convert-ids-modifications-files converter.
This converter also will convert the used rulesfiles file for the
providers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Etags are used to itentify if an ressource has been changed
by sending a special request and an Etag value to the server.
If the ressource has changed the server will serve the new content
otherwise it will return the 304 (Not-Modified) code.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
ids-functions.
This will print some nice status messages while the page is locked and
the IDS rules get regenerated/altered.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to regenerate the entire ruleset similar to the
one from ids-functions, but is enhanced to print additional status
messages.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
rulefiles.
Suricata seems to struggle when using multiple and/or nested includes in
the same config section. This results in a only partially loaded
confguration where not all rulefiles are loaded and used.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
downloaded.
When adding a new provider and in case the rules file or tarball can not
be downloaded, the provider remains as configured.
To avoid that, the provider needs to be removed again.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This converter is responsible to convert the old oinkmaster modification
files into the new files and format.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is going to replace the part which currently the
oinkmaster.pl script does.
It will read in the extracted ruleset, remove duplicates and alter the
rules to alert or drop in case they match. Also rules will be enabled or
disabled if the used requested this.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to gather the modes of the configured providers
and return them as hash.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The download script should not directly do the logging stuff.
It simply should download the files for the requested provider and
return an error code on fail.
The logging should be done at another place.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Remove the option and required code to download the rulesets
for all configured and enabled providers by just calling the downloader
function.
This cause a lot of troubles and if required, directly should be handled
by the processing script.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
When using the "If-Modified-Since" header, the server can be requested
if a modified version of the file can be served.
In case that is true, the file will be sent and stored by the downloader
function. If the file has not been touched since the last time, the
server will respond with the code "304" (Not modified).
This tells us, that the current stored file is the latest one (still up-to-date)
and we safely can skip the download attempt for this provider.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will help us to determine if all required perl modules and their
dependencies are avail and load-able.
It also prevents us from doubble loading modules and makes development
and maintainance more easy.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Even if the servers do not support HEAD requests, the remote filesize
(content_length) can be obtained from the connection headers.
This generic method works for all servers and therefore we do not need
the code for handle sourcefire servers in a different way anymore.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The former used hash value only contains the country code when
a rule for a single country should be created.
In case a location group is used the hash value refers to the group name,
which does not work here.
The required country code is part of the processed string and can be omitted
from here. This works well for single codes and location groups, because those
are processed in a loop.
Fixes#12809.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
