#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2018 IPFire Team  <info@ipfire.org>                           #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use strict;
use POSIX;

require '/var/ipfire/general-functions.pl';
require "${General::swroot}/ids-functions.pl";
require "${General::swroot}/lang.pl";

# The user and group name as which this script should be run.
my $run_as = 'nobody';

# Get user and group id of the user.
my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ];

# Check if the script currently runs as root.
if ( $> == 0 ) {
	# Drop privileges and switch to the specified user and group.
	POSIX::setgid( $gid );
	POSIX::setuid( $uid );
}

# Check if the red device is active.
unless (-e "${General::swroot}/red/active") {
	# Store notice in the syslog.
	&IDS::_log_to_syslog("The system is offline.");

	# Store error message for displaying in the WUI.
	&IDS::_store_error_message("$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}");

	# Exit.
	exit 0;
}

# Check if enought free disk space is availabe.
if(&IDS::checkdiskspace()) {
	# Store the error message for displaying in the WUI.
	&IDS::_store_error_message("$Lang::tr{'not enough disk space'}");

	# Exit.
	exit 0;
}

# Lock the IDS page.
&IDS::lock_ids_page();

# Call the download function and gather the new ruleset.
if(&IDS::downloadruleset()) {
	# Store error message for displaying in the WUI.
	&IDS::_store_error_message("$Lang::tr{'could not download latest updates'}");

	# Unlock the IDS page.
	&IDS::unlock_ids_page();

	# Exit.
	exit 0;
}

# Set correct ownership for the downloaded tarball.
&IDS::set_ownership("$IDS::rulestarball");

# Call oinkmaster to alter the ruleset.
&IDS::oinkmaster();

# Set correct ownership for the rulesdir and files.
&IDS::set_ownership("$IDS::rulespath");

# Unlock the IDS page.
&IDS::unlock_ids_page();

# Check if the IDS is running.
if(&IDS::ids_is_running()) {
	# Call suricatactrl to perform a reload.
	&IDS::call_suricatactrl("reload");
}

1;
