]>
Commit | Line | Data |
---|---|---|
77b373d6 SS |
1 | #!/usr/bin/perl |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2021 IPFire Development Team <info@ipfire.org> # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | use strict; | |
23 | ||
24 | require '/var/ipfire/general-functions.pl'; | |
c0727f8b | 25 | require "${General::swroot}/ids-functions.pl"; |
77b373d6 SS |
26 | |
27 | # Old file declarations | |
28 | my $old_rules_settings_file = "$IDS::settingsdir/rules-settings"; | |
29 | my $old_used_rulefiles_file = "$IDS::settingsdir/suricata-used-rulefiles.yaml"; | |
30 | my $old_enabled_sids_file = "$IDS::settingsdir/oinkmaster-enabled-sids.conf"; | |
31 | my $old_disabled_sids_file = "$IDS::settingsdir/oinkmaster-disabled-sids.conf"; | |
32 | my $old_rules_tarball = "/var/tmp/idsrules.tar.gz"; | |
33 | ||
34 | # Script wide variable to store the used ruleset provider. | |
35 | my $ruleset_provider; | |
36 | ||
37 | # Hashes to store the old and new settings. | |
38 | my %old_rules_settings = (); | |
39 | my %idssettings = (); | |
40 | my %providers_settings = (); | |
41 | ||
42 | exit unless(-f $IDS::ids_settings_file and -f $old_rules_settings_file); | |
43 | ||
44 | # Read-in all settings. | |
45 | &General::readhash($old_rules_settings_file, \%old_rules_settings); | |
46 | &General::readhash($IDS::ids_settings_file, \%idssettings); | |
47 | ||
48 | # | |
49 | ## Step 1: Create new file layout | |
50 | # | |
51 | &IDS::check_and_create_filelayout(); | |
52 | ||
53 | # | |
54 | ## Step 2: Migrate automatic update interval. | |
55 | # | |
56 | ||
57 | # Get old configured autoupdate interval. | |
58 | my $autoupdate_interval = $old_rules_settings{'AUTOUPDATE_INTERVAL'}; | |
59 | ||
60 | # Check for valid intervals. | |
61 | if ($autoupdate_interval eq "off" || $autoupdate_interval eq "daily" || $autoupdate_interval eq "weekly") { | |
62 | # Put the setting to the new configuration location. | |
63 | $idssettings{'AUTOUPDATE_INTERVAL'} = $autoupdate_interval; | |
64 | } else { | |
65 | # Swith to default which should be weekly. | |
66 | $idssettings{'AUTOUPDATE_INTERVAL'} = "weekly"; | |
67 | } | |
68 | ||
69 | # Store the updated idssettings file. | |
70 | &General::writehash($IDS::ids_settings_file, \%idssettings); | |
71 | ||
72 | # | |
73 | ## Step 3: Migrate the providers settings. | |
74 | # | |
75 | ||
76 | # Try to get the previously configured provider. | |
77 | $ruleset_provider = $old_rules_settings{'RULES'}; | |
78 | ||
79 | # Exit the script if no ruleset provider has configured. | |
80 | exit unless ($ruleset_provider); | |
81 | ||
82 | # Defaults. | |
83 | my $id = "1"; | |
84 | my $enabled = "enabled"; | |
85 | my $autoupdate_status = "enabled"; | |
86 | ||
87 | # Try to get a configured subscription code. | |
88 | my $subscription_code = $old_rules_settings{'OINKCODE'}; | |
89 | ||
90 | # Check if the autoupdate should be disabled. | |
91 | if ($idssettings{'AUTOUPDATE_INTERVAL'} eq "off") { | |
92 | # Set the autoupdate for the provider to disabled. | |
93 | $autoupdate_status = "disabled"; | |
94 | } | |
95 | ||
96 | # Create and assign the provider structure to the providers hash. | |
97 | $providers_settings{$id} = [ "$ruleset_provider", "$subscription_code", "$autoupdate_status", "$enabled" ]; | |
98 | ||
99 | # Write the converted provider settings to the new providers-settings file. | |
