#
## Function to generate and write the file for modify the ruleset.
#
-sub write_modify_sids_file($$) {
- my ($ruleaction,$rulefile) = @_;
+sub write_modify_sids_file() {
+ # Get configured settings.
+ my %idssettings=();
+ my %rulessettings=();
+ &General::readhash("$ids_settings_file", \%idssettings);
+ &General::readhash("$rules_settings_file", \%rulessettings);
+
+ # Gather the configured ruleset.
+ my $ruleset = $rulessettings{'RULES'};
# Open modify sid's file for writing.
open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n";
print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
# Check if the traffic only should be monitored.
- unless($ruleaction eq "alert") {
+ unless($idssettings{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
# Suricata is in IPS mode, which means that the rule actions have to be changed
# from 'alert' to 'drop', however not all rules should be changed. Some rules
# exist purely to set a flowbit which is used to convey other information, such
# malware in that file. Rules which fall into the first category should stay as
# alert since not all flows of that type contain malware.
- if($rulefile eq 'registered' or $rulefile eq 'subscripted' or $rulefile eq 'community') {
+ if($ruleset eq 'registered' or $ruleset eq 'subscripted' or $ruleset eq 'community') {
# These types of rulesfiles contain meta-data which gives the action that should
# be used when in IPS mode. Do the following:
#
# a new ruleset.
&working_notice("$Lang::tr{'ids working'}");
- &General::readhash("$IDS::ids_settings_file", \%idssettings);
-
- # Temporary variable to set the ruleaction.
- # Default is "drop" to use suricata as IPS.
- my $ruleaction="drop";
-
- # Check if the traffic only should be monitored.
- if($idssettings{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
- # Switch the ruleaction to "alert".
- # Suricata acts as an IDS only.
- $ruleaction="alert";
- }
-
# Write the modify sid's file and pass the taken ruleaction.
- &IDS::write_modify_sids_file($ruleaction, $cgiparams{'RULES'});
+ &IDS::write_modify_sids_file();
# Call subfunction to download the ruleset.
if(&IDS::downloadruleset()) {
# Generate file to store the home net.
&IDS::generate_home_net_file();
- # Temporary variable to set the ruleaction.
- # Default is "drop" to use suricata as IPS.
- my $ruleaction="drop";
-
- # Check if the traffic only should be monitored.
- if($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
- # Switch the ruleaction to "alert".
- # Suricata acts as an IDS only.
- $ruleaction="alert";
- }
-
- &General::readhash("$IDS::rules_settings_file", \%rulessettings);
-
# Write the modify sid's file and pass the taken ruleaction.
- &IDS::write_modify_sids_file($ruleaction, $rulessettings{'RULES'});
+ &IDS::write_modify_sids_file();
# Check if "MONITOR_TRAFFIC_ONLY" has been changed.
if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {