]> git.ipfire.org Git - people/stevee/ipfire-2.x.git/blob - src/scripts/update-ids-ruleset
projects / people / stevee / ipfire-2.x.git / blob
? search:


3a3f17443e4f5f2f46ad351a3529d3db792ae30c
[people/stevee/ipfire-2.x.git] / src / scripts / update-ids-ruleset
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2018-2021 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use POSIX;
24
25 require '/var/ipfire/general-functions.pl';
26 require "${General::swroot}/ids-functions.pl";
27 require "${General::swroot}/lang.pl";
28
29 # Hash to store the configured providers.
30 my %providers = ();
31
32 # The user and group name as which this script should be run.
33 my $run_as = 'nobody';
34
35 # Get user and group id of the user.
36 my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ];
37
38 # Check if the script currently runs as root.
39 if ( $> == 0 ) {
40 # Drop privileges and switch to the specified user and group.
41 POSIX::setgid( $gid );
42 POSIX::setuid( $uid );
43 }
44
45 # Check if the red device is active.
46 unless (-e "${General::swroot}/red/active") {
47 # Store notice in the syslog.
48 &IDS::_log_to_syslog("The system is offline.");
49
50 # Store error message for displaying in the WUI.
51 &IDS::_store_error_message("$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}");
52
53 # Exit.
54 exit 0;
55 }
56
57 # Check if enought free disk space is availabe.
58 if(&IDS::checkdiskspace()) {
59 # Store the error message for displaying in the WUI.
60 &IDS::_store_error_message("$Lang::tr{'not enough disk space'}");
61
62 # Exit.
63 exit 0;
64 }
65
66 # Lock the IDS page.
67 &IDS::lock_ids_page();
68
69 # Grab the configured providers.
70 &General::readhasharray("$IDS::providers_settings_file", \%providers);
71
72 # Loop through the array of available providers.
73 foreach my $id (keys %providers) {
74 # Assign some nice variabled.
75 my $provider = $providers{$id}[0];
76 my $autoupdate_status = $providers{$id}[3];
77
78 # Skip the provider if autoupdate is not enabled.
79 next unless($autoupdate_status eq "enabled");
80
81 # Call the download function and gather the new ruleset for the current processed provider.
82 if(&IDS::downloadruleset($provider)) {
83 # Store error message for displaying in the WUI.
84 &IDS::_store_error_message("$provider: $Lang::tr{'could not download latest updates'}");
85
86 # Unlock the IDS page.
87 &IDS::unlock_ids_page();
88
89 # Exit.
90 exit 0;
91 }
92
93 # Get path and name of the stored rules file or archive.
94 my $stored_file = &IDS::_get_dl_rulesfile($provider);
95
96 # Set correct ownership for the downloaded tarball.
97 &IDS::set_ownership("$stored_file");
98 }
99
100 # Call oinkmaster to alter the ruleset.
101 &IDS::oinkmaster();
102
103 # Set correct ownership for the rulesdir and files.
104 &IDS::set_ownership("$IDS::rulespath");
105
106 # Unlock the IDS page.
107 &IDS::unlock_ids_page();
108
109 # Check if the IDS is running.
110 if(&IDS::ids_is_running()) {
111 # Call suricatactrl to perform a reload.
112 &IDS::call_suricatactrl("reload");
113 }
114
115 1;
Stefan's tree of IPFire 2.x.