[ipfire-2.x.git] / config / cfgroot / ids-functions.pl

#!/usr/bin/perl -w
############################################################################
#                                                                          #
# This file is part of the IPFire Firewall.                                #
#                                                                          #
# IPFire is free software; you can redistribute it and/or modify           #
# it under the terms of the GNU General Public License as published by     #
# the Free Software Foundation; either version 2 of the License, or        #
# (at your option) any later version.                                      #
#                                                                          #
# IPFire is distributed in the hope that it will be useful,                #
# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
# GNU General Public License for more details.                             #
#                                                                          #
# You should have received a copy of the GNU General Public License        #
# along with IPFire; if not, write to the Free Software                    #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
#                                                                          #
# Copyright (C) 2018 IPFire Team <info@ipfire.org>.                        #
#                                                                          #
############################################################################

package IDS;

require '/var/ipfire/general-functions.pl';

# Location where all config and settings files are stored.
our $settingsdir = "${General::swroot}/suricata";

# Location and name of the tarball which contains the ruleset.
our $rulestarball = "/var/tmp/idsrules.tar.gz";

# File to store any errors, which also will be read and displayed by the wui.
our $storederrorfile = "/tmp/ids_storederror";

# Location where the rulefiles are stored.
our $rulespath = "/var/lib/suricata";

# File which contains a list of all supported ruleset sources.
# (Sourcefire, Emergingthreads, etc..)
our $rulesetsourcesfile = "$settingsdir/ruleset-sources";

# The pidfile of the IDS.
our $idspidfile = "/var/run/suricata.pid";

# Location of suricatactrl.
my $suricatactrl = "/usr/local/bin/suricatactrl";

# Array with allowed commands of suricatactrl.
my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir', 'cron' );

# Array with supported cron intervals.
my @cron_intervals = ('off', 'daily', 'weekly' );

#
## Function for checking if at least 300MB of free disk space are available
## on the "/var" partition.
#
sub checkdiskspace () {
	# Call diskfree to gather the free disk space of /var.
	my @df = `/bin/df -B M /var`;

	# Loop through the output.
	foreach my $line (@df) {
		# Ignore header line.
		next if $line =~ m/^Filesystem/;

		# Search for a line with the device information.
		if ($line =~ m/dev/ ) {
			# Split the line into single pieces.
			my @values = split(' ', $line);
			my ($filesystem, $blocks, $used, $available, $used_perenctage, $mounted_on) = @values;

			# Check if the available disk space is more than 300MB.
			if ($available < 300) {
				# Log error to syslog.
				&_log_to_syslog("Not enough free disk space on /var. Only $available MB from 300 MB available.");

				# Exit function and return "1" - False.
				return 1;
			}
		}
	}

	# Everything okay, return nothing.
	return;
}

#
## This function is responsible for downloading the configured snort ruleset.
##
## * At first it obtains from the stored snortsettings which ruleset should be downloaded.
## * The next step is to get the download locations for all available rulesets.
## * After that, the function will check if an upstream proxy should be used and grab the settings.
## * The last step will be to generate the final download url, by obtaining the URL for the desired
##   ruleset, add the settings for the upstream proxy and final grab the rules tarball from the server.
#
sub downloadruleset {
	# Get snort settings.
	my %snortsettings=();
	&General::readhash("$settingsdir/settings", \%snortsettings);

	# Check if a ruleset has been configured.
	unless($snortsettings{'RULES'}) {
		# Log that no ruleset has been configured and abort.
		&_log_to_syslog("No ruleset source has been configured.");

		# Return "1".
		return 1;
	}

	# Get all available ruleset locations.
	my %rulesetsources=();
	&General::readhash($rulesetsourcesfile, \%rulesetsources);

	# Read proxysettings.
	my %proxysettings=();
	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);

	# Load required perl module to handle the download.
	use LWP::UserAgent;

	# Init the download module.
	my $downloader = LWP::UserAgent->new;

	# Set timeout to 10 seconds.
	$downloader->timeout(10);

	# Check if an upstream proxy is configured.
	if ($proxysettings{'UPSTREAM_PROXY'}) {
		my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
		my $proxy_url;

