]>
git.ipfire.org Git - people/mfischer/ipfire-2.x.git/blob - src/scripts/update-ids-ruleset
2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
25 require '/var/ipfire/general-functions.pl';
26 require "${General::swroot}/ids-functions.pl";
27 require "${General::swroot}/lang.pl";
29 # Hash to store the configured providers.
32 # The user and group name as which this script should be run.
33 my $run_as = 'nobody';
35 # Get user and group id of the user.
36 my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ];
38 # Check if the script currently runs as root.
40 # Drop privileges and switch to the specified user and group.
41 POSIX
::setgid
( $gid );
42 POSIX
::setuid
( $uid );
45 # Check if the IDS lock file exists.
46 # In this case the WUI or another instance currently is altering the
48 if (-f
"$IDS::ids_page_lock_file") {
49 # Store notice to the syslog.
50 &IDS
::_log_to_syslog
("Another process currently is altering the IDS ruleset.");
56 # Check if the red device is active.
57 unless (-e
"${General::swroot}/red/active") {
58 # Store notice in the syslog.
59 &IDS
::_log_to_syslog
("The system is offline.");
61 # Store error message for displaying in the WUI.
62 &IDS
::_store_error_message
("$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}");
68 # Check if enought free disk space is availabe.
69 if(&IDS
::checkdiskspace
()) {
70 # Store the error message for displaying in the WUI.
71 &IDS
::_store_error_message
("$Lang::tr{'not enough disk space'}");
78 &IDS
::lock_ids_page
();
80 # Grab the configured providers.
81 &General
::readhasharray
("$IDS::providers_settings_file", \
%providers);
83 # Loop through the array of available providers.
84 foreach my $id (keys %providers) {
85 # Assign some nice variabled.
86 my $provider = $providers{$id}[0];
87 my $autoupdate_status = $providers{$id}[3];
89 # Skip the provider if autoupdate is not enabled.
90 next unless($autoupdate_status eq "enabled");
92 # Call the download function and gather the new ruleset for the current processed provider.
93 if(&IDS
::downloadruleset
($provider)) {
94 # Store error message for displaying in the WUI.
95 &IDS
::_store_error_message
("$provider: $Lang::tr{'could not download latest updates'}");
97 # Unlock the IDS page.
98 &IDS
::unlock_ids_page
();
104 # Get path and name of the stored rules file or archive.
105 my $stored_file = &IDS
::_get_dl_rulesfile
($provider);
107 # Set correct ownership for the downloaded tarball.
108 &IDS
::set_ownership
("$stored_file");
111 # Call oinkmaster to alter the ruleset.
114 # Set correct ownership for the rulesdir and files.
115 &IDS
::set_ownership
("$IDS::rulespath");
117 # Unlock the IDS page.
118 &IDS
::unlock_ids_page
();
120 # Check if the IDS is running.
121 if(&IDS
::ids_is_running
()) {
122 # Call suricatactrl to perform a reload.
123 &IDS
::call_suricatactrl
("reload");