100 | &General::writehasharray($IDS::providers_settings_file, \%providers_settings); | |
101 | ||
102 | # Set correct ownership. | |
103 | &IDS::set_ownership("$IDS::providers_settings_file"); | |
104 | ||
105 | # Remove old rules settings file. | |
106 | unlink($old_rules_settings_file); | |
107 | ||
108 | # | |
109 | ## Step 4: Rename downloaded rulestarball to new name sheme. | |
110 | # | |
111 | ||
112 | # Check if a rulestarball exists. | |
113 | if (-f $old_rules_tarball) { | |
114 | # Load perl module which contains the move command. | |
115 | use File::Copy; | |
116 | ||
117 | # Call function to generate the path and filename for the new rules tarball name. | |
118 | my $new_rules_tarball = &IDS::_get_dl_rulesfile($ruleset_provider); | |
119 | ||
120 | # Move the rulestarball to the new location. | |
121 | move($old_rules_tarball, $new_rules_tarball); | |
122 | ||
123 | # Set correct ownership. | |
124 | &IDS::set_ownership("$new_rules_tarball"); | |
125 | } | |
126 | ||
127 | # | |
128 | ## Step 5: Migrate oinkmaster configuration files for enabled and disabled rules. | |
129 | # | |
130 | ||
131 | # Read-in old enabled / disabled sids files. | |
132 | my %enabled_disabled_sids = ( | |
133 | &IDS::read_enabled_disabled_sids_file($old_enabled_sids_file), | |
134 | &IDS::read_enabled_disabled_sids_file($old_disabled_sids_file) | |
135 | ); | |
136 | ||
137 | # Check if any modifications have been done. | |
138 | if (%enabled_disabled_sids) { | |
139 | # Get path and filename for new file. | |
140 | my $oinkmaster_provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($ruleset_provider); | |
141 | ||
142 | # Open the new file for writing. | |
a2964e14 | 143 | open (FILE, ">", $oinkmaster_provider_modified_sids_file) or die "Could not write to $oinkmaster_provider_modified_sids_file. $!\n"; |
77b373d6 SS |
144 | |
145 | # Write header to the files. | |
146 | print PROVIDER_MOD_FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; | |
147 | ||
148 | # Loop through the hash. | |
149 | foreach my $sid (keys %enabled_disabled_sids) { | |
150 | # Check if the sid is enabled. | |
151 | if ($enabled_disabled_sids{$sid} eq "enabled") { | |
152 | # Print the sid as enabled to the file. | |
153 | print FILE "enablesid $sid\n"; | |
154 | # Check if the sid is disabled. | |
155 | } elsif ($enabled_disabled_sids{$sid} eq "disabled") { | |
156 | # Print the sid as disabled to the file. | |
157 | print FILE "disablesid $sid\n"; | |
158 | # Something strange happende - skip the current sid. | |
159 | } else { | |
160 | next; | |
161 | } | |
162 | } | |
163 | ||
164 | # Close the file handle. | |
165 | close(FILE); | |
166 | ||
167 | # Add the provider modifications file to the oinkmaster provider includes file. | |
168 | &IDS::alter_oinkmaster_provider_includes_file("add", "$ruleset_provider"); | |
169 | ||
302420ad | 170 | # Set correct ownership for the new generated file. |
77b373d6 | 171 | &IDS::set_ownership("$oinkmaster_provider_modified_sids_file"); |
f901c740 | 172 | } |
77b373d6 | 173 | |
302420ad SS |
174 | # Set correct ownership for the main file. |
175 | &IDS::set_ownership("$IDS::oinkmaster_provider_includes_file"); | |
176 | ||
177 | # Remove old files. | |
178 | unlink($old_enabled_sids_file); | |
179 | unlink($old_disabled_sids_file); | |
77b373d6 SS |
180 | |
181 | # | |
182 | ## Step 6: Call oinkmaster and regenerate the ruleset structures. | |
183 | # | |
184 | &IDS::oinkmaster(); | |
185 | ||
