[ipfire-2.x.git] / config / cfgroot / ids-functions.pl

#!/usr/bin/perl -w
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 2 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2018 IPFire Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################

package IDS;

require '/var/ipfire/general-functions.pl';

# Location where all config and settings files are stored.
our $settingsdir = "${General::swroot}/suricata";

# Location and name of the tarball which contains the ruleset.
our $rulestarball = "/var/tmp/idsrules.tar.gz";

# File to store any errors, which also will be read and displayed by the wui.
our $storederrorfile = "/tmp/ids_storederror";

# Location where the rulefiles are stored.
our $rulespath = "/var/lib/suricata";

# File which contains a list of all supported ruleset sources.
# (Sourcefire, Emergingthreads, etc..)
our $rulesetsourcesfile = "$settingsdir/ruleset-sources";

# The pidfile of the IDS.
our $idspidfile = "/var/run/suricata.pid";

# Location of suricatactrl.
my $suricatactrl = "/usr/local/bin/suricatactrl";

# Array with allowed commands of suricatactrl.
my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir', 'cron' );

# Array with supported cron intervals.
my @cron_intervals = ('off', 'daily', 'weekly' );

#
## Function for checking if at least 300MB of free disk space are available
## on the "/var" partition.
#
sub checkdiskspace () {
	# Call diskfree to gather the free disk space of /var.
	my @df = `/bin/df -B M /var`;

	# Loop through the output.
	foreach my $line (@df) {
		# Ignore header line.
		next if $line =~ m/^Filesystem/;

		# Search for a line with the device information.
		if ($line =~ m/dev/ ) {
			# Split the line into single pieces.
			my @values = split(' ', $line);
			my ($filesystem, $blocks, $used, $available, $used_perenctage, $mounted_on) = @values;

			# Check if the available disk space is more than 300MB.
			if ($available < 300) {
				# Log error to syslog.
				&_log_to_syslog("Not enough free disk space on /var. Only $available MB from 300 MB available.");

				# Exit function and return "1" - False.
				return 1;
			}
		}
	}

	# Everything okay, return nothing.
	return;
}

#
## This function is responsible for downloading the configured snort ruleset.
##
## * At first it obtains from the stored snortsettings which ruleset should be downloaded.
## * The next step is to get the download locations for all available rulesets.
## * After that, the function will check if an upstream proxy should be used and grab the settings.
## * The last step will be to generate the final download url, by obtaining the URL for the desired
##   ruleset, add the settings for the upstream proxy and final grab the rules tarball from the server.
#
sub downloadruleset {
	# Get snort settings.
	my %snortsettings=();
	&General::readhash("$settingsdir/settings", \%snortsettings);

	# Check if a ruleset has been configured.
	unless($snortsettings{'RULES'}) {
		# Log that no ruleset has been configured and abort.
		&_log_to_syslog("No ruleset source has been configured.");

		# Return "1".
		return 1;
	}

	# Get all available ruleset locations.
	my %rulesetsources=();
	&General::readhash($rulesetsourcesfile, \%rulesetsources);

	# Read proxysettings.
	my %proxysettings=();
	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);

	# Load required perl module to handle the download.
	use LWP::UserAgent;

	# Init the download module.
	my $downloader = LWP::UserAgent->new;

	# Set timeout to 10 seconds.
	$downloader->timeout(10);

	# Check if an upstream proxy is configured.
	if ($proxysettings{'UPSTREAM_PROXY'}) {
		my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
		my $proxy_url;

		# Check if we got a peer.
		if ($peer) {
			$proxy_url = "http://";

			# Check if the proxy requires authentication.
			if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
				$proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
			}

			# Add proxy server address and port.
			$proxy_url .= "$peer\:$peerport";
		} else {
			# Log error message and break.
			&_log_to_syslog("Could not proper configure the proxy server access.");

			# Return "1" - false.
			return 1;
		}

		# Setup proxy settings.
		$downloader->proxy('http', $proxy_url);
	}

	# Grab the right url based on the configured vendor.
	my $url = $rulesetsources{$snortsettings{'RULES'}};

	# Check if the vendor requires an oinkcode and add it if needed.
	$url =~ s/\<oinkcode\>/$snortsettings{'OINKCODE'}/g;

	# Abort if no url could be determined for the vendor.
	unless ($url) {
		# Log error and abort.
		&_log_to_syslog("Unable to gather a download URL for the selected ruleset.");
		return 1;
	}

	# Pass the requested url to the downloader.
	my $request = HTTP::Request->new(GET => $url);

	# Perform the request and save the output into the "$rulestarball" file.
	my $response = $downloader->request($request, $rulestarball);

	# Check if there was any error.
	unless ($response->is_success) {
		# Obtain error.
		my $error = $response->content;

		# Log error message.
		&_log_to_syslog("Unable to download the ruleset. \($error\)");

		# Return "1" - false.
		return 1;
	}

	# If we got here, everything worked fine. Return nothing.
	return;
}

#
## A tiny wrapper function to call the oinkmaster script.
#
sub oinkmaster () {
	# Check if the files in rulesdir have the correct permissions.
	&_check_rulesdir_permissions();

	# Load perl module to talk to the kernel syslog.
	use Sys::Syslog qw(:DEFAULT setlogsock);

	# Establish the connection to the syslog service.
	openlog('oinkmaster', 'cons,pid', 'user');

	# Call oinkmaster to generate ruleset.
	open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath|") or die "Could not execute oinkmaster $!\n";

	# Log output of oinkmaster to syslog.
	while(<OINKMASTER>) {
		# The syslog function works best with an array based input,
		# so generate one before passing the message details to syslog.
		my @syslog = ("INFO", "$_");

		# Send the log message.
		syslog(@syslog);
	}

	# Close the pipe to oinkmaster process.
	close(OINKMASTER);

	# Close the log handle.
	closelog();
}

#
## Function to do all the logging stuff if the downloading or updating of the ruleset fails.
#
sub log_error ($) {
	my ($error) = @_;

	# Remove any newline.
	chomp($error);

	# Call private function to log the error message to syslog.
	&_log_to_syslog($error);

	# Call private function to write/store the error message in the storederrorfile.
	&_store_error_message($error);
}

#
## Function to log a given error message to the kernel syslog.
#
sub _log_to_syslog ($) {
	my ($message) = @_;

	# Load perl module to talk to the kernel syslog.
	use Sys::Syslog qw(:DEFAULT setlogsock);

	# The syslog function works best with an array based input,
	# so generate one before passing the message details to syslog.
	my @syslog = ("ERR", "<ERROR> $message");

	# Establish the connection to the syslog service.
	openlog('oinkmaster', 'cons,pid', 'user');

	# Send the log message.
	syslog(@syslog);

	# Close the log handle.
	closelog();
}

#
## Private function to write a given error message to the storederror file.
#
sub _store_error_message ($) {
        my ($message) = @_;

	# Remove any newline.
	chomp($message);

        # Open file for writing.
        open (ERRORFILE, ">$storederrorfile") or die "Could not write to $storederrorfile. $!\n";

        # Write error to file.
        print ERRORFILE "$message\n";

        # Close file.
        close (ERRORFILE);
}

#
## Function to get a list of all available network zones.
#
sub get_available_network_zones () {
	# Get netsettings.
	my %netsettings = ();
	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);

	# Obtain the configuration type from the netsettings hash.
	my $config_type = $netsettings{'CONFIG_TYPE'};

	# Hash which contains the conversation from the config mode
	# to the existing network interface names. They are stored like
	# an array.
	#
	# Mode "0" red is a modem and green
	# Mode "1" red is a netdev and green
	# Mode "2" red, green and orange
	# Mode "3" red, green and blue
	# Mode "4" red, green, blue, orange
	my %config_type_to_interfaces = (
		"0" => [ "red", "green" ],
		"1" => [ "red", "green" ],
		"2" => [ "red", "green", "orange" ],
		"3" => [ "red", "green", "blue" ],
		"4" => [ "red", "green", "blue", "orange" ]
	);

	# Obtain and dereference the corresponding network interaces based on the read
	# network config type.
	my @network_zones = @{ $config_type_to_interfaces{$config_type} };

	# Return them.
	return @network_zones;
}

#
## Function to check if the IDS is running.
#
sub ids_is_running () {
	if(-f $idspidfile) {
		# Open PID file for reading.
		open(PIDFILE, "$idspidfile") or die "Could not open $idspidfile. $!\n";

		# Grab the process-id.
		my $pid = <PIDFILE>;

		# Close filehandle.
		close(PIDFILE);

		# Remove any newline.
		chomp($pid);

		# Check if a directory for the process-id exists in proc.
		if(-d "/proc/$pid") {
			# The IDS daemon is running return the process id.
			return $pid;
		}
	}

