ids-functions.pl: Introduce function write_modify_sids_file()

This function is used to write the corresponding file which
tells oinkmaster to alter the whole ruleset and finally
switches suricata into an IPS or IDS.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

html/cgi-bin/ids.cgi

@@ -527,20 +527,19 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
 	# Generate file to store the home net.
 	&IDS::generate_home_net_file();
 
-	# Open modify sid's file for writing.
-	open(FILE, ">$IDS::modify_sids_file") or die "Could not write to $IDS::modify_sids_file. $!\n";
-
-	# Write file header.
-	print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+	# Temporary variable to set the ruleaction.
+	# Default is "drop" to use suricata as IPS.
+	my $ruleaction="drop";
 
 	# Check if the traffic only should be monitored.
-	unless($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
-		# Tell oinkmaster to switch all rules from alert to drop.
-		print FILE "modifysid \* \"alert\" \| \"drop\"\n";
+	if($cgiparams{'MONITOR_TRAFFIC_ONLY'} eq 'on') {
+		# Switch the ruleaction to "alert".
+		# Suricata acts as an IDS only.
+		$ruleaction="alert";
 	}
 
-	# Close file handle.
-	close(FILE);
+	# Write the modify sid's file and pass the taken ruleaction.
+	&IDS::write_modify_sids_file($ruleaction);
 
 	# Check if "MONITOR_TRAFFIC_ONLY" has been changed.
 	if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) {