From 02844177afb86e070564ee776c5ca679d7cf374b Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Fri, 27 Jul 2018 07:58:23 +0200 Subject: [PATCH] IDS: Introduce settingsdir variable The $settingsdir variable is declared in the ids-functions.pl and used to to store the path where the various files which contains the settings for the IDS and oinkmaster is located. Signed-off-by: Stefan Schantl --- config/cfgroot/ids-functions.pl | 9 ++++++--- html/cgi-bin/ids.cgi | 16 ++++++++-------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 32002912d2..74713d77ad 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -26,6 +26,9 @@ package IDS; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; +# Location where all config and settings files are stored. +our $settingsdir = "${General::swroot}/snort"; + # Location and name of the tarball which contains the ruleset. our $rulestarball = "/var/tmp/snortrules.tar.gz"; @@ -81,11 +84,11 @@ sub checkdiskspace () { sub downloadruleset { # Get snort settings. my %snortsettings=(); - &General::readhash("${General::swroot}/snort/settings", \%snortsettings); + &General::readhash("$settingsdir/settings", \%snortsettings); # Get all available ruleset locations. my %rulesetsources=(); - &General::readhash("${General::swroot}/snort/ruleset-sources.list", \%rulesetsources); + &General::readhash("$settingsdir/ruleset-sources.list", \%rulesetsources); # Read proxysettings. my %proxysettings=(); @@ -164,7 +167,7 @@ sub oinkmaster () { openlog('oinkmaster', 'cons,pid', 'user'); # Call oinkmaster to generate ruleset. - open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C /var/ipfire/snort/oinkmaster.conf -o $rulespath|"); + open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -v -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath|"); # Log output of oinkmaster to syslog. while() { diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 7dc8793f6e..71fc1ea608 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -47,7 +47,7 @@ my %selected=(); # Get netsettings. &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); -my $snortusedrulefilesfile = "${General::swroot}/snort/snort-used-rulefiles.conf"; +my $idsusedrulefilesfile = "$IDS::settingsdir/ids-used-rulefiles.conf"; my $errormessage; &Header::showhttpheaders(); @@ -108,9 +108,9 @@ closedir(DIR); # Gather used rulefiles. # # Check if the file for activated rulefiles is not empty. -if(-f $snortusedrulefilesfile) { +if(-f $idsusedrulefilesfile) { # Open the file for used rulefile and read-in content. - open(FILE, $snortusedrulefilesfile) or die "Could not open $snortusedrulefilesfile. $!\n"; + open(FILE, $idsusedrulefilesfile) or die "Could not open $idsusedrulefilesfile. $!\n"; # Read-in content. my @lines = ; @@ -141,8 +141,8 @@ if(-f $snortusedrulefilesfile) { # Save ruleset. if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { - my $enabled_sids_file = "${General::swroot}/snort/oinkmaster-enabled-sids.conf"; - my $disabled_sids_file = "${General::swroot}/snort/oinkmaster-disabled-sids.conf"; + my $enabled_sids_file = "$IDS::settingsdir/oinkmaster-enabled-sids.conf"; + my $disabled_sids_file = "$IDS::settingsdir/oinkmaster-disabled-sids.conf"; # Arrays to store sid which should be added to the corresponding files. my @enabled_sids; @@ -232,7 +232,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { close(FILE); # Open file for used rulefiles. - open (FILE, ">$snortusedrulefilesfile") or die "Could not write to $snortusedrulefilesfile. $!\n"; + open (FILE, ">$idsusedrulefilesfile") or die "Could not write to $idsusedrulefilesfile. $!\n"; # Write header to file. print FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; @@ -307,7 +307,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { # Go on if there are no error messages. if (!$errormessage) { # Store settings into settings file. - &General::writehash("${General::swroot}/snort/settings", \%cgiparams); + &General::writehash("$IDS::settingsdir/settings", \%cgiparams); # Call snortctrl to restart snort system('/usr/local/bin/snortctrl restart >/dev/null'); @@ -315,7 +315,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) { } # Read-in snortsettings -&General::readhash("${General::swroot}/snort/settings", \%snortsettings); +&General::readhash("$IDS::settingsdir/settings", \%snortsettings); $checked{'ENABLE_SNORT'}{'off'} = ''; $checked{'ENABLE_SNORT'}{'on'} = ''; -- 2.39.2