Stefan Schantl [Wed, 22 Aug 2018 06:39:57 +0000 (08:39 +0200)]
ids.cgi: Rework handling of enabled/disabled sids
Now the enabled or disabled sids are stored in a single
hash instead of two arrays, which easily can be modified.
When saving the ruleset, the new read_enabled_disabled_sids() function
will be used to read-in the current (old) saved enabled or disabled sids
and add them to the new hash structure.
After adding or modifiying sids to the hash, the entries will be written
to the corresponding files.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 22 Aug 2018 06:38:16 +0000 (08:38 +0200)]
ids.cgi: Add function to read the enabled/disabled sid files
This function is used to read-in the files for enabled or disabled sid
files and stores the sid and their state into a temporary hash which will
be returned by the function.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sat, 18 Aug 2018 12:48:30 +0000 (14:48 +0200)]
ids.cgi: Add backend code to handle switch between IDS and IPS mode
This commit adds the required backend code to allow switching
between IDS and IPS mode of suricata.
Technically the behaviour of suricata is specified by the rules -
each of them can contain the action "alert" or "drop" (There are
more actions supported but these two are currently the important one)
When running in IDS mode, the ruleset does not need to be touched,
because the default action is "alert". When switching to IPS mode,
the CGI writes a single line to "oinkmaster-modify-sids.conf" which
is included by oinkmaster and modify the action for each single rule
from alert to drop.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 9 Aug 2018 13:33:25 +0000 (15:33 +0200)]
ids.cgi: Dynamically generate the HOME_NET details for suricata.
Introduce generate_home_net_file() which uses the current network
config to obtain the network address and subnetmask for each
available network zone, generate and write these HOME_NET information
into a yaml compatible file which can be included into the suricata
configuration file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sat, 4 Aug 2018 14:48:27 +0000 (16:48 +0200)]
ids-functions.pl: Add function to get the available network zones
The get_available_network_zones() function uses the /var/ipfire/ethernet/settings
file and translates the configured mode into an array, which contains the names
of the configured network zones.
The array will be returned and easily can be used to loop over this list of
available network zones and perform any kind of actions in other scripts.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 2 Aug 2018 17:54:22 +0000 (19:54 +0200)]
suricata: Introduce basic initscript
Add a very basic initscript, which currently allows to start/stop/restart suricata and
check if the daemon is running.
The script will detect when starting suricata how many CPU cores are present on the system and
will launch suricata in inline mode (NFQUEUE) and listen to as much queues as CPU cores are
detected.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 2 Aug 2018 17:29:36 +0000 (19:29 +0200)]
ids-ruleset-sources: New package
Move the file which contains the download URL's for the IDS rulesets
into an own common package. This will allow us in future to easily ship
a changed file with a core update.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Rename filename to suricata-used-rulefiles.yaml
* Adjust file generation as a yaml file to be compatible with suricata
* Adjust code to correctly read-in and parse the changed file
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Fri, 27 Jul 2018 05:58:23 +0000 (07:58 +0200)]
IDS: Introduce settingsdir variable
The $settingsdir variable is declared in the ids-functions.pl and used to to
store the path where the various files which contains the settings for the IDS and
oinkmaster is located.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 14 Feb 2018 09:20:23 +0000 (10:20 +0100)]
ids.cgi: Rework CGI logic to download a new ruleset
* Drop function to show a notice about snort is working.
* Introduce the log_error function which is responsible for log any
error messages. Currently it writes it to a tempory file, which will
be read by the WUI, the message will be displayed and the temporary file
will be released again.
* Introduce a tiny function to easily perform a reload of the generated
webpage.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 14 Dec 2017 07:31:41 +0000 (08:31 +0100)]
ids.cgi: Drop old control code
The control file are not longer required, because the
initscript uses the settings file to determine if snort
should be started and binded to which interfaches.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 13 Dec 2017 13:45:27 +0000 (14:45 +0100)]
ids.cgi: Introduce ruleset-source.list
This new file will contain the vendor information and url
for downloading their ruleset. In future if the download location
or filename changes, we only need to adjust this one file and ship
it via a core update.
Also extend the downloadrulesfile to be able to directly call the
subfunction.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Tue, 12 Dec 2017 19:16:26 +0000 (20:16 +0100)]
ids.cgi: Always write config files for enabled/disabled rule files
If a single sid has been activated and then disabled without doing
any other ruleset modifications only one of the oinkmaster files
for enabled / disabled rules has been modified.
In this case it was possible, that the same sid, was part of the
file for enabled rules and part of the file for disabled rules at the
same time.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Mon, 11 Dec 2017 07:33:36 +0000 (08:33 +0100)]
ids.cgi: Re-add code to save the ruleset.
The manually enabled or disabled rules by the user now will be written
to own config files, which will be used by oinkmaster to keep these rules
in the same state after a rules update has been performed.
In short words, if you adjust your ruleset, the changes will not be lost
again if you perform an update of your ruleset.
* Grabbing and storing the cgi values now in an own hash (%cgiparams)
* Introducing oinkmaster config files for enabled and disabled rules.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 6 Dec 2017 08:51:46 +0000 (09:51 +0100)]
ids.cgi: Refactor reading-in rule files.
Move the code for reading and parsing the snort rule files
into an own subfunction.
* Drop code for reading in and modifying the snort main config file.
* Rework code for parsing and adding the snort rules to the snortrules hash.
* Drop code for gathering a description for the rule files, which does not
because of a file layout change and sadly there is not suitable description
shipped anymore by the snort team.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>