[people/pmueller/ipfire-2.x.git] / config / suricata / convert-ids-modifysids-file

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2019 IPFire Development Team <info@ipfire.org>                #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use strict;

require '/var/ipfire/general-functions.pl';
require "${General::swroot}/ids-functions.pl";

# Hash which contains the IDS (suricata) settings.
my %idssettings;

# Hash which contains the RULES settings.
my %rulessettings;

#
## Step 1: Read IDS and rules settings.
#

exit unless(-f $IDS::ids_settings_file and -f $IDS::rules_settings_file);

# Read IDS settings.
&General::readhash("$IDS::ids_settings_file", \%idssettings);

# Read rules settings.
&General::readhash("$IDS::rules_settings_file", \%rulessettings);

#
## Step 2: Generate and write the file to modify the ruleset.
#

my $IDS_action = "drop";

# Check if the traffic only should be monitored.
if ($idssettings{"MONITOR_TRAFFIC_ONLY"} eq "on") {
	# Switch IDS action to alert only.
	$IDS_action = "alert";
}

# Call subfunction and pass the desired IDS action.
&IDS::write_modify_sids_file($IDS_action, $rulessettings{RULES});

# Set correct ownership.
&IDS::set_ownership("$IDS::modify_sids_file");

#
## Step 3: Call oinkmaster to extract and setup the rules structures.
#

# Check if a rulestarball is present.
if (-f $IDS::rulestarball) {
	# Launch oinkmaster by calling the subfunction.
	&IDS::oinkmaster();

	# Set correct ownership for the rulesdir and files.
	&IDS::set_ownership("$IDS::rulespath");
}

#
## Step 4: Start the IDS if enabled.
#

# Check if the IDS should be started.
if($idssettings{"ENABLE_IDS"} eq "on") {
	# Call suricatactrl and reload the rules.
	&IDS::call_suricatactrl("reload");
}
Commit	Line	Data
a5ba473c TF	1	#!/usr/bin/perl
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2019 IPFire Development Team <info@ipfire.org> #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	use strict;
	23
	24	require '/var/ipfire/general-functions.pl';
	25	require "${General::swroot}/ids-functions.pl";
	26
	27	# Hash which contains the IDS (suricata) settings.
	28	my %idssettings;
	29
	30	# Hash which contains the RULES settings.
	31	my %rulessettings;
	32
	33	#
	34	## Step 1: Read IDS and rules settings.
	35	#
	36
	37	exit unless(-f $IDS::ids_settings_file and -f $IDS::rules_settings_file);
	38
	39	# Read IDS settings.
	40	&General::readhash("$IDS::ids_settings_file", \%idssettings);
	41
	42	# Read rules settings.
	43	&General::readhash("$IDS::rules_settings_file", \%rulessettings);
	44
	45	#
	46	## Step 2: Generate and write the file to modify the ruleset.
	47	#
	48
	49	my $IDS_action = "drop";
	50
	51	# Check if the traffic only should be monitored.
	52	if ($idssettings{"MONITOR_TRAFFIC_ONLY"} eq "on") {
	53	# Switch IDS action to alert only.
	54	$IDS_action = "alert";
	55	}
	56
	57	# Call subfunction and pass the desired IDS action.
	58	&IDS::write_modify_sids_file($IDS_action, $rulessettings{RULES});
	59
	60	# Set correct ownership.
	61	&IDS::set_ownership("$IDS::modify_sids_file");
	62
	63	#
	64	## Step 3: Call oinkmaster to extract and setup the rules structures.
65	#
66
67	# Check if a rulestarball is present.
68	if (-f $IDS::rulestarball) {
69	# Launch oinkmaster by calling the subfunction.
70	&IDS::oinkmaster();
71
72	# Set correct ownership for the rulesdir and files.
73	&IDS::set_ownership("$IDS::rulespath");
74	}
75
76	#
77	## Step 4: Start the IDS if enabled.
78	#
79
80	# Check if the IDS should be started.
81	if($idssettings{"ENABLE_IDS"} eq "on") {
82	# Call suricatactrl and reload the rules.
83	&IDS::call_suricatactrl("reload");
84	}