		# Check if we got a peer.
		if ($peer) {
			$proxy_url = "http://";

			# Check if the proxy requires authentication.
			if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
				$proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
			}

			# Add proxy server address and port.
			$proxy_url .= "$peer\:$peerport";
		} else {
			# Log error message and break.
			&_log_to_syslog("Could not proper configure the proxy server access.");

			# Return "1" - false.
			return 1;
		}

		# Setup proxy settings.
		$downloader->proxy('http', $proxy_url);
	}

	# Grab the right url based on the configured vendor.
	my $url = $rulesetsources{$snortsettings{'RULES'}};

	# Check if the vendor requires an oinkcode and add it if needed.
	$url =~ s/\<oinkcode\>/$snortsettings{'OINKCODE'}/g;

	# Abort if no url could be determined for the vendor.
	unless ($url) {
		# Log error and abort.
		&_log_to_syslog("Unable to gather a download URL for the selected ruleset.");
		return 1;
	}

	# Pass the requrested url to the downloader.
	my $request = HTTP::Request->new(HEAD => $url);

	# Accept the html header.
	$request->header('Accept' => 'text/html');

	# Perform the request and fetch the html header.
	my $response = $downloader->request($request);

	# Check if there was any error.
	unless ($response->is_success) {
		# Obtain error.
		my $error = $response->content;

		# Log error message.
		&_log_to_syslog("Unable to download the ruleset. \($error\)");

		# Return "1" - false.
		return 1;
	}

	# Assign the fetched header object.
	my $header = $response->headers;

	# Grab the remote file size from the object and store it in the
	# variable.
	my $remote_filesize = $header->content_length;

	# Pass the requested url to the downloader.
	my $request = HTTP::Request->new(GET => $url);

	# Perform the request and save the output into the "$rulestarball" file.
	my $response = $downloader->request($request, $rulestarball);

	# Check if there was any error.
	unless ($response->is_success) {
		# Obtain error.
		my $error = $response->content;

		# Log error message.
		&_log_to_syslog("Unable to download the ruleset. \($error\)");

		# Return "1" - false.
		return 1;
	}

	# Load perl stat module.
	use File::stat;

	# Perform stat on the rulestarball.
	my $stat = stat($rulestarball);

	# Grab the local filesize of the downloaded tarball.
	my $local_filesize = $stat->size;

	# Check if both file sizes match.
	unless ($remote_filesize eq $local_filesize) {
		# Log error message.
		&_log_to_syslog("Unable to completely download the ruleset. ");
		&_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");

		# Return "1" - false.
		return 1;
	}

	# If we got here, everything worked fine. Return nothing.
	return;
}

#
## A tiny wrapper function to call the oinkmaster script.
#
sub oinkmaster () {
	# Check if the files in rulesdir have the correct permissions.
	&_check_rulesdir_permissions();

	# Cleanup the rules directory before filling it with the new rulest.
	&_cleanup_rulesdir();

	# Load perl module to talk to the kernel syslog.
	use Sys::Syslog qw(:DEFAULT setlogsock);

	# Establish the connection to the syslog service.
	openlog('oinkmaster', 'cons,pid', 'user');

	# Call oinkmaster to generate ruleset.
	open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath|") or die "Could not execute oinkmaster $!\n";

	# Log output of oinkmaster to syslog.
	while(<OINKMASTER>) {
		# The syslog function works best with an array based input,
		# so generate one before passing the message details to syslog.
		my @syslog = ("INFO", "$_");

		# Send the log message.
		syslog(@syslog);
	}

	# Close the pipe to oinkmaster process.
	close(OINKMASTER);

	# Close the log handle.
	closelog();
}

#
## Function to do all the logging stuff if the downloading or updating of the ruleset fails.
#
sub log_error ($) {
	my ($error) = @_;

