Feedback regarding version 8 of the "IDS multiple provider" feature

["Peter Müller" <peter.mueller@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3047 bytes --]

Hello Stefan,

as discussed on Monday (https://wiki.ipfire.org/devel/telco/2022-01-03), I tested version 8
of the "IDS multiple provider" feature you developed. First of all, thank you very much for
all the efforts you have put into this!

As you told me on the phone the other day, I downloaded the .tar.gz file, and extracted it
directly into / :

[root(a)maverick ~]# sha256sum ids-multiple-providers-008.tar.gz 
8fc42820a833f4a096c311d3e21a28f4a8dac7d772ca9b72ec0fbbbaad65be82  ids-multiple-providers-008.tar.gz
[root(a)maverick ~]# tar xvzf ids-multiple-providers-008.tar.gz -C /
usr/share/suricata/rules/app-layer-events.rules
var/ipfire/langs/
etc/
var/ipfire/backup/
usr/share/suricata/rules/stream-events.rules
usr/share/suricata/rules/files.rules
usr/share/suricata/rules/http-events.rules
usr/share/
usr/share/suricata/classification.config
var/ipfire/suricata/oinkmaster.conf
usr/share/suricata/rules/decoder-events.rules
srv/
usr/share/suricata/rules/nfs-events.rules
usr/
usr/local/bin/update-ids-ruleset
etc/suricata/suricata.yaml
usr/share/suricata/threshold.config
var/ipfire/langs/de.pl
var/ipfire/backup/bin/backup.pl
usr/local/
usr/share/suricata/rules/smb-events.rules
var/ipfire/backup/bin/
usr/share/suricata/rules/dhcp-events.rules
usr/local/bin/
usr/share/suricata/rules/modbus-events.rules
var/ipfire/ids-functions.pl
usr/share/suricata/rules/ntp-events.rules
var/ipfire/langs/en.pl
var/ipfire/suricata/
usr/share/suricata/rules/dnp3-events.rules
usr/share/suricata/reference.config
usr/share/suricata/rules/smtp-events.rules
usr/share/suricata/rules/
var/ipfire/backup/include
srv/web/ipfire/
usr/share/suricata/rules/kerberos-events.rules
usr/sbin/convert-ids-multiple-providers
usr/share/suricata/
srv/web/
usr/share/suricata/rules/ipsec-events.rules
srv/web/ipfire/cgi-bin/ids.cgi
usr/sbin/convert-snort
srv/web/ipfire/cgi-bin/
var/ipfire/
usr/sbin/
usr/share/suricata/rules/tls-events.rules
var/
etc/suricata/
usr/share/suricata/rules/dns-events.rules
var/ipfire/suricata/ruleset-sources

Afterwards, I updated the language cache and ran the convert script:

[root(a)maverick ~]# update-lang-cache 
[root(a)maverick ~]# /usr/sbin/convert-ids-multiple-providers
The  does not exist. Cannot change the ownership!

Aside from the message emitted by /usr/sbin/convert-ids-multiple-providers (bug #12758 has been filed for
investigating on this one), I came across a file permission error while writing /var/ipfire/suricata/suricata-default-rules.yaml
(see bug #12759 for details).

Apart from these, the CGI looks good, is sufficiently translated (sometimes, "zurück" is spelled in capital
letters, sometimes, it is not - but that's merely an aesthetic issue), and behaves like expected. So, I'd
treat it al almost being ready for production. :-)

Please take a look at bug #12758 and #12759, and reply to me there if I shall provide further information.

Thank you in advance for your efforts.

Thanks, and best regards,
Peter Müller