# File where the main file for providers ruleset inclusion exists.
our $suricata_used_providers_file = "$settingsdir/suricata-used-providers.yaml";
+# File for static ruleset inclusions.
+our $suricata_static_rulefiles_file = "$settingsdir/suricata-static-included-rulefiles.yaml";
+
# DEPRECATED - File where the used rulefiles are stored.
our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml";
# http_ports_file.
my @http_ports = ('80', '81');
+# Array which contains a list of rulefiles which always will be included if they exist.
+my @static_included_rulefiles = ('local.rules', 'whitelist.rules' );
+
# Hash which allows to convert the download type (dl_type) to a file suffix.
my %dl_type_to_suffix = (
"archive" => ".tar.gz",
sub write_main_used_rulefiles_file (@) {
my (@providers) = @_;
+ # Call function to write the static rulefiles file.
+ &_write_static_rulefiles_file();
+
# Open file for used rulefils inclusion.
open (FILE, ">", "$suricata_used_providers_file") or die "Could not write to $suricata_used_providers_file. $!\n";
print FILE "include\: $filename\n";
}
- # XXX - whitelist.rules is not allowed directly, needs to be in a yaml file which has to be included.
- # Always use the whitelist file.
- #print FILE "\n - whitelist.rules\n";
+ # Always include the file which hold the static includes.
+ print FILE "include\: $suricata_static_rulefiles_file\n";
# Close the filehandle after writing.
close(FILE);
}
+sub _write_static_rulefiles_file () {
+ # Open file.
+ open (FILE, ">", $suricata_static_rulefiles_file) or die "Could not write to $suricata_static_rulefiles_file. $!\n";
+
+ # Write yaml header to the file.
+ print FILE "%YAML 1.1\n";
+ print FILE "---\n\n";
+
+ # Write notice about autogenerated file.
+ print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+ # Loop through the array of static included rulesfiles.
+ foreach my $file (@static_included_rulefiles) {
+ # Check if the file exists.
+ if (-f "$rulespath/$file") {
+ # Write the rulesfile name to the file.
+ print FILE " - $file\n";
+ }
+ }
+
+ # Close the file handle
+ close(FILE);
+}
+
#
## Tiny function to generate the full path and name for the used_provider_rulesfile file of a given provider.
#