	# Return nothing - IDS is not running.
	return;
}

#
## Function to call suricatactrl binary with a given command.
#
sub call_suricatactrl ($) {
	# Get called option.
	my ($option, $interval) = @_;

	# Loop through the array of supported commands and check if
	# the given one is part of it.
	foreach my $cmd (@suricatactrl_cmds) {
		# Skip current command unless the given one has been found.
		next unless($cmd eq $option);

		# Check if the given command is "cron".
		if ($option eq "cron") {
			# Check if an interval has been given.
			if ($interval) {
				# Check if the given interval is valid.
				foreach my $element (@cron_intervals) {
					# Skip current element until the given one has been found.
					next unless($element eq $interval);

					# Call the suricatactrl binary and pass the "cron" command
					# with the requrested interval.
					system("$suricatactrl $option $interval &>/dev/null");

					# Return "1" - True.
					return 1;
				}
			}

			# If we got here, the given interval is not supported or none has been given. - Return nothing.
			return;
		} else {
			# Call the suricatactrl binary and pass the requrested
			# option to it.
			system("$suricatactrl $option &>/dev/null");

			# Return "1" - True.
			return 1;
		}
	}

	# Command not found - return nothing.
	return;
}

#
## Function to create a new empty file.
#
sub create_empty_file($) {
	my ($file) = @_;

	# Check if the given file exists.
	if(-e $file) {
		# Do nothing to prevent from overwriting existing files.
		return;
	}

	# Open the file for writing.
	open(FILE, ">$file") or die "Could not write to $file. $!\n";

	# Close file handle.
	close(FILE);

	# Return true.
	return 1;
}

#
## Private function to check if the file permission of the rulespath are correct.
## If not, call suricatactrl to fix them.
#
sub _check_rulesdir_permissions() {
	# Check if the rulepath main directory is writable.
	unless (-W $rulespath) {
		# If not call suricatctrl to fix it.
		&call_suricatactrl("fix-rules-dir");
	}

	# Open snort rules directory and do a directory listing.
	opendir(DIR, $rulespath) or die $!;
	# Loop through the direcory.
	while (my $file = readdir(DIR)) {
		# We only want files.
		next unless (-f "$rulespath/$file");

		# Check if the file is writable by the user.
		if (-W "$rulespath/$file") {
			# Everything is okay - go on to the next file.
			next;
		} else {
			# There are wrong permissions, call suricatactrl to fix it.
			&call_suricatactrl("fix-rules-dir");
		}
	}
}

