###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
###############################################################################
use strict;
+use POSIX;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/ids-functions.pl";
require "${General::swroot}/lang.pl";
+# Hash to store the configured providers.
+my %providers = ();
+
+# The user and group name as which this script should be run.
+my $run_as = 'nobody';
+
+# Get user and group id of the user.
+my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ];
+
+# Check if the script currently runs as root.
+if ( $> == 0 ) {
+ # Drop privileges and switch to the specified user and group.
+ POSIX::setgid( $gid );
+ POSIX::setuid( $uid );
+}
+
+# Check if the IDS lock file exists.
+# In this case the WUI or another instance currently is altering the
+# ruleset.
+if (-f "$IDS::ids_page_lock_file") {
+ # Store notice to the syslog.
+ &IDS::_log_to_syslog("Another process currently is altering the IDS ruleset.");
+
+ # Exit.
+ exit 0;
+}
+
# Check if the red device is active.
unless (-e "${General::swroot}/red/active") {
# Store notice in the syslog.
&IDS::_log_to_syslog("The system is offline.");
# Store error message for displaying in the WUI.
- &IDS::_store_error_message("$Lang::tr{'could not download latest updates'}");
+ &IDS::_store_error_message("$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}");
# Exit.
exit 0;
exit 0;
}
-# Call the download function and gather the new ruleset.
-if(&IDS::downloadruleset()) {
- # Store error message for displaying in the WUI.
- &IDS::_store_error_message("$Lang::tr{'could not download latest updates'}");
+# Lock the IDS page.
+&IDS::lock_ids_page();
- # Exit.
- exit 0;
+# Grab the configured providers.
+&General::readhasharray("$IDS::providers_settings_file", \%providers);
+
+# Loop through the array of available providers.
+foreach my $id (keys %providers) {
+ # Assign some nice variabled.
+ my $provider = $providers{$id}[0];
+ my $autoupdate_status = $providers{$id}[3];
+
+ # Skip the provider if autoupdate is not enabled.
+ next unless($autoupdate_status eq "enabled");
+
+ # Call the download function and gather the new ruleset for the current processed provider.
+ if(&IDS::downloadruleset($provider)) {
+ # Store error message for displaying in the WUI.
+ &IDS::_store_error_message("$provider: $Lang::tr{'could not download latest updates'}");
+
+ # Unlock the IDS page.
+ &IDS::unlock_ids_page();
+
+ # Exit.
+ exit 0;
+ }
+
+ # Get path and name of the stored rules file or archive.
+ my $stored_file = &IDS::_get_dl_rulesfile($provider);
+
+ # Set correct ownership for the downloaded tarball.
+ &IDS::set_ownership("$stored_file");
}
# Call oinkmaster to alter the ruleset.
&IDS::oinkmaster();
+# Set correct ownership for the rulesdir and files.
+&IDS::set_ownership("$IDS::rulespath");
+
+# Unlock the IDS page.
+&IDS::unlock_ids_page();
+
# Check if the IDS is running.
if(&IDS::ids_is_running()) {
# Call suricatactrl to perform a reload.