###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2019 IPFire Development Team <info@ipfire.org> #
+# Copyright (C) 2020 IPFire Development Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/ids-functions.pl";
+require "${General::swroot}/network-functions.pl";
# Snort settings file, which contains the settings from the WUI.
my $snort_settings_file = "${General::swroot}/snort/settings";
# Snort rules tarball.
my $snort_rules_tarball = "/var/tmp/snortrules.tar.gz";
-# Check if a snort settings file exists.
-unless( -f "$snort_settings_file") {
- print "$snort_settings_file not found - Nothing to do. Exiting!\n";
- exit(0);
+#
+## Step 1: Convert snort user and group to suricata if exist.
+#
+
+# Check if the snort user exists.
+if (getpwnam("snort")) {
+ # Change username.
+ my @command = (
+ '/usr/sbin/usermod',
+ '-l', 'suricata', 'snort'
+ );
+
+ system(@command) == 0 or die "Could not change username: @command failed: $?\n";
+
+ # Adjust home directory.
+ @command = (
+ '/usr/sbin/usermod',
+ '-d', "/var/log/suricata",
+ 'suricata'
+ );
+
+ system(@command) == 0 or die "Failed to adjust home directory: @command failed: $?\n";
}
-# Check if the snort settings file is empty.
-if (-z "$snort_settings_file") {
- print "$snort_settings_file is empty - Nothing to do. Exiting!\n";
- exit(0);
+# Check if the snort group exists.
+if (getgrnam("snort")) {
+ # Change groupname
+ my @command = (
+ '/usr/sbin/groupmod',
+ '-n', 'suricata', 'snort'
+ );
+
+ system(@command) == 0 or die "Could not rename groupname: @command failed: $?\n";
}
#
-## Step 1: Setup directory and file layout, if not present and set correct
+## Step 2: Setup directory and file layout, if not present and set correct
## ownership. The converter runs as a privileged user, but the files
## needs to be full access-able by the WUI user and group (nobody:nobody).
#
&IDS::set_ownership("$IDS::settingsdir");
&IDS::set_ownership("$IDS::rulespath");
+# Check if a snort settings file exists.
+unless( -f "$snort_settings_file") {
+ print "$snort_settings_file not found - Nothing to do. Exiting!\n";
+ exit(0);
+}
+
+# Check if the snort settings file is empty.
+if (-z "$snort_settings_file") {
+ print "$snort_settings_file is empty - Nothing to do. Exiting!\n";
+ exit(0);
+}
+
#
-## Step 2: Import snort settings and convert to the required format for the new IDS
+## Step 3: Import snort settings and convert to the required format for the new IDS
## (suricata).
#
#
# Add default value for MONITOR_TRAFFIC_ONLY which will be "on"
# when migrating from snort to the new IDS.
-my %idssettings = (
- "MONITOR_TRAFFIC_ONLY" => "on",
-);
-
-# Hash which contains the RULES settings.
#
# Set default value for UPDATE_INTERVAL to weekly.
-my %rulessettings = (
+my %idssettings = (
+ "MONITOR_TRAFFIC_ONLY" => "on",
"AUTOUPDATE_INTERVAL" => "weekly",
);
# Get all available network zones.
-my @network_zones = &IDS::get_available_network_zones();
+my @network_zones = &Network::get_available_network_zones();
# Read-in snort settings file.
&General::readhash("$snort_settings_file", \%snortsettings);
}
}
-# Grab the choosen ruleset from snort settings hash and store it in the rules
-# settings hash.
-$rulessettings{"RULES"} = $snortsettings{"RULES"};
+# Hash to store the provider settings.
+my %providersettings = ();
+
+# Default ID.
+$id = "1";
+
+# Grab the choosen ruleset from snort settings hash.
+my $provider = $snortsettings{"RULES"};
+my $subscription_code;
# Check if an oinkcode has been provided.
if($snortsettings{"OINKCODE"}) {
- # Take the oinkcode from snort settings hash and store it in the rules
- # settings hash.
- $rulessettings{"OINKCODE"} = $snortsettings{"OINKCODE"};
+ # Take the oinkcode from snort settings hash.
+ $subscription_code = $snortsettings{"OINKCODE"};
}
+# Generate providers config line and add it to the provider settings hash.
#
-## Step 3: Import guardian settings and whitelist if the addon is installed.
+# Enabled automatic ruleste updates and the usage of the provider.
+$providersettings{$id} = [ "$provider", "$subscription_code", "enabled", "enabled" ];
+
+#
+## Step 4: Import guardian settings and whitelist if the addon is installed.
#
# Pakfire meta file for owncloud.
}
#
-## Step 4: Save IDS and rules settings.
+## Step 5: Save IDS and rules settings.
#
# Write IDS settings.
&General::writehash("$IDS::ids_settings_file", \%idssettings);
-# Write rules settings.
