From 2e558477da7438d2bd79411279ae1502f044c787 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 16 Apr 2022 14:39:09 +0200 Subject: [PATCH] convert-ids-backend-files: Convert MONITOR_TRAFFIC_ONLY settings. Signed-off-by: Stefan Schantl --- config/suricata/convert-ids-backend-files | 40 +++++++++++++++++++++-- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/config/suricata/convert-ids-backend-files b/config/suricata/convert-ids-backend-files index 0b81b008ee..302ed52322 100644 --- a/config/suricata/convert-ids-backend-files +++ b/config/suricata/convert-ids-backend-files @@ -184,14 +184,48 @@ foreach my $provider (@providers) { } # -## Step 4: Regenerate the ruleset. +## Step 4: Convert MONTIOR_TRAFFIC_ONLY setting. +# + +my %ids_settings = (); +my %provider_settings = (); + +&General::readhash("$IDS::ids_settings_file", \%ids_settings); +&General::readhasharray("$IDS::providers_settings_file", \%provider_settings); + +# Default to IPS mode. +my $mode = "IPS"; + +# Check if MONTOR_TRAFFIC_ONLY has been activated. +if(($ids_settings{'MONITOR_TRAFFIC_ONLY'} && $ids_settings{'MONITOR_TRAFFIC_ONLY'} eq "on")) { + $mode = "IDS"; +} + +# Loop through the hash of providers. +foreach my $key (keys %provider_settings) { + # Get and dereference settings array from hash. + my @settings = @{ $provider_settings{$key} }; + + # Add the mode as last element to the settings array. + push(@settings, $mode); + + # Assign the new settings to the hash. + $provider_settings{$key} = [ @settings ]; +} + +# Write back providers settings. +&General::writehasharray("$IDS::providers_settings_file", \%provider_settings); + +# +## Step 5: Regenerate the ruleset. +# # # Call oinkmaster wrapper function. &IDS::oinkmaster(); # -## Step 5: Write new config file for suricata which contains the used rulesfiles. +## Step 6: Write new config file for suricata which contains the used rulesfiles. # # Get enabled providers. @@ -201,7 +235,7 @@ my @enabled_providers = &IDS::get_enabled_providers(); &IDS::write_used_rulefiles_file(@enabled_providers); # -## Step 6: Remove unneeded orphaned files. +## Step 7: Remove unneeded orphaned files. # # Loop through the array of files which are safe to drop. -- 2.39.5