From patchwork Wed Apr 1 08:32:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Schantl X-Patchwork-Id: 2871 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 48sfb36ZQlz3yBY for ; Wed, 1 Apr 2020 08:32:47 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 48sfb21X2Lz1Kx; Wed, 1 Apr 2020 08:32:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 48sfb16PGxz2y2r; Wed, 1 Apr 2020 08:32:45 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48sfb05Yshz2xFf for ; Wed, 1 Apr 2020 08:32:44 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 48sfZz2Y6Gzbv; Wed, 1 Apr 2020 08:32:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1585729963; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=SdIZrmwmft8dxlW4bRHVWGowQ2zqigSlQ6Tvps6MEPQ=; b=LQrqV3yYnEdrea4WcoFbnpMForcwCipRpBGH3Mn+mEQigp2je4Ox1nPKgIvTof+ALcvbfs q5LWSx3eFI4v3BF6B9fgVIAUwt+UUIUR6qyA3NPof9agXYuU/dtP8baloq8biZMj2KgCm7 f8pkynEpqIAyyGMQLHmPVGygshvmlDLHqymM1dn5JcAUL/V52SCXV6dYojhmCqBKL/3DIG lp8P3bI6ykzcgz40wZozlUbXKCYQJxGBdQRAQtGh8Ev0L7KdCgPpgr8C/fBZOQgOICBRUx dkXNCwjM9sKJQHP7sog1ds2B6nVOFacybIn7HrWrSggo3EihFdNitxvdoLyS4w== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1585729963; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=SdIZrmwmft8dxlW4bRHVWGowQ2zqigSlQ6Tvps6MEPQ=; b=Npu8hKJNf6lP6/PkcwD5UpTo6AkjfO58kUmhSPlqhH/MIO6BYUE5C2T+gW0CQpLbNfkV7U nNynSuh58FL3ZCDw== From: Stefan Schantl To: development@lists.ipfire.org Subject: [PATCH] ids.cgi: Restart suricata if necessary when altering the ruleset. Date: Wed, 1 Apr 2020 10:32:40 +0200 Message-Id: <20200401083240.2704-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=stefan.schantl@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Suricata does support re-reading it's configuration files and therfore we need to restart it, if one or more ruleset files should be loaded or not loaded anymore. If simple some rules inside the same files are activated or deactivated we are still fine to call the reload method to send suricata the signal to reload its ruleset. Fixes #12340. Signed-off-by: Stefan Schantl --- html/cgi-bin/ids.cgi | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 2a8a7cb26..c3e5eefdb 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -412,6 +412,9 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Hash to store the user-enabled and disabled sids. my %enabled_disabled_sids; + # Store if a restart of suricata is required. + my $suricata_restart_required; + # Loop through the hash of idsrules. foreach my $rulefile(keys %idsrules) { # Check if the rulefile is enabled. @@ -419,6 +422,12 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Add rulefile to the array of enabled rulefiles. push(@enabled_rulefiles, $rulefile); + # Check if the state of the rulefile has been changed. + unless ($cgiparams{$rulefile} eq $idsrules{$rulefile}{'Rulefile'}{'State'}) { + # A restart of suricata is required to apply the changes of the used rulefiles. + $suricata_restart_required = 1; + } + # Drop item from cgiparams hash. delete $cgiparams{$rulefile}; } @@ -513,8 +522,14 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Check if the IDS is running. if(&IDS::ids_is_running()) { - # Call suricatactrl to perform a reload. - &IDS::call_suricatactrl("reload"); + # Check if a restart of suricata is required. + if ($suricata_restart_required) { + # Call suricatactrl to perform the restart. + &IDS::call_suricatactrl("restart"); + } else { + # Call suricatactrl to perform a reload. + &IDS::call_suricatactrl("reload"); + } } # Reload page.