Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/cfgroot/ids-functions.pl | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d97431b4a..c29a5151f 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -1027,11 +1027,14 @@ sub _store_error_message ($) { sub _get_dl_rulesfile($) { my ($provider) = @_;
- # Check if the requested provider is known. - if ($IDS::Ruleset::Providers{$provider}) { - # Gather the download type for the given provider. - my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; + # Abort if the requested provider is not known. + return unless($IDS::Ruleset::Providers{$provider});
+ # Try to gather the download type for the given provider. + my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; + + # Check if a download type could be grabbed. + if ($dl_type) { # Obtain the file suffix for the download file type. my $suffix = $dl_type_to_suffix{$dl_type};
This check is now based on a download URL instead of checking if an entry in the ruleset sources is present.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- html/cgi-bin/ids.cgi | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 369bf0276..e29482fa8 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -1171,11 +1171,7 @@ END }
# Handle providers which are not longer supported. - unless ($provider_name) { - # Set the provider name to the provider handle - # to display something helpful. - $provider_name = $provider; - + unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) { # Assign background color $col="bgcolor='#FF4D4D'"; } @@ -1809,7 +1805,7 @@ sub show_additional_provider_actions() { }
# Disable the manual update button if the provider is not longer supported. - unless ($IDS::Ruleset::Providers{$provider}) { + unless ($IDS::Ruleset::Providers{$provider}{"dl_url"}) { $disabled_update = "disabled"; }
Unsupported/Removed provides does not longer have these information
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- src/scripts/update-ids-ruleset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset index 553c1a1e1..806107e1c 100644 --- a/src/scripts/update-ids-ruleset +++ b/src/scripts/update-ids-ruleset @@ -106,7 +106,7 @@ foreach my $id (keys %providers) { my $autoupdate_status = $providers{$id}[3];
# Skip unsupported providers. - next unless($IDS::Ruleset::Providers{$provider}); + next unless($IDS::Ruleset::Providers{$provider}{'dl_url'});
# Skip the provider if it is not enabled. next unless($enabled_status eq "enabled");
At least these informations are required to display something usefull on the webgui, even if a provider has been dropped.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/suricata/ruleset-sources | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+)
diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index 2b3b4ffcb..4e9ea5fa9 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -97,6 +97,34 @@ our %Providers = ( dl_type => "plain", },
+ # Positive Technologies Attack Detection Team rules. + attack_detection => { + summary => "PT Attack Detection Team Rules", + website => "https://github.com/ptresearch/AttackDetection", + tr_string => "attack detection team rules", + }, + + # Secureworks Security rules. + secureworks_security => { + summary => "Secureworks Security Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks security ruleset", + }, + + # Secureworks Malware rules. + secureworks_malware => { + summary => "Secureworks Malware Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks malware ruleset", + }, + + # Secureworks Enhanced rules. + secureworks_enhanced => { + summary => "Secureworks Enhanced Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks enhanced ruleset", + }, + # ThreatFox threatfox => { summary => "ThreatFox Indicators Of Compromise Rules",
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- html/cgi-bin/ids.cgi | 28 +++++++++++++++++----------- langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index e29482fa8..2d4ac6fc3 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -1162,6 +1162,7 @@ END my $subscription_code = $used_providers{$id}[1]; my $autoupdate_status = $used_providers{$id}[2]; my $status = $used_providers{$id}[3]; + my $unsupported;
# Check if the item number is even or not. if ($line % 2) { @@ -1172,8 +1173,8 @@ END
# Handle providers which are not longer supported. unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) { - # Assign background color - $col="bgcolor='#FF4D4D'"; + # Mark this provider as unsupported. + $unsupported = "<img src='/blob.gif' alt='*'>"; }
# Choose icons for the checkboxes. @@ -1202,7 +1203,7 @@ END
print <<END; <tr> - <td width='33%' class='base' $col>$provider_name</td> + <td width='33%' class='base' $col>$provider_name$unsupported</td> <td width='30%' class='base' $col>$rulesetdate</td>
<td align='center' $col> @@ -1258,10 +1259,15 @@ print <<END; <hr> <br>
- <div align='right'> - <table width='100%'> - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <tr> + <table width='100%'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <tr> + <td> +END + print "<img src='/blob.gif' alt='*'> $Lang::tr{'ids unsupported provider'}\n"; +print <<END; + </td> + <td><div align='right'> END
# Only show this button if a ruleset provider is configured. @@ -1270,10 +1276,10 @@ END } print <<END; <input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'> - </tr> - </form> - </table> - </div> + </div></td> + </tr> + </form> + </table> END
&Header::closebox(); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index f13bddf4b..b7b86fc7f 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1416,6 +1416,7 @@ 'ids show' => 'Anzeigen', 'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.', 'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.', +'ids unsupported provider' => 'Provider wird nicht mehr unterstützt', 'ids visit provider website' => 'Anbieter-Webseite besuchen', 'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.', 'iface' => 'Iface', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 0113f8811..8e50aba76 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1467,6 +1467,7 @@ 'ids subscription code required' => 'The selected ruleset requires a subscription code', 'ids the choosen provider is already in use' => 'The choosen provider is already in use.', 'ids unable to download the ruleset' => 'Unable to download the ruleset', +'ids unsupported provider' => 'Provider is not supported anymore', 'ids visit provider website' => 'Visit provider website', 'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...', 'iface' => 'Iface',
-
Stefan Schantl