]> git.ipfire.org Git - people/stevee/ipfire-2.x.git/blob - config/suricata/convert-ids-multiple-providers
projects / people / stevee / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
convert-ids-multiple-providers: Fix setting ownership for the main
[people/stevee/ipfire-2.x.git] / config / suricata / convert-ids-multiple-providers
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2021 IPFire Development Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23
24 require '/var/ipfire/general-functions.pl';
25 require "${General::swroot}/ids-functions.pl";
26
27 # Old file declarations
28 my $old_rules_settings_file = "$IDS::settingsdir/rules-settings";
29 my $old_used_rulefiles_file = "$IDS::settingsdir/suricata-used-rulefiles.yaml";
30 my $old_enabled_sids_file = "$IDS::settingsdir/oinkmaster-enabled-sids.conf";
31 my $old_disabled_sids_file = "$IDS::settingsdir/oinkmaster-disabled-sids.conf";
32 my $old_rules_tarball = "/var/tmp/idsrules.tar.gz";
33
34 # Script wide variable to store the used ruleset provider.
35 my $ruleset_provider;
36
37 # Hashes to store the old and new settings.
38 my %old_rules_settings = ();
39 my %idssettings = ();
40 my %providers_settings = ();
41
42 exit unless(-f $IDS::ids_settings_file and -f $old_rules_settings_file);
43
44 # Read-in all settings.
45 &General::readhash($old_rules_settings_file, \%old_rules_settings);
46 &General::readhash($IDS::ids_settings_file, \%idssettings);
47
48 #
49 ## Step 1: Create new file layout
50 #
51 &IDS::check_and_create_filelayout();
52
53 #
54 ## Step 2: Migrate automatic update interval.
55 #
56
57 # Get old configured autoupdate interval.
58 my $autoupdate_interval = $old_rules_settings{'AUTOUPDATE_INTERVAL'};
59
60 # Check for valid intervals.
61 if ($autoupdate_interval eq "off" || $autoupdate_interval eq "daily" || $autoupdate_interval eq "weekly") {
62 # Put the setting to the new configuration location.
63 $idssettings{'AUTOUPDATE_INTERVAL'} = $autoupdate_interval;
64 } else {
65 # Swith to default which should be weekly.
66 $idssettings{'AUTOUPDATE_INTERVAL'} = "weekly";
67 }
68
69 # Store the updated idssettings file.
70 &General::writehash($IDS::ids_settings_file, \%idssettings);
71
72 #
73 ## Step 3: Migrate the providers settings.
74 #
75
76 # Try to get the previously configured provider.
77 $ruleset_provider = $old_rules_settings{'RULES'};
78
79 # Exit the script if no ruleset provider has configured.
80 exit unless ($ruleset_provider);
81
82 # Defaults.
83 my $id = "1";
84 my $enabled = "enabled";
85 my $autoupdate_status = "enabled";
86
87 # Try to get a configured subscription code.
88 my $subscription_code = $old_rules_settings{'OINKCODE'};
89
90 # Check if the autoupdate should be disabled.
91 if ($idssettings{'AUTOUPDATE_INTERVAL'} eq "off") {
92 # Set the autoupdate for the provider to disabled.
93 $autoupdate_status = "disabled";
94 }
95
96 # Create and assign the provider structure to the providers hash.
97 $providers_settings{$id} = [ "$ruleset_provider", "$subscription_code", "$autoupdate_status", "$enabled" ];
98
99 # Write the converted provider settings to the new providers-settings file.
100 &General::writehasharray($IDS::providers_settings_file, \%providers_settings);
101
102 # Set correct ownership.
103 &IDS::set_ownership("$IDS::providers_settings_file");
104
105 # Remove old rules settings file.
106 unlink($old_rules_settings_file);
107
108 #
109 ## Step 4: Rename downloaded rulestarball to new name sheme.
110 #
111
112 # Check if a rulestarball exists.
113 if (-f $old_rules_tarball) {
114 # Load perl module which contains the move command.
115 use File::Copy;
116
117 # Call function to generate the path and filename for the new rules tarball name.
118 my $new_rules_tarball = &IDS::_get_dl_rulesfile($ruleset_provider);
119
120 # Move the rulestarball to the new location.
121 move($old_rules_tarball, $new_rules_tarball);
122
123 # Set correct ownership.
124 &IDS::set_ownership("$new_rules_tarball");
125 }
126
127 #
128 ## Step 5: Migrate oinkmaster configuration files for enabled and disabled rules.
129 #
130
131 # Read-in old enabled / disabled sids files.
132 my %enabled_disabled_sids = (
133 &IDS::read_enabled_disabled_sids_file($old_enabled_sids_file),
134 &IDS::read_enabled_disabled_sids_file($old_disabled_sids_file)
135 );
136
137 # Check if any modifications have been done.
138 if (%enabled_disabled_sids) {
139 # Get path and filename for new file.
