From 55bb6b86219e74e3ce277a82b13e07d7802bd87c Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sun, 20 Mar 2022 18:59:42 +0100 Subject: [PATCH] convert-ids-modification-files: New converter. This converter is responsible to convert the old oinkmaster modification files into the new files and format. Signed-off-by: Stefan Schantl --- .../suricata/convert-ids-modification-files | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 config/suricata/convert-ids-modification-files diff --git a/config/suricata/convert-ids-modification-files b/config/suricata/convert-ids-modification-files new file mode 100644 index 0000000000..555deaf181 --- /dev/null +++ b/config/suricata/convert-ids-modification-files @@ -0,0 +1,80 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2021 IPFire Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +use strict; + +require '/var/ipfire/general-functions.pl'; +require '/var/ipfire/ids-functions.pl'; + +# Exit if there is no main oinkmaster config file anymore. +exit 0 unless (-f "$IDS::settingsdir/oinkmaster.conf"); + +# Get all supported providers. +my @providers = &IDS::get_ruleset_providers(); + +# Loop through the array of providers. +foreach my $provider (@providers) { + my %modifications = (); + + # Generate old filename which hold the ruleset modifications. + my $old_modifications_file = "$IDS::settingsdir/oinkmaster\-$provider\-modified-sids.conf"; + + # Skip provider if there is no modifications file. + next unless (-f $old_modifications_file); + + # Open modifications file. + open(FILE, "$old_modifications_file"); + + # Read-in file content. + my @file = ; + + # Close file handle. + close(FILE); + + # Loop through the file content. + foreach my $line (@file) { + chomp($line); + + # Split line and assign to an temporary array. + my @tmp = split(/ /, $line); + + # Assign nice human-readable variables. + my $action = $tmp[0]; + my $sid = $tmp[1]; + + # Process stored rule action and assign to the modifications hash. + if ($action eq "enablesid") { + $modifications{$sid} = "enabled"; + + } elsif ($action eq "disablesid") { + $modifications{$sid} = "disabled"; + } + } + + # Get new filename which will hold the ruleset modifications for this provider. + my $new_modifications_file = &IDS::get_provider_ruleset_modifications_file($provider); + + # Write new modifications file. + &General::writehash("$new_modifications_file", \%modifications); + + # Set correct ownership for the new modifications file. + &IDS::set_ownership("$new_modifications_file"); +} -- 2.39.5