1;
Commit	Line	Data
8dcebe53 SS	1	#!/usr/bin/perl -w
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 2 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
	20	# Copyright (C) 2018 IPFire Team <info@ipfire.org>. #
	21	# #
	22	############################################################################
	23
	24	package IDS;
	25
	26	require '/var/ipfire/general-functions.pl';
8dcebe53	27
02844177	28	# Location where all config and settings files are stored.
164eab66	29	our $settingsdir = "${General::swroot}/suricata";
02844177	30
eea2670b	31	# Location and name of the tarball which contains the ruleset.
164eab66	32	our $rulestarball = "/var/tmp/idsrules.tar.gz";
eea2670b	33
3983aebd	34	# File to store any errors, which also will be read and displayed by the wui.
77910792	35	our $storederrorfile = "/tmp/ids_storederror";
3983aebd	36
298ef5ba	37	# Location where the rulefiles are stored.
21cab141	38	our $rulespath = "/var/lib/suricata";
298ef5ba	39
bce84f39 SS	40	# File which contains a list of all supported ruleset sources.
	41	# (Sourcefire, Emergingthreads, etc..)
	42	our $rulesetsourcesfile = "$settingsdir/ruleset-sources";
	43
796eea21 SS	44	# The pidfile of the IDS.
	45	our $idspidfile = "/var/run/suricata.pid";
	46
5240a809 SS	47	# Location of suricatactrl.
	48	my $suricatactrl = "/usr/local/bin/suricatactrl";
	49
	50	# Array with allowed commands of suricatactrl.
ed06bc81 SS	51	my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir', 'cron' );
	52
	53	# Array with supported cron intervals.
	54	my @cron_intervals = ('off', 'daily', 'weekly' );
5240a809	55
8dcebe53 SS	56	#
	57	## Function for checking if at least 300MB of free disk space are available
	58	## on the "/var" partition.
	59	#
	60	sub checkdiskspace () {
	61	# Call diskfree to gather the free disk space of /var.
	62	my @df = `/bin/df -B M /var`;
	63
	64	# Loop through the output.
	65	foreach my $line (@df) {
	66	# Ignore header line.
	67	next if $line =~ m/^Filesystem/;
	68
	69	# Search for a line with the device information.
	70	if ($line =~ m/dev/ ) {
	71	# Split the line into single pieces.
	72	my @values = split(' ', $line);
	73	my ($filesystem, $blocks, $used, $available, $used_perenctage, $mounted_on) = @values;
	74
	75	# Check if the available disk space is more than 300MB.
	76	if ($available < 300) {
434001d0 SS	77	# Log error to syslog.
434001d0 SS	78	&_log_to_syslog("Not enough free disk space on /var. Only $available MB from 300 MB available.");
8dcebe53	79
434001d0 SS	80	# Exit function and return "1" - False.
434001d0 SS	81	return 1;
8dcebe53 SS	82	}
	83	}
	84	}
	85
	86	# Everything okay, return nothing.
	87	return;
	88	}
	89
eea2670b SS	90	#
	91	## This function is responsible for downloading the configured snort ruleset.
	92	##
	93	## * At first it obtains from the stored snortsettings which ruleset should be downloaded.
	94	## * The next step is to get the download locations for all available rulesets.
	95	## * After that, the function will check if an upstream proxy should be used and grab the settings.
	96	## * The last step will be to generate the final download url, by obtaining the URL for the desired
	97	## ruleset, add the settings for the upstream proxy and final grab the rules tarball from the server.
	98	#
	99	sub downloadruleset {
	100	# Get snort settings.
	101	my %snortsettings=();
02844177	102	&General::readhash("$settingsdir/settings", \%snortsettings);
eea2670b	103
be52c68a SS	104	# Check if a ruleset has been configured.
	105	unless($snortsettings{'RULES'}) {
	106	# Log that no ruleset has been configured and abort.
	107	&_log_to_syslog("No ruleset source has been configured.");
	108
	109	# Return "1".
	110	return 1;
	111	}
	112
eea2670b SS	113	# Get all available ruleset locations.
eea2670b SS	114	my %rulesetsources=();
bce84f39	115	&General::readhash($rulesetsourcesfile, \%rulesetsources);
eea2670b SS	116
	117	# Read proxysettings.
	118	my %proxysettings=();
	119	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
	120
	121	# Load required perl module to handle the download.
	122	use LWP::UserAgent;
	123
	124	# Init the download module.
	125	my $downloader = LWP::UserAgent->new;
	126
	127	# Set timeout to 10 seconds.
	128	$downloader->timeout(10);
	129
	130	# Check if an upstream proxy is configured.
	131	if ($proxysettings{'UPSTREAM_PROXY'}) {
	132	my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]?(?:\:[A-Za-z0-9\_\.\-]?)?\@)?([a-zA-Z0-9\.\_\-]?)(?:\:([0-9]{1,5}))?(?:\/.?)?$/);
	133	my $proxy_url;
	134
	135	# Check if we got a peer.
	136	if ($peer) {
	137	$proxy_url = "http://";
	138
	139	# Check if the proxy requires authentication.
