From 969983eba4f2b6917a53f8f817297c75b40e8d9f Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Wed, 14 Apr 2021 20:32:14 +0200 Subject: [PATCH] ids.cgi: Add some more sanity checks when adding a new provider. * Check if the system is online. * Check if enough free disk space is available. * Abort whith an error message if the ruleset could not be downloaded. In error case the provider now will be removed again from the file which keeps the configured providers. Sadly it needs to be added first because otherwise the downloader could not read the required values from it..... Signed-off-by: Stefan Schantl --- html/cgi-bin/ids.cgi | 58 +++++++++++++++++++++++++++++------------- langs/de/cgi-bin/de.pl | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ 3 files changed, 44 insertions(+), 18 deletions(-) diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index e728202040..27f72ba4d7 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -815,34 +815,56 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) { # Check if a new provider will be added. if ($cgiparams{'PROVIDERS'} eq $Lang::tr{'add'}) { - # Lock the webpage and print notice about downloading - # a new ruleset. - &working_notice("$Lang::tr{'ids working'}"); + # Check if the red device is active. + unless (-e "${General::swroot}/red/active") { + $errormessage = "$Lang::tr{'ids could not add provider'} - $Lang::tr{'system is offline'}"; + } + + # Check if enough free disk space is availabe. + if(&IDS::checkdiskspace()) { + $errormessage = "$Lang::tr{'ids could not add provider'} - $Lang::tr{'not enough disk space'}"; + } - # Download the ruleset. - &IDS::downloadruleset($provider); + # Check if any errors happend. + unless ($errormessage) { + # Lock the webpage and print notice about downloading + # a new ruleset. + &working_notice("$Lang::tr{'ids working'}"); - # Extract the ruleset - &IDS::extractruleset($provider); + # Download the ruleset. + if(&IDS::downloadruleset($provider)) { + $errormessage = "$Lang::tr{'ids could not add provider'} - $Lang::tr{'ids unable to download the ruleset'}"; - # Move the ruleset. - &IDS::move_tmp_ruleset(); + # Call function to store the errormessage. + &IDS::_store_error_message($errormessage); - # Cleanup temporary directory. - &IDS::cleanup_tmp_directory(); + # Remove the configured provider again. + &remove_provider($id); + } else { + # Extract the ruleset + &IDS::extractruleset($provider); - # Create new empty file for used rulefiles - # for this provider. - &IDS::write_used_provider_rulefiles_file($provider); + # Move the ruleset. + &IDS::move_tmp_ruleset(); - # Perform a reload of the page. - &reload(); + # Cleanup temporary directory. + &IDS::cleanup_tmp_directory(); + + # Create new empty file for used rulefiles + # for this provider. + &IDS::write_used_provider_rulefiles_file($provider); + } + + # Perform a reload of the page. + &reload(); + } } - # Undefine providers flag. - undef($cgiparams{'PROVIDERS'}); } + # Undefine providers flag. + undef($cgiparams{'PROVIDERS'}); + ## Toggle Enabled/Disabled for an existing provider. # } elsif ($cgiparams{'PROVIDERS'} eq $Lang::tr{'toggle enable disable'}) { diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index a4a81fc389..bb2e8f8e2a 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1377,6 +1377,7 @@ 'ids apply ruleset changes' => 'Regeländerungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...', 'ids autoupdates' => 'Automatische Updates', 'ids automatic rules update' => 'Automatische Regelaktualisierung', +'ids could not add provider' => 'Provider konnte nicht hinzugefügt werden', 'ids customize ruleset' => 'Regelset anpassen', 'ids download new ruleset' => 'Das neue Regelset wird heruntergeladen und entpackt. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...', 'ids enable' => 'Einbruchsverhinderungssystem aktivieren', @@ -1400,6 +1401,7 @@ 'ids ruleset settings' => 'Regelsatzeinstellungen', 'ids show' => 'Anzeigen', 'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.', +'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.', 'ids visit provider website' => 'Anbieter-Webseite besuchen', 'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.', 'iface' => 'Iface', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 59496b195e..2c7ae2d7c3 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1406,6 +1406,7 @@ 'ids apply ruleset changes' => 'The ruleset changes are being applied. Please wait until all operations have completed successfully...', 'ids autoupdates' => 'Automatic updates', 'ids automatic rules update' => 'Automatic Rule Update', +'ids could not add provider' => 'Could not add provider', 'ids customize ruleset' => 'Customize ruleset', 'ids download new ruleset' => 'Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...', 'ids enable' => 'Enable Intrusion Prevention System', @@ -1429,6 +1430,7 @@ 'ids ruleset settings' => 'Ruleset Settings', 'ids show' => 'Show', 'ids the choosen provider is already in use' => 'The choosen provider is already in use.', +'ids unable to download the ruleset' => 'Unable to download the ruleset', 'ids visit provider website' => 'Visit provider website', 'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...', 'iface' => 'Iface', -- 2.39.2