140 my $oinkmaster_provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($ruleset_provider);
141
142 # Open the new file for writing.
143 open (FILE, ">", $oinkmaster_provider_modified_sids_file) or die "Could not write to $oinkmaster_provider_modified_sids_file. $!\n";
144
145 # Write header to the files.
146 print PROVIDER_MOD_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
147
148 # Loop through the hash.
149 foreach my $sid (keys %enabled_disabled_sids) {
150 # Check if the sid is enabled.
151 if ($enabled_disabled_sids{$sid} eq "enabled") {
152 # Print the sid as enabled to the file.
153 print FILE "enablesid $sid\n";
154 # Check if the sid is disabled.
155 } elsif ($enabled_disabled_sids{$sid} eq "disabled") {
156 # Print the sid as disabled to the file.
157 print FILE "disablesid $sid\n";
158 # Something strange happende - skip the current sid.
159 } else {
160 next;
161 }
162 }
163
164 # Close the file handle.
165 close(FILE);
166
167 # Add the provider modifications file to the oinkmaster provider includes file.
168 &IDS::alter_oinkmaster_provider_includes_file("add", "$ruleset_provider");
169
170 # Set correct ownership for the new generated file.
171 &IDS::set_ownership("$oinkmaster_provider_modified_sids_file");
172 }
173
174 # Set correct ownership for the main file.
175 &IDS::set_ownership("$IDS::oinkmaster_provider_includes_file");
176
177 # Remove old files.
178 unlink($old_enabled_sids_file);
179 unlink($old_disabled_sids_file);
180
181 #
182 ## Step 6: Call oinkmaster and regenerate the ruleset structures.
183 #
184 &IDS::oinkmaster();
185
186 # Set correct ownerships.
187 &IDS::set_ownership("$IDS::rulespath");
188
189 #
190 ## Step 7: Migrate used rulefiles into new format.
191 #
192
193 # Check if the a used rulesfile exists.
194 if (-f $old_used_rulefiles_file) {
195 # Array to collect the used rulefiles.
196 my @used_rulefiles = ();
197
198 # Open the file or used rulefiles and read-in content.
199 open(FILE, $old_used_rulefiles_file) or die "Could not open $old_used_rulefiles_file. $!\n";
200
201 while (<FILE>) {
202 # Assign the current line to a nice variable.
203 my $line = $_;
204
205 # Remove newlines.
206 chomp($line);
207
208 # Skip comments.
209 next if ($line =~ /\#/);
210
211 # Skip blank lines.
212 next if ($line =~ /^\s*$/);
213
214 # Gather the rulefile.
215 if ($line =~ /.*- (.*)/) {
216 my $rulefile = $1;
217
218 # Skip whitelist.rules and local.rules
219 next if ($rulefile eq "whitelist.rules" || $rulefile eq "local.rules");
220
221 # Splitt the filename into chunks.
222 my @filename = split("-", $rulefile);
223
224 # Reverse the array.
225 @filename = reverse(@filename);
226
227 # Get the amount of elements in the array.
228 my $elements = @filename;
229
230 # Remove last element of the hash.
231 # It contains the vendor name, which will be replaced.
232 if ($elements >= 3) {
233 # Remove last element from hash.
234 pop(@filename);
235 }
236
237 # Check if the last element of the filename does not
238 # contain the providers name.
239 if ($filename[-1] ne "$ruleset_provider") {
240 # Add provider name as last element.
241 push(@filename, $ruleset_provider);
242 }
243
244 # Reverse the array back.
245 @filename = reverse(@filename);
246
247 # Generate the name for the rulesfile.
248 $rulefile = join("-", @filename);
249
250 # Add the rulefile to the array of used rulesfiles.
251 push(@used_rulefiles, $rulefile);
252 }
253 }
254
255 # Close the file.
256 close(FILE);
257
258 # Write the new provider exclusive used rulesfiles file.
259 &IDS::write_used_provider_rulefiles_file($ruleset_provider, @used_rulefiles);
260
261 # Write main used rulefiles file.
262 &IDS::write_main_used_rulefiles_file("$ruleset_provider");
263
264 # Get the provider specific used rulefiles file name.
265 my $provider_used_rulefiles_file = &IDS::get_used_provider_rulesfile_file($ruleset_provider);
266
267 # Set correct ownerships.
268 &IDS::set_ownership("$provider_used_rulefiles_file");
269 &IDS::set_ownership("$IDS::suricata_used_providers_file");
270 &IDS::set_ownership("$IDS::suricata_static_rulefiles_file");
271 }
272
273 # Remove old used rulefiles file.
274 unlink($old_used_rulefiles_file);
275
276 #
277 ## Step 8: Reload the IDS ruleset if running.
278 #
279
280 # Check if the IDS is running.
281 if(&IDS::ids_is_running()) {
282 # Call suricatactrl to restart it.
283 &IDS::call_suricatactrl("restart");
284 }
Stefan's tree of IPFire 2.x.