#!/usr/bin/perl ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2007-2022 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### use strict; use POSIX; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/ids-functions.pl"; require "${General::swroot}/lang.pl"; # Hash to store the configured providers. my %providers = (); # The user and group name as which this script should be run. my $run_as = 'nobody'; # Get user and group id of the user. my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ]; # Check if the script currently runs as root. if ( $> == 0 ) { # Drop privileges and switch to the specified user and group. POSIX::setgid( $gid ); POSIX::setuid( $uid ); } # Check if the IDS lock file exists. # In this case the WUI or another instance currently is altering the # ruleset. if (-f "$IDS::ids_page_lock_file") { # Store notice to the syslog. &IDS::_log_to_syslog("Another process currently is altering the IDS ruleset."); # Exit. exit 0; } # Check if the red device is active. unless (-e "${General::swroot}/red/active") { # Store notice in the syslog. &IDS::_log_to_syslog("The system is offline."); # Store error message for displaying in the WUI. &IDS::_store_error_message("$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}"); # Exit. exit 0; } # Check if enought free disk space is availabe. if(&IDS::checkdiskspace()) { # Store the error message for displaying in the WUI. &IDS::_store_error_message("$Lang::tr{'not enough disk space'}"); # Exit. exit 0; } # Lock the IDS page. &IDS::lock_ids_page(); # Grab the configured providers. &General::readhasharray("$IDS::providers_settings_file", \%providers); # Loop through the array of available providers. foreach my $id (keys %providers) { # Assign some nice variabled. my $provider = $providers{$id}[0]; my $autoupdate_status = $providers{$id}[3]; # Skip the provider if autoupdate is not enabled. next unless($autoupdate_status eq "enabled"); # Call the download function and gather the new ruleset for the current processed provider. if(&IDS::downloadruleset($provider)) { # Store error message for displaying in the WUI. &IDS::_store_error_message("$provider: $Lang::tr{'could not download latest updates'}"); # Unlock the IDS page. &IDS::unlock_ids_page(); # Exit. exit 0; } # Get path and name of the stored rules file or archive. my $stored_file = &IDS::_get_dl_rulesfile($provider); # Set correct ownership for the downloaded tarball. &IDS::set_ownership("$stored_file"); } # Call oinkmaster to alter the ruleset. &IDS::oinkmaster(); # Set correct ownership for the rulesdir and files. &IDS::set_ownership("$IDS::rulespath"); # Unlock the IDS page. &IDS::unlock_ids_page(); # Check if the IDS is running. if(&IDS::ids_is_running()) { # Call suricatactrl to perform a reload. &IDS::call_suricatactrl("reload"); } 1;