From bbb6efae56957c1ec70d5ee7668c4cc68b4dd2b2 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 18 Aug 2018 14:48:30 +0200 Subject: [PATCH] ids.cgi: Add backend code to handle switch between IDS and IPS mode This commit adds the required backend code to allow switching between IDS and IPS mode of suricata. Technically the behaviour of suricata is specified by the rules - each of them can contain the action "alert" or "drop" (There are more actions supported but these two are currently the important one) When running in IDS mode, the ruleset does not need to be touched, because the default action is "alert". When switching to IPS mode, the CGI writes a single line to "oinkmaster-modify-sids.conf" which is included by oinkmaster and modify the action for each single rule from alert to drop. Signed-off-by: Stefan Schantl --- html/cgi-bin/ids.cgi | 45 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 6a6e5c2859..6aa9ae9b93 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -307,6 +307,12 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { } # Save snort settings. } elsif ($cgiparams{'IDS'} eq $Lang::tr{'save'}) { + my %oldidssettings; + my $reload_page; + + # Read-in current (old) IDS settings. + &General::readhash("$IDS::settingsdir/settings", \%oldidssettings); + # Prevent form name from been stored in conf file. delete $cgiparams{'IDS'}; @@ -327,6 +333,39 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { # Generate file to store the home net. &generate_home_net_file(); + # File which contains wheater the rules should be changed. + my $modify_sids_file = "$IDS::settingsdir/oinkmaster-modify-sids.conf"; + + # Open modify sid's file for writing. + open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n"; + + # Write file header. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Check if the configured runmode is IPS. + if ($cgiparams{'RUN_MODE'} eq 'IPS') { + # Tell oinkmaster to switch all rules from alert to drop. + print FILE "modifysid \* \"alert\" \| \"drop\"\n"; + } + + # Close file handle. + close(FILE); + + # Check if the runmode has been changed. + if($cgiparams{'RUN_MODE'} ne $oldidssettings{'RUN_MODE'}) { + # Check if a ruleset exists. + if (%idsrules) { + # Lock the webpage and print message. + &working_notice("$Lang::tr{'snort working'}"); + + # Call oinkmaster to alter the ruleset. + &IDS::oinkmaster(); + + # Set reload_page to "True". + $reload_page="True"; + } + } + # Check if the IDS currently is running. if(&IDS::ids_is_running()) { # Check if ENABLE_IDS is set to on. @@ -341,6 +380,12 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { # Call suricatactrl to start suricata. &IDS::call_suricatactrl("start"); } + + # Check if the page should be reloaded. + if ($reload_page) { + # Perform a reload of the page. + &reload(); + } } # Read-in idssettings -- 2.39.5