This function can be used to directly modify the desired file.
It takes two arguments:
* An action which could be "add" or "remove"
* A provider handle, which should be added or removed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
function.
This function simply returns the gernerated path and filename for the
provider specific modified sids file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The enabled or disabled sids now will be written to an own
provider exclusive configuration file which dynamically will
be included by oinkmaster if needed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to get the creation date of the stored rules files
of a given provider.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The selected rulesfiles of a provider now will be written to an own
provider exclusive yaml file, which will be included dynamically when
the provider is enabled or not.
This allows very easy handling to enable or disable a provider, in this
case the file which keeps the enabled providers rulesets only needs to
be included in the main file or even not.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This tiny function is used, to delete the stored rulesfile in case a
provider will be deleted.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
As the name of the function already says, it is responsible to
delete all temporary files after ruleset generation.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Rework the function to work with the latest changes and multiple
providers.
The function now does the following:
* Extract the stored rules tarballs for all enabled providers.
* Copy rules files for enabled providers which provide plain files.
* Still calls oinkmaster to set up the rules and modify them.
* Calls the merge functions for classification and sid to msg files.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to merge the individual classification files
provided by the providers.
The result will be written to the classification.config which will be
used by the IDS.
Fixes#11884.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function is used to extract the required config and rules files
from the stored rules tarball for a given ruleset provider.
* The files will be extracted to a temporary directory layout in
"/tmp/ids_tmp".
* Names of config files will be adjusted in case multiple providers
offers the same config files, which is very common.
* The name of the single rulefiles will be adjusted to start with
the vendors name to allow assigning them very easily to a single
ruleset provider.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
multiple ruleset providers.
When calling the function now a single ruleset provider handle
can be specified to only download this ruleset or by adding "all" or
leaving the handle blank a download of all configured rulesets can be
triggered.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function can be used to generate/get the absolute file and path
for a given ruleset provider.
The files will be stored in the usual "/var/tmp" folder with a new
file format based on the dl_file type and the provider.
Examples could be:
* /var/ipfire/idsrules-emerging.tar.gz
* /var/ipfire/idsrules-registered.tar.gz
* /var/ipfire/idsrules-somprovider.rules
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The file now contains a lot more of data and easily can be extended
to provide more and new providers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The parsers for those are disabled in the suricata config so
the rules are not needed, on the contrary they massively will spam
warnings when launching suricate because of the disabled parsers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The parsers for those are disabled in the suricata config so
the rules are not needed, on the contrary they massively will spam
warnings when launching suricate because of the disabled parsers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
In order to be able to run the ISO command on command line it is helpful
that the script does not go into background halfway through the process.
We should rather start it as a background job straight from the CGI
script.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch is changing the behaviour of the backup script so that it
creates one tarball and compresses it in one go.
This will save storing the original tarball on disk before compressing
it which on my test system requires significant disk space.
This patch also solves a bug where the backup file included with the ISO
image could not be extracted because it was not gzip-compressed when it
was expected to be.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
