Return "1" - True.
-					return 1;
-				}
-			}
-
-			# If we got here, the given interval is not supported or none has been given. - Return nothing.
-			return;
-		} else {
-			# Call the suricatactrl binary and pass the requrested
-			# option to it.
-			&General::system("$suricatactrl", "$option");
+		# Call the suricatactrl binary and pass the requrested
+		# option to it.
+		&General::system("$suricatactrl", "$option");
 
-			# Return "1" - True.
-			return 1;
-		}
+		# Return "1" - True.
+		return 1;
 	}
 
 	# Command not found - return nothing.
diff --git a/config/cron/crontab b/config/cron/crontab
index d94dd65c2f..d61d266190 100644
--- a/config/cron/crontab
+++ b/config/cron/crontab
@@ -62,6 +62,9 @@ HOME=/
 # Update location database
 %hourly,random * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-location-database >/dev/null 2>&1
 
+# Update surciata rules.
+%daily,random * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/update-ids-ruleset >/dev/null 2>&1
+
 # Retry sending spooled mails regularly
 %hourly * /usr/sbin/dma -q
 
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 83928b258a..053520b579 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -561,12 +561,6 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) {
 		&General::writehash("$IDS::ids_settings_file", \%cgiparams);
 	}
 
-	# Check if the the automatic rule update hass been touched.
-	if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldidssettings{'AUTOUPDATE_INTERVAL'}) {
-		# Call suricatactrl to set the new interval.
-		&IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'});
-	}
-
 	# Generate file to store the home net.
 	&IDS::generate_home_net_file();
 
@@ -981,22 +975,12 @@ sub show_mainpage() {
 	&General::readhash("$IDS::ids_settings_file", \%idssettings);
 	&General::readhasharray("$IDS::providers_settings_file", \%used_providers);
 
-	# If no autoupdate intervall has been configured yet, set default value.
-	unless(exists($idssettings{'AUTOUPDATE_INTERVAL'})) {
-		# Set default to "weekly".
-		$idssettings{'AUTOUPDATE_INTERVAL'} = 'weekly';
-	}
-
 	# Read-in ignored hosts.
 	&General::readhasharray("$IDS::ignored_file", \%ignored) if (-e $IDS::ignored_file);
 
 	$checked{'ENABLE_IDS'}{'off'} = '';
 	$checked{'ENABLE_IDS'}{'on'} = '';
 	$checked{'ENABLE_IDS'}{$idssettings{'ENABLE_IDS'}} = "checked='checked'";
-	$selected{'AUTOUPDATE_INTERVAL'}{'off'} = '';
-	$selected{'AUTOUPDATE_INTERVAL'}{'daily'} = '';
-	$selected{'AUTOUPDATE_INTERVAL'}{'weekly'} = '';
-	$selected{'AUTOUPDATE_INTERVAL'}{$idssettings{'AUTOUPDATE_INTERVAL'}} = "selected='selected'";
 
 	# Draw current state of the IDS
 	&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'});
@@ -1121,16 +1105,6 @@ print <<END
 				<tr>
 					<td colspan='4'><b>$Lang::tr{'ids automatic rules update'}</b></td>
 				</tr>
-
-				<tr>
-					<td>
-						<select name='AUTOUPDATE_INTERVAL'>
-							<option value='off' $selected{'AUTOUPDATE_INTERVAL'}{'off'} >- $Lang::tr{'Disabled'} -</option>
-							<option value='daily' $selected{'AUTOUPDATE_INTERVAL'}{'daily'} >$Lang::tr{'Daily'}</option>
-							<option value='weekly' $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} >$Lang::tr{'Weekly'}</option>
-						</select>
-					</td>
-				</tr>
 			</table>
 
 			<br><br>
-- 
2.39.2