From: Stefan Schantl Date: Sun, 28 Mar 2021 10:47:23 +0000 (+0200) Subject: ids-functions.pl: Introduce merge_classifications() function. X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c895d1c85c496a8c8d74a3fe2aea65f914b9ef9f;p=people%2Fstevee%2Fipfire-2.x.git ids-functions.pl: Introduce merge_classifications() function. This function is used to merge the individual classification files provided by the providers. The result will be written to the classification.config which will be used by the IDS. Fixes #11884. Signed-off-by: Stefan Schantl --- diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 8ee56a07ea..f9bf07af39 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -80,6 +80,9 @@ our $ids_page_lock_file = "/tmp/ids_page_locked"; # Location where the rulefiles are stored. our $rulespath = "/var/lib/suricata"; +# Location of the classification file. +our $classification_file = "$rulespath/classification.config"; + # Location to store local rules. This file will not be touched. our $local_rules_file = "$rulespath/local.rules"; @@ -539,6 +542,71 @@ sub oinkmaster () { closelog(); } +# +## Function to merge the classifications for a given amount of providers and write them +## to the classifications file. +# +sub merge_classifications(@) { + my @providers = @_; + + # Hash to store all collected classifications. + my %classifications = (); + + # Loop through the given array of providers. + foreach my $provider (@providers) { + # Generate full path to classification file. + my $classification_file = "$tmp_directory/conf/$provider\-classification.config"; + + # Skip provider if no classification file exists. + next unless (-f "$classification_file"); + + # Open the classification file. + open(CLASSIFICATION, $classification_file) or die "Could not open file $classification_file. $!\n"; + + # Loop through the file content. + while() { + # Parse the file and grab the classification details. + if ($_ =~/.*config classification\: (.*)/) { + # Split the grabbed details. + my ($short_name, $short_desc, $priority) = split("\,", $1); + + # Check if the grabbed classification is allready known and the priority value is greater + # than the stored one (which causes less priority in the IDS). + if (($classifications{$short_name}) && ($classifications{$short_name}[1] >= $priority)) { + #Change the priority value to the stricter one. + $classifications{$short_name} = [ "$classifications{$short_name}[0]", "$priority" ]; + } else { + # Add the classification to the hash. + $classifications{$short_name} = [ "$short_desc", "$priority" ]; + } + } + } + + # Close the file. + close(CLASSIFICATION); + } + + # Open classification file for writing. + open(FILE, ">", "$classification_file") or die "Could not write to $classification_file. $!\n"; + + # Print notice about autogenerated file. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n\n"; + + # Sort and loop through the hash of classifications. + foreach my $key (sort keys %classifications) { + # Assign some nice variable names for the items. + my $short_name = $key; + my $short_desc = $classifications{$key}[0]; + my $priority = $classifications{$key}[1]; + + # Write the classification to the file. + print FILE "config classification: $short_name,$short_desc,$priority\n"; + } + + # Close file handle. + close(FILE); +} + # ## Function to do all the logging stuff if the downloading or updating of the ruleset fails. #