From 330759d88a4adfbf5fc23cb575607b8b99b1b62b Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Fri, 24 Aug 2018 14:55:40 +0200 Subject: [PATCH] ids-functions.pl: Add priviate function _check_rulesdir_permissions() This function checks if all files located in /etc/suricata/rules are writable by the effective user and group (nobody:nobody) and if not calls suricatactl to fix it. Signed-off-by: Stefan Schantl --- config/cfgroot/ids-functions.pl | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 6f7f3ee7ef..783fd0166f 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -48,7 +48,7 @@ our $idspidfile = "/var/run/suricata.pid"; my $suricatactrl = "/usr/local/bin/suricatactrl"; # Array with allowed commands of suricatactrl. -my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload' ); +my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir' ); # ## Function for checking if at least 300MB of free disk space are available @@ -182,6 +182,9 @@ sub downloadruleset { ## A tiny wrapper function to call the oinkmaster script. # sub oinkmaster () { + # Check if the files in rulesdir have the correct permissions. + &_check_rulesdir_permissions(); + # Load perl module to talk to the kernel syslog. use Sys::Syslog qw(:DEFAULT setlogsock); @@ -377,4 +380,27 @@ sub create_empty_file($) { return 1; } +# +## Private function to check if the file permission of the rulespath are correct. +## If not, call suricatactrl to fix them. +# +sub _check_rulesdir_permissions() { + # Open snort rules directory and do a directory listing. + opendir(DIR, $rulespath) or die $!; + # Loop through the direcory. + while (my $file = readdir(DIR)) { + # We only want files. + next unless (-f "$rulespath/$file"); + + # Check if the file is writable by the user. + if (-W "$rulespath/$file") { + # Everything is okay - go on to the next file. + next; + } else { + # There are wrong permissions, call suricatactrl to fix it. + &call_suricatactrl("fix-rules-dir"); + } + } +} + 1; -- 2.39.5