]>
Commit | Line | Data |
---|---|---|
81144407 SS |
1 | #!/usr/bin/perl |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2021 IPFire Development Team <info@ipfire.org> # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | use strict; | |
23 | ||
c2eac6fc SS |
24 | use File::Copy; |
25 | ||
81144407 SS |
26 | require '/var/ipfire/general-functions.pl'; |
27 | require '/var/ipfire/ids-functions.pl'; | |
28 | ||
29 | # Exit if there is no main oinkmaster config file anymore. | |
30 | exit 0 unless (-f "$IDS::settingsdir/oinkmaster.conf"); | |
31 | ||
c215cfd8 SS |
32 | # Array of old files, which are safe to drop. |
33 | my @files_to_drop = ( | |
34 | # Old settings files of oinkmaster. | |
35 | "$IDS::settingsdir/oinkmaster.conf", | |
36 | "$IDS::settingsdir/oinkmaster-disabled-sids.conf", | |
37 | "$IDS::settingsdir/oinkmaster-enabled-sids.conf", | |
38 | "$IDS::settingsdir/oinkmaster-modify-sids.conf", | |
39 | "$IDS::settingddir/oinkmaster-provider-includes.conf", | |
40 | ||
41 | # Old settingsfiles for suricata. | |
42 | "$IDS::settingsdir/suricata-default-rules.yaml", | |
43 | "$IDS::settingsdir/suricata-static-included-rulefiles.yaml", | |
44 | "$IDS::settingsdir/suricata-used-providers.yaml", | |
45 | "$IDS::settingsdir/suricata-used-rulefiles.yaml" | |
46 | ); | |
47 | ||
c2eac6fc SS |
48 | # |
49 | # Step 1: Move downloaded files to new location. | |
50 | # | |
51 | ||
52 | my $old_dl_rulesfiles_dir = "/var/tmp"; | |
53 | ||
54 | # Open old rules directory and do a directory listsing. | |
55 | opendir(DIR, "$old_dl_rulesfiles_dir"); | |
56 | ||
57 | # Loop through the files of the directory. | |
58 | while (my $file = readdir(DIR)) { | |
59 | # Check if the file starts with an "idsrules-". | |
60 | if ($file =~ /^idsrules-/) { | |
61 | # Grab the mtime of the file. | |
62 | my $mtime=(stat "$old_dl_rulesfiles_dir/$file")[9]; | |
63 | ||
64 | # Move the file to its new location. | |
65 | move("$old_dl_rulesfiles_dir/$file", "$IDS::dl_rules_path/$file"); | |
66 | ||
67 | # Set correct ownership. | |
68 | &IDS::set_ownership("$IDS::dl_rules_path/$file"); | |
69 | ||
70 | # Restore the mtime on the file. | |
71 | utime(time(), "$mtime", "$IDS::dl_rules_path/$file"); | |
72 | } | |
73 | } | |
74 | ||
75 | # Close directory handle. | |
76 | closedir(DIR); | |
77 | ||
81144407 SS |
78 | # Get all supported providers. |
79 | my @providers = &IDS::get_ruleset_providers(); | |
80 | ||
c00609ce | 81 | # |
c2eac6fc | 82 | ## Step 2: Convert used rules files. |
c00609ce SS |
83 | # |
84 | ||
85 | # Loop through the array of known providers. | |
86 | foreach my $provider (@providers) { | |
87 | my %used_rulesfiles = (); | |
88 | ||
89 | # Generate old filename which contained the used rulesfile. | |
90 | my $old_used_rulesfiles_file = "$IDS::settingsdir/suricata-$provider\-used-rulefiles.yaml"; | |
91 | ||
92 | # Skip the provider if there is no used rulesfiles file available. | |
93 | next unless (-f $old_used_rulesfiles_file); | |
94 | ||
95 | # Open the used rulesfiles file. | |
96 | open(FILE, "$old_used_rulesfiles_file"); | |
97 | ||
98 | # Read-in the file content. | |
99 | my @file = <FILE>; | |
100 | ||
101 | # Close file handle. | |
102 | close(FILE); | |
103 | ||
104 | # Loop through the file content. | |
105 | foreach my $line(@file) { | |
106 | chomp($line); | |
107 | ||
108 | # Grab the used rulesfile name from the line. | |
109 | if ($line =~ /^\s-\s(.*)/) { | |
110 | my $rulesfile = $1; | |
111 | ||
112 | # Add the used rulesfile to the has of used rulesfile for this provider. | |
113 | $used_rulesfiles{$rulesfile} = "enabled"; | |
114 | } | |
115 | } | |
116 | ||
117 | # Get the filename for the new used rulesfiles file. | |
118 | my $used_rulesfiles_file = &IDS::get_provider_used_rulesfiles_file($provider); | |
119 | ||
120 | # Write the file. | |
121 | &General::writehash("$used_rulesfiles_file", \%used_rulesfiles); | |
122 | ||
123 | # Set the correct ownership for the new file. | |
124 | &IDS::set_ownership("$used_rulesfiles_file"); | |
70b1672d SS |
125 | |
126 | # Delete old used rulesfiles file. | |
127 | unlink("$old_used_rulesfiles_file"); | |
c00609ce SS |
128 | } |
129 | ||
130 | # | |
c2eac6fc | 131 | ## Step 3: Convert ruleset modifictaion files. |
c00609ce SS |
132 | # |
133 | ||
81144407 SS |
134 | # Loop through the array of providers. |
135 | foreach my $provider (@providers) { | |
