IDS: Call helper script when red interface gets up

The helper script will be automatically called when the red interface gets up and will re-generate the HOME_NET file, to take care if the IP-address of this interface has changed. Fixes #11989 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-27 03:07:43 +02:00 · 2019-02-06 15:23:46 +01:00
parent d8f19ebb5a
commit 8117fff863
6 changed files with 34 additions and 6 deletions
--- a/src/initscripts/networking/red.up/23-suricata
+++ b/src/initscripts/networking/red.up/23-suricata
@@ -0,0 +1,30 @@
+#!/usr/bin/perl
+#
+# Helper script to regenerate the file which contains the HOME_NET declaration
+# including the assigned IP-address of red and any configured aliases.
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/ids-functions.pl";
+
+# Hash to store the IDS settings.
+my %ids_settings = ();
+
+# Read-in IDS settings.
+&General::readhash("$IDS::ids_settings_file", \%ids_settings);
+
+# Check if suricata is enabled.
+if($ids_settings{'ENABLE_IDS'} eq "on") {
+	# Regenerate the file with HOME_NET details.
+	&IDS::generate_home_net_file();
+
+	# Set correct ownership.
+	&IDS::set_ownership("$IDS::homenet_file");
+
+	# Check if suricata is running.
+	if(&IDS::ids_is_running()) {
+		# Call suricatactrl to perform a restart of suricata.
+		&IDS::call_suricatactrl("restart");
+	}
+}