our $storederrorfile = "/tmp/ids_storederror";
# Location where the rulefiles are stored.
-our $rulespath = "/etc/suricata/rules";
+our $rulespath = "/var/lib/suricata";
# File which contains a list of all supported ruleset sources.
# (Sourcefire, Emergingthreads, etc..)
my $suricatactrl = "/usr/local/bin/suricatactrl";
# Array with allowed commands of suricatactrl.
-my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir' );
+my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir', 'cron' );
+
+# Array with supported cron intervals.
+my @cron_intervals = ('off', 'daily', 'weekly' );
#
## Function for checking if at least 300MB of free disk space are available
# Check if the files in rulesdir have the correct permissions.
&_check_rulesdir_permissions();
+ # Cleanup the rules directory before filling it with the new rulest.
+ &_cleanup_rulesdir();
+
# Load perl module to talk to the kernel syslog.
use Sys::Syslog qw(:DEFAULT setlogsock);
#
sub call_suricatactrl ($) {
# Get called option.
- my ($option) = @_;
+ my ($option, $interval) = @_;
# Loop through the array of supported commands and check if
# the given one is part of it.
# Skip current command unless the given one has been found.
next unless($cmd eq $option);
- # Call the suricatactrl binary and pass the requrested
- # option to it.
- system("$suricatactrl $option &>/dev/null");
+ # Check if the given command is "cron".
+ if ($option eq "cron") {
+ # Check if an interval has been given.
+ if ($interval) {
+ # Check if the given interval is valid.
+ foreach my $element (@cron_intervals) {
+ # Skip current element until the given one has been found.
+ next unless($element eq $interval);
+
+ # Call the suricatactrl binary and pass the "cron" command
+ # with the requrested interval.
+ system("$suricatactrl $option $interval &>/dev/null");
+
+ # Return "1" - True.
+ return 1;
+ }
+ }
+
+ # If we got here, the given interval is not supported or none has been given. - Return nothing.
+ return;
+ } else {
+ # Call the suricatactrl binary and pass the requrested
+ # option to it.
+ system("$suricatactrl $option &>/dev/null");
- # Return "1" - True.
- return 1;
+ # Return "1" - True.
+ return 1;
+ }
}
# Command not found - return nothing.
}
}
+#
+## Private function to cleanup the directory which contains
+## the IDS rules, before extracting and modifing the new ruleset.
+#
+sub _cleanup_rulesdir() {
+ # Open rules directory and do a directory listing.
+ opendir(DIR, $rulespath) or die $!;
+
+ # Loop through the direcory.
+ while (my $file = readdir(DIR)) {
+ # We only want files.
+ next unless (-f "$rulespath/$file");
+
+ # Skip element if it has config as file extension.
+ next if ($file =~ m/\.config$/);
+
+ # Delete the current processed file, if not, exit this function
+ # and return an error message.
+ unlink("$rulespath/$file") or return "Could not delete $rulespath/$file. $!\n";
+ }
+
+ # Return nothing;
+ return;
+}
+
1;