136 | my %modifications = (); | |
137 | ||
138 | # Generate old filename which hold the ruleset modifications. | |
139 | my $old_modifications_file = "$IDS::settingsdir/oinkmaster\-$provider\-modified-sids.conf"; | |
140 | ||
141 | # Skip provider if there is no modifications file. | |
142 | next unless (-f $old_modifications_file); | |
143 | ||
144 | # Open modifications file. | |
145 | open(FILE, "$old_modifications_file"); | |
146 | ||
147 | # Read-in file content. | |
148 | my @file = <FILE>; | |
149 | ||
150 | # Close file handle. | |
151 | close(FILE); | |
152 | ||
153 | # Loop through the file content. | |
154 | foreach my $line (@file) { | |
155 | chomp($line); | |
156 | ||
157 | # Split line and assign to an temporary array. | |
158 | my @tmp = split(/ /, $line); | |
159 | ||
160 | # Assign nice human-readable variables. | |
161 | my $action = $tmp[0]; | |
162 | my $sid = $tmp[1]; | |
163 | ||
164 | # Process stored rule action and assign to the modifications hash. | |
165 | if ($action eq "enablesid") { | |
166 | $modifications{$sid} = "enabled"; | |
167 | ||
168 | } elsif ($action eq "disablesid") { | |
169 | $modifications{$sid} = "disabled"; | |
170 | } | |
171 | } | |
172 | ||
173 | # Get new filename which will hold the ruleset modifications for this provider. | |
174 | my $new_modifications_file = &IDS::get_provider_ruleset_modifications_file($provider); | |
175 | ||
176 | # Write new modifications file. | |
177 | &General::writehash("$new_modifications_file", \%modifications); | |
178 | ||
179 | # Set correct ownership for the new modifications file. | |
180 | &IDS::set_ownership("$new_modifications_file"); | |
70b1672d SS |
181 | |
182 | # Delete old modifications file. | |
183 | unlink("$old_modifications_file"); | |
81144407 | 184 | } |
9f770254 SS |
185 | |
186 | # | |
2e558477 SS |
187 | ## Step 4: Convert MONTIOR_TRAFFIC_ONLY setting. |
188 | # | |
189 | ||
190 | my %ids_settings = (); | |
191 | my %provider_settings = (); | |
192 | ||
193 | &General::readhash("$IDS::ids_settings_file", \%ids_settings); | |
194 | &General::readhasharray("$IDS::providers_settings_file", \%provider_settings); | |
195 | ||
196 | # Default to IPS mode. | |
197 | my $mode = "IPS"; | |
198 | ||
199 | # Check if MONTOR_TRAFFIC_ONLY has been activated. | |
200 | if(($ids_settings{'MONITOR_TRAFFIC_ONLY'} && $ids_settings{'MONITOR_TRAFFIC_ONLY'} eq "on")) { | |
201 | $mode = "IDS"; | |
202 | } | |
203 | ||
204 | # Loop through the hash of providers. | |
205 | foreach my $key (keys %provider_settings) { | |
206 | # Get and dereference settings array from hash. | |
207 | my @settings = @{ $provider_settings{$key} }; | |
208 | ||
209 | # Add the mode as last element to the settings array. | |
210 | push(@settings, $mode); | |
211 | ||
212 | # Assign the new settings to the hash. | |
213 | $provider_settings{$key} = [ @settings ]; | |
214 | } | |
215 | ||
216 | # Write back providers settings. | |
217 | &General::writehasharray("$IDS::providers_settings_file", \%provider_settings); | |
218 | ||
219 | # | |
220 | ## Step 5: Regenerate the ruleset. | |
221 | # | |
9f770254 SS |
222 | # |
223 | ||
224 | # Call oinkmaster wrapper function. | |
225 | &IDS::oinkmaster(); | |
226 | ||
227 | # | |
2e558477 | 228 | ## Step 6: Write new config file for suricata which contains the used rulesfiles. |
9f770254 SS |
229 | # |
230 | ||
231 | # Get enabled providers. | |
232 | my @enabled_providers = &IDS::get_enabled_providers(); | |
233 | ||
234 | # Write used rulesfiles file. | |
235 | &IDS::write_used_rulefiles_file(@enabled_providers); | |
c215cfd8 | 236 | |
615fd78f SS |
237 | # Set the correct ownership for the new file. |
238 | &IDS::set_ownership("$IDS::suricata_used_rulesfiles_file"); | |
239 | ||
c215cfd8 | 240 | # |
2e558477 | 241 | ## Step 7: Remove unneeded orphaned files. |
c215cfd8 SS |
242 | # |
243 | ||
244 | # Loop through the array of files which are safe to drop. | |
245 | foreach my $file (@files_to_drop) { | |
246 | # Remove the file if it exists. | |
247 | unlink("$file") if (-f "$file"); | |
248 | } | |
f7eedacb SS |
249 | |
250 | # | |
251 | ## Step 8: Restart the IDS if running. | |
252 | # | |
253 | ||
254 | # Check if the IDS is running. | |
255 | if(&IDS::ids_is_running()) { | |
256 | # Call suricatactrl to perform the restart. | |
257 | &IDS::call_suricatactrl("restart"); | |
258 | } |