ids.cgi: Prevent from starting suricata without ruleset or selected network zone

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-13 04:22:58 +02:00 · 2018-12-20 13:18:48 +01:00
parent 0a1bba1a1d
commit ebdd0f9a90
3 changed files with 30 additions and 0 deletions
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -493,6 +493,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
 } elsif ($cgiparams{'IDS'} eq $Lang::tr{'save'}) {
 	my %oldidssettings;
 	my $reload_page;
+	my $monitored_zones = 0;

 	# Read-in current (old) IDS settings.
 	&General::readhash("$IDS::settingsdir/settings", \%oldidssettings);
@@ -508,6 +509,31 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
 		}
 	}

+	# Check if the IDS should be enabled.
+	if ($cgiparams{'ENABLE_IDS'} eq "on") {
+		# Check if any ruleset is available. Otherwise abort and display an error.
+		unless(%idsrules) {
+			$errormessage = $Lang::tr{'ids no ruleset available'};
+		}
+
+		# Loop through the array of available interfaces.
+		foreach my $zone (@network_zones) {
+			# Convert interface name into upper case.
+			my $zone_upper = uc($zone);
+
+			# Check if the IDS is enabled for this interaces.
+			if ($cgiparams{"ENABLE_IDS_$zone_upper"}) {
+				# Increase count.
+				$monitored_zones++;
+			}
+		}
+
+		# Check if at least one zone should be monitored, or show an error.
+		unless ($monitored_zones >= 1) {
+			$errormessage = $Lang::tr{'ids no network zone'};
+		}
+	}
+
 	# Go on if there are no error messages.
 	if (!$errormessage) {
 		# Store settings into settings file.
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1329,6 +1329,8 @@
 'ids active on' => 'Aktiv auf',
 'ids log viewer' => 'Ansicht IDS-Protokoll',
 'ids logs' => 'IDS-Protokolldateien',
+'ids no network zone' => 'Mindestends eine Netzwerk-Zone muss überwacht werden!',
+'ids no ruleset available' => 'Kein Regelset verfügbar, bitte downloaden Sie eines!',
 'ids preprocessor' => 'IDS-Präprozessor',
 'ids rules license' => 'Um  Sourcefire VRT Zertifizierte Regeln zu nutzen, müssen Sie sich unter',
 'ids rules license1' => ' registrieren.',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1359,6 +1359,8 @@
 'ids active on' => 'Active on',
 'ids log viewer' => 'IDS log viewer',
 'ids logs' => 'IDS Logs',
+'ids no network zone' => 'At least one network zone has to be monitored!';
+'ids no ruleset available' => 'No ruleset available, please download one!',
 'ids preprocessor' => 'IDS preprocessor',
 'ids rules license' => 'To utilize Sourcefire VRT Certified Rules, you need to register on',
 'ids rules license1' => '.',