IDS: Introduce update-ids-ruleset
authorStefan Schantl <stefan.schantl@ipfire.org>
Wed, 26 Sep 2018 12:11:31 +0000 (14:11 +0200)
committerStefan Schantl <stefan.schantl@ipfire.org>
Wed, 26 Sep 2018 12:11:31 +0000 (14:11 +0200)
This script periodly will be called by fcron
and is responsible for downloading and altering
the ruleset, if autoupdate of the configured ruleset is
enabled.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
src/scripts/update-ids-ruleset [new file with mode: 0644]

diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset
new file mode 100644 (file)
index 0000000..fe4f838
--- /dev/null
@@ -0,0 +1,67 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2018 IPFire Team  <info@ipfire.org>                           #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/ids-functions.pl";
+require "${General::swroot}/lang.pl";
+
+# Check if the red device is active.
+unless (-e "${General::swroot}/red/active") {
+       # Store notice in the syslog.
+       &IDS::_log_to_syslog("The system is offline.");
+
+       # Store error message for displaying in the WUI.
+       &IDS::_store_error_message("$Lang::tr{'could not download latest updates'}");
+
+       # Exit.
+       exit 0;
+}
+
+# Check if enought free disk space is availabe.
+if(&IDS::checkdiskspace()) {
+       # Store the error message for displaying in the WUI.
+       &IDS::_store_error_message("$Lang::tr{'not enough disk space'}");
+
+       # Exit.
+       exit 0;
+}
+
+# Call the download function and gather the new ruleset.
+if(&IDS::downloadruleset()) {
+       # Store error message for displaying in the WUI.
+       &IDS::_store_error_message("$Lang::tr{'could not download latest updates'}");
+
+       # Exit.
+       exit 0;
+}
+
+# Call oinkmaster to alter the ruleset.
+&IDS::oinkmaster();
+
+# Check if the IDS is running.
+if(&IDS::ids_is_running()) {
+       # Call suricatactrl to perform a reload.
+       &IDS::call_suricatactrl("reload");
+}
+
+1;