From 8117fff863431671939d5aa1c11c0a84e56298a2 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed, 6 Feb 2019 15:23:46 +0100
Subject: [PATCH] IDS: Call helper script when red interface gets up

The helper script will be automatically called when the red interface gets up
and will re-generate the HOME_NET file, to take care if the IP-address of this
interface has changed.

Fixes #11989

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/rootfiles/common/aarch64/initscripts   |  2 +-
 config/rootfiles/common/armv5tel/initscripts  |  2 +-
 config/rootfiles/common/i586/initscripts      |  2 +-
 config/rootfiles/common/x86_64/initscripts    |  2 +-
 lfs/initscripts                               |  2 --
 src/initscripts/networking/red.up/23-suricata | 30 +++++++++++++++++++
 6 files changed, 34 insertions(+), 6 deletions(-)
 create mode 100644 src/initscripts/networking/red.up/23-suricata

diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index 07216d285e..ed4f727d93 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -53,7 +53,7 @@ etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
 etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-suricata
+etc/rc.d/init.d/networking/red.up/23-suricata
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 07216d285e..ed4f727d93 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -53,7 +53,7 @@ etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
 etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-suricata
+etc/rc.d/init.d/networking/red.up/23-suricata
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 7037030f96..07a123a48d 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -53,7 +53,7 @@ etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
 etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-suricata
+etc/rc.d/init.d/networking/red.up/23-suricata
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index 7037030f96..07a123a48d 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -53,7 +53,7 @@ etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/10-static-routes
 etc/rc.d/init.d/networking/red.up/20-firewall
-etc/rc.d/init.d/networking/red.up/23-RS-suricata
+etc/rc.d/init.d/networking/red.up/23-suricata
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
diff --git a/lfs/initscripts b/lfs/initscripts
index 0bdc1c7855..055e106d0a 100644
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -188,8 +188,6 @@ $(TARGET) :
 	ln -sf ../init.d/wlanclient  /etc/rc.d/rc3.d/S19wlanclient
 	ln -sf ../init.d/wlanclient  /etc/rc.d/rc6.d/K82wlanclient
 
-	ln -sf ../../../../../usr/local/bin/suricatactrl \
-		/etc/rc.d/init.d/networking/red.up/23-RS-suricata
 	ln -sf ../../../../../usr/local/bin/qosctrl \
 		/etc/rc.d/init.d/networking/red.up/24-RS-qos
 	ln -sf ../../squid /etc/rc.d/init.d/networking/red.up/27-RS-squid
diff --git a/src/initscripts/networking/red.up/23-suricata b/src/initscripts/networking/red.up/23-suricata
new file mode 100644
index 0000000000..d8b7a2b8fc
--- /dev/null
+++ b/src/initscripts/networking/red.up/23-suricata
@@ -0,0 +1,30 @@
+#!/usr/bin/perl
+#
+# Helper script to regenerate the file which contains the HOME_NET declaration
+# including the assigned IP-address of red and any configured aliases.
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/ids-functions.pl";
+
+# Hash to store the IDS settings.
+my %ids_settings = ();
+
+# Read-in IDS settings.
+&General::readhash("$IDS::ids_settings_file", \%ids_settings);
+
+# Check if suricata is enabled.
+if($ids_settings{'ENABLE_IDS'} eq "on") {
+	# Regenerate the file with HOME_NET details.
+	&IDS::generate_home_net_file();
+
+	# Set correct ownership.
+	&IDS::set_ownership("$IDS::homenet_file");
+
+	# Check if suricata is running.
+	if(&IDS::ids_is_running()) {
+		# Call suricatactrl to perform a restart of suricata.
+		&IDS::call_suricatactrl("restart");
+	}
+}
-- 
2.39.2