+# Gather used rulefiles.
+#
+# Check if the file for activated rulefiles is not empty.
+if(-f $IDS::used_rulefiles_file) {
+ # Open the file for used rulefile and read-in content.
+ open(FILE, $IDS::used_rulefiles_file) or die "Could not open $IDS::used_rulefiles_file. $!\n";
+
+ # Read-in content.
+ my @lines = <FILE>;
+
+ # Close file.
+ close(FILE);
+
+ # Loop through the array.
+ foreach my $line (@lines) {
+ # Remove newlines.
+ chomp($line);
+
+ # Skip comments.
+ next if ($line =~ /\#/);
+
+ # Skip blank lines.
+ next if ($line =~ /^\s*$/);
+
+ # Gather rule sid and message from the ruleline.
+ if ($line =~ /.*- (.*)/) {
+ my $rulefile = $1;
+
+ # Check if the current rulefile exists in the %idsrules hash.
+ # If not, the file probably does not exist anymore or contains
+ # no rules.
+ if($idsrules{$rulefile}) {
+ # Add the rulefile state to the %idsrules hash.
+ $idsrules{$rulefile}{'Rulefile'}{'State'} = "on";
+ }
+ }
+ }
+}
+
+# Save ruleset configuration.
+if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
+ my %oldsettings;
+ my %rulesetsources;
+
+ # Read-in current (old) IDS settings.
+ &General::readhash("$IDS::rules_settings_file", \%oldsettings);
+
+ # Get all available ruleset locations.
+ &General::readhash("$IDS::rulesetsourcesfile", \%rulesetsources);
+
+ # Prevent form name from been stored in conf file.
+ delete $cgiparams{'RULESET'};
+
+ # Grab the URL based on the choosen vendor.
+ my $url = $rulesetsources{$cgiparams{'RULES'}};
+
+ # Check if the choosen vendor (URL) requires an subscription/oinkcode.
+ if ($url =~ /\<oinkcode\>/ ) {
+ # Check if an subscription/oinkcode has been provided.
+ if ($cgiparams{'OINKCODE'}) {
+ # Check if the oinkcode contains unallowed chars.
+ unless ($cgiparams{'OINKCODE'} =~ /^[a-z0-9]+$/) {
+ $errormessage = $Lang::tr{'invalid input for oink code'};
+ }
+ } else {
+ # Print an error message, that an subsription/oinkcode is required for this
+ # vendor.
+ $errormessage = $Lang::tr{'ids oinkcode required'};
+ }
+ }
+
+ # Go on if there are no error messages.
+ if (!$errormessage) {
+ # Store settings into settings file.
+ &General::writehash("$IDS::rules_settings_file", \%cgiparams);
+
+ # Check if the the automatic rule update hass been touched.
+ if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldsettings{'AUTOUPDATE_INTERVAL'}) {
+ # Call suricatactrl to set the new interval.
+ &IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'});
+ }
+
+ # Check if a ruleset is present - if not or the source has been changed download it.
+ if((! %idsrules) || ($oldsettings{'RULES'} ne $cgiparams{'RULES'})) {
+ # Check if the red device is active.
+ unless (-e "${General::swroot}/red/active") {
+ $errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}";
+ }
+
+ # Check if enought free disk space is availabe.
+ if(&IDS::checkdiskspace()) {
+ $errormessage = "$Lang::tr{'not enough disk space'}";
+ }
+
+ # Check if any errors happend.
+ unless ($errormessage) {
+ # Lock the webpage and print notice about downloading
+ # a new ruleset.
+ &working_notice("$Lang::tr{'snort working'}");
+
+ # Call subfunction to download the ruleset.
+ if(&IDS::downloadruleset()) {
+ $errormessage = $Lang::tr{'could not download latest updates'};
+
+ # Call function to store the errormessage.
+ &IDS::_store_error_message($errormessage);
+ } else {
+ # Call subfunction to launch oinkmaster.
+ &IDS::oinkmaster();
+ }
+
+ # Check if the IDS is running.
+ if(&IDS::ids_is_running()) {
+ # Call suricatactrl to stop the IDS - because of the changed
+ # ruleset - the use has to configure it before suricata can be
+ # used again.
+ &IDS::call_suricatactrl("stop");
+ }
+
+ # Perform a reload of the page.
+ &reload();
+ }
+ }
+ }
+