	# Remove any newline.
	chomp($error);

	# Call private function to log the error message to syslog.
	&_log_to_syslog($error);

	# Call private function to write/store the error message in the storederrorfile.
	&_store_error_message($error);
}

#
## Function to log a given error message to the kernel syslog.
#
sub _log_to_syslog ($) {
	my ($message) = @_;

	# Load perl module to talk to the kernel syslog.
	use Sys::Syslog qw(:DEFAULT setlogsock);

	# The syslog function works best with an array based input,
	# so generate one before passing the message details to syslog.
	my @syslog = ("ERR", "<ERROR> $message");

	# Establish the connection to the syslog service.
	openlog('oinkmaster', 'cons,pid', 'user');

	# Send the log message.
	syslog(@syslog);

	# Close the log handle.
	closelog();
}

#
## Private function to write a given error message to the storederror file.
#
sub _store_error_message ($) {
        my ($message) = @_;

	# Remove any newline.
	chomp($message);

        # Open file for writing.
        open (ERRORFILE, ">$storederrorfile") or die "Could not write to $storederrorfile. $!\n";

        # Write error to file.
        print ERRORFILE "$message\n";

        # Close file.
        close (ERRORFILE);
}

#
## Function to get a list of all available network zones.
#
sub get_available_network_zones () {
	# Get netsettings.
	my %netsettings = ();
	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);

	# Obtain the configuration type from the netsettings hash.
	my $config_type = $netsettings{'CONFIG_TYPE'};

	# Hash which contains the conversation from the config mode
	# to the existing network interface names. They are stored like
	# an array.
	#
	# Mode "0" red is a modem and green
	# Mode "1" red is a netdev and green
	# Mode "2" red, green and orange
	# Mode "3" red, green and blue
	# Mode "4" red, green, blue, orange
	my %config_type_to_interfaces = (
		"0" => [ "red", "green" ],
		"1" => [ "red", "green" ],
		"2" => [ "red", "green", "orange" ],
		"3" => [ "red", "green", "blue" ],
		"4" => [ "red", "green", "blue", "orange" ]
	);

	# Obtain and dereference the corresponding network interaces based on the read
	# network config type.
	my @network_zones = @{ $config_type_to_interfaces{$config_type} };

	# Return them.
	return @network_zones;
}

#
## Function to check if the IDS is running.
#
sub ids_is_running () {
	if(-f $idspidfile) {
		# Open PID file for reading.
		open(PIDFILE, "$idspidfile") or die "Could not open $idspidfile. $!\n";

		# Grab the process-id.
		my $pid = <PIDFILE>;

		# Close filehandle.
		close(PIDFILE);

		# Remove any newline.
		chomp($pid);

		# Check if a directory for the process-id exists in proc.
		if(-d "/proc/$pid") {
			# The IDS daemon is running return the process id.
			return $pid;
		}
	}

	# Return nothing - IDS is not running.
	return;
}

#
## Function to call suricatactrl binary with a given command.
#
sub call_suricatactrl ($) {
	# Get called option.
	my ($option, $interval) = @_;

	# Loop through the array of supported commands and check if
	# the given one is part of it.
	foreach my $cmd (@suricatactrl_cmds) {
		# Skip current command unless the given one has been found.
		next unless($cmd eq $option);

		# Check if the given command is "cron".
		if ($option eq "cron") {
			# Check if an interval has been given.
			if ($interval) {
				# Check if the given interval is valid.
				foreach my $element (@cron_intervals) {
					# Skip current element until the given one has been found.
					next unless($element eq $interval);

					# Call the suricatactrl binary and pass the "cron" command
					# with the requrested interval.
					system("$suricatactrl $option $interval &>/dev/null");

					# Return "1" - True.
					return 1;
				}
			}

			# If we got here, the given interval is not supported or none has been given. - Return nothing.
			return;
		} else {
			# Call the suricatactrl binary and pass the requrested
			# option to it.
			system("$suricatactrl $option &>/dev/null");

			# Return "1" - True.
			return 1;
		}
	}

	# Command not found - return nothing.
	return;
}

#
## Function to create a new empty file.
#
sub create_empty_file($) {
	my ($file) = @_;

	# Check if the given file exists.
	if(-e $file) {
		# Do nothing to prevent from overwriting existing files.
		return;
	}

	# Open the file for writing.
	open(FILE, ">$file") or die "Could not write to $file. $!\n";

	# Close file handle.
	close(FILE);

	# Return true.
	return 1;
}

#
## Private function to check if the file permission of the rulespath are correct.
## If not, call suricatactrl to fix them.
#
sub _check_rulesdir_permissions() {
	# Check if the rulepath main directory is writable.
	unless (-W $rulespath) {
		# If not call suricatctrl to fix it.
		&call_suricatactrl("fix-rules-dir");
	}

	# Open snort rules directory and do a directory listing.
	opendir(DIR, $rulespath) or die $!;
	# Loop through the direcory.
	while (my $file = readdir(DIR)) {
		# We only want files.
		next unless (-f "$rulespath/$file");

		# Check if the file is writable by the user.
		if (-W "$rulespath/$file") {
			# Everything is okay - go on to the next file.
			next;
		} else {
			# There are wrong permissions, call suricatactrl to fix it.
			&call_suricatactrl("fix-rules-dir");
		}
	}
}

#
## Private function to cleanup the directory which contains
## the IDS rules, before extracting and modifing the new ruleset.
#
sub _cleanup_rulesdir() {
	# Open rules directory and do a directory listing.
	opendir(DIR, $rulespath) or die $!;

	# Loop through the direcory.
	while (my $file = readdir(DIR)) {
		# We only want files.
		next unless (-f "$rulespath/$file");

		# Skip element if it has config as file extension.
		next if ($file =~ m/\.config$/);

		# Delete the current processed file, if not, exit this function
		# and return an error message.
		unlink("$rulespath/$file") or return "Could not delete $rulespath/$file. $!\n";
	}

