ids.cgi: Add backend code to handle switch between IDS and IPS mode

This commit adds the required backend code to allow switching
between IDS and IPS mode of suricata.

Technically the behaviour of suricata is specified by the rules -
each of them can contain the action "alert" or "drop" (There are
more actions supported but these two are currently the important one)

When running in IDS mode, the ruleset does not need to be touched,
because the default action is "alert". When switching to IPS mode,
the CGI writes a single line to "oinkmaster-modify-sids.conf" which
is included by oinkmaster and modify the action for each single rule
from alert to drop.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 6a6e5c2859542ebac4f2772a60f6d47ea85686d9..6aa9ae9b93f719dbcdbff8245535659226b59bd9 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -307,6 +307,12 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
        }
 # Save snort settings.
 } elsif ($cgiparams{'IDS'} eq $Lang::tr{'save'}) {
+       my %oldidssettings;
+       my $reload_page;
+
+       # Read-in current (old) IDS settings.
+       &General::readhash("$IDS::settingsdir/settings", \%oldidssettings);
+
        # Prevent form name from been stored in conf file.
        delete $cgiparams{'IDS'};
 
@@ -327,6 +333,39 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
        # Generate file to store the home net.
        &generate_home_net_file();
 
+       # File which contains wheater the rules should be changed.
+       my $modify_sids_file = "$IDS::settingsdir/oinkmaster-modify-sids.conf";
+
+       # Open modify sid's file for writing.
+       open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n";
+
+       # Write file header.
+       print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+       # Check if the configured runmode is IPS.
+       if ($cgiparams{'RUN_MODE'} eq 'IPS') {
+               # Tell oinkmaster to switch all rules from alert to drop.
+               print FILE "modifysid \* \"alert\" \| \"drop\"\n";
+       }
+
+       # Close file handle.
+       close(FILE);
+
+       # Check if the runmode has been changed.
+       if($cgiparams{'RUN_MODE'} ne $oldidssettings{'RUN_MODE'}) {
+               # Check if a ruleset exists.
+               if (%idsrules) {
+                       # Lock the webpage and print message.
+                       &working_notice("$Lang::tr{'snort working'}");
+
+                       # Call oinkmaster to alter the ruleset.
+                       &IDS::oinkmaster();
+
+                       # Set reload_page to "True".
+                       $reload_page="True";
+               }
+       }
+
        # Check if the IDS currently is running.
        if(&IDS::ids_is_running()) {
                # Check if ENABLE_IDS is set to on.
@@ -341,6 +380,12 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
                # Call suricatactrl to start suricata.
                &IDS::call_suricatactrl("start");
        }
+
+       # Check if the page should be reloaded.
+       if ($reload_page) {
+               # Perform a reload of the page.
+               &reload();
+       }
 }
 
 # Read-in idssettings