[PATCH 1/5] ids-functions.pl: Introduce generate_dns_servers_file()

[Stefan Schantl <stefan.schantl@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3242 bytes --]

This function is used to generate a yaml file which take care of the
current used DNS configuration and should be included in the main
suricata config file.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/cfgroot/ids-functions.pl | 62 +++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 94de1373c..54d86f70f 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -34,6 +34,9 @@ our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml";
 # File where the addresses of the homenet are stored.
 our $homenet_file = "$settingsdir/suricata-homenet.yaml";
 
+# File where the addresses of the used DNS servers are stored.
+our $dns_servers_file = "$settingsdir/suricata-dns-servers.yaml";
+
 # File which contains the enabled sids.
 our $enabled_sids_file = "$settingsdir/oinkmaster-enabled-sids.conf";
 
@@ -695,6 +698,65 @@ sub generate_home_net_file() {
 	close(FILE);
 }
 
+#
+# Function to generate and write the file which contains the configured and used DNS servers.
+#
+sub generate_dns_servers_file() {
+	# Open file which contains the current used DNS configuration.
+	open (FILE, "${General::swroot}/red/dns") or die "Could not read DNS configuration from ${General::swroot}/red/dns. $!\n";
+
+	# Read-in whole file content and store it in a temporary array.
+	my @file_content = <FILE>;
+
+	# Close file handle.
+	close(FILE);
+
+	# Format dns servers declaration.
+	my $line = "\"\[";
+
+	# Loop through the array which contains the file content.
+	foreach my $server (@file_content) {
+		# Remove newlines.
+		chomp($server);
+
+		# Check if the current DNS configuration is using the local recursor mode.
+		if ($server eq "local recursor") {
+			# The responsible DNS servers on red are directly used, and because we are not able
+			# to specify each single DNS server address here, we currently have to thread each
+			# address which is not part of the HOME_NET as possible DNS server.
+			$line = "$line" . "!\$HOME_NET";
+		} else {
+			# Add the DNS server to the line.
+			$line = "$line" . "$server";
+		}
+
+                # Check if the current DNS server was the last in the array.
+                if ($server eq $file_content[-1]) {
+                        # Close the line.
+                        $line = "$line" . "\]\"";
+                } else {
+                        # Add "," for the next DNS server.
+                        $line = "$line" . "\,";
+                }
+        }
+
+	# Open file to store the used DNS server addresses.
+	open(FILE, ">$dns_servers_file") or die "Could not open $dns_servers_file. $!\n";
+
+	# Print yaml header.
+	print FILE "%YAML 1.1\n";
+	print FILE "---\n\n";
+
+	# Print notice about autogenerated file.
+	print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+	# Print the generated DNS declaration to the file.
+	print FILE "DNS_SERVERS:\t$line\n";
+
+	# Close file handle.
+	close(FILE);
+}
+
 #
 ## Function to generate and write the file for used rulefiles.
 #
-- 
2.20.1