]>
Commit | Line | Data |
---|---|---|
82979dec SS |
1 | #!/usr/bin/perl |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
66c36198 | 5 | # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> # |
82979dec SS |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | use strict; | |
72ab7196 | 23 | use POSIX; |
82979dec SS |
24 | |
25 | require '/var/ipfire/general-functions.pl'; | |
26 | require "${General::swroot}/ids-functions.pl"; | |
27 | require "${General::swroot}/lang.pl"; | |
28 | ||
a956712e SS |
29 | # Variable to store if the process has written a lockfile. |
30 | my $locked; | |
31 | ||
6875f9ce SS |
32 | # Hash to store the configured providers. |
33 | my %providers = (); | |
34 | ||
72ab7196 SS |
35 | # The user and group name as which this script should be run. |
36 | my $run_as = 'nobody'; | |
37 | ||
38 | # Get user and group id of the user. | |
39 | my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ]; | |
40 | ||
41 | # Check if the script currently runs as root. | |
42 | if ( $> == 0 ) { | |
43 | # Drop privileges and switch to the specified user and group. | |
44 | POSIX::setgid( $gid ); | |
45 | POSIX::setuid( $uid ); | |
46 | } | |
47 | ||
27671216 SS |
48 | # Check if the IDS lock file exists. |
49 | # In this case the WUI or another instance currently is altering the | |
50 | # ruleset. | |
51 | if (-f "$IDS::ids_page_lock_file") { | |
52 | # Store notice to the syslog. | |
53 | &IDS::_log_to_syslog("Another process currently is altering the IDS ruleset."); | |
54 | ||
55 | # Exit. | |
56 | exit 0; | |
57 | } | |
58 | ||
82979dec SS |
59 | # Check if the red device is active. |
60 | unless (-e "${General::swroot}/red/active") { | |
61 | # Store notice in the syslog. | |
62 | &IDS::_log_to_syslog("The system is offline."); | |
63 | ||
64 | # Store error message for displaying in the WUI. | |
d6f725e1 | 65 | &IDS::_store_error_message("$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}"); |
82979dec SS |
66 | |
67 | # Exit. | |
68 | exit 0; | |
69 | } | |
70 | ||
71 | # Check if enought free disk space is availabe. | |
72 | if(&IDS::checkdiskspace()) { | |
73 | # Store the error message for displaying in the WUI. | |
74 | &IDS::_store_error_message("$Lang::tr{'not enough disk space'}"); | |
75 | ||
76 | # Exit. | |
77 | exit 0; | |
78 | } | |
79 | ||
5206a335 SS |
80 | # Lock the IDS page. |
81 | &IDS::lock_ids_page(); | |
82 | ||
a956712e SS |
83 | # The script has requested a lock, so set locket to "1". |
84 | $locked = "1"; | |
85 | ||
6875f9ce SS |
86 | # Grab the configured providers. |
87 | &General::readhasharray("$IDS::providers_settings_file", \%providers); | |
82979dec | 88 | |
6875f9ce SS |
89 | # Loop through the array of available providers. |
90 | foreach my $id (keys %providers) { | |
91 | # Assign some nice variabled. | |
92 | my $provider = $providers{$id}[0]; | |
93 | my $autoupdate_status = $providers{$id}[3]; | |
84227f7a | 94 | |
6875f9ce SS |
95 | # Skip the provider if autoupdate is not enabled. |
96 | next unless($autoupdate_status eq "enabled"); | |
82979dec | 97 | |
6875f9ce SS |
98 | # Call the download function and gather the new ruleset for the current processed provider. |
99 | if(&IDS::downloadruleset($provider)) { | |
100 | # Store error message for displaying in the WUI. | |
101 | &IDS::_store_error_message("$provider: $Lang::tr{'could not download latest updates'}"); | |
102 | ||
103 | # Unlock the IDS page. | |
104 | &IDS::unlock_ids_page(); | |
105 | ||
106 | # Exit. | |
107 | exit 0; | |
108 | } | |
109 | ||
110 | # Get path and name of the stored rules file or archive. | |
111 | my $stored_file = &IDS::_get_dl_rulesfile($provider); | |
112 | ||
113 | # Set correct ownership for the downloaded tarball. | |
114 | &IDS::set_ownership("$stored_file"); | |
115 | } | |
50b35e0f | 116 | |
82979dec SS |
117 | # Call oinkmaster to alter the ruleset. |
118 | &IDS::oinkmaster(); | |
119 | ||
ca8c9210 SS |
120 | # Set correct ownership for the rulesdir and files. |
121 | &IDS::set_ownership("$IDS::rulespath"); | |
122 | ||
82979dec SS |
123 | # Check if the IDS is running. |
124 | if(&IDS::ids_is_running()) { | |
125 | # Call suricatactrl to perform a reload. | |
126 | &IDS::call_suricatactrl("reload"); | |
127 | } | |
128 | ||
a956712e SS |
129 | # Custom END declaration to release a IDS page lock |
130 | # when the script has created one. | |
131 | END { | |
132 | # Check if a lock has been requested. | |
133 | if ($locked) { | |
134 | # Unlock the IDS page. | |
135 | &IDS::unlock_ids_page(); | |
136 | } | |
137 | } | |
138 | ||
82979dec | 139 | 1; |