# Snort rules tarball.
my $snort_rules_tarball = "/var/tmp/snortrules.tar.gz";
-# Check if a snort settings file exists.
-unless( -f "$snort_settings_file") {
- print "$snort_settings_file not found - Nothing to do. Exiting!\n";
- exit(0);
-}
-
-# Check if the snort settings file is empty.
-if (-z "$snort_settings_file") {
- print "$snort_settings_file is empty - Nothing to do. Exiting!\n";
- exit(0);
-}
-
#
## Step 1: Setup directory and file layout, if not present and set correct
## ownership. The converter runs as a privileged user, but the files
&IDS::set_ownership("$IDS::settingsdir");
&IDS::set_ownership("$IDS::rulespath");
+# Check if a snort settings file exists.
+unless( -f "$snort_settings_file") {
+ print "$snort_settings_file not found - Nothing to do. Exiting!\n";
+ exit(0);
+}
+
+# Check if the snort settings file is empty.
+if (-z "$snort_settings_file") {
+ print "$snort_settings_file is empty - Nothing to do. Exiting!\n";
+ exit(0);
+}
+
#
## Step 2: Import snort settings and convert to the required format for the new IDS
## (suricata).
# Call subfunction and pass the desired IDS action.
&IDS::write_modify_sids_file($IDS_action);
+# Set correct ownership.
+&IDS::set_ownership("$IDS::modify_sids_file");
+
#
## Step 6: Move rulestarball to its new location.
#
move($snort_rules_tarball, $IDS::rulestarball);
# Set correct ownership.
- chown($uid, $gid, $IDS::rulestarball);
+ &IDS::set_ownership("$IDS::rulestarball");
+
+# In case no tarball is present, try to download the ruleset.
+} else {
+ # Check if enought disk space is available.
+ if(&IDS::checkdiskspace()) {
+ # Print error message.
+ print "Could not download ruleset - Not enough free diskspace available.\n";
+ } else {
+ # Call the download function and grab the new ruleset.
+ &IDS::downloadruleset();
+ }
}
#
if (-f $IDS::rulestarball) {
# Launch oinkmaster by calling the subfunction.
&IDS::oinkmaster();
+
+ # Set correct ownership for the rulesdir and files.
+ &IDS::set_ownership("$IDS::rulespath");
}
#
-## Step 8: Grab used ruleset files from snort config file and convert
+## Step 8: Generate file for the HOME Net.
+#
+
+# Call subfunction to generate the file.
+&IDS::generate_home_net_file();
+
+#
+## Step 9: Setup automatic ruleset updates.
+#
+
+# Check if a ruleset is configured.
+if($rulessettings{"RULES"}) {
+ # Call suricatactrl and setup the periodic update mechanism.
+ &IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'});
+}
+
+#
+## Step 10: Grab used ruleset files from snort config file and convert
## them into the new format.
#
# Pass the array of enabled rule files to the subfunction and write the file.
&IDS::write_used_rulefiles_file(@enabled_rule_files);
-#
-## Step 9: Generate file for the HOME Net.
-#
-
-# Call subfunction to generate the file.
-&IDS::generate_home_net_file();
-
-#
-## Step 10: Setup automatic ruleset updates.
-#
-
-# Check if a ruleset is configured.
-if($rulessettings{"RULES"}) {
- # Call suricatactrl and setup the periodic update mechanism.
- &IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'});
-}
-
#
## Step 11: Start the IDS if enabled.
#
projects / ipfire-2.x.git / blobdiff