From patchwork Thu Jun 6 04:56:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 2287 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 1656C88895A for ; Wed, 5 Jun 2019 19:56:59 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 45JyhB4B0hz5NKbV; Wed, 5 Jun 2019 19:56:58 +0100 (BST) Received: from tuxedo.stevee (212095005248.public.telering.at [212.95.5.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 45Jygv6p7bz5NKZx; Wed, 5 Jun 2019 19:56:43 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1559761004; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=38JgNw36lAJS5CaZHjlRHb3vYT/YCJ2O1s+VaXcGFEs=; b=OGFfoNQ9vRmZoyqWi6eSIoDJ8DcoAd6e9fdOLeqZ3frqhm3PvmhcNkMhfAsL24fLc8sS6j 7HMPmgJph2LW3R8CQE40EW8GM8nlTV69961Q7nq8QA2Wjlwj6eGn1z/nGrpIlwz/Su6uDf w9iIRzT6//6aCAS9EAOSpD1y07+iRUGIdh2kavObOcRELwFllwuH44ofHAW57V9YXv/WrJ Y6E0P6IpGHOd9LHLvVKVE3XOr/BdzC+W10feBPH5BfC3i8tOgxTE0KFz8+co124iPLN6eQ pZO316H3kl8Pgv4YilXHIv0YO2E99JHeTJo9PuMu268gvy7e5e0zvsas0H4REg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1559761004; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=38JgNw36lAJS5CaZHjlRHb3vYT/YCJ2O1s+VaXcGFEs=; b=t0Yz7C+BlEcSbUsU2QKTnF+gEnniTGkkIhBwYJcFK8iAbCdsjbmceJ2u7gUlKsxzK48asO SKcLYOwifB5HrSCQ== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH 4/5] convert-ids-modifysids-file: Adjust code to use changed write_modify_sids_file function Date: Wed, 5 Jun 2019 20:56:35 +0200 Message-Id: <20190605185636.9952-4-stefan.schantl@ipfire.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190605185636.9952-1-stefan.schantl@ipfire.org> References: <20190605185636.9952-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=stevee smtp.mailfrom=stefan.schantl@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Stefan Schantl --- config/suricata/convert-ids-modifysids-file | 32 +++------------------ 1 file changed, 4 insertions(+), 28 deletions(-) diff --git a/config/suricata/convert-ids-modifysids-file b/config/suricata/convert-ids-modifysids-file index 8b70aa0fc..adcc10577 100644 --- a/config/suricata/convert-ids-modifysids-file +++ b/config/suricata/convert-ids-modifysids-file @@ -24,44 +24,20 @@ use strict; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/ids-functions.pl"; -# Hash which contains the IDS (suricata) settings. -my %idssettings; - -# Hash which contains the RULES settings. -my %rulessettings; - -# -## Step 1: Read IDS and rules settings. -# - exit unless(-f $IDS::ids_settings_file and -f $IDS::rules_settings_file); -# Read IDS settings. -&General::readhash("$IDS::ids_settings_file", \%idssettings); - -# Read rules settings. -&General::readhash("$IDS::rules_settings_file", \%rulessettings); - # -## Step 2: Generate and write the file to modify the ruleset. +## Step 1: Re-generate and write the file to modify the ruleset. # -my $IDS_action = "drop"; - -# Check if the traffic only should be monitored. -if ($idssettings{"MONITOR_TRAFFIC_ONLY"} eq "on") { - # Switch IDS action to alert only. - $IDS_action = "alert"; -} - # Call subfunction and pass the desired IDS action. -&IDS::write_modify_sids_file($IDS_action, $rulessettings{RULES}); +&IDS::write_modify_sids_file(); # Set correct ownership. &IDS::set_ownership("$IDS::modify_sids_file"); # -## Step 3: Call oinkmaster to extract and setup the rules structures. +## Step 2: Call oinkmaster to extract and setup the rules structures. # # Check if a rulestarball is present. @@ -74,7 +50,7 @@ if (-f $IDS::rulestarball) { } # -## Step 4: Start the IDS if enabled. +## Step 3: Reload the IDS ruleset if running. # # Check if the IDS should be started.