mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-19 23:43:00 +02:00
ids-functions.pl: Introduce merge_classifications() function.
This function is used to merge the individual classification files provided by the providers. The result will be written to the classification.config which will be used by the IDS. Fixes #11884. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This commit is contained in:
@@ -80,6 +80,9 @@ our $ids_page_lock_file = "/tmp/ids_page_locked";
|
||||
# Location where the rulefiles are stored.
|
||||
our $rulespath = "/var/lib/suricata";
|
||||
|
||||
# Location of the classification file.
|
||||
our $classification_file = "$rulespath/classification.config";
|
||||
|
||||
# Location to store local rules. This file will not be touched.
|
||||
our $local_rules_file = "$rulespath/local.rules";
|
||||
|
||||
@@ -539,6 +542,71 @@ sub oinkmaster () {
|
||||
closelog();
|
||||
}
|
||||
|
||||
#
|
||||
## Function to merge the classifications for a given amount of providers and write them
|
||||
## to the classifications file.
|
||||
#
|
||||
sub merge_classifications(@) {
|
||||
my @providers = @_;
|
||||
|
||||
# Hash to store all collected classifications.
|
||||
my %classifications = ();
|
||||
|
||||
# Loop through the given array of providers.
|
||||
foreach my $provider (@providers) {
|
||||
# Generate full path to classification file.
|
||||
my $classification_file = "$tmp_directory/conf/$provider\-classification.config";
|
||||
|
||||
# Skip provider if no classification file exists.
|
||||
next unless (-f "$classification_file");
|
||||
|
||||
# Open the classification file.
|
||||
open(CLASSIFICATION, $classification_file) or die "Could not open file $classification_file. $!\n";
|
||||
|
||||
# Loop through the file content.
|
||||
while(<CLASSIFICATION>) {
|
||||
# Parse the file and grab the classification details.
|
||||
if ($_ =~/.*config classification\: (.*)/) {
|
||||
# Split the grabbed details.
|
||||
my ($short_name, $short_desc, $priority) = split("\,", $1);
|
||||
|
||||
# Check if the grabbed classification is allready known and the priority value is greater
|
||||
# than the stored one (which causes less priority in the IDS).
|
||||
if (($classifications{$short_name}) && ($classifications{$short_name}[1] >= $priority)) {
|
||||
#Change the priority value to the stricter one.
|
||||
$classifications{$short_name} = [ "$classifications{$short_name}[0]", "$priority" ];
|
||||
} else {
|
||||
# Add the classification to the hash.
|
||||
$classifications{$short_name} = [ "$short_desc", "$priority" ];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Close the file.
|
||||
close(CLASSIFICATION);
|
||||
}
|
||||
|
||||
# Open classification file for writing.
|
||||
open(FILE, ">", "$classification_file") or die "Could not write to $classification_file. $!\n";
|
||||
|
||||
# Print notice about autogenerated file.
|
||||
print FILE "#Autogenerated file. Any custom changes will be overwritten!\n\n";
|
||||
|
||||
# Sort and loop through the hash of classifications.
|
||||
foreach my $key (sort keys %classifications) {
|
||||
# Assign some nice variable names for the items.
|
||||
my $short_name = $key;
|
||||
my $short_desc = $classifications{$key}[0];
|
||||
my $priority = $classifications{$key}[1];
|
||||
|
||||
# Write the classification to the file.
|
||||
print FILE "config classification: $short_name,$short_desc,$priority\n";
|
||||
}
|
||||
|
||||
# Close file handle.
|
||||
close(FILE);
|
||||
}
|
||||
|
||||
#
|
||||
## Function to do all the logging stuff if the downloading or updating of the ruleset fails.
|
||||
#
|
||||
|
||||
Reference in New Issue
Block a user