ids-functions.pl: Introduce function write_modify_sids_file()

This function is used to write the corresponding file which
tells oinkmaster to alter the whole ruleset and finally
switches suricata into an IPS or IDS.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 1b445ab24f6adfe0c5e15a2c3d334be197908ec6..55786c157c80695c2f40cf5735c5912be79b08e2 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -687,4 +687,26 @@ sub write_used_rulefiles_file(@) {
        close(FILE);
 }
 
        close(FILE);
 }
 

+#
+## Function to generate and write the file for modify the ruleset.
+#
+sub write_modify_sids_file($) {
+       my ($ruleaction) = @_;
+
+       # Open modify sid's file for writing.
+       open(FILE, ">$IDS::modify_sids_file") or die "Could not write to $IDS::modify_sids_file. $!\n";
+
+       # Write file header.
+       print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+       # Check if the traffic only should be monitored.
+       unless($ruleaction eq "alert") {
+               # Tell oinkmaster to switch all rules from alert to drop.
+               print FILE "modifysid \* \"alert\" \| \"drop\"\n";
+       }
+
+       # Close file handle.
+       close(FILE);
+}
+

 1;
 1;

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 6a5dce80275d49bad006b986949b47c143eafb68..c5fa93ce7b1f1224c7c6ff324ab3ff1722f5659a 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -527,20 +527,19 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
        # Generate file to store the home net.
        &IDS::generate_home_net_file();
 
        # Generate file to store the home net.
        &IDS::generate_home_net_file();
 

-       # Open modify sid's file for writing.
-       open(FILE, ">$IDS::modify_sids_file") or die "Could not write to $IDS::modify_sids_file. $!\n";
-
-       # Write file header.
-       print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+       # Temporary variable to set the ruleaction.
+       # Default is "drop" to use suricata as IPS.
+       my $ruleaction="drop";

 
        # Check if the traffic only should be monitored.
 
        # Check if the traffic only should be monitored.

-       unless($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
-               # Tell oinkmaster to switch all rules from alert to drop.
-               print FILE "modifysid \* \"alert\" \| \"drop\"\n";
+       if($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
+               # Switch the ruleaction to "alert".
+               # Suricata acts as an IDS only.
+               $ruleaction="alert";

        }
 
        }
 

-       # Close file handle.
-       close(FILE);
+       # Write the modify sid's file and pass the taken ruleaction.
+       &IDS::write_modify_sids_file($ruleaction);

 
        # Check if "MONITOR_TRAFFIC_ONLY" has been changed.
        if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {
 
        # Check if "MONITOR_TRAFFIC_ONLY" has been changed.
        if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {