This script periodly will be called by fcron
and is responsible for downloading and altering
the ruleset, if autoupdate of the configured ruleset is
enabled.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This command allows to enable the automatic update
of the used IDS ruleset and to specify the update interval.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Only set the state of a used rulefile to "on" if it is present in
the %idsrules hash. This happens if it contains at least one rule.
This prevents from showing a rulefile in the ruleset section if, it
does not exist anymore or does not contains any rules at all.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
If an IP-address has been added to the whitelist, any traffic from
this host will not longer inspected by suricata.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
As default show the events generated by suricata and if
for a certain selected date no suricata log is available
try to fall-back to read the events from the old snort
alert files (if available).
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Enable and specify the path to the threshold-file in the suricata.yaml,
otherwise the programm is trying to read it from a build-in default
location and prints the following error message:
Error opening file: "/etc/suricata//threshold.config": No such file or directory
Fixes#11837.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Now all oinkmaster related config files and suricata
related yaml files in "/var/ipfire/suricata/" will be
included into the backups.
Also the entire ruleset is part of the backup, so after a
backup has been restored, the IDS can be used in the same way
as before.
Fixes#11835.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Create this file on first execution of the script if it does not exist yet.
This will allow suricata to imediately be started. Otherwise the ruleset has
to be downloaded and configured before this file has been created and suricata
could be launched.
Fixes#11833.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Change the get_memory_usage() function to grab and return the
memory usage of the entire process, containing all sub-processes and
threads.
Fixes#11821
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function checks if all files located in /etc/suricata/rules are
writable by the effective user and group (nobody:nobody) and if not
calls suricatactl to fix it.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This command is used to set the ownership and permissions
back to nobody:nobdoy which is used by the WUI to write the
ruleset.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Remove a lot of stuff and options which are deactivated during compiling,
unsupported by the plattform or not used in IPFire.
Add an advice to the full documented suricata-example.yaml file which also
is shipped by IPFire.
More work needs to be done.
See #11808
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
With this commit, the CGI file will create the oinkmaster related
files during first run if they does not exist.
Fixes#11822.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This generic function can be used to create any kind of emtpy files -
it just requires the full path and filename to work.
If the specified file exists at calltime, the function will abort
to prevent from overwriting existing files and content.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Now its possible to create a rule with orange source and target orange interface of the firewall.
Fixes: #11805
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is done at boot time and doesn't normally need to be done again.
On AWS or in the setup, renaming any network interfaces is being
handled automatically.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Ship an IPFire specific configuration file for oinkmaster.
This allows oinkmaster to do all the great rule modifications which
have been introduced by the new ids.cgi file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Now the enabled or disabled sids are stored in a single
hash instead of two arrays, which easily can be modified.
When saving the ruleset, the new read_enabled_disabled_sids() function
will be used to read-in the current (old) saved enabled or disabled sids
and add them to the new hash structure.
After adding or modifiying sids to the hash, the entries will be written
to the corresponding files.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to read-in the files for enabled or disabled sid
files and stores the sid and their state into a temporary hash which will
be returned by the function.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
