From: Stefan Schantl Date: Mon, 11 Dec 2017 13:22:07 +0000 (+0100) Subject: ids.cgi: Re-add code for enable/disable rulefiles X-Git-Tag: v2.23-core131~117^2~173^2~39^2~37 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=e573807983b0acf911dc688ae06bb5d7b2b7714b ids.cgi: Re-add code for enable/disable rulefiles The enabled rulefiles (rule categories) now will be added to an own file, which will be included by the snort main config file. This will allow us to update snort and push the new main config file without loosing the activated rulesets anymore. * Introducing snort-used-rulefiles.conf Signed-off-by: Stefan Schantl --- diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 86a469cb2b..accb919838 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -61,6 +61,7 @@ $snortsettings{'INSTALLDATE'} = ''; &Header::getcgihash(\%cgiparams); my $snortrulepath = "/etc/snort/rules"; +my $snortusedrulefilesfile = "${General::swroot}/snort/snort-used-rulefiles.conf"; my $restartsnortrequired = 0; my %snortrules; my $errormessage; @@ -92,6 +93,40 @@ opendir(DIR, $snortrulepath) or die $!; closedir(DIR); +# Gather used rulefiles. +# +# Check if the file for activated rulefiles is not empty. +if(-f $snortusedrulefilesfile) { + # Open the file for used rulefile and read-in content. + open(FILE, $snortusedrulefilesfile) or die "Could not open $snortusedrulefilesfile. $!\n"; + + # Read-in content. + my @lines = ; + + # Close file. + close(FILE); + + # Loop through the array. + foreach my $line (@lines) { + # Remove newlines. + chomp($line); + + # Skip comments. + next if ($line =~ /\#/); + + # Skip blank lines. + next if ($line =~ /^\s*$/); + + # Gather rule sid and message from the ruleline. + if ($line =~ /.*include \$RULE_PATH\/(.*)/) { + my $rulefile = $1; + + # Add the rulefile to the %snortrules hash. + $snortrules{$rulefile}{'Rulefile'}{'State'} = "on"; + } + } +} + # Save ruleset. if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { my $enabled_sids_file = "${General::swroot}/snort/oinkmaster-enabled-sids.conf"; @@ -100,9 +135,16 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { # Arrays to store sid which should be added to the corresponding files. my @enabled_sids; my @disabled_sids; + my @enabled_rulefiles; # Loop through the hash of snortrules. foreach my $rulefile(keys %snortrules) { + # Check if the rulefile is enabled. + if ($cgiparams{$rulefile} eq "on") { + # Add rulefile to the array of enabled rulefiles. + push(@enabled_rulefiles, $rulefile); + } + # Loop through the single rules of the rulefile. foreach my $sid (keys %{$snortrules{$rulefile}}) { # Check if there exists a key in the cgiparams hash for this sid. @@ -167,6 +209,23 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { # Close file after writing. close(FILE); } + + # Open file for used rulefiles. + open (FILE, ">$snortusedrulefilesfile") or die "Could not wirte to $snortusedrulefilesfile. $!\n"; + + # Write header to file. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Check if the enabled_rulefiles array contains any entries. + if (@enabled_rulefiles) { + # Loop through the array of rulefiles which should be loaded and write the to the file. + foreach my $file (@enabled_rulefiles) { + print FILE "include \$RULE_PATH/$file\n"; + } + } + + # Close file after writing. + close(FILE); } if ($snortsettings{'OINKCODE'} ne "") { @@ -421,14 +480,14 @@ END my $rulechecked = ''; # Check if rule file is enabled - if ($snortrules{$rulefile}{"State"} eq 'On') { + if ($snortrules{$rulefile}{'Rulefile'}{'State'} eq 'on') { $rulechecked = 'CHECKED'; } # Table and rows for the rule files. print"\n"; print"\n"; - print"\n"; + print"\n"; print"\n"; print"$rulefile\n"; print"\n"; @@ -453,6 +512,9 @@ END # Local vars my $ruledefchecked = ''; + # Skip rulefile itself. + next if ($sid eq "Rulefile"); + # If 2 rules have been displayed, start a new row if (($lines % 2) == 0) { print "\n";