	140	if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
	141	$proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
	142	}
	143
	144	# Add proxy server address and port.
	145	$proxy_url .= "$peer\:$peerport";
	146	} else {
434001d0 SS	147	# Log error message and break.
	148	&_log_to_syslog("Could not proper configure the proxy server access.");
	149
	150	# Return "1" - false.
	151	return 1;
eea2670b SS	152	}
	153
	154	# Setup proxy settings.
	155	$downloader->proxy('http', $proxy_url);
	156	}
	157
	158	# Grab the right url based on the configured vendor.
	159	my $url = $rulesetsources{$snortsettings{'RULES'}};
	160
	161	# Check if the vendor requires an oinkcode and add it if needed.
	162	$url =~ s/\<oinkcode\>/$snortsettings{'OINKCODE'}/g;
	163
	164	# Abort if no url could be determined for the vendor.
	165	unless ($url) {
434001d0 SS	166	# Log error and abort.
	167	&_log_to_syslog("Unable to gather a download URL for the selected ruleset.");
	168	return 1;
eea2670b SS	169	}
	170
	171	# Pass the requested url to the downloader.
	172	my $request = HTTP::Request->new(GET => $url);
	173
	174	# Perform the request and save the output into the "$rulestarball" file.
	175	my $response = $downloader->request($request, $rulestarball);
	176
	177	# Check if there was any error.
	178	unless ($response->is_success) {
88daf7eb SS	179	# Obtain error.
	180	my $error = $response->content;
	181
434001d0	182	# Log error message.
88daf7eb	183	&_log_to_syslog("Unable to download the ruleset. \($error\)");
434001d0 SS	184
	185	# Return "1" - false.
	186	return 1;
eea2670b SS	187	}
	188
	189	# If we got here, everything worked fine. Return nothing.
	190	return;
	191	}
8dcebe53	192
25f5cb0d SS	193	#
	194	## A tiny wrapper function to call the oinkmaster script.
	195	#
	196	sub oinkmaster () {
330759d8 SS	197	# Check if the files in rulesdir have the correct permissions.
	198	&_check_rulesdir_permissions();
	199
0e40e1e7 SS	200	# Load perl module to talk to the kernel syslog.
	201	use Sys::Syslog qw(:DEFAULT setlogsock);
	202
	203	# Establish the connection to the syslog service.
	204	openlog('oinkmaster', 'cons,pid', 'user');
	205
25f5cb0d	206	# Call oinkmaster to generate ruleset.
d9711d91	207	open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath\|") or die "Could not execute oinkmaster $!\n";
0e40e1e7 SS	208
	209	# Log output of oinkmaster to syslog.
	210	while(<OINKMASTER>) {
	211	# The syslog function works best with an array based input,
	212	# so generate one before passing the message details to syslog.
	213	my @syslog = ("INFO", "$_");
	214
	215	# Send the log message.
	216	syslog(@syslog);
	217	}
	218
	219	# Close the pipe to oinkmaster process.
	220	close(OINKMASTER);
	221
	222	# Close the log handle.
	223	closelog();
25f5cb0d SS	224	}
25f5cb0d SS	225
3983aebd SS	226	#
	227	## Function to do all the logging stuff if the downloading or updating of the ruleset fails.
	228	#
	229	sub log_error ($) {
	230	my ($error) = @_;
	231
	232	# Remove any newline.
	233	chomp($error);
	234
eb5592c1 SS	235	# Call private function to log the error message to syslog.
	236	&_log_to_syslog($error);
	237
3983aebd SS	238	# Call private function to write/store the error message in the storederrorfile.
	239	&_store_error_message($error);
	240	}
	241
eb5592c1 SS	242	#
	243	## Function to log a given error message to the kernel syslog.
	244	#
	245	sub _log_to_syslog ($) {
	246	my ($message) = @_;
	247
	248	# Load perl module to talk to the kernel syslog.
	249	use Sys::Syslog qw(:DEFAULT setlogsock);
	250
	251	# The syslog function works best with an array based input,
	252	# so generate one before passing the message details to syslog.
	253	my @syslog = ("ERR", "<ERROR> $message");
	254
	255	# Establish the connection to the syslog service.
	256	openlog('oinkmaster', 'cons,pid', 'user');
	257
	258	# Send the log message.
	259	syslog(@syslog);
	260
	261	# Close the log handle.
	262	closelog();
	263	}
	264
3983aebd SS	265	#
	266	## Private function to write a given error message to the storederror file.
	267	#
	268	sub _store_error_message ($) {
	269	my ($message) = @_;
	270
	271	# Remove any newline.
	272	chomp($message);
	273
	274	# Open file for writing.
	275	open (ERRORFILE, ">$storederrorfile") or die "Could not write to $storederrorfile. $!\n";
	276
	277	# Write error to file.
	278	print ERRORFILE "$message\n";
	279
	280	# Close file.
	281	close (ERRORFILE);
	282	}
	283
1cae702c SS	284	#
	285	## Function to get a list of all available network zones.
	286	#
	287	sub get_available_network_zones () {
	288	# Get netsettings.