	# Return nothing;
	return;
}

1;
Commit	Line	Data
8dcebe53 SS	1	#!/usr/bin/perl -w
	2	############################################################################
	3	# #
	4	# This file is part of the IPFire Firewall. #
	5	# #
	6	# IPFire is free software; you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation; either version 2 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# IPFire is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with IPFire; if not, write to the Free Software #
	18	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
	19	# #
	20	# Copyright (C) 2018 IPFire Team <info@ipfire.org>. #
	21	# #
	22	############################################################################
	23
	24	package IDS;
	25
	26	require '/var/ipfire/general-functions.pl';
8dcebe53	27
02844177	28	# Location where all config and settings files are stored.
164eab66	29	our $settingsdir = "${General::swroot}/suricata";
02844177	30
eea2670b	31	# Location and name of the tarball which contains the ruleset.
164eab66	32	our $rulestarball = "/var/tmp/idsrules.tar.gz";
eea2670b	33
3983aebd	34	# File to store any errors, which also will be read and displayed by the wui.
77910792	35	our $storederrorfile = "/tmp/ids_storederror";
3983aebd	36
298ef5ba	37	# Location where the rulefiles are stored.
21cab141	38	our $rulespath = "/var/lib/suricata";
298ef5ba	39
bce84f39 SS	40	# File which contains a list of all supported ruleset sources.
	41	# (Sourcefire, Emergingthreads, etc..)
	42	our $rulesetsourcesfile = "$settingsdir/ruleset-sources";
	43
796eea21 SS	44	# The pidfile of the IDS.
	45	our $idspidfile = "/var/run/suricata.pid";
	46
5240a809 SS	47	# Location of suricatactrl.
	48	my $suricatactrl = "/usr/local/bin/suricatactrl";
	49
	50	# Array with allowed commands of suricatactrl.
ed06bc81 SS	51	my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir', 'cron' );
	52
	53	# Array with supported cron intervals.
	54	my @cron_intervals = ('off', 'daily', 'weekly' );
5240a809	55
8dcebe53 SS	56	#
	57	## Function for checking if at least 300MB of free disk space are available
	58	## on the "/var" partition.
	59	#
	60	sub checkdiskspace () {
	61	# Call diskfree to gather the free disk space of /var.
	62	my @df = `/bin/df -B M /var`;
	63
	64	# Loop through the output.
	65	foreach my $line (@df) {
	66	# Ignore header line.
	67	next if $line =~ m/^Filesystem/;
	68
	69	# Search for a line with the device information.
	70	if ($line =~ m/dev/ ) {
	71	# Split the line into single pieces.
	72	my @values = split(' ', $line);
	73	my ($filesystem, $blocks, $used, $available, $used_perenctage, $mounted_on) = @values;
	74
	75	# Check if the available disk space is more than 300MB.
	76	if ($available < 300) {
434001d0 SS	77	# Log error to syslog.
434001d0 SS	78	&_log_to_syslog("Not enough free disk space on /var. Only $available MB from 300 MB available.");
8dcebe53	79
434001d0 SS	80	# Exit function and return "1" - False.
434001d0 SS	81	return 1;
8dcebe53 SS	82	}
	83	}
	84	}
	85
	86	# Everything okay, return nothing.
	87	return;
	88	}
	89
eea2670b SS	90	#
	91	## This function is responsible for downloading the configured snort ruleset.
	92	##
	93	## * At first it obtains from the stored snortsettings which ruleset should be downloaded.
	94	## * The next step is to get the download locations for all available rulesets.
	95	## * After that, the function will check if an upstream proxy should be used and grab the settings.
	96	## * The last step will be to generate the final download url, by obtaining the URL for the desired
	97	## ruleset, add the settings for the upstream proxy and final grab the rules tarball from the server.
	98	#
	99	sub downloadruleset {
	100	# Get snort settings.
	101	my %snortsettings=();
02844177	102	&General::readhash("$settingsdir/settings", \%snortsettings);
eea2670b	103
be52c68a SS	104	# Check if a ruleset has been configured.
	105	unless($snortsettings{'RULES'}) {
	106	# Log that no ruleset has been configured and abort.
	107	&_log_to_syslog("No ruleset source has been configured.");
	108
	109	# Return "1".
	110	return 1;
	111	}
	112
eea2670b SS	113	# Get all available ruleset locations.
