ids.cgi: Prevent from starting suricata without ruleset or selected network zone

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-26 02:42:58 +02:00 · 2018-12-20 13:18:48 +01:00
parent 0a1bba1a1d
commit ebdd0f9a90
3 changed files with 30 additions and 0 deletions
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -493,6 +493,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
 } elsif ($cgiparams{'IDS'} eq $Lang::tr{'save'}) {
 	my %oldidssettings;
 	my $reload_page;
+	my $monitored_zones = 0;

 	# Read-in current (old) IDS settings.
 	&General::readhash("$IDS::settingsdir/settings", \%oldidssettings);
@@ -508,6 +509,31 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
 		}
 	}

+	# Check if the IDS should be enabled.
+	if ($cgiparams{'ENABLE_IDS'} eq "on") {
+		# Check if any ruleset is available. Otherwise abort and display an error.
+		unless(%idsrules) {
+			$errormessage = $Lang::tr{'ids no ruleset available'};
+		}
+
+		# Loop through the array of available interfaces.
+		foreach my $zone (@network_zones) {
+			# Convert interface name into upper case.
+			my $zone_upper = uc($zone);
+
+			# Check if the IDS is enabled for this interaces.
+			if ($cgiparams{"ENABLE_IDS_$zone_upper"}) {
+				# Increase count.
+				$monitored_zones++;
+			}
+		}
+
+		# Check if at least one zone should be monitored, or show an error.
+		unless ($monitored_zones >= 1) {
+			$errormessage = $Lang::tr{'ids no network zone'};
+		}
+	}
+
 	# Go on if there are no error messages.
 	if (!$errormessage) {
 		# Store settings into settings file.