ids-functions.pl: Introduce function write_modify_sids_file()

This function is used to write the corresponding file which tells oinkmaster to alter the whole ruleset and finally switches suricata into an IPS or IDS. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-28 11:43:25 +02:00 · 2018-12-25 18:40:34 +01:00
parent b02e30fd81
commit 74cc8f5a3d
2 changed files with 31 additions and 10 deletions
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -687,4 +687,26 @@ sub write_used_rulefiles_file(@) {
 	close(FILE);
 }

+#
+## Function to generate and write the file for modify the ruleset.
+#
+sub write_modify_sids_file($) {
+	my ($ruleaction) = @_;
+
+	# Open modify sid's file for writing.
+	open(FILE, ">$IDS::modify_sids_file") or die "Could not write to $IDS::modify_sids_file. $!\n";
+
+	# Write file header.
+	print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+	# Check if the traffic only should be monitored.
+	unless($ruleaction eq "alert") {
+		# Tell oinkmaster to switch all rules from alert to drop.
+		print FILE "modifysid \* \"alert\" \| \"drop\"\n";
+	}
+
+	# Close file handle.
+	close(FILE);
+}
+
 1;