From 55dc689e582ffb9066d270d9ab7687f074277d82 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Thu, 1 Apr 2021 11:50:44 +0200 Subject: [PATCH] ids.cgi: Finish code to handle the removal of a provider from the list. Signed-off-by: Stefan Schantl --- html/cgi-bin/ids.cgi | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index e927fb617b..ca58e6ab6c 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -906,6 +906,9 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Read-in provider settings file. &General::readhasharray($IDS::providers_settings_file, \%used_providers); + # Grab the provider name bevore deleting it from hash. + my $provider = $used_providers{$cgiparams{'ID'}}[0]; + # Drop entry from the hash. delete($used_providers{$cgiparams{'ID'}}); @@ -915,15 +918,40 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Write the changed hash to the provide settings file. &General::writehasharray($IDS::providers_settings_file, \%used_providers); - # XXX - The ruleset of the provider needs to be dropped. - # XXX - The remain rulest of suricata needs to be regenerated. - # XXX - Suricata requires a reload or if the last provider has - # been removed it has to be stopped. + # Drop the stored ruleset file. + &IDS::drop_dl_rulesfile($provider); + + # Get the name of the provider rulessets include file. + my $provider_used_rulefile = &get_used_provider_rulesfile_file($provider); + + # Drop the file, it is not longer needed. + unlink("$provider_used_rulefile"); + + # Regenerate ruleset. + &IDS::oinkmaster(); + + # Gather all enabled providers. + my @enabled_providers = &IDS::get_enabled_providers(); + + # Regenerate main providers include file. + &IDS::write_main_used_rulefiles_file(@enabled_providers); + # Check if the IDS is running. - #if(&IDS::ids_is_running()) { - # Call suricatactrl to perform a reload. - # &IDS::call_suricatactrl("reload"); - #} + if(&IDS::ids_is_running()) { + # Get amount of enabled providers. + my $amount = @enabled_providers; + + # Check if at least one enabled provider remains. + if ($amount >= 1) { + # Call suricatactrl to perform a reload. + &IDS::call_suricatactrl("restart"); + + # Stop suricata if no enabled provider remains. + } else { + # Call suricatactrel to perform the stop. + &IDS::call_suricatactrl("stop"); + } + } # Undefine providers flag. undef($cgiparams{'PROVIDERS'}); -- 2.39.5