* [PATCH 1/5] ids-functions.pl: Improve logic to get the cached rulesfile of a provider
@ 2024-03-21 20:51 Stefan Schantl
2024-03-21 20:51 ` [PATCH 2/5] ids.cgi: Change check if a provider is not longer supported Stefan Schantl
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Stefan Schantl @ 2024-03-21 20:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1084 bytes --]
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
config/cfgroot/ids-functions.pl | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index d97431b4a..c29a5151f 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -1027,11 +1027,14 @@ sub _store_error_message ($) {
sub _get_dl_rulesfile($) {
my ($provider) = @_;
- # Check if the requested provider is known.
- if ($IDS::Ruleset::Providers{$provider}) {
- # Gather the download type for the given provider.
- my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+ # Abort if the requested provider is not known.
+ return unless($IDS::Ruleset::Providers{$provider});
+ # Try to gather the download type for the given provider.
+ my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+
+ # Check if a download type could be grabbed.
+ if ($dl_type) {
# Obtain the file suffix for the download file type.
my $suffix = $dl_type_to_suffix{$dl_type};
--
2.39.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 2/5] ids.cgi: Change check if a provider is not longer supported
2024-03-21 20:51 [PATCH 1/5] ids-functions.pl: Improve logic to get the cached rulesfile of a provider Stefan Schantl
@ 2024-03-21 20:51 ` Stefan Schantl
2024-03-21 20:51 ` [PATCH 3/5] update-ids-ruleset: Disable provider if not dl_url can be obtained Stefan Schantl
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Stefan Schantl @ 2024-03-21 20:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1094 bytes --]
This check is now based on a download URL instead of checking if
an entry in the ruleset sources is present.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
html/cgi-bin/ids.cgi | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 369bf0276..e29482fa8 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1171,11 +1171,7 @@ END
}
# Handle providers which are not longer supported.
- unless ($provider_name) {
- # Set the provider name to the provider handle
- # to display something helpful.
- $provider_name = $provider;
-
+ unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) {
# Assign background color
$col="bgcolor='#FF4D4D'";
}
@@ -1809,7 +1805,7 @@ sub show_additional_provider_actions() {
}
# Disable the manual update button if the provider is not longer supported.
- unless ($IDS::Ruleset::Providers{$provider}) {
+ unless ($IDS::Ruleset::Providers{$provider}{"dl_url"}) {
$disabled_update = "disabled";
}
--
2.39.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 3/5] update-ids-ruleset: Disable provider if not dl_url can be obtained
2024-03-21 20:51 [PATCH 1/5] ids-functions.pl: Improve logic to get the cached rulesfile of a provider Stefan Schantl
2024-03-21 20:51 ` [PATCH 2/5] ids.cgi: Change check if a provider is not longer supported Stefan Schantl
@ 2024-03-21 20:51 ` Stefan Schantl
2024-03-21 20:51 ` [PATCH 4/5] ruleset-sources: Restore generic details about recently dropped providers Stefan Schantl
2024-03-21 20:51 ` [PATCH 5/5] ids.cgi: Adjust code for marking unsupported providers Stefan Schantl
3 siblings, 0 replies; 5+ messages in thread
From: Stefan Schantl @ 2024-03-21 20:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 757 bytes --]
Unsupported/Removed provides does not longer have these information
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
src/scripts/update-ids-ruleset | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset
index 553c1a1e1..806107e1c 100644
--- a/src/scripts/update-ids-ruleset
+++ b/src/scripts/update-ids-ruleset
@@ -106,7 +106,7 @@ foreach my $id (keys %providers) {
my $autoupdate_status = $providers{$id}[3];
# Skip unsupported providers.
- next unless($IDS::Ruleset::Providers{$provider});
+ next unless($IDS::Ruleset::Providers{$provider}{'dl_url'});
# Skip the provider if it is not enabled.
next unless($enabled_status eq "enabled");
--
2.39.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 4/5] ruleset-sources: Restore generic details about recently dropped providers
2024-03-21 20:51 [PATCH 1/5] ids-functions.pl: Improve logic to get the cached rulesfile of a provider Stefan Schantl
2024-03-21 20:51 ` [PATCH 2/5] ids.cgi: Change check if a provider is not longer supported Stefan Schantl
2024-03-21 20:51 ` [PATCH 3/5] update-ids-ruleset: Disable provider if not dl_url can be obtained Stefan Schantl
@ 2024-03-21 20:51 ` Stefan Schantl
2024-03-21 20:51 ` [PATCH 5/5] ids.cgi: Adjust code for marking unsupported providers Stefan Schantl
3 siblings, 0 replies; 5+ messages in thread
From: Stefan Schantl @ 2024-03-21 20:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1505 bytes --]
At least these informations are required to display something usefull
on the webgui, even if a provider has been dropped.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
config/suricata/ruleset-sources | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources
index 2b3b4ffcb..4e9ea5fa9 100644
--- a/config/suricata/ruleset-sources
+++ b/config/suricata/ruleset-sources
@@ -97,6 +97,34 @@ our %Providers = (
dl_type => "plain",
},
+ # Positive Technologies Attack Detection Team rules.
+ attack_detection => {
+ summary => "PT Attack Detection Team Rules",
+ website => "https://github.com/ptresearch/AttackDetection",
+ tr_string => "attack detection team rules",
+ },
+
+ # Secureworks Security rules.
+ secureworks_security => {
+ summary => "Secureworks Security Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks security ruleset",
+ },
+
+ # Secureworks Malware rules.
+ secureworks_malware => {
+ summary => "Secureworks Malware Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks malware ruleset",
+ },
+
+ # Secureworks Enhanced rules.
+ secureworks_enhanced => {
+ summary => "Secureworks Enhanced Ruleset",
+ website => "https://www.secureworks.com",
+ tr_string => "secureworks enhanced ruleset",
+ },
+
# ThreatFox
threatfox => {
summary => "ThreatFox Indicators Of Compromise Rules",
--
2.39.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 5/5] ids.cgi: Adjust code for marking unsupported providers
2024-03-21 20:51 [PATCH 1/5] ids-functions.pl: Improve logic to get the cached rulesfile of a provider Stefan Schantl
` (2 preceding siblings ...)
2024-03-21 20:51 ` [PATCH 4/5] ruleset-sources: Restore generic details about recently dropped providers Stefan Schantl
@ 2024-03-21 20:51 ` Stefan Schantl
3 siblings, 0 replies; 5+ messages in thread
From: Stefan Schantl @ 2024-03-21 20:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3492 bytes --]
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
html/cgi-bin/ids.cgi | 28 +++++++++++++++++-----------
langs/de/cgi-bin/de.pl | 1 +
langs/en/cgi-bin/en.pl | 1 +
3 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index e29482fa8..2d4ac6fc3 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1162,6 +1162,7 @@ END
my $subscription_code = $used_providers{$id}[1];
my $autoupdate_status = $used_providers{$id}[2];
my $status = $used_providers{$id}[3];
+ my $unsupported;
# Check if the item number is even or not.
if ($line % 2) {
@@ -1172,8 +1173,8 @@ END
# Handle providers which are not longer supported.
unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) {
- # Assign background color
- $col="bgcolor='#FF4D4D'";
+ # Mark this provider as unsupported.
+ $unsupported = "<img src='/blob.gif' alt='*'>";
}
# Choose icons for the checkboxes.
@@ -1202,7 +1203,7 @@ END
print <<END;
<tr>
- <td width='33%' class='base' $col>$provider_name</td>
+ <td width='33%' class='base' $col>$provider_name$unsupported</td>
<td width='30%' class='base' $col>$rulesetdate</td>
<td align='center' $col>
@@ -1258,10 +1259,15 @@ print <<END;
<hr>
<br>
- <div align='right'>
- <table width='100%'>
- <form method='post' action='$ENV{'SCRIPT_NAME'}'>
- <tr>
+ <table width='100%'>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <tr>
+ <td>
+END
+ print "<img src='/blob.gif' alt='*'> $Lang::tr{'ids unsupported provider'}\n";
+print <<END;
+ </td>
+ <td><div align='right'>
END
# Only show this button if a ruleset provider is configured.
@@ -1270,10 +1276,10 @@ END
}
print <<END;
<input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'>
- </tr>
- </form>
- </table>
- </div>
+ </div></td>
+ </tr>
+ </form>
+ </table>
END
&Header::closebox();
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index f13bddf4b..b7b86fc7f 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1416,6 +1416,7 @@
'ids show' => 'Anzeigen',
'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.',
'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.',
+'ids unsupported provider' => 'Provider wird nicht mehr unterstützt',
'ids visit provider website' => 'Anbieter-Webseite besuchen',
'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
'iface' => 'Iface',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 0113f8811..8e50aba76 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1467,6 +1467,7 @@
'ids subscription code required' => 'The selected ruleset requires a subscription code',
'ids the choosen provider is already in use' => 'The choosen provider is already in use.',
'ids unable to download the ruleset' => 'Unable to download the ruleset',
+'ids unsupported provider' => 'Provider is not supported anymore',
'ids visit provider website' => 'Visit provider website',
'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...',
'iface' => 'Iface',
--
2.39.2
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-03-21 20:51 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-21 20:51 [PATCH 1/5] ids-functions.pl: Improve logic to get the cached rulesfile of a provider Stefan Schantl
2024-03-21 20:51 ` [PATCH 2/5] ids.cgi: Change check if a provider is not longer supported Stefan Schantl
2024-03-21 20:51 ` [PATCH 3/5] update-ids-ruleset: Disable provider if not dl_url can be obtained Stefan Schantl
2024-03-21 20:51 ` [PATCH 4/5] ruleset-sources: Restore generic details about recently dropped providers Stefan Schantl
2024-03-21 20:51 ` [PATCH 5/5] ids.cgi: Adjust code for marking unsupported providers Stefan Schantl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox