convert-snort: Try to download ruleset if none is present.

[ipfire-2.x.git] / config / suricata / convert-snort

diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort
index dfd83a530c149a8c2d0073879bfdd09b5d7c4ec2..ca650b149a212d9f0074297d78626fec96d8fd11 100644 (file)
--- a/config/suricata/convert-snort
+++ b/config/suricata/convert-snort
@@ -33,32 +33,12 @@ my $snort_config_file = "/etc/snort/snort.conf";
 # Snort rules tarball.
 my $snort_rules_tarball = "/var/tmp/snortrules.tar.gz";
 
-# Check if a snort settings file exists.
-unless( -f "$snort_settings_file") {
-        print "$snort_settings_file not found - Nothing to do. Exiting!\n";
-        exit(0);
-}
-
-# Check if the snort settings file is empty.
-if (-z "$snort_settings_file") {
-       print "$snort_settings_file is empty - Nothing to do. Exiting!\n";
-       exit(0);
-}
-
 #
 ## Step 1: Setup directory and file layout, if not present and set correct
 ##         ownership. The converter runs as a privileged user, but the files
 ##         needs to be full access-able by the WUI user and group (nobody:nobody).
 #
 
-# User and group of the WUI.
-my $uname = "nobody";
-my $grname = "nobody";
-
-# The chown function implemented in perl requies the user and group as nummeric id's.
-my $uid = getpwnam($uname);
-my $gid = getgrnam($grname);
-
 # Check if the settings directory exists.
 unless (-d $IDS::settingsdir) {
        # Create the directory.
@@ -71,26 +51,24 @@ unless (-d $IDS::rulespath) {
        mkdir($IDS::rulespath);
 }
 
-# Set correct ownership for the settings and rules folder.
-chown($uid, $gid, $IDS::settingsdir);
-chown($uid, $gid, $IDS::rulespath);
-
 # Create file layout, if not exists yet.
 &IDS::check_and_create_filelayout();
 
-# Set correct ownership for the files - Open settings directory and do a directory listing.
-opendir(DIR, $IDS::settingsdir) or die $!;
-        # Loop through the direcory.
-        while (my $file = readdir(DIR)) {
-
-                # We only want files.
-                next unless (-f "$IDS::settingsdir/$file");
+# Set correct ownership for settingsdir and rulespath.
+&IDS::set_ownership("$IDS::settingsdir");
+&IDS::set_ownership("$IDS::rulespath");
 
-               # Set correct ownership for the files.
-               chown($uid, $gid, "$IDS::settingsdir/$file");
-       }
+# Check if a snort settings file exists.
+unless( -f "$snort_settings_file") {
+       print "$snort_settings_file not found - Nothing to do. Exiting!\n";
+       exit(0);
+}
 
-closedir(DIR);
+# Check if the snort settings file is empty.
+if (-z "$snort_settings_file") {
+       print "$snort_settings_file is empty - Nothing to do. Exiting!\n";
+       exit(0);
+}
 
 #
 ## Step 2: Import snort settings and convert to the required format for the new IDS
@@ -231,6 +209,9 @@ if ($idssettings{"MONITOR_TRAFFIC_ONLY"} eq "off") {
 # Call subfunction and pass the desired IDS action.
 &IDS::write_modify_sids_file($IDS_action);
 
+# Set correct ownership.
+&IDS::set_ownership("$IDS::modify_sids_file");
+
 #
 ## Step 6: Move rulestarball to its new location.
 #
@@ -244,7 +225,15 @@ if (-f $snort_rules_tarball) {
        move($snort_rules_tarball, $IDS::rulestarball);
 
        # Set correct ownership.
-       chown($uid, $gid, $IDS::rulestarball);
+       &IDS::set_ownership("$IDS::rulestarball");
+
+# In case no tarball is present, try to download the ruleset.
+} else {
+       # Check if enought disk space is available.
+       if(&IDS::checkdiskspace()) {
+               # Call the download function and grab the new ruleset.
+               &IDS::downloadruleset();
+       }
 }
 
 #
@@ -255,6 +244,9 @@ if (-f $snort_rules_tarball) {
 if (-f $IDS::rulestarball) {
        # Launch oinkmaster by calling the subfunction.
        &IDS::oinkmaster();
+
+       # Set correct ownership for the rulesdir and files.
+       &IDS::set_ownership("$IDS::rulespath");
 }
 
 #