# File to store any errors, which also will be read and displayed by the wui.
our $storederrorfile = "/tmp/ids_storederror";
+# File to lock the WUI, while the autoupdate script runs.
+our $ids_page_lock_file = "/tmp/ids_page_locked";
+
# Location where the rulefiles are stored.
our $rulespath = "/var/lib/suricata";
# Check if an upstream proxy is configured.
if ($proxysettings{'UPSTREAM_PROXY'}) {
- my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
my $proxy_url;
- # Check if we got a peer.
- if ($peer) {
- $proxy_url = "http://";
-
- # Check if the proxy requires authentication.
- if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
- $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
- }
-
- # Add proxy server address and port.
- $proxy_url .= "$peer\:$peerport";
- } else {
- # Log error message and break.
- &_log_to_syslog("Could not proper configure the proxy server access.");
+ $proxy_url = "http://";
- # Return "1" - false.
- return 1;
+ # Check if the proxy requires authentication.
+ if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
+ $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
}
+ # Add proxy server address and port.
+ $proxy_url .= $proxysettings{'UPSTREAM_PROXY'};
+
# Setup proxy settings.
$downloader->proxy(['http', 'https'], $proxy_url);
}
return 1;
}
- # Pass the requrested url to the downloader.
- my $request = HTTP::Request->new(HEAD => $url);
+ # Variable to store the filesize of the remote object.
+ my $remote_filesize;
- # Accept the html header.
- $request->header('Accept' => 'text/html');
+ # The sourcfire (snort rules) does not allow to send "HEAD" requests, so skip this check
+ # for this webserver.
+ #
+ # Check if the ruleset source contains "snort.org".
+ unless ($url =~ /\.snort\.org/) {
+ # Pass the requrested url to the downloader.
+ my $request = HTTP::Request->new(HEAD => $url);
- # Perform the request and fetch the html header.
- my $response = $downloader->request($request);
+ # Accept the html header.
+ $request->header('Accept' => 'text/html');
- # Check if there was any error.
- unless ($response->is_success) {
- # Obtain error.
- my $error = $response->content;
+ # Perform the request and fetch the html header.
+ my $response = $downloader->request($request);
- # Log error message.
- &_log_to_syslog("Unable to download the ruleset. \($error\)");
+ # Check if there was any error.
+ unless ($response->is_success) {
+ # Obtain error.
+ my $error = $response->status_line();
- # Return "1" - false.
- return 1;
- }
+ # Log error message.
+ &_log_to_syslog("Unable to download the ruleset. \($error\)");
- # Assign the fetched header object.
- my $header = $response->headers;
+ # Return "1" - false.
+ return 1;
+ }
- # Grab the remote file size from the object and store it in the
- # variable.
- my $remote_filesize = $header->content_length;
+ # Assign the fetched header object.
+ my $header = $response->headers();
+
+ # Grab the remote file size from the object and store it in the
+ # variable.
+ $remote_filesize = $header->content_length;
+ }
# Load perl module to deal with temporary files.
use File::Temp;
my $local_filesize = $stat->size;
# Check if both file sizes match.
- unless ($remote_filesize eq $local_filesize) {
+ if (($remote_filesize) && ($remote_filesize ne $local_filesize)) {
# Log error message.
&_log_to_syslog("Unable to completely download the ruleset. ");
&_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");
openlog('oinkmaster', 'cons,pid', 'user');
# Call oinkmaster to generate ruleset.
- open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath|") or die "Could not execute oinkmaster $!\n";
+ open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath 2>&1 |") or die "Could not execute oinkmaster $!\n";
# Log output of oinkmaster to syslog.
while(<OINKMASTER>) {
# Loop through the array of available network zones.
foreach my $zone (@network_zones) {
- # Convert current zone name into upper case.
- $zone = uc($zone);
-
- # Generate key to access the required data from the netsettings hash.
- my $zone_netaddress = $zone . "_NETADDRESS";
- my $zone_netmask = $zone . "_NETMASK";
-
- # Obtain the settings from the netsettings hash.
- my $netaddress = $netsettings{$zone_netaddress};
- my $netmask = $netsettings{$zone_netmask};
-
- # Convert the subnetmask into prefix notation.
- my $prefix = &Network::convert_netmask2prefix($netmask);
+ # Check if the current processed zone is red.
+ if($zone eq "red") {
+ # Grab the IP-address of the red interface.
+ my $red_address = &get_red_address();
- # Generate full network string.
- my $network = join("/", $netaddress,$prefix);
+ # Check if an address has been obtained.
+ if ($red_address) {
+ # Generate full network string.
+ my $red_network = join("/", $red_address, "32");
- # Check if the network is valid.
- if(&Network::check_subnet($network)) {
- # Add the generated network to the array of networks.
- push(@networks, $network);
- }
+ # Add the red network to the array of networks.
+ push(@networks, $red_network);
+ }
- # Check if the current processed zone is red.
- if($zone eq "RED") {
# Check if the configured RED_TYPE is static.
if ($netsettings{'RED_TYPE'} eq "STATIC") {
# Get configured and enabled aliases.
push(@networks, $network);
}
}
+ # Process remaining network zones.
+ } else {
+ # Convert current zone name into upper case.
+ $zone = uc($zone);
+
+ # Generate key to access the required data from the netsettings hash.
+ my $zone_netaddress = $zone . "_NETADDRESS";
+ my $zone_netmask = $zone . "_NETMASK";
+
+ # Obtain the settings from the netsettings hash.
+ my $netaddress = $netsettings{$zone_netaddress};
+ my $netmask = $netsettings{$zone_netmask};
+
+ # Convert the subnetmask into prefix notation.
+ my $prefix = &Network::convert_netmask2prefix($netmask);
+
+ # Generate full network string.
+ my $network = join("/", $netaddress,$prefix);
+
+ # Check if the network is valid.
+ if(&Network::check_subnet($network)) {
+ # Add the generated network to the array of networks.
+ push(@networks, $network);
+ }
}
}
return;
}
+#
+## Function to write the lock file for locking the WUI, while
+## the autoupdate script runs.
+#
+sub lock_ids_page() {
+ # Call subfunction to create the file.
+ &create_empty_file($ids_page_lock_file);
+}
+
+#
+## Function to release the lock of the WUI, again.
+#
+sub unlock_ids_page() {
+ # Delete lock file.
+ unlink($ids_page_lock_file);
+}
+
1;