]>
Commit | Line | Data |
---|---|---|
a5ba473c TF |
1 | #!/usr/bin/perl |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2019 IPFire Development Team <info@ipfire.org> # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | use strict; | |
23 | ||
24 | require '/var/ipfire/general-functions.pl'; | |
25 | require "${General::swroot}/ids-functions.pl"; | |
26 | ||
27 | # Hash which contains the IDS (suricata) settings. | |
28 | my %idssettings; | |
29 | ||
30 | # Hash which contains the RULES settings. | |
31 | my %rulessettings; | |
32 | ||
33 | # | |
34 | ## Step 1: Read IDS and rules settings. | |
35 | # | |
36 | ||
37 | exit unless(-f $IDS::ids_settings_file and -f $IDS::rules_settings_file); | |
38 | ||
39 | # Read IDS settings. | |
40 | &General::readhash("$IDS::ids_settings_file", \%idssettings); | |
41 | ||
42 | # Read rules settings. | |
43 | &General::readhash("$IDS::rules_settings_file", \%rulessettings); | |
44 | ||
45 | # | |
46 | ## Step 2: Generate and write the file to modify the ruleset. | |
47 | # | |
48 | ||
49 | my $IDS_action = "drop"; | |
50 | ||
51 | # Check if the traffic only should be monitored. | |
52 | if ($idssettings{"MONITOR_TRAFFIC_ONLY"} eq "on") { | |
53 | # Switch IDS action to alert only. | |
54 | $IDS_action = "alert"; | |
55 | } | |
56 | ||
57 | # Call subfunction and pass the desired IDS action. | |
58 | &IDS::write_modify_sids_file($IDS_action, $rulessettings{RULES}); | |
59 | ||
60 | # Set correct ownership. | |
61 | &IDS::set_ownership("$IDS::modify_sids_file"); | |
62 | ||
63 | # | |
64 | ## Step 3: Call oinkmaster to extract and setup the rules structures. | |
65 | # | |
66 | ||
67 | # Check if a rulestarball is present. | |
68 | if (-f $IDS::rulestarball) { | |
69 | # Launch oinkmaster by calling the subfunction. | |
70 | &IDS::oinkmaster(); | |
71 | ||
72 | # Set correct ownership for the rulesdir and files. | |
73 | &IDS::set_ownership("$IDS::rulespath"); | |
74 | } | |
75 | ||
76 | # | |
77 | ## Step 4: Start the IDS if enabled. | |
78 | # | |
79 | ||
80 | # Check if the IDS should be started. | |
81 | if($idssettings{"ENABLE_IDS"} eq "on") { | |
82 | # Call suricatactrl and reload the rules. | |
83 | &IDS::call_suricatactrl("reload"); | |
84 | } |