186 | # Set correct ownerships. | |
187 | &IDS::set_ownership("$IDS::rulespath"); | |
188 | ||
189 | # | |
190 | ## Step 7: Migrate used rulefiles into new format. | |
191 | # | |
192 | ||
193 | # Check if the a used rulesfile exists. | |
194 | if (-f $old_used_rulefiles_file) { | |
195 | # Array to collect the used rulefiles. | |
196 | my @used_rulefiles = (); | |
197 | ||
198 | # Open the file or used rulefiles and read-in content. | |
199 | open(FILE, $old_used_rulefiles_file) or die "Could not open $old_used_rulefiles_file. $!\n"; | |
200 | ||
201 | while (<FILE>) { | |
202 | # Assign the current line to a nice variable. | |
203 | my $line = $_; | |
204 | ||
205 | # Remove newlines. | |
206 | chomp($line); | |
207 | ||
208 | # Skip comments. | |
209 | next if ($line =~ /\#/); | |
210 | ||
211 | # Skip blank lines. | |
212 | next if ($line =~ /^\s*$/); | |
213 | ||
214 | # Gather the rulefile. | |
215 | if ($line =~ /.*- (.*)/) { | |
216 | my $rulefile = $1; | |
217 | ||
218 | # Skip whitelist.rules and local.rules | |
219 | next if ($rulefile eq "whitelist.rules" || $rulefile eq "local.rules"); | |
220 | ||
221 | # Splitt the filename into chunks. | |
222 | my @filename = split("-", $rulefile); | |
223 | ||
224 | # Reverse the array. | |
225 | @filename = reverse(@filename); | |
226 | ||
227 | # Get the amount of elements in the array. | |
228 | my $elements = @filename; | |
229 | ||
230 | # Remove last element of the hash. | |
231 | # It contains the vendor name, which will be replaced. | |
232 | if ($elements >= 3) { | |
233 | # Remove last element from hash. | |
234 | pop(@filename); | |
235 | } | |
236 | ||
237 | # Check if the last element of the filename does not | |
238 | # contain the providers name. | |
239 | if ($filename[-1] ne "$ruleset_provider") { | |
240 | # Add provider name as last element. | |
241 | push(@filename, $ruleset_provider); | |
242 | } | |
243 | ||
244 | # Reverse the array back. | |
245 | @filename = reverse(@filename); | |
246 | ||
247 | # Generate the name for the rulesfile. | |
248 | $rulefile = join("-", @filename); | |
249 | ||
250 | # Add the rulefile to the array of used rulesfiles. | |
251 | push(@used_rulefiles, $rulefile); | |
252 | } | |
253 | } | |
254 | ||
255 | # Close the file. | |
256 | close(FILE); | |
257 | ||
258 | # Write the new provider exclusive used rulesfiles file. | |
259 | &IDS::write_used_provider_rulefiles_file($ruleset_provider, @used_rulefiles); | |
260 | ||
261 | # Write main used rulefiles file. | |
262 | &IDS::write_main_used_rulefiles_file("$ruleset_provider"); | |
263 | ||
264 | # Get the provider specific used rulefiles file name. | |
265 | my $provider_used_rulefiles_file = &IDS::get_used_provider_rulesfile_file($ruleset_provider); | |
266 | ||
267 | # Set correct ownerships. | |
268 | &IDS::set_ownership("$provider_used_rulefiles_file"); | |
269 | &IDS::set_ownership("$IDS::suricata_used_providers_file"); | |
270 | &IDS::set_ownership("$IDS::suricata_static_rulefiles_file"); | |
271 | } | |
272 | ||
cd13dbc5 SS |
273 | # Remove old used rulefiles file. |
274 | unlink($old_used_rulefiles_file); | |
275 | ||
77b373d6 SS |
276 | # |
277 | ## Step 8: Reload the IDS ruleset if running. | |
278 | # | |
279 | ||
280 | # Check if the IDS is running. | |
17b9a158 SS |
281 | if(&IDS::ids_is_running()) { |
282 | # Call suricatactrl to restart it. | |
283 | &IDS::call_suricatactrl("restart"); | |
284 | } |