# Generate file to store the home net.
&IDS::generate_home_net_file();
- # Open modify sid's file for writing.
- open(FILE, ">$IDS::modify_sids_file") or die "Could not write to $IDS::modify_sids_file. $!\n";
-
- # Write file header.
- print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+ # Temporary variable to set the ruleaction.
+ # Default is "drop" to use suricata as IPS.
+ my $ruleaction="drop";
# Check if the traffic only should be monitored.
- unless($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
- # Tell oinkmaster to switch all rules from alert to drop.
- print FILE "modifysid \* \"alert\" \| \"drop\"\n";
+ if($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
+ # Switch the ruleaction to "alert".
+ # Suricata acts as an IDS only.
+ $ruleaction="alert";
}
- # Close file handle.
- close(FILE);
+ # Write the modify sid's file and pass the taken ruleaction.
+ &IDS::write_modify_sids_file($ruleaction);
# Check if "MONITOR_TRAFFIC_ONLY" has been changed.
if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {