ids-functions.pl: Bring back usage of whitelist.rules and local.rules

files.

They now automatically will be included as static includes if the files
are present.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index ee522f6f2fd90c7e007534ce3baf0ee695abd08c..13803d1f41b9a1a1ed33e923677f7e759cf3223c 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -35,6 +35,9 @@ our $settingsdir = "${General::swroot}/suricata";
 # File where the main file for providers ruleset inclusion exists.
 our $suricata_used_providers_file = "$settingsdir/suricata-used-providers.yaml";
 
+# File for static ruleset inclusions.
+our $suricata_static_rulefiles_file = "$settingsdir/suricata-static-included-rulefiles.yaml";
+
 # DEPRECATED - File where the used rulefiles are stored.
 our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml";
 
@@ -127,6 +130,9 @@ my @cron_intervals = ('off', 'daily', 'weekly' );
 # http_ports_file.
 my @http_ports = ('80', '81');
 
+# Array which contains a list of rulefiles which always will be included if they exist.
+my @static_included_rulefiles = ('local.rules', 'whitelist.rules' );
+
 # Hash which allows to convert the download type (dl_type) to a file suffix.
 my %dl_type_to_suffix = (
        "archive" => ".tar.gz",
@@ -1269,6 +1275,9 @@ sub write_used_provider_rulefiles_file($@) {
 sub write_main_used_rulefiles_file (@) {
        my (@providers) = @_;
 
+       # Call function to write the static rulefiles file.
+       &_write_static_rulefiles_file();
+
        # Open file for used rulefils inclusion.
        open (FILE, ">", "$suricata_used_providers_file") or die "Could not write to $suricata_used_providers_file. $!\n";
 
@@ -1288,14 +1297,37 @@ sub write_main_used_rulefiles_file (@) {
                print FILE "include\: $filename\n";
        }
 
-       # XXX - whitelist.rules is not allowed directly, needs to be in a yaml file which has to be included.
-       # Always use the whitelist file.
-       #print FILE "\n - whitelist.rules\n";
+       # Always include the file which hold the static includes.
+       print FILE "include\: $suricata_static_rulefiles_file\n";
 
        # Close the filehandle after writing.
        close(FILE);
 }
 
+sub _write_static_rulefiles_file () {
+       # Open file.
+       open (FILE, ">", $suricata_static_rulefiles_file) or die "Could not write to $suricata_static_rulefiles_file. $!\n";
+
+       # Write yaml header to the file.
+       print FILE "%YAML 1.1\n";
+       print FILE "---\n\n";
+
+       # Write notice about autogenerated file.
+       print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+       # Loop through the array of static included rulesfiles.
+       foreach my $file (@static_included_rulefiles) {
+               # Check if the file exists.
+               if (-f "$rulespath/$file") {
+                       # Write the rulesfile name to the file.
+                       print FILE " - $file\n";
+               }
+       }
+
+       # Close the file handle
+       close(FILE);
+}
+
 #
 ## Tiny function to generate the full path and name for the used_provider_rulesfile file of a given provider.
 #