config/suricata/convert-ids-modification-files

   1 #!/usr/bin/perl
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2021 IPFire Development Team <info@ipfire.org>                #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 use strict;
  23
  24 require '/var/ipfire/general-functions.pl';
  25 require '/var/ipfire/ids-functions.pl';
  26
  27 # Exit if there is no main oinkmaster config file anymore.
  28 exit 0 unless (-f "$IDS::settingsdir/oinkmaster.conf");
  29
  30 # Get all supported providers.
  31 my @providers = &IDS::get_ruleset_providers();
  32
  33 # Loop through the array of providers.
  34 foreach my $provider (@providers) {
  35         my %modifications = ();
  36
  37         # Generate old filename which hold the ruleset modifications.
  38         my $old_modifications_file = "$IDS::settingsdir/oinkmaster\-$provider\-modified-sids.conf";
  39
  40         # Skip provider if there is no modifications file.
  41         next unless (-f $old_modifications_file);
  42
  43         # Open modifications file.
  44         open(FILE, "$old_modifications_file");
  45
  46         # Read-in file content.
  47         my @file = <FILE>;
  48
  49         # Close file handle.
  50         close(FILE);
  51
  52         # Loop through the file content.
  53         foreach my $line (@file) {
  54                 chomp($line);
  55
  56                 # Split line and assign to an temporary array.
  57                 my @tmp = split(/ /, $line);
  58
  59                 # Assign nice human-readable variables.
  60                 my $action = $tmp[0];
  61                 my $sid = $tmp[1];
  62
  63                 # Process stored rule action and assign to the modifications hash.
  64                 if ($action eq "enablesid") {
  65                         $modifications{$sid} = "enabled";
  66
  67                 } elsif ($action eq "disablesid") {
  68                         $modifications{$sid} = "disabled";
  69                 }
  70         }
  71
  72         # Get new filename which will hold the ruleset modifications for this provider.
  73         my $new_modifications_file = &IDS::get_provider_ruleset_modifications_file($provider);
  74
  75         # Write new modifications file.
  76         &General::writehash("$new_modifications_file", \%modifications);
  77
  78         # Set correct ownership for the new modifications file.
  79         &IDS::set_ownership("$new_modifications_file");
  80 }