eea2670b SS	114	my %rulesetsources=();
bce84f39	115	&General::readhash($rulesetsourcesfile, \%rulesetsources);
eea2670b SS	116
	117	# Read proxysettings.
	118	my %proxysettings=();
	119	&General::readhash("${General::swroot}/proxy/settings", \%proxysettings);
	120
	121	# Load required perl module to handle the download.
	122	use LWP::UserAgent;
	123
	124	# Init the download module.
	125	my $downloader = LWP::UserAgent->new;
	126
	127	# Set timeout to 10 seconds.
	128	$downloader->timeout(10);
	129
	130	# Check if an upstream proxy is configured.
	131	if ($proxysettings{'UPSTREAM_PROXY'}) {
	132	my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]?(?:\:[A-Za-z0-9\_\.\-]?)?\@)?([a-zA-Z0-9\.\_\-]?)(?:\:([0-9]{1,5}))?(?:\/.?)?$/);
	133	my $proxy_url;
	134
	135	# Check if we got a peer.
	136	if ($peer) {
	137	$proxy_url = "http://";
	138
	139	# Check if the proxy requires authentication.
	140	if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
	141	$proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
	142	}
	143
	144	# Add proxy server address and port.
	145	$proxy_url .= "$peer\:$peerport";
	146	} else {
434001d0 SS	147	# Log error message and break.
	148	&_log_to_syslog("Could not proper configure the proxy server access.");
	149
	150	# Return "1" - false.
	151	return 1;
eea2670b SS	152	}
	153
	154	# Setup proxy settings.
	155	$downloader->proxy('http', $proxy_url);
	156	}
	157
	158	# Grab the right url based on the configured vendor.
	159	my $url = $rulesetsources{$snortsettings{'RULES'}};
	160
	161	# Check if the vendor requires an oinkcode and add it if needed.
	162	$url =~ s/\<oinkcode\>/$snortsettings{'OINKCODE'}/g;
	163
	164	# Abort if no url could be determined for the vendor.
	165	unless ($url) {
434001d0 SS	166	# Log error and abort.
	167	&_log_to_syslog("Unable to gather a download URL for the selected ruleset.");
	168	return 1;
eea2670b SS	169	}
eea2670b SS	170
96da5803 SS	171	# Pass the requrested url to the downloader.
	172	my $request = HTTP::Request->new(HEAD => $url);
	173
	174	# Accept the html header.
	175	$request->header('Accept' => 'text/html');
	176
	177	# Perform the request and fetch the html header.
	178	my $response = $downloader->request($request);
	179
	180	# Check if there was any error.
	181	unless ($response->is_success) {
	182	# Obtain error.
	183	my $error = $response->content;
	184
	185	# Log error message.
	186	&_log_to_syslog("Unable to download the ruleset. \($error\)");
	187
	188	# Return "1" - false.
	189	return 1;
	190	}
	191
	192	# Assign the fetched header object.
	193	my $header = $response->headers;
	194
	195	# Grab the remote file size from the object and store it in the
	196	# variable.
	197	my $remote_filesize = $header->content_length;
	198
eea2670b SS	199	# Pass the requested url to the downloader.
	200	my $request = HTTP::Request->new(GET => $url);
	201
	202	# Perform the request and save the output into the "$rulestarball" file.
	203	my $response = $downloader->request($request, $rulestarball);
	204
	205	# Check if there was any error.
	206	unless ($response->is_success) {
88daf7eb SS	207	# Obtain error.
	208	my $error = $response->content;
	209
434001d0	210	# Log error message.
88daf7eb	211	&_log_to_syslog("Unable to download the ruleset. \($error\)");
434001d0 SS	212
	213	# Return "1" - false.
	214	return 1;
eea2670b SS	215	}
eea2670b SS	216
96da5803 SS	217	# Load perl stat module.
	218	use File::stat;
	219
	220	# Perform stat on the rulestarball.
	221	my $stat = stat($rulestarball);
	222
	223	# Grab the local filesize of the downloaded tarball.
	224	my $local_filesize = $stat->size;
	225
	226	# Check if both file sizes match.
	227	unless ($remote_filesize eq $local_filesize) {
	228	# Log error message.
	229	&_log_to_syslog("Unable to completely download the ruleset. ");
	230	&_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");
	231
	232	# Return "1" - false.
	233	return 1;
	234	}
	235
eea2670b SS	236	# If we got here, everything worked fine. Return nothing.
	237	return;
	238	}
8dcebe53	239
25f5cb0d SS	240	#
	241	## A tiny wrapper function to call the oinkmaster script.
	242	#
	243	sub oinkmaster () {
330759d8 SS	244	# Check if the files in rulesdir have the correct permissions.
