IDS: Call helper script when red interface gets up
authorStefan Schantl <stefan.schantl@ipfire.org>
Wed, 6 Feb 2019 14:23:46 +0000 (15:23 +0100)
committerStefan Schantl <stefan.schantl@ipfire.org>
Wed, 6 Feb 2019 14:40:19 +0000 (15:40 +0100)
The helper script will be automatically called when the red interface gets up
and will re-generate the HOME_NET file, to take care if the IP-address of this
interface has changed.

Fixes #11989

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
config/rootfiles/common/aarch64/initscripts
config/rootfiles/common/armv5tel/initscripts
config/rootfiles/common/i586/initscripts
config/rootfiles/common/x86_64/initscripts
lfs/initscripts
src/initscripts/networking/red.up/23-suricata [new file with mode: 0644]

index 07216d2..ed4f727 100644 (file)
@@ -53,7 +53,7 @@ etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
 etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-suricata
+etc/rc.d/init.d/networking/red.up/23-suricata
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
index 07216d2..ed4f727 100644 (file)
@@ -53,7 +53,7 @@ etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
 etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-suricata
+etc/rc.d/init.d/networking/red.up/23-suricata
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
index 7037030..07a123a 100644 (file)
@@ -53,7 +53,7 @@ etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
 etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-suricata
+etc/rc.d/init.d/networking/red.up/23-suricata
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
index 7037030..07a123a 100644 (file)
@@ -53,7 +53,7 @@ etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
 etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-suricata
+etc/rc.d/init.d/networking/red.up/23-suricata
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
index 0bdc1c7..055e106 100644 (file)
@@ -188,8 +188,6 @@ $(TARGET) :
        ln -sf ../init.d/wlanclient  /etc/rc.d/rc3.d/S19wlanclient
        ln -sf ../init.d/wlanclient  /etc/rc.d/rc6.d/K82wlanclient
 
-       ln -sf ../../../../../usr/local/bin/suricatactrl \
-               /etc/rc.d/init.d/networking/red.up/23-RS-suricata
        ln -sf ../../../../../usr/local/bin/qosctrl \
                /etc/rc.d/init.d/networking/red.up/24-RS-qos
        ln -sf ../../squid /etc/rc.d/init.d/networking/red.up/27-RS-squid
diff --git a/src/initscripts/networking/red.up/23-suricata b/src/initscripts/networking/red.up/23-suricata
new file mode 100644 (file)
index 0000000..d8b7a2b
--- /dev/null
@@ -0,0 +1,30 @@
+#!/usr/bin/perl
+#
+# Helper script to regenerate the file which contains the HOME_NET declaration
+# including the assigned IP-address of red and any configured aliases.
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/ids-functions.pl";
+
+# Hash to store the IDS settings.
+my %ids_settings = ();
+
+# Read-in IDS settings.
+&General::readhash("$IDS::ids_settings_file", \%ids_settings);
+
+# Check if suricata is enabled.
+if($ids_settings{'ENABLE_IDS'} eq "on") {
+       # Regenerate the file with HOME_NET details.
+       &IDS::generate_home_net_file();
+
+       # Set correct ownership.
+       &IDS::set_ownership("$IDS::homenet_file");
+
+       # Check if suricata is running.
+       if(&IDS::ids_is_running()) {
+               # Call suricatactrl to perform a restart of suricata.
+               &IDS::call_suricatactrl("restart");
+       }
+}