Move the file which contains the download URL's for the IDS rulesets
into an own common package. This will allow us in future to easily ship
a changed file with a core update.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Create /var/ipfire/suricata and /var/ipfire/suricata/settings instead of
/var/ipfire/snort and /var/ipfire/snort/settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This config file is mostly based on the example configuration shipped
by the suricata project and needs to be enhanched.
See #11808.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Rename filename to suricata-used-rulefiles.yaml
* Adjust file generation as a yaml file to be compatible with suricata
* Adjust code to correctly read-in and parse the changed file
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The $settingsdir variable is declared in the ids-functions.pl and used to to
store the path where the various files which contains the settings for the IDS and
oinkmaster is located.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will help if the path ever changed. Also remove hard coded rulepath
from oinkmaster call.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Drop function to show a notice about snort is working.
* Introduce the log_error function which is responsible for log any
error messages. Currently it writes it to a tempory file, which will
be read by the WUI, the message will be displayed and the temporary file
will be released again.
* Introduce a tiny function to easily perform a reload of the generated
webpage.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Directly use the value from the ids-functions.pl for the
location and filename of the tarball which includes the snort ruleset.
This will save to declare this information twice and prevents from any
failures if the location of filname every changes.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This library will contain a set of functions used by the IDS CGI script
and the planned update script for auto-updating the snort ruleset.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will allow anybody, to access the log of oinkmaster and
get detailed information about any changes which have been done
on the ruleset.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The control file are not longer required, because the
initscript uses the settings file to determine if snort
should be started and binded to which interfaches.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This file contains the ruleset vendors and download urls and
will be used by the ids.cgi.
If an url or filename changes, we easily can adjust this file. In most
cases this will be needed when performing a snort update.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This new file will contain the vendor information and url
for downloading their ruleset. In future if the download location
or filename changes, we only need to adjust this one file and ship
it via a core update.
Also extend the downloadrulesfile to be able to directly call the
subfunction.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Move the code for displaying a notice that snort currently is working
into an own subfunction which will be called if oinkmaster currently
is started.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
If a single sid has been activated and then disabled without doing
any other ruleset modifications only one of the oinkmaster files
for enabled / disabled rules has been modified.
In this case it was possible, that the same sid, was part of the
file for enabled rules and part of the file for disabled rules at the
same time.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The enabled rulefiles (rule categories) now will be added
to an own file, which will be included by the snort main config
file.
This will allow us to update snort and push the new main config file
without loosing the activated rulesets anymore.
* Introducing snort-used-rulefiles.conf
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Drop a lot of unused variables and code.
* Re-ordering some code parts.
* Add a lot of comments.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
