mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-27 19:23:24 +02:00
ids-functions.pl: Introduce generate_dns_servers_file()
This function is used to generate a yaml file which take care of the current used DNS configuration and should be included in the main suricata config file. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Stefan Schantl
committed by
Arne Fitzenreiter
Arne Fitzenreiter
parent
e93959a7aa
commit
30ee98e949
@@ -34,6 +34,9 @@ our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml";
|
||||
# File where the addresses of the homenet are stored.
|
||||
our $homenet_file = "$settingsdir/suricata-homenet.yaml";
|
||||
|
||||
# File where the addresses of the used DNS servers are stored.
|
||||
our $dns_servers_file = "$settingsdir/suricata-dns-servers.yaml";
|
||||
|
||||
# File which contains the enabled sids.
|
||||
our $enabled_sids_file = "$settingsdir/oinkmaster-enabled-sids.conf";
|
||||
|
||||
@@ -695,6 +698,65 @@ sub generate_home_net_file() {
|
||||
close(FILE);
|
||||
}
|
||||
|
||||
#
|
||||
# Function to generate and write the file which contains the configured and used DNS servers.
|
||||
#
|
||||
sub generate_dns_servers_file() {
|
||||
# Open file which contains the current used DNS configuration.
|
||||
open (FILE, "${General::swroot}/red/dns") or die "Could not read DNS configuration from ${General::swroot}/red/dns. $!\n";
|
||||
|
||||
# Read-in whole file content and store it in a temporary array.
|
||||
my @file_content = <FILE>;
|
||||
|
||||
# Close file handle.
|
||||
close(FILE);
|
||||
|
||||
# Format dns servers declaration.
|
||||
my $line = "\"\[";
|
||||
|
||||
# Loop through the array which contains the file content.
|
||||
foreach my $server (@file_content) {
|
||||
# Remove newlines.
|
||||
chomp($server);
|
||||
|
||||
# Check if the current DNS configuration is using the local recursor mode.
|
||||
if ($server eq "local recursor") {
|
||||
# The responsible DNS servers on red are directly used, and because we are not able
|
||||
# to specify each single DNS server address here, we currently have to thread each
|
||||
# address which is not part of the HOME_NET as possible DNS server.
|
||||
$line = "$line" . "!\$HOME_NET";
|
||||
} else {
|
||||
# Add the DNS server to the line.
|
||||
$line = "$line" . "$server";
|
||||
}
|
||||
|
||||
# Check if the current DNS server was the last in the array.
|
||||
if ($server eq $file_content[-1]) {
|
||||
# Close the line.
|
||||
$line = "$line" . "\]\"";
|
||||
} else {
|
||||
# Add "," for the next DNS server.
|
||||
$line = "$line" . "\,";
|
||||
}
|
||||
}
|
||||
|
||||
# Open file to store the used DNS server addresses.
|
||||
open(FILE, ">$dns_servers_file") or die "Could not open $dns_servers_file. $!\n";
|
||||
|
||||
# Print yaml header.
|
||||
print FILE "%YAML 1.1\n";
|
||||
print FILE "---\n\n";
|
||||
|
||||
# Print notice about autogenerated file.
|
||||
print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
|
||||
|
||||
# Print the generated DNS declaration to the file.
|
||||
print FILE "DNS_SERVERS:\t$line\n";
|
||||
|
||||
# Close file handle.
|
||||
close(FILE);
|
||||
}
|
||||
|
||||
#
|
||||
## Function to generate and write the file for used rulefiles.
|
||||
#
|
||||
|
||||
Reference in New Issue
Block a user