src/scripts/update-ids-ruleset

   1 #!/usr/bin/perl
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 use strict;
  23 use POSIX;
  24
  25 require '/var/ipfire/general-functions.pl';
  26 require "${General::swroot}/ids-functions.pl";
  27 require "${General::swroot}/lang.pl";
  28
  29 # Load perl module to talk to the kernel syslog.
  30 use Sys::Syslog qw(:DEFAULT setlogsock);
  31
  32 # Variable to store if the process has written a lockfile.
  33 my $locked;
  34
  35 # Hash to store the configured providers.
  36 my %providers = ();
  37
  38 # The user and group name as which this script should be run.
  39 my $run_as = 'nobody';
  40
  41 # Get user and group id of the user.
  42 my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ];
  43
  44 # Check if the script currently runs as root.
  45 if ( $> == 0 ) {
  46         # Drop privileges and switch to the specified user and group.
  47         POSIX::setgid( $gid );
  48         POSIX::setuid( $uid );
  49 }
  50
  51 # Establish the connection to the syslog service.
  52 openlog('oinkmaster', 'cons,pid', 'user');
  53
  54 # Check if the IDS lock file exists.
  55 # In this case the WUI or another instance currently is altering the
  56 # ruleset.
  57 if (-f "$IDS::ids_page_lock_file") {
  58         # Store notice to the syslog.
  59         &_log_to_syslog("<INFO> Autoupdate skipped - Another process was altering the IDS ruleset.");
  60
  61         # Exit.
  62         exit 0;
  63 }
  64
  65 # Check if the red device is active.
  66 unless (-e "${General::swroot}/red/active") {
  67         # Store notice in the syslog.
  68         &_log_to_syslog("<ERROR> Could not update any ruleset - The system is offline.");
  69
  70         # Exit.
  71         exit 0;
  72 }
  73
  74 # Check if enought free disk space is availabe.
  75 my $return = &IDS::checkdiskspace();
  76
  77 # Handle error.
  78 if ($return) {
  79         # Store error in syslog.
  80         &_log_to_syslog("<ERROR> Not enough free disk space, only $return of 300MB are available.");
  81
  82         # Exit.
  83         exit 0;
  84 }
  85
  86 # Lock the IDS page.
  87 &IDS::lock_ids_page();
  88
  89 # The script has requested a lock, so set locket to "1".
  90 $locked = "1";
  91
  92 # Grab the configured providers.
  93 &General::readhasharray("$IDS::providers_settings_file", \%providers);
  94
  95 # Loop through the array of available providers.
  96 foreach my $id (keys %providers) {
  97         # Assign some nice variabled.
  98         my $provider = $providers{$id}[0];
  99         my $enabled_status = $providers{$id}[2];
 100         my $autoupdate_status = $providers{$id}[3];
 101
 102         # Skip the provider if it is not enabled.
 103         next unless($enabled_status eq "enabled");
 104
 105         # Skip the provider if autoupdate is not enabled.
 106         next unless($autoupdate_status eq "enabled");
 107
 108         # Log notice about update.
 109         &_log_to_syslog("<INFO> Performing update for $provider.");
 110
 111         # Call the download function and gather the new ruleset for the current processed provider.
 112         my $return = &IDS::downloadruleset($provider);
 113
 114         # Check if we got a return code.
 115         if ($return) {
 116                 # Handle different return codes.
 117                 if ($return eq "not_modified") {
 118                         # Log notice to syslog.
 119                         &_log_to_syslog("<INFO> Skipping $provider - The ruleset is up-to-date");
 120
 121                 } elsif ($return eq "no url") {
 122                         # Log error to the syslog.
 123                         &_log_to_syslog("<ERROR> Could not determine a download URL for $provider.");
 124
 125                 } else {
 126                         # Log error to syslog.
 127                         &_log_to_syslog("<ERROR> $return");
 128                 }
 129         } else {
 130                 # Log successfull update.
 131                 &_log_to_syslog("<INFO> Successfully updated ruleset for $provider.");
 132
 133                 # Get path and name of the stored rules file or archive.
 134                 my $stored_file = &IDS::_get_dl_rulesfile($provider);
 135
 136                 # Set correct ownership for the downloaded tarball.
 137                 &IDS::set_ownership("$stored_file");
 138         }
 139 }
 140
 141 # Call oinkmaster to alter the ruleset.
 142 &IDS::oinkmaster();
 143
 144 # Set correct ownership for the rulesdir and files.
 145 &IDS::set_ownership("$IDS::rulespath");
 146
 147 # Check if the IDS is running.
 148 if(&IDS::ids_is_running()) {
 149         # Call suricatactrl to perform a reload.
 150         &IDS::call_suricatactrl("reload");
 151 }
 152
 153 #
 154 # Tiny function to sent the error message to the syslog.
 155 #
 156 sub _log_to_syslog($) {
 157         my ($message) = @_;
 158
 159         # The syslog function works best with an array based input,
 160         # so generate one before passing the message details to syslog.
 161         my @syslog = ("ERR", "$message");
 162
 163         # Send the log message.
 164         syslog(@syslog);
 165 }
 166
 167 END {
 168         # Close connection to syslog.
 169         closelog();
 170
 171         # Check if a lock has been requested.
 172         if ($locked) {
 173                 # Unlock the IDS page.
 174                 &IDS::unlock_ids_page();
 175         }
 176 }
 177
 178 1;