[PATCH 1/5] ids-functions.pl: Improve logic to get the cached rulesfile of a provider

[PATCH 1/5] ids-functions.pl: Improve logic to get the cached rulesfile of a provider

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 1084 bytes --]

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/cfgroot/ids-functions.pl | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index d97431b4a..c29a5151f 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -1027,11 +1027,14 @@ sub _store_error_message ($) {
 sub _get_dl_rulesfile($) {
 	my ($provider) = @_;
 
-	# Check if the requested provider is known.
-	if ($IDS::Ruleset::Providers{$provider}) {
-		# Gather the download type for the given provider.
-		my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+	# Abort if the requested provider is not known.
+	return unless($IDS::Ruleset::Providers{$provider});
 
+	# Try to gather the download type for the given provider.
+	my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+
+	# Check if a download type could be grabbed.
+	if ($dl_type) {
 		# Obtain the file suffix for the download file type.
 		my $suffix = $dl_type_to_suffix{$dl_type};
 
-- 
2.39.2

[PATCH 2/5] ids.cgi: Change check if a provider is not longer supported

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 1094 bytes --]

This check is now based on a download URL instead of checking if
an entry in the ruleset sources is present.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 html/cgi-bin/ids.cgi | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 369bf0276..e29482fa8 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1171,11 +1171,7 @@ END
 				}
 
 				# Handle providers which are not longer supported.
-				unless ($provider_name) {
-					# Set the provider name to the provider handle
-					# to display something helpful.
-					$provider_name = $provider;
-
+				unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) {
 					# Assign background color
 					$col="bgcolor='#FF4D4D'";
 				}
@@ -1809,7 +1805,7 @@ sub show_additional_provider_actions() {
 	}
 
 	# Disable the manual update button if the provider is not longer supported.
-	unless ($IDS::Ruleset::Providers{$provider}) {
+	unless ($IDS::Ruleset::Providers{$provider}{"dl_url"}) {
 		$disabled_update = "disabled";
 	}
 
-- 
2.39.2

[PATCH 3/5] update-ids-ruleset: Disable provider if not dl_url can be obtained

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 757 bytes --]

Unsupported/Removed provides does not longer have these information

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 src/scripts/update-ids-ruleset | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset
index 553c1a1e1..806107e1c 100644
--- a/src/scripts/update-ids-ruleset
+++ b/src/scripts/update-ids-ruleset
@@ -106,7 +106,7 @@ foreach my $id (keys %providers) {
 	my $autoupdate_status = $providers{$id}[3];
 
 	# Skip unsupported providers.
-	next unless($IDS::Ruleset::Providers{$provider});
+	next unless($IDS::Ruleset::Providers{$provider}{'dl_url'});
 
 	# Skip the provider if it is not enabled.
 	next unless($enabled_status eq "enabled");
-- 
2.39.2

[PATCH 4/5] ruleset-sources: Restore generic details about recently dropped providers

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 1505 bytes --]

At least these informations are required to display something usefull
on the webgui, even if a provider has been dropped.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/suricata/ruleset-sources | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources
index 2b3b4ffcb..4e9ea5fa9 100644
--- a/config/suricata/ruleset-sources
+++ b/config/suricata/ruleset-sources
@@ -97,6 +97,34 @@ our %Providers = (
 		dl_type => "plain",
 	},
 
+	# Positive Technologies Attack Detection Team rules.
+	attack_detection => {
+		summary => "PT Attack Detection Team Rules",
+		website => "https://github.com/ptresearch/AttackDetection",
+		tr_string => "attack detection team rules",
+	},
+
+	# Secureworks Security rules.
+	secureworks_security => {
+		summary => "Secureworks Security Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks security ruleset",
+	},
+
+	# Secureworks Malware rules.
+	secureworks_malware => {
+		summary => "Secureworks Malware Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks malware ruleset",
+	},
+
+	# Secureworks Enhanced rules.
+	secureworks_enhanced => {
+		summary => "Secureworks Enhanced Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks enhanced ruleset",
+	},
+
 	# ThreatFox
 	threatfox => {
 		summary => "ThreatFox Indicators Of Compromise Rules",
-- 
2.39.2

[PATCH 5/5] ids.cgi: Adjust code for marking unsupported providers

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 3492 bytes --]

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 html/cgi-bin/ids.cgi   | 28 +++++++++++++++++-----------
 langs/de/cgi-bin/de.pl |  1 +
 langs/en/cgi-bin/en.pl |  1 +
 3 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index e29482fa8..2d4ac6fc3 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1162,6 +1162,7 @@ END
 				my $subscription_code = $used_providers{$id}[1];
 				my $autoupdate_status = $used_providers{$id}[2];
 				my $status  = $used_providers{$id}[3];
+				my $unsupported;
 
 				# Check if the item number is even or not.
 				if ($line % 2) {
@@ -1172,8 +1173,8 @@ END
 
 				# Handle providers which are not longer supported.
 				unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) {
-					# Assign background color
-					$col="bgcolor='#FF4D4D'";
+					# Mark this provider as unsupported.
+					$unsupported = "<img src='/blob.gif' alt='*'>";
 				}
 
 				# Choose icons for the checkboxes.
@@ -1202,7 +1203,7 @@ END
 
 print <<END;
 				<tr>
-					<td width='33%' class='base' $col>$provider_name</td>
+					<td width='33%' class='base' $col>$provider_name$unsupported</td>
 					<td width='30%' class='base' $col>$rulesetdate</td>
 
 					<td align='center' $col>
@@ -1258,10 +1259,15 @@ print <<END;
 	<hr>
 	<br>
 
-	<div align='right'>
-		<table width='100%'>
-			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-				<tr>
+	<table width='100%'>
+		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+			<tr>
+				<td>
+END
+					print "<img src='/blob.gif' alt='*'> $Lang::tr{'ids unsupported provider'}\n";
+print <<END;
+				</td>
+				<td><div align='right'>
 END
 
 					# Only show this button if a ruleset provider is configured.
@@ -1270,10 +1276,10 @@ END
 					}
 print <<END;
 					<input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'>
-				</tr>
-			</form>
-		</table>
-	</div>
+					</div></td>
+			</tr>
+		</form>
+	</table>
 END
 
 	&Header::closebox();
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index f13bddf4b..b7b86fc7f 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1416,6 +1416,7 @@
 'ids show' => 'Anzeigen',
 'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.',
 'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.',
+'ids unsupported provider' => 'Provider wird nicht mehr unterstützt',
 'ids visit provider website' => 'Anbieter-Webseite besuchen',
 'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
 'iface' => 'Iface',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 0113f8811..8e50aba76 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1467,6 +1467,7 @@
 'ids subscription code required' => 'The selected ruleset requires a subscription code',
 'ids the choosen provider is already in use' => 'The choosen provider is already in use.',
 'ids unable to download the ruleset' => 'Unable to download the ruleset',
+'ids unsupported provider' => 'Provider is not supported anymore',
 'ids visit provider website' => 'Visit provider website',
 'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...',
 'iface' => 'Iface',
-- 
2.39.2