config/suricata/convert-ids-backend-files

   1 #!/usr/bin/perl
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2021 IPFire Development Team <info@ipfire.org>                #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 use strict;
  23
  24 require '/var/ipfire/general-functions.pl';
  25 require '/var/ipfire/ids-functions.pl';
  26
  27 # Exit if there is no main oinkmaster config file anymore.
  28 exit 0 unless (-f "$IDS::settingsdir/oinkmaster.conf");
  29
  30 # Get all supported providers.
  31 my @providers = &IDS::get_ruleset_providers();
  32
  33 #
  34 ## Step 1: Convert used rules files.
  35 #
  36
  37 # Loop through the array of known providers.
  38 foreach my $provider (@providers) {
  39         my %used_rulesfiles = ();
  40
  41         # Generate old filename which contained the used rulesfile.
  42         my $old_used_rulesfiles_file = "$IDS::settingsdir/suricata-$provider\-used-rulefiles.yaml";
  43
  44         # Skip the provider if there is no used rulesfiles file available.
  45         next unless (-f $old_used_rulesfiles_file);
  46
  47         # Open the used rulesfiles file.
  48         open(FILE, "$old_used_rulesfiles_file");
  49
  50         # Read-in the file content.
  51         my @file = <FILE>;
  52
  53         # Close file handle.
  54         close(FILE);
  55
  56         # Loop through the file content.
  57         foreach my $line(@file) {
  58                 chomp($line);
  59
  60                 # Grab the used rulesfile name from the line.
  61                 if ($line =~ /^\s-\s(.*)/) {
  62                         my $rulesfile = $1;
  63
  64                         # Add the used rulesfile to the has of used rulesfile for this provider.
  65                         $used_rulesfiles{$rulesfile} = "enabled";
  66                 }
  67         }
  68
  69         # Get the filename for the new used rulesfiles file.
  70         my $used_rulesfiles_file = &IDS::get_provider_used_rulesfiles_file($provider);
  71
  72         # Write the file.
  73         &General::writehash("$used_rulesfiles_file", \%used_rulesfiles);
  74
  75         # Set the correct ownership for the new file.
  76         &IDS::set_ownership("$used_rulesfiles_file");
  77 }
  78
  79 #
  80 ## Step 2: Convert ruleset modifictaion files.
  81 #
  82
  83 # Loop through the array of providers.
  84 foreach my $provider (@providers) {
  85         my %modifications = ();
  86
  87         # Generate old filename which hold the ruleset modifications.
  88         my $old_modifications_file = "$IDS::settingsdir/oinkmaster\-$provider\-modified-sids.conf";
  89
  90         # Skip provider if there is no modifications file.
  91         next unless (-f $old_modifications_file);
  92
  93         # Open modifications file.
  94         open(FILE, "$old_modifications_file");
  95
  96         # Read-in file content.
  97         my @file = <FILE>;
  98
  99         # Close file handle.
 100         close(FILE);
 101
 102         # Loop through the file content.
 103         foreach my $line (@file) {
 104                 chomp($line);
 105
 106                 # Split line and assign to an temporary array.
 107                 my @tmp = split(/ /, $line);
 108
 109                 # Assign nice human-readable variables.
 110                 my $action = $tmp[0];
 111                 my $sid = $tmp[1];
 112
 113                 # Process stored rule action and assign to the modifications hash.
 114                 if ($action eq "enablesid") {
 115                         $modifications{$sid} = "enabled";
 116
 117                 } elsif ($action eq "disablesid") {
 118                         $modifications{$sid} = "disabled";
 119                 }
 120         }
 121
 122         # Get new filename which will hold the ruleset modifications for this provider.
 123         my $new_modifications_file = &IDS::get_provider_ruleset_modifications_file($provider);
 124
 125         # Write new modifications file.
 126         &General::writehash("$new_modifications_file", \%modifications);
 127
 128         # Set correct ownership for the new modifications file.
 129         &IDS::set_ownership("$new_modifications_file");
 130 }
 131
 132 #
 133 ## Step 3: Regenerate the ruleset.
 134 #
 135
 136 # Call oinkmaster wrapper function.
 137 &IDS::oinkmaster();
 138
 139 #
 140 ## Step 4: Write new config file for suricata which contains the used rulesfiles.
 141 #
 142
 143 # Get enabled providers.
 144 my @enabled_providers = &IDS::get_enabled_providers();
 145
 146 # Write used rulesfiles file.
 147 &IDS::write_used_rulefiles_file(@enabled_providers);