	245	&_check_rulesdir_permissions();
	246
883820bd SS	247	# Cleanup the rules directory before filling it with the new rulest.
	248	&_cleanup_rulesdir();
	249
0e40e1e7 SS	250	# Load perl module to talk to the kernel syslog.
	251	use Sys::Syslog qw(:DEFAULT setlogsock);
	252
	253	# Establish the connection to the syslog service.
	254	openlog('oinkmaster', 'cons,pid', 'user');
	255
25f5cb0d	256	# Call oinkmaster to generate ruleset.
d9711d91	257	open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath\|") or die "Could not execute oinkmaster $!\n";
0e40e1e7 SS	258
	259	# Log output of oinkmaster to syslog.
	260	while(<OINKMASTER>) {
	261	# The syslog function works best with an array based input,
	262	# so generate one before passing the message details to syslog.
	263	my @syslog = ("INFO", "$_");
	264
	265	# Send the log message.
	266	syslog(@syslog);
	267	}
	268
	269	# Close the pipe to oinkmaster process.
	270	close(OINKMASTER);
	271
	272	# Close the log handle.
	273	closelog();
25f5cb0d SS	274	}
25f5cb0d SS	275
3983aebd SS	276	#
	277	## Function to do all the logging stuff if the downloading or updating of the ruleset fails.
	278	#
	279	sub log_error ($) {
	280	my ($error) = @_;
	281
	282	# Remove any newline.
	283	chomp($error);
	284
eb5592c1 SS	285	# Call private function to log the error message to syslog.
	286	&_log_to_syslog($error);
	287
3983aebd SS	288	# Call private function to write/store the error message in the storederrorfile.
	289	&_store_error_message($error);
	290	}
	291
eb5592c1 SS	292	#
	293	## Function to log a given error message to the kernel syslog.
	294	#
	295	sub _log_to_syslog ($) {
	296	my ($message) = @_;
	297
	298	# Load perl module to talk to the kernel syslog.
	299	use Sys::Syslog qw(:DEFAULT setlogsock);
	300
	301	# The syslog function works best with an array based input,
	302	# so generate one before passing the message details to syslog.
	303	my @syslog = ("ERR", "<ERROR> $message");
	304
	305	# Establish the connection to the syslog service.
	306	openlog('oinkmaster', 'cons,pid', 'user');
	307
	308	# Send the log message.
	309	syslog(@syslog);
	310
	311	# Close the log handle.
	312	closelog();
	313	}
	314
3983aebd SS	315	#
	316	## Private function to write a given error message to the storederror file.
	317	#
	318	sub _store_error_message ($) {
	319	my ($message) = @_;
	320
	321	# Remove any newline.
	322	chomp($message);
	323
	324	# Open file for writing.
	325	open (ERRORFILE, ">$storederrorfile") or die "Could not write to $storederrorfile. $!\n";
	326
	327	# Write error to file.
	328	print ERRORFILE "$message\n";
	329
	330	# Close file.
	331	close (ERRORFILE);
	332	}
	333
1cae702c SS	334	#
	335	## Function to get a list of all available network zones.
	336	#
	337	sub get_available_network_zones () {
	338	# Get netsettings.
	339	my %netsettings = ();
	340	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
	341
	342	# Obtain the configuration type from the netsettings hash.
	343	my $config_type = $netsettings{'CONFIG_TYPE'};
	344
	345	# Hash which contains the conversation from the config mode
	346	# to the existing network interface names. They are stored like
	347	# an array.
	348	#
	349	# Mode "0" red is a modem and green
	350	# Mode "1" red is a netdev and green
	351	# Mode "2" red, green and orange
	352	# Mode "3" red, green and blue
	353	# Mode "4" red, green, blue, orange
	354	my %config_type_to_interfaces = (
	355	"0" => [ "red", "green" ],
	356	"1" => [ "red", "green" ],
	357	"2" => [ "red", "green", "orange" ],
	358	"3" => [ "red", "green", "blue" ],
	359	"4" => [ "red", "green", "blue", "orange" ]
	360	);
	361
	362	# Obtain and dereference the corresponding network interaces based on the read
	363	# network config type.
	364	my @network_zones = @{ $config_type_to_interfaces{$config_type} };
	365
	366	# Return them.
	367	return @network_zones;
	368	}
	369
796eea21 SS	370	#
	371	## Function to check if the IDS is running.
	372	#
	373	sub ids_is_running () {
	374	if(-f $idspidfile) {
	375	# Open PID file for reading.
	376	open(PIDFILE, "$idspidfile") or die "Could not open $idspidfile. $!\n";
	377