-&General::writehash("$IDS::rules_settings_file", \%rulessettings);
+# Write provider settings.
+&General::writehash("$IDS::providers_settings_file", \%providersettings);
#
-## Step 5: Generate and write the file to modify the ruleset.
+## Step 6: Generate and write the file to modify the ruleset.
#
-# Converters default is to only monitor the traffic, so set the IDS action to
-# "alert".
-my $IDS_action = "alert";
-
-# Check if the traffic only should be monitored.
-if ($idssettings{"MONITOR_TRAFFIC_ONLY"} eq "off") {
- # Swith IDS action to alert only.
- $IDS_action = "drop";
-}
-
# Call subfunction and pass the desired IDS action.
-&IDS::write_modify_sids_file($IDS_action);
+&IDS::write_modify_sids_file();
+
+# Set correct ownership.
+&IDS::set_ownership("$IDS::modify_sids_file");
#
-## Step 6: Move rulestarball to its new location.
+## Step 7: Move rulestarball to its new location.
#
+# Grab file and path to store the provider rules tarball.
+my $rulestarball = &IDS::_get_dl_rulesfile($provider);
+
# Check if a rulestarball has been downloaded yet.
if (-f $snort_rules_tarball) {
# Load perl module which contains the move command.
use File::Copy;
# Move the rulestarball to the new location.
- move($snort_rules_tarball, $IDS::rulestarball);
+ move($snort_rules_tarball, $rulestarball);
# Set correct ownership.
- chown($uid, $gid, $IDS::rulestarball);
+ &IDS::set_ownership("$rulestarball");
+
+# In case no tarball is present, try to download the ruleset.
+} else {
+ # Check if enought disk space is available.
+ if(&IDS::checkdiskspace()) {
+ # Print error message.
+ print "Could not download ruleset - Not enough free diskspace available.\n";
+ } else {
+ # Call the download function and grab the new ruleset.
+ &IDS::downloadruleset();
+ }
}
#
-## Step 7: Call oinkmaster to extract and setup the rules structures.
+## Step 8: Call oinkmaster to extract and setup the rules structures.
#
# Check if a rulestarball is present.
-if (-f $IDS::rulestarball) {
+if (-f $rulestarball) {
# Launch oinkmaster by calling the subfunction.
&IDS::oinkmaster();
+
+ # Set correct ownership for the rulesdir and files.
+ &IDS::set_ownership("$IDS::rulespath");
}
#
-## Step 8: Grab used ruleset files from snort config file and convert
+## Step 9: Generate file for the HOME Net.
+#
+
+# Call subfunction to generate the file.
+&IDS::generate_home_net_file();
+
+# Set correct ownership for the homenet file.
+&IDS::set_ownership("$IDS::homenet_file");
+
+#
+## Step 10: Generate file for the DNS servers.
+#
+
+# Call subfunction to generate the file.
+&IDS::generate_dns_servers_file();
+
+# Set correct ownership for the dns_servers_file.
+&IDS::set_ownership("$IDS::dns_servers_file");
+
+#
+## Step 11: Generate file which contains the HTTP ports.
+#
+
+# Call subfunction to generate the file.
+&IDS::generate_http_ports_file();
+
+# Set correct ownership for the http_ports_file.
+&IDS::set_ownership("$IDS::http_ports_file");
+
+#
+## Step 12: Setup automatic ruleset updates.
+#
+
+# Check if a provider is configured.
+if(%providersettings) {
+ # Call suricatactrl and setup the periodic update mechanism.
+ &IDS::call_suricatactrl("cron", $idssettings{'AUTOUPDATE_INTERVAL'});
+}
+
+#
+## Step 13: Grab used ruleset files from snort config file and convert
## them into the new format.
#
close(SNORTCONF);
# Pass the array of enabled rule files to the subfunction and write the file.
-&IDS::write_used_rulefiles_file(@enabled_rule_files);
+&IDS::write_used_provider_rulefiles_file("$provider", @enabled_rule_files);
+&IDS::write_main_used_rulefiles_file("$provider");
-#
-## Step 9: Generate file for the HOME Net.
-#
+# Grab the used provider rulesfile file path and name.
+my $used_provider_rulesfile_file = &IDS::get_used_provider_rulesfile_file("$provider");
-# Call subfunction to generate the file.
-&IDS::generate_home_net_file();
-
-#
-## Step 10: Setup automatic ruleset updates.
-#
-
-# Check if a ruleset is configured.
-if($rulessettings{"RULES"}) {
- # Call suricatactrl and setup the periodic update mechanism.
- &IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'});
-}
+# Set correct ownership for new files.
+&IDS::set_ownership("$suricata_used_providers_file");
+&IDS::set_ownership("$suricata_static_rulefiles_file");
+&IDS::set_ownership("$used_provider_rulesfile_file");
#
-## Step 11: Start the IDS if enabled.
+## Step 14: Start the IDS if enabled.
#
# Check if the IDS should be started.