	289	my %netsettings = ();
	290	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
	291
	292	# Obtain the configuration type from the netsettings hash.
	293	my $config_type = $netsettings{'CONFIG_TYPE'};
	294
	295	# Hash which contains the conversation from the config mode
	296	# to the existing network interface names. They are stored like
	297	# an array.
	298	#
	299	# Mode "0" red is a modem and green
	300	# Mode "1" red is a netdev and green
	301	# Mode "2" red, green and orange
	302	# Mode "3" red, green and blue
	303	# Mode "4" red, green, blue, orange
	304	my %config_type_to_interfaces = (
	305	"0" => [ "red", "green" ],
	306	"1" => [ "red", "green" ],
	307	"2" => [ "red", "green", "orange" ],
	308	"3" => [ "red", "green", "blue" ],
	309	"4" => [ "red", "green", "blue", "orange" ]
	310	);
	311
	312	# Obtain and dereference the corresponding network interaces based on the read
	313	# network config type.
	314	my @network_zones = @{ $config_type_to_interfaces{$config_type} };
	315
	316	# Return them.
	317	return @network_zones;
	318	}
	319
796eea21 SS	320	#
	321	## Function to check if the IDS is running.
	322	#
	323	sub ids_is_running () {
	324	if(-f $idspidfile) {
	325	# Open PID file for reading.
	326	open(PIDFILE, "$idspidfile") or die "Could not open $idspidfile. $!\n";
	327
	328	# Grab the process-id.
	329	my $pid = <PIDFILE>;
	330
	331	# Close filehandle.
	332	close(PIDFILE);
	333
	334	# Remove any newline.
	335	chomp($pid);
	336
	337	# Check if a directory for the process-id exists in proc.
	338	if(-d "/proc/$pid") {
	339	# The IDS daemon is running return the process id.
	340	return $pid;
	341	}
	342	}
	343
	344	# Return nothing - IDS is not running.
	345	return;
	346	}
	347
5240a809 SS	348	#
	349	## Function to call suricatactrl binary with a given command.
	350	#
	351	sub call_suricatactrl ($) {
	352	# Get called option.
ed06bc81	353	my ($option, $interval) = @_;
5240a809 SS	354
	355	# Loop through the array of supported commands and check if
	356	# the given one is part of it.
	357	foreach my $cmd (@suricatactrl_cmds) {
	358	# Skip current command unless the given one has been found.
	359	next unless($cmd eq $option);
	360
ed06bc81 SS	361	# Check if the given command is "cron".
	362	if ($option eq "cron") {
	363	# Check if an interval has been given.
	364	if ($interval) {
	365	# Check if the given interval is valid.
	366	foreach my $element (@cron_intervals) {
	367	# Skip current element until the given one has been found.
	368	next unless($element eq $interval);
	369
	370	# Call the suricatactrl binary and pass the "cron" command
	371	# with the requrested interval.
	372	system("$suricatactrl $option $interval &>/dev/null");
	373
	374	# Return "1" - True.
	375	return 1;
	376	}
	377	}
5240a809	378
ed06bc81 SS	379	# If we got here, the given interval is not supported or none has been given. - Return nothing.
	380	return;
	381	} else {
	382	# Call the suricatactrl binary and pass the requrested
	383	# option to it.
	384	system("$suricatactrl $option &>/dev/null");
	385
	386	# Return "1" - True.
	387	return 1;
	388	}
5240a809 SS	389	}
	390
	391	# Command not found - return nothing.
	392	return;
	393	}
	394
308ba5e7 SS	395	#
	396	## Function to create a new empty file.
	397	#
	398	sub create_empty_file($) {
	399	my ($file) = @_;
	400
	401	# Check if the given file exists.
	402	if(-e $file) {
	403	# Do nothing to prevent from overwriting existing files.
	404	return;
	405	}
	406
	407	# Open the file for writing.
	408	open(FILE, ">$file") or die "Could not write to $file. $!\n";
	409
	410	# Close file handle.
	411	close(FILE);
	412
	413	# Return true.
	414	return 1;
	415	}
	416
330759d8 SS	417	#
	418	## Private function to check if the file permission of the rulespath are correct.
	419	## If not, call suricatactrl to fix them.
	420	#
	421	sub _check_rulesdir_permissions() {
e568796b SS	422	# Check if the rulepath main directory is writable.
	423	unless (-W $rulespath) {
	424	# If not call suricatctrl to fix it.
	425	&call_suricatactrl("fix-rules-dir");
	426	}
	427
330759d8 SS	428	# Open snort rules directory and do a directory listing.
	429	opendir(DIR, $rulespath) or die $!;
	430	# Loop through the direcory.
	431	while (my $file = readdir(DIR)) {
	432	# We only want files.
	433	next unless (-f "$rulespath/$file");
	434
	435	# Check if the file is writable by the user.
	436	if (-W "$rulespath/$file") {
	437	# Everything is okay - go on to the next file.
	438	next;
	439	} else {
	440	# There are wrong permissions, call suricatactrl to fix it.
	441	&call_suricatactrl("fix-rules-dir");
	442	}
	443	}
	444	}
	445
8dcebe53	446	1;