From 831dbc012825c156db0c26ed072d3a440a009353 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Fri, 2 Apr 2021 20:22:15 +0200 Subject: [PATCH] ids-functions.pl: Move code to handle plain rules files to extractruleset() function. Now everithing which is extracting or moving stored ruleset files is easily accessing via one function which takes care about. Signed-off-by: Stefan Schantl --- config/cfgroot/ids-functions.pl | 146 ++++++++++++++++---------------- 1 file changed, 73 insertions(+), 73 deletions(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 7a36615404..f4f06413c0 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -460,6 +460,9 @@ sub downloadruleset ($) { # ## Function to extract a given ruleset. +## +## In case the ruleset provider offers a plain file, it simply will +## be copied. # sub extractruleset ($) { my ($provider) = @_; @@ -470,12 +473,15 @@ sub extractruleset ($) { # Load perl module to deal with files and path. use File::Basename; + # Load perl module for file copying. + use File::Copy; + # Get full path and downloaded rulesfile for the given provider. my $tarball = &_get_dl_rulesfile($provider); # Check if the file exists. unless (-f $tarball) { - &_log_to_syslog("Could not extract ruleset file: $tarball"); + &_log_to_syslog("Could not find ruleset file: $tarball"); # Return nothing. return; @@ -486,69 +492,84 @@ sub extractruleset ($) { mkdir("$tmp_rules_directory") unless (-d "$tmp_rules_directory"); mkdir("$tmp_conf_directory") unless (-d "$tmp_conf_directory"); - # Initialize the tar module. - my $tar = Archive::Tar->new($tarball); + # Omit the type (dl_type) of the stored ruleset. + my $type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; + + # Handle the different ruleset types. + if ($type eq "plain") { + # Generate destination filename an full path. + my $destination = "$tmp_rules_directory/$provider\-ruleset.rules"; + + # Copy the file into the temporary rules directory. + copy($tarball, $destination); - # Get the filelist inside the tarball. - my @packed_files = $tar->list_files; + } elsif ( $type eq "archive") { + # Initialize the tar module. + my $tar = Archive::Tar->new($tarball); - # Loop through the filelist. - foreach my $packed_file (@packed_files) { - my $destination; + # Get the filelist inside the tarball. + my @packed_files = $tar->list_files; - # Splitt the packed file into chunks. - my $file = fileparse($packed_file); + # Loop through the filelist. + foreach my $packed_file (@packed_files) { + my $destination; - # Handle msg-id.map file. - if ("$file" eq "sid-msg.map") { - # Set extract destination to temporary config_dir. - $destination = "$tmp_conf_directory/$provider\-sid-msg.map"; - # Handle classification.conf - } elsif ("$file" eq "classification.config") { - # Set extract destination to temporary config_dir. - $destination = "$tmp_conf_directory/$provider\-classification.config"; - # Handle rules files. - } elsif ($file =~ m/\.rules$/) { - my $rulesfilename; + # Splitt the packed file into chunks. + my $file = fileparse($packed_file); - # Splitt the filename into chunks. - my @filename = split("-", $file); + # Handle msg-id.map file. + if ("$file" eq "sid-msg.map") { + # Set extract destination to temporary config_dir. + $destination = "$tmp_conf_directory/$provider\-sid-msg.map"; - # Reverse the array. - @filename = reverse(@filename); + # Handle classification.conf + } elsif ("$file" eq "classification.config") { + # Set extract destination to temporary config_dir. + $destination = "$tmp_conf_directory/$provider\-classification.config"; - # Get the amount of elements in the array. - my $elements = @filename; + # Handle rules files. + } elsif ($file =~ m/\.rules$/) { + my $rulesfilename; - # Remove last element of the hash. - # It contains the vendor name, which will be replaced. - if ($elements >= 3) { + # Splitt the filename into chunks. + my @filename = split("-", $file); + + # Reverse the array. + @filename = reverse(@filename); + + # Get the amount of elements in the array. + my $elements = @filename; + + # Remove last element of the hash. + # It contains the vendor name, which will be replaced. + if ($elements >= 3) { # Remove last element from hash. - pop(@filename); - } + pop(@filename); + } - # Check if the last element of the filename does not - # contain the providers name. - if ($filename[-1] ne "$provider") { - # Add provider name as last element. - push(@filename, $provider); - } + # Check if the last element of the filename does not + # contain the providers name. + if ($filename[-1] ne "$provider") { + # Add provider name as last element. + push(@filename, $provider); + } - # Reverse the array back. - @filename = reverse(@filename); + # Reverse the array back. + @filename = reverse(@filename); - # Generate the name for the rulesfile. - $rulesfilename = join("-", @filename); + # Generate the name for the rulesfile. + $rulesfilename = join("-", @filename); - # Set extract destination to temporaray rules_dir. - $destination = "$tmp_rules_directory/$rulesfilename"; - } else { - # Skip all other files. - next; - } + # Set extract destination to temporaray rules_dir. + $destination = "$tmp_rules_directory/$rulesfilename"; + } else { + # Skip all other files. + next; + } - # Extract the file to the temporary directory. - $tar->extract_file("$packed_file", "$destination"); + # Extract the file to the temporary directory. + $tar->extract_file("$packed_file", "$destination"); + } } } @@ -557,9 +578,6 @@ sub extractruleset ($) { ## call the functions to merge the additional config files. (classification, sid-msg, etc.). # sub oinkmaster () { - # Load perl module for file copying. - use File::Copy; - # Check if the files in rulesdir have the correct permissions. &_check_rulesdir_permissions(); @@ -571,26 +589,8 @@ sub oinkmaster () { # Loop through the array of enabled providers. foreach my $provider (@enabled_providers) { - # Omit the type (dl_type) of the stored ruleset. - my $type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; - - # Handle the different ruleset types. - if ($type eq "archive") { - # Call the extractruleset function. - &extractruleset($provider); - } elsif ($type eq "plain") { - # Generate filename and full path for the stored rulesfile. - my $dl_rulesfile = &_get_dl_rulesfile($provider); - - # Generate destination filename an full path. - my $destination = "$tmp_rules_directory/$provider\-ruleset.rules"; - - # Copy the file into the temporary rules directory. - copy($dl_rulesfile, $destination); - } else { - # Skip unknown type. - next; - } + # Call the extractruleset function. + &extractruleset($provider); } # Load perl module to talk to the kernel syslog. -- 2.39.5