ids.cgi: Prevent from starting suricata without ruleset or selected network zone

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index ae7f8b4273e5fb142b19748494122021703c087d..90059e179944875527fd561a6d51bd21d3bc912b 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -493,6 +493,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
 } elsif ($cgiparams{'IDS'} eq $Lang::tr{'save'}) {
        my %oldidssettings;
        my $reload_page;
+       my $monitored_zones = 0;
 
        # Read-in current (old) IDS settings.
        &General::readhash("$IDS::settingsdir/settings", \%oldidssettings);
@@ -508,6 +509,31 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
                }
        }
 
+       # Check if the IDS should be enabled.
+       if ($cgiparams{'ENABLE_IDS'} eq "on") {
+               # Check if any ruleset is available. Otherwise abort and display an error.
+               unless(%idsrules) {
+                       $errormessage = $Lang::tr{'ids no ruleset available'};
+               }
+
+               # Loop through the array of available interfaces.
+               foreach my $zone (@network_zones) {
+                       # Convert interface name into upper case.
+                       my $zone_upper = uc($zone);
+
+                       # Check if the IDS is enabled for this interaces.
+                       if ($cgiparams{"ENABLE_IDS_$zone_upper"}) {
+                               # Increase count.
+                               $monitored_zones++;
+                       }
+               }
+
+               # Check if at least one zone should be monitored, or show an error.
+               unless ($monitored_zones >= 1) {
+                       $errormessage = $Lang::tr{'ids no network zone'};
+               }
+       }
+
        # Go on if there are no error messages.
        if (!$errormessage) {
                # Store settings into settings file.

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index e32c22fb684da27b5cd788f3f5849f0cb64c107f..f25074065d4a180db45d1e66b7de73adabe2789c 100644 (file)
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1329,6 +1329,8 @@
 'ids active on' => 'Aktiv auf',
 'ids log viewer' => 'Ansicht IDS-Protokoll',
 'ids logs' => 'IDS-Protokolldateien',
+'ids no network zone' => 'Mindestends eine Netzwerk-Zone muss überwacht werden!',
+'ids no ruleset available' => 'Kein Regelset verfügbar, bitte downloaden Sie eines!',
 'ids preprocessor' => 'IDS-Präprozessor',
 'ids rules license' => 'Um  Sourcefire VRT Zertifizierte Regeln zu nutzen, müssen Sie sich unter',
 'ids rules license1' => ' registrieren.',

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 09d7fa1c47183e6f0a18708b0cef98a087926632..3b8ae2a70d1b30b35c7222ccea7c68b2d88145f8 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1359,6 +1359,8 @@
 'ids active on' => 'Active on',
 'ids log viewer' => 'IDS log viewer',
 'ids logs' => 'IDS Logs',
+'ids no network zone' => 'At least one network zone has to be monitored!';
+'ids no ruleset available' => 'No ruleset available, please download one!',
 'ids preprocessor' => 'IDS preprocessor',
 'ids rules license' => 'To utilize Sourcefire VRT Certified Rules, you need to register on',
 'ids rules license1' => '.',