webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 13:02:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
28fdd8ede6b241144e1aa3a05ac2c5ac82d56ae3
bpfire/src/scripts/update-ids-ruleset
Stefan Schantl a956712e75 update-ids-ruleset: Always drop the lock file if it has been created during runtime. 
In some situations or if an error happened, the lock file could be
keep on the system. In such a case the IDS page would be locked forever
until user interaction or reboot of the system.

Now the script checks if it has created such a lock and release it when
the script exists.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
2022-03-05 14:30:06 +00:00

140 lines
4.5 KiB
Perl
Raw Blame History

#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
use POSIX;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/ids-functions.pl";
require "${General::swroot}/lang.pl";
# Variable to store if the process has written a lockfile.
my $locked;
# Hash to store the configured providers.
my %providers = ();
# The user and group name as which this script should be run.
my $run_as = 'nobody';
# Get user and group id of the user.
my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ];
# Check if the script currently runs as root.
if ( $> == 0 ) {
# Drop privileges and switch to the specified user and group.
POSIX::setgid( $gid );
POSIX::setuid( $uid );
}
# Check if the IDS lock file exists.
# In this case the WUI or another instance currently is altering the
# ruleset.
if (-f "$IDS::ids_page_lock_file") {
# Store notice to the syslog.
&IDS::_log_to_syslog("Another process currently is altering the IDS ruleset.");
# Exit.
exit 0;
}
# Check if the red device is active.
unless (-e "${General::swroot}/red/active") {
# Store notice in the syslog.
&IDS::_log_to_syslog("The system is offline.");
# Store error message for displaying in the WUI.
&IDS::_store_error_message("$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}");
# Exit.
exit 0;
}
# Check if enought free disk space is availabe.
if(&IDS::checkdiskspace()) {
# Store the error message for displaying in the WUI.
&IDS::_store_error_message("$Lang::tr{'not enough disk space'}");
# Exit.
exit 0;
}
# Lock the IDS page.
&IDS::lock_ids_page();
# The script has requested a lock, so set locket to "1".
$locked = "1";
# Grab the configured providers.
&General::readhasharray("$IDS::providers_settings_file", \%providers);
# Loop through the array of available providers.
foreach my $id (keys %providers) {
# Assign some nice variabled.
my $provider = $providers{$id}[0];
my $autoupdate_status = $providers{$id}[3];
# Skip the provider if autoupdate is not enabled.
next unless($autoupdate_status eq "enabled");
# Call the download function and gather the new ruleset for the current processed provider.
if(&IDS::downloadruleset($provider)) {
# Store error message for displaying in the WUI.
&IDS::_store_error_message("$provider: $Lang::tr{'could not download latest updates'}");
# Unlock the IDS page.
&IDS::unlock_ids_page();
# Exit.
exit 0;
}
# Get path and name of the stored rules file or archive.
my $stored_file = &IDS::_get_dl_rulesfile($provider);
# Set correct ownership for the downloaded tarball.
&IDS::set_ownership("$stored_file");
}
# Call oinkmaster to alter the ruleset.
&IDS::oinkmaster();
# Set correct ownership for the rulesdir and files.
&IDS::set_ownership("$IDS::rulespath");
# Check if the IDS is running.
if(&IDS::ids_is_running()) {
# Call suricatactrl to perform a reload.
&IDS::call_suricatactrl("reload");
}
# Custom END declaration to release a IDS page lock
# when the script has created one.
END {
# Check if a lock has been requested.
if ($locked) {
# Unlock the IDS page.
&IDS::unlock_ids_page();
}
}
1;
Reference in New Issue View Git Blame Copy Permalink