From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Thu, 9 Aug 2018 13:33:25 +0000 (+0200)
Subject: ids.cgi: Dynamically generate the HOME_NET details for suricata.
X-Git-Tag: suricata-beta3~33^2~18
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8d2f6b0b59c3448dfa0fcab683fafc9604873a57;p=people%2Fstevee%2Fipfire-2.x.git

ids.cgi: Dynamically generate the HOME_NET details for suricata.

Introduce generate_home_net_file() which uses the current network
config to obtain the network address and subnetmask for each
available network zone, generate and write these HOME_NET information
into a yaml compatible file which can be included into the suricata
configuration file.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 353a0662b6..bd22b0865e 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -47,7 +47,12 @@ my %selected=();
 # the list of zones in an array.
 my @network_zones = &IDS::get_available_network_zones();
 
+# File where the used rulefiles are stored.
 my $idsusedrulefilesfile = "$IDS::settingsdir/suricata-used-rulefiles.yaml";
+
+# File where the addresses of the homenet are stored.
+my $idshomenetfile = "$IDS::settingsdir/suricata-homenet.yaml";
+
 my $errormessage;
 
 &Header::showhttpheaders();
@@ -305,10 +310,10 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
 	if (!$errormessage) {
 		# Store settings into settings file.
 		&General::writehash("$IDS::settingsdir/settings", \%cgiparams);
-
-		# Call suricatactrl to restart the IDS
-		system('/usr/local/bin/suricatactrl restart >/dev/null');
 	}
+
+	# Generate file to store the home net.
+	&generate_home_net_file();
 }
 
 # Read-in idssettings
@@ -721,7 +726,9 @@ sub readrulesfile ($) {
         }
 }
 
-# Function to get the used memory of a given process-id.
+#
+## Function to get the used memory of a given process-id.
+#
 sub get_memory_usage($) {
 	my $pid = @_;
 
@@ -750,3 +757,83 @@ sub get_memory_usage($) {
 	return;
 }
 
+#
+## Function to generate the file which contains the home net information.
+#
+sub generate_home_net_file() {
+	my %netsettings;
+
+	# Read-in network settings.
+	&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+
+	# Get available network zones.
+	my @network_zones = &IDS::get_available_network_zones();
+
+	# Temporary array to store network address and prefix of the configured
+	# networks.
+	my @networks;
+
+	# Loop through the array of available network zones.
+	foreach my $zone (@network_zones) {
+		# Skip the red network - It never can be part to the home_net!
+		next if($zone eq "red");
+
+		# Convert current zone name into upper case.
+		$zone = uc($zone);
+
+		# Generate key to access the required data from the netsettings hash.
+		my $zone_netaddress = $zone . "_NETADDRESS";
+		my $zone_netmask = $zone . "_NETMASK";
+
+		# Obtain the settings from the netsettings hash.
+		my $netaddress = $netsettings{$zone_netaddress};
+		my $netmask = $netsettings{$zone_netmask};
+
+		# Convert the subnetmask into prefix notation.
+		my $prefix = &Network::convert_netmask2prefix($netmask);
+
+		# Generate full network string.
+		my $network = join("/", $netaddress,$prefix);
+
+		# Check if the network is valid.
+		if(&Network::check_subnet($network)) {
+			# Add the generated network to the array of networks.
+			push(@networks, $network);
+		}
+	}
+
+	# Format home net declaration.
+	my $line = "\"\[";
+
+	# Loop through the array of networks.
+	foreach my $network (@networks) {
+		# Add the network to the line.
+		$line = "$line" . "$network";
+
+		# Check if the current network was the last in the array.
+		if ($network eq $networks[-1]) {
+			# Close the line.
+			$line = "$line" . "\]\"";
+		} else {
+			# Add "," for the next network.
+			$line = "$line" . "\,";
+		}
+	}
+
+	# Open file to store the addresses of the home net.
+	open(FILE, ">$idshomenetfile") or die "Could not open $idshomenetfile. $!\n";
+
+	# Print yaml header.
+	print FILE "%YAML 1.1\n";
+	print FILE "---\n\n";
+
+	# Print notice about autogenerated file.
+	print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+	# Print the generated and required HOME_NET declaration to the file.
+	print FILE "HOME_NET:\t$line\n";
+
+	# Close file handle.
+	close(FILE);
+
+}