src/scripts/update-ids-ruleset

   1 #!/usr/bin/perl
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 use strict;
  23 use POSIX;
  24
  25 require '/var/ipfire/general-functions.pl';
  26 require "${General::swroot}/ids-functions.pl";
  27 require "${General::swroot}/lang.pl";
  28
  29 # Import ruleset providers file.
  30 require "$IDS::rulesetsourcesfile";
  31
  32 # Load perl module to talk to the kernel syslog.
  33 use Sys::Syslog qw(:DEFAULT setlogsock);
  34
  35 # Variable to store if the process has written a lockfile.
  36 my $locked;
  37
  38 # Array to store the updated providers.
  39 my @updated_providers = ();
  40
  41 # Hash to store the configured providers.
  42 my %providers = ();
  43
  44 # The user and group name as which this script should be run.
  45 my $run_as = 'nobody';
  46
  47 # Get user and group id of the user.
  48 my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ];
  49
  50 # Check if the script currently runs as root.
  51 if ( $> == 0 ) {
  52         # Drop privileges and switch to the specified user and group.
  53         POSIX::setgid( $gid );
  54         POSIX::setuid( $uid );
  55 }
  56
  57 # Establish the connection to the syslog service.
  58 openlog('oinkmaster', 'cons,pid', 'user');
  59
  60 # Check if the IDS lock file exists.
  61 # In this case the WUI or another instance currently is altering the
  62 # ruleset.
  63 if (-f "$IDS::ids_page_lock_file") {
  64         # Store notice to the syslog.
  65         &_log_to_syslog("<INFO> Autoupdate skipped - Another process was altering the IDS ruleset.");
  66
  67         # Exit.
  68         exit 0;
  69 }
  70
  71 # Check if the red device is active.
  72 unless (-e "${General::swroot}/red/active") {
  73         # Store notice in the syslog.
  74         &_log_to_syslog("<ERROR> Could not update any ruleset - The system is offline.");
  75
  76         # Exit.
  77         exit 0;
  78 }
  79
  80 # Check if enought free disk space is availabe.
  81 my $return = &IDS::checkdiskspace();
  82
  83 # Handle error.
  84 if ($return) {
  85         # Store error in syslog.
  86         &_log_to_syslog("<ERROR> Not enough free disk space, only $return of 300MB are available.");
  87
  88         # Exit.
  89         exit 0;
  90 }
  91
  92 # Lock the IDS page.
  93 &IDS::lock_ids_page();
  94
  95 # The script has requested a lock, so set locket to "1".
  96 $locked = "1";
  97
  98 # Grab the configured providers, if the providers settings file exists.
  99 &General::readhasharray("$IDS::providers_settings_file", \%providers) if (-f "$IDS::providers_settings_file");
 100
 101 # Loop through the array of available providers.
 102 foreach my $id (keys %providers) {
 103         # Assign some nice variabled.
 104         my $provider = $providers{$id}[0];
 105         my $enabled_status = $providers{$id}[2];
 106         my $autoupdate_status = $providers{$id}[3];
 107
 108         # Skip unsupported providers.
 109         next unless($IDS::Ruleset::Providers{$provider}{'dl_url'});
 110
 111         # Skip the provider if it is not enabled.
 112         next unless($enabled_status eq "enabled");
 113
 114         # Skip the provider if autoupdate is not enabled.
 115         next unless($autoupdate_status eq "enabled");
 116
 117         # Log notice about update.
 118         &_log_to_syslog("<INFO> Performing update for $provider.");
 119
 120         # Call the download function and gather the new ruleset for the current processed provider.
 121         my $return = &IDS::downloadruleset($provider);
 122
 123         # Check if we got a return code.
 124         if ($return) {
 125                 # Handle different return codes.
 126                 if ($return eq "not modified") {
 127                         # Log notice to syslog.
 128                         &_log_to_syslog("<INFO> Skipping $provider - The ruleset is up-to-date");
 129
 130                 } elsif ($return eq "no url") {
 131                         # Log error to the syslog.
 132                         &_log_to_syslog("<ERROR> Could not determine a download URL for $provider.");
 133
 134                 } else {
 135                         # Log error to syslog.
 136                         &_log_to_syslog("<ERROR> $return");
 137                 }
 138         } else {
 139                 # Log successfull update.
 140                 &_log_to_syslog("<INFO> Successfully updated ruleset for $provider.");
 141
 142                 # Get path and name of the stored rules file or archive.
 143                 my $stored_file = &IDS::_get_dl_rulesfile($provider);
 144
 145                 # Set correct ownership for the downloaded tarball.
 146                 &IDS::set_ownership("$stored_file");
 147
 148                 # Add the provider handle to the array of updated providers.
 149                 push(@updated_providers, $provider);
 150         }
 151 }
 152
 153 # Check if at least one provider has been updated successfully.
 154 if (@updated_providers) {
 155         # Call oinkmaster to alter the ruleset.
 156         &IDS::oinkmaster();
 157
 158         # Set correct ownership for the rulesdir and files.
 159         &IDS::set_ownership("$IDS::rulespath");
 160
 161         # Check if the IDS is running.
 162         if(&IDS::ids_is_running()) {
 163                 # Call suricatactrl to perform a reload.
 164                 &IDS::call_suricatactrl("reload");
 165         }
 166 }
 167
 168 #
 169 # Tiny function to sent the error message to the syslog.
 170 #
 171 sub _log_to_syslog($) {
 172         my ($message) = @_;
 173
 174         # The syslog function works best with an array based input,
 175         # so generate one before passing the message details to syslog.
 176         my @syslog = ("ERR", "$message");
 177
 178         # Send the log message.
 179         syslog(@syslog);
 180 }
 181
 182 END {
 183         # Close connection to syslog.
 184         closelog();
 185
 186         # Check if a lock has been requested.
 187         if ($locked) {
 188                 # Unlock the IDS page.
 189                 &IDS::unlock_ids_page();
 190         }
 191 }
 192
 193 1;