This private function is used to remove any files which are stored in the
IDS rules directory and prevent from any old (unneeded or conflicting) files
after an update or complete change of the ruleset source.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function checks if all files located in /etc/suricata/rules are
writable by the effective user and group (nobody:nobody) and if not
calls suricatactl to fix it.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This generic function can be used to create any kind of emtpy files -
it just requires the full path and filename to work.
If the specified file exists at calltime, the function will abort
to prevent from overwriting existing files and content.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The get_available_network_zones() function uses the /var/ipfire/ethernet/settings
file and translates the configured mode into an array, which contains the names
of the configured network zones.
The array will be returned and easily can be used to loop over this list of
available network zones and perform any kind of actions in other scripts.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The $settingsdir variable is declared in the ids-functions.pl and used to to
store the path where the various files which contains the settings for the IDS and
oinkmaster is located.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will help if the path ever changed. Also remove hard coded rulepath
from oinkmaster call.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Drop function to show a notice about snort is working.
* Introduce the log_error function which is responsible for log any
error messages. Currently it writes it to a tempory file, which will
be read by the WUI, the message will be displayed and the temporary file
will be released again.
* Introduce a tiny function to easily perform a reload of the generated
webpage.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This library will contain a set of functions used by the IDS CGI script
and the planned update script for auto-updating the snort ruleset.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Instead of opening the database again for each lookup,
we will read it into memory on first use and every lookup
after that will be coming from cache.
Reviewed-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
in function network_equal and network2bin a check for undefined variables were missing.
added them.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The network_equal function only tested the subnet addresses of two given networks which lead to
errormessages saying "This is the green network"
The fix tests netwok and subnet IP's to fix this
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes: #11278
When creating networks which are part of an internal network, there was an errormessage displayed and the creation was prohibited.
Now it is possible to create such subnets. This is used at own risk! Users have to take care of the firewallrule sequence.
It is possible to create situations that are not wanted.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit ff6cc71107.
This patch causes that no new networks can be created and
an error message is shown that the created network is the GREEN
network which is incorrect.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The graphs are using an iframe and PNG images where the resolution
did often not fit and the browser had to resize the image. That
led to blurred fonts and hard to read graphs.
This patch increases the size of the box and the image. With that
higher resolution resizing should not be too much of an issue, but
since the sizes of the iframe and image have been aligned should
not even be necessary.
Reported-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In firewallgroups it was not possible to create new networks that are subnets of
IPFire internal networks. Now this is possible for all internal networks.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We now check all allowed chars in the address before the @ sign.
The domainpart after the '@' sign is just checked for valid chars, so that user@ipfire is valid, too
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