	378	# Grab the process-id.
	379	my $pid = <PIDFILE>;
	380
	381	# Close filehandle.
	382	close(PIDFILE);
	383
	384	# Remove any newline.
	385	chomp($pid);
	386
	387	# Check if a directory for the process-id exists in proc.
	388	if(-d "/proc/$pid") {
	389	# The IDS daemon is running return the process id.
	390	return $pid;
	391	}
	392	}
	393
	394	# Return nothing - IDS is not running.
	395	return;
	396	}
	397
5240a809 SS	398	#
	399	## Function to call suricatactrl binary with a given command.
	400	#
	401	sub call_suricatactrl ($) {
	402	# Get called option.
ed06bc81	403	my ($option, $interval) = @_;
5240a809 SS	404
	405	# Loop through the array of supported commands and check if
	406	# the given one is part of it.
	407	foreach my $cmd (@suricatactrl_cmds) {
	408	# Skip current command unless the given one has been found.
	409	next unless($cmd eq $option);
	410
ed06bc81 SS	411	# Check if the given command is "cron".
	412	if ($option eq "cron") {
	413	# Check if an interval has been given.
	414	if ($interval) {
	415	# Check if the given interval is valid.
	416	foreach my $element (@cron_intervals) {
	417	# Skip current element until the given one has been found.
	418	next unless($element eq $interval);
	419
	420	# Call the suricatactrl binary and pass the "cron" command
	421	# with the requrested interval.
	422	system("$suricatactrl $option $interval &>/dev/null");
	423
	424	# Return "1" - True.
	425	return 1;
	426	}
	427	}
5240a809	428
ed06bc81 SS	429	# If we got here, the given interval is not supported or none has been given. - Return nothing.
	430	return;
	431	} else {
	432	# Call the suricatactrl binary and pass the requrested
	433	# option to it.
	434	system("$suricatactrl $option &>/dev/null");
	435
	436	# Return "1" - True.
	437	return 1;
	438	}
5240a809 SS	439	}
	440
	441	# Command not found - return nothing.
	442	return;
	443	}
	444
308ba5e7 SS	445	#
	446	## Function to create a new empty file.
	447	#
	448	sub create_empty_file($) {
	449	my ($file) = @_;
	450
	451	# Check if the given file exists.
	452	if(-e $file) {
	453	# Do nothing to prevent from overwriting existing files.
	454	return;
	455	}
	456
	457	# Open the file for writing.
	458	open(FILE, ">$file") or die "Could not write to $file. $!\n";
	459
	460	# Close file handle.
	461	close(FILE);
	462
	463	# Return true.
	464	return 1;
	465	}
	466
330759d8 SS	467	#
	468	## Private function to check if the file permission of the rulespath are correct.
	469	## If not, call suricatactrl to fix them.
	470	#
	471	sub _check_rulesdir_permissions() {
e568796b SS	472	# Check if the rulepath main directory is writable.
	473	unless (-W $rulespath) {
	474	# If not call suricatctrl to fix it.
	475	&call_suricatactrl("fix-rules-dir");
	476	}
	477
330759d8 SS	478	# Open snort rules directory and do a directory listing.
	479	opendir(DIR, $rulespath) or die $!;
	480	# Loop through the direcory.
	481	while (my $file = readdir(DIR)) {
	482	# We only want files.
	483	next unless (-f "$rulespath/$file");
	484
	485	# Check if the file is writable by the user.
	486	if (-W "$rulespath/$file") {
	487	# Everything is okay - go on to the next file.
	488	next;
	489	} else {
	490	# There are wrong permissions, call suricatactrl to fix it.
	491	&call_suricatactrl("fix-rules-dir");
	492	}
	493	}
	494	}
	495
b59cdbee SS	496	#
	497	## Private function to cleanup the directory which contains
	498	## the IDS rules, before extracting and modifing the new ruleset.
	499	#
	500	sub _cleanup_rulesdir() {
8cf04a16 SS	501	# Open rules directory and do a directory listing.
	502	opendir(DIR, $rulespath) or die $!;
	503
	504	# Loop through the direcory.
	505	while (my $file = readdir(DIR)) {
	506	# We only want files.
	507	next unless (-f "$rulespath/$file");
	508
	509	# Skip element if it has config as file extension.
	510	next if ($file =~ m/\.config$/);
b59cdbee	511
8cf04a16	512	# Delete the current processed file, if not, exit this function
b59cdbee	513	# and return an error message.
1201c1e7	514	unlink("$rulespath/$file") or return "Could not delete $rulespath/$file. $!\n";
b59cdbee SS	515	}
b59cdbee SS	516
4ce42488	517	# Return nothing;
b59cdbee SS	518	return;
	519	}
	520
8dcebe53	521	1;