This file is to be used, to store customized IDS rules.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/cfgroot/ids-functions.pl | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 3fa19fab7..3cfe837db 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -67,6 +67,9 @@ our $ids_page_lock_file = "/tmp/ids_page_locked"; # Location where the rulefiles are stored. our $rulespath = "/var/lib/suricata";
+# Location to store local rules. This file will not be touched. +our $local_rules_file = "$rulespath/local.rules"; + # File which contains the rules to whitelist addresses on suricata. our $whitelist_file = "$rulespath/whitelist.rules";
@@ -581,6 +584,9 @@ sub _cleanup_rulesdir() { # Skip rules file for whitelisted hosts. next if ("$rulespath/$file" eq $whitelist_file);
+ # Skip rules file with local rules. + next if ("$rulespath/$file" eq $local_rules_file); + # Delete the current processed file, if not, exit this function # and return an error message. unlink("$rulespath/$file") or return "Could not delete $rulespath/$file. $!\n";
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 22 Jan 2020, at 13:40, Stefan Schantl stefan.schantl@ipfire.org wrote:
This file is to be used, to store customized IDS rules.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/cfgroot/ids-functions.pl | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 3fa19fab7..3cfe837db 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -67,6 +67,9 @@ our $ids_page_lock_file = "/tmp/ids_page_locked"; # Location where the rulefiles are stored. our $rulespath = "/var/lib/suricata";
+# Location to store local rules. This file will not be touched. +our $local_rules_file = "$rulespath/local.rules";
# File which contains the rules to whitelist addresses on suricata. our $whitelist_file = "$rulespath/whitelist.rules";
@@ -581,6 +584,9 @@ sub _cleanup_rulesdir() { # Skip rules file for whitelisted hosts. next if ("$rulespath/$file" eq $whitelist_file);
# Skip rules file with local rules.
next if ("$rulespath/$file" eq $local_rules_file);
- # Delete the current processed file, if not, exit this function # and return an error message. unlink("$rulespath/$file") or return "Could not delete $rulespath/$file. $!\n";
-- 2.25.0.rc0