ids-functions.pl: Rework function write_modify_sids_file().

Directly implement the logic to determine the used ruleset and if
IDS or IPS mode should be used into the function instead of pass those
details as arguments.

This helps to prevent from doing this stuff at several places again and again.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index e1caa6e58b317186e34f343040ce0c4749839a18..94de1373ce624aa3fb73c941c3913feecba4f89c 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -729,8 +729,15 @@ sub write_used_rulefiles_file(@) {
 #
 ## Function to generate and write the file for modify the ruleset.
 #
-sub write_modify_sids_file($$) {
-       my ($ruleaction,$rulefile) = @_;
+sub write_modify_sids_file() {
+       # Get configured settings.
+       my %idssettings=();
+       my %rulessettings=();
+       &General::readhash("$ids_settings_file", \%idssettings);
+       &General::readhash("$rules_settings_file", \%rulessettings);
+
+       # Gather the configured ruleset.
+       my $ruleset = $rulessettings{'RULES'};
 
        # Open modify sid's file for writing.
        open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n";
@@ -739,7 +746,7 @@ sub write_modify_sids_file($$) {
        print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
 
        # Check if the traffic only should be monitored.
-       unless($ruleaction eq "alert") {
+       unless($idssettings{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
                # Suricata is in IPS mode, which means that the rule actions have to be changed
                # from 'alert' to 'drop', however not all rules should be changed.  Some rules
                # exist purely to set a flowbit which is used to convey other information, such
@@ -747,7 +754,7 @@ sub write_modify_sids_file($$) {
                # malware in that file.  Rules which fall into the first category should stay as
                # alert since not all flows of that type contain malware.
 
-               if($rulefile eq 'registered' or $rulefile eq 'subscripted' or $rulefile eq 'community') {
+               if($ruleset eq 'registered' or $ruleset eq 'subscripted' or $ruleset eq 'community') {
                        # These types of rulesfiles contain meta-data which gives the action that should
                        # be used when in IPS mode.  Do the following:
                        #

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 1791e9bebce094b8b12f0383e79ab50f4f870fed..74f5ca2238796ea302211d77bc259399c0fb79ad 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -370,21 +370,8 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
                                # a new ruleset.
                                &working_notice("$Lang::tr{'ids working'}");
 
-                               &General::readhash("$IDS::ids_settings_file", \%idssettings);
-
-                               # Temporary variable to set the ruleaction.
-                               # Default is "drop" to use suricata as IPS.
-                               my $ruleaction="drop";
-
-                               # Check if the traffic only should be monitored.
-                               if($idssettings{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
-                                       # Switch the ruleaction to "alert".
-                                       # Suricata acts as an IDS only.
-                                       $ruleaction="alert";
-                               }
-
                                # Write the modify sid's file and pass the taken ruleaction.
-                               &IDS::write_modify_sids_file($ruleaction, $cgiparams{'RULES'});
+                               &IDS::write_modify_sids_file();
 
                                # Call subfunction to download the ruleset.
                                if(&IDS::downloadruleset()) {
@@ -614,21 +601,8 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
        # Generate file to store the home net.
        &IDS::generate_home_net_file();
 
-       # Temporary variable to set the ruleaction.
-       # Default is "drop" to use suricata as IPS.
-       my $ruleaction="drop";
-
-       # Check if the traffic only should be monitored.
-       if($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
-               # Switch the ruleaction to "alert".
-               # Suricata acts as an IDS only.
-               $ruleaction="alert";
-       }
-
-       &General::readhash("$IDS::rules_settings_file", \%rulessettings);
-
        # Write the modify sid's file and pass the taken ruleaction.
-       &IDS::write_modify_sids_file($ruleaction, $rulessettings{'RULES'});
+       &IDS::write_modify_sids_file();
 
        # Check if "MONITOR_TRAFFIC_ONLY" has been changed.
        if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {