# File to store any errors, which also will be read and displayed by the wui.
our $storederrorfile = "/tmp/ids_storederror";
+# File to lock the WUI, while the autoupdate script runs.
+our $ids_page_lock_file = "/tmp/ids_page_locked";
+
# Location where the rulefiles are stored.
our $rulespath = "/var/lib/suricata";
# Check if an upstream proxy is configured.
if ($proxysettings{'UPSTREAM_PROXY'}) {
- my ($peer, $peerport) = (/^(?:[a-zA-Z ]+\:\/\/)?(?:[A-Za-z0-9\_\.\-]*?(?:\:[A-Za-z0-9\_\.\-]*?)?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,5}))?(?:\/.*?)?$/);
my $proxy_url;
- # Check if we got a peer.
- if ($peer) {
- $proxy_url = "http://";
-
- # Check if the proxy requires authentication.
- if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
- $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
- }
-
- # Add proxy server address and port.
- $proxy_url .= "$peer\:$peerport";
- } else {
- # Log error message and break.
- &_log_to_syslog("Could not proper configure the proxy server access.");
+ $proxy_url = "http://";
- # Return "1" - false.
- return 1;
+ # Check if the proxy requires authentication.
+ if (($proxysettings{'UPSTREAM_USER'}) && ($proxysettings{'UPSTREAM_PASSWORD'})) {
+ $proxy_url .= "$proxysettings{'UPSTREAM_USER'}\:$proxysettings{'UPSTREAM_PASSWORD'}\@";
}
+ # Add proxy server address and port.
+ $proxy_url .= $proxysettings{'UPSTREAM_PROXY'};
+
# Setup proxy settings.
$downloader->proxy(['http', 'https'], $proxy_url);
}
return 1;
}
- # Pass the requrested url to the downloader.
- my $request = HTTP::Request->new(HEAD => $url);
+ # Variable to store the filesize of the remote object.
+ my $remote_filesize;
- # Accept the html header.
- $request->header('Accept' => 'text/html');
+ # The sourcfire (snort rules) does not allow to send "HEAD" requests, so skip this check
+ # for this webserver.
+ #
+ # Check if the ruleset source contains "snort.org".
+ unless ($url =~ /\.snort\.org/) {
+ # Pass the requrested url to the downloader.
+ my $request = HTTP::Request->new(HEAD => $url);
- # Perform the request and fetch the html header.
- my $response = $downloader->request($request);
+ # Accept the html header.
+ $request->header('Accept' => 'text/html');
- # Check if there was any error.
- unless ($response->is_success) {
- # Obtain error.
- my $error = $response->status_line();
+ # Perform the request and fetch the html header.
+ my $response = $downloader->request($request);
- # Log error message.
- &_log_to_syslog("Unable to download the ruleset. \($error\)");
+ # Check if there was any error.
+ unless ($response->is_success) {
+ # Obtain error.
+ my $error = $response->status_line();
- # Return "1" - false.
- return 1;
- }
+ # Log error message.
+ &_log_to_syslog("Unable to download the ruleset. \($error\)");
+
+ # Return "1" - false.
+ return 1;
+ }
- # Assign the fetched header object.
- my $header = $response->headers();
+ # Assign the fetched header object.
+ my $header = $response->headers();
- # Grab the remote file size from the object and store it in the
- # variable.
- my $remote_filesize = $header->content_length;
+ # Grab the remote file size from the object and store it in the
+ # variable.
+ $remote_filesize = $header->content_length;
+ }
# Load perl module to deal with temporary files.
use File::Temp;
my $local_filesize = $stat->size;
# Check if both file sizes match.
- unless ($remote_filesize eq $local_filesize) {
+ if (($remote_filesize) && ($remote_filesize ne $local_filesize)) {
# Log error message.
&_log_to_syslog("Unable to completely download the ruleset. ");
&_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");
openlog('oinkmaster', 'cons,pid', 'user');
# Call oinkmaster to generate ruleset.
- open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath|") or die "Could not execute oinkmaster $!\n";
+ open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath 2>&1 |") or die "Could not execute oinkmaster $!\n";
# Log output of oinkmaster to syslog.
while(<OINKMASTER>) {
return;
}
+#
+## Function to write the lock file for locking the WUI, while
+## the autoupdate script runs.
+#
+sub lock_ids_page() {
+ # Call subfunction to create the file.
+ &create_empty_file($ids_page_lock_file);
+}
+
+#
+## Function to release the lock of the WUI, again.
+#
+sub unlock_ids_page() {
+ # Delete lock file.
+ unlink($ids_page_lock_file);
+}
+
1;