From: Stefan Schantl Date: Thu, 1 Apr 2021 14:36:13 +0000 (+0200) Subject: ids-functions.pl: Bring back usage of whitelist.rules and local.rules X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fipfire-2.x.git;a=commitdiff_plain;h=88eb5626b3e8770740c9dd83a157122f75ddd63c ids-functions.pl: Bring back usage of whitelist.rules and local.rules files. They now automatically will be included as static includes if the files are present. Signed-off-by: Stefan Schantl --- diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index ee522f6f2f..13803d1f41 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -35,6 +35,9 @@ our $settingsdir = "${General::swroot}/suricata"; # File where the main file for providers ruleset inclusion exists. our $suricata_used_providers_file = "$settingsdir/suricata-used-providers.yaml"; +# File for static ruleset inclusions. +our $suricata_static_rulefiles_file = "$settingsdir/suricata-static-included-rulefiles.yaml"; + # DEPRECATED - File where the used rulefiles are stored. our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml"; @@ -127,6 +130,9 @@ my @cron_intervals = ('off', 'daily', 'weekly' ); # http_ports_file. my @http_ports = ('80', '81'); +# Array which contains a list of rulefiles which always will be included if they exist. +my @static_included_rulefiles = ('local.rules', 'whitelist.rules' ); + # Hash which allows to convert the download type (dl_type) to a file suffix. my %dl_type_to_suffix = ( "archive" => ".tar.gz", @@ -1269,6 +1275,9 @@ sub write_used_provider_rulefiles_file($@) { sub write_main_used_rulefiles_file (@) { my (@providers) = @_; + # Call function to write the static rulefiles file. + &_write_static_rulefiles_file(); + # Open file for used rulefils inclusion. open (FILE, ">", "$suricata_used_providers_file") or die "Could not write to $suricata_used_providers_file. $!\n"; @@ -1288,14 +1297,37 @@ sub write_main_used_rulefiles_file (@) { print FILE "include\: $filename\n"; } - # XXX - whitelist.rules is not allowed directly, needs to be in a yaml file which has to be included. - # Always use the whitelist file. - #print FILE "\n - whitelist.rules\n"; + # Always include the file which hold the static includes. + print FILE "include\: $suricata_static_rulefiles_file\n"; # Close the filehandle after writing. close(FILE); } +sub _write_static_rulefiles_file () { + # Open file. + open (FILE, ">", $suricata_static_rulefiles_file) or die "Could not write to $suricata_static_rulefiles_file. $!\n"; + + # Write yaml header to the file. + print FILE "%YAML 1.1\n"; + print FILE "---\n\n"; + + # Write notice about autogenerated file. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Loop through the array of static included rulesfiles. + foreach my $file (@static_included_rulefiles) { + # Check if the file exists. + if (-f "$rulespath/$file") { + # Write the rulesfile name to the file. + print FILE " - $file\n"; + } + } + + # Close the file handle + close(FILE); +} + # ## Tiny function to generate the full path and name for the used_provider_rulesfile file of a given provider. #