mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-20 03:16:12 +00:00
IDPS: revert content part of 09f74fe1ce7b4805c1bb8354e5d0c5b98955497b until ETPro telemetry ships new content.
This commit is contained in:
Ad Schellevis
parent
2bed9fa877
commit
41eefdd105
@ -1,101 +0,0 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* Copyright (C) 2016-2018 Deciso B.V.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
||||
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
namespace OPNsense\IDS\Migrations;
|
||||
|
||||
use OPNsense\Base\FieldTypes\BaseField;
|
||||
use OPNsense\Core\Config;
|
||||
use OPNsense\Base\BaseModelMigration;
|
||||
use OPNSense\IDS\IDS;
|
||||
|
||||
class M1_0_4 extends BaseModelMigration
|
||||
{
|
||||
/**
|
||||
* Emerging threats suricata 5 ruleset movements
|
||||
* @param IDS $model
|
||||
*/
|
||||
public function run($model)
|
||||
{
|
||||
$cfgObj = Config::getInstance()->object();
|
||||
if (!isset($cfgObj->OPNsense->IDS->files->file)) {
|
||||
return;
|
||||
}
|
||||
$csets = array();
|
||||
$nsets = array();
|
||||
$changed_sets = ['emerging-current_events.rules', 'emerging-trojan.rules',
|
||||
'emerging-malware.rules', 'emerging-info.rules', 'emerging-policy.rules'];
|
||||
$new_sets = ['emerging-ja3.rules', 'emerging-hunting.rules', 'emerging-adware_pup.rules',
|
||||
'emerging-phishing.rules', 'emerging-exploit_kit.rules', 'emerging-coinminer.rules',
|
||||
'emerging-malware.rules'];
|
||||
foreach ($model->files->file->iterateItems() as $file) {
|
||||
if (in_array((string)$file->filename, $changed_sets)) {
|
||||
$csets[(string)$file->filename] = $file;
|
||||
}
|
||||
if (in_array((string)$file->filename, $new_sets)) {
|
||||
$nsets[(string)$file->filename] = $file;
|
||||
}
|
||||
}
|
||||
// add all new to config in deselected state
|
||||
foreach ($new_sets as $filename) {
|
||||
if (empty($nsets[$filename])) {
|
||||
$node = $model->files->file->Add();
|
||||
$node->filename = $filename;
|
||||
$nsets[$filename] = $node;
|
||||
}
|
||||
}
|
||||
// map rulesets
|
||||
if (!empty($csets['emerging-malware.rules']) && $csets['emerging-malware.rules']->enabled == "1") {
|
||||
$nsets['emerging-adware_pup.rules']->enabled = "1";
|
||||
$nsets['emerging-adware_pup.rules']->filter = (string)$csets['emerging-malware.rules']->filter;
|
||||
}
|
||||
if (!empty($csets['emerging-current_events.rules']) && $csets['emerging-current_events.rules']->enabled == "1") {
|
||||
$nsets['emerging-phishing.rules']->enabled = "1";
|
||||
$nsets['emerging-phishing.rules']->filter = (string)$csets['emerging-current_events.rules']->filter;
|
||||
$nsets['emerging-exploit_kit.rules']->enabled = "1";
|
||||
$nsets['emerging-exploit_kit.rules']->filter = (string)$csets['emerging-current_events.rules']->filter;
|
||||
}
|
||||
if (!empty($csets['emerging-trojan.rules']) && $csets['emerging-trojan.rules']->enabled == "1") {
|
||||
$nsets['emerging-coinminer.rules']->enabled = "1";
|
||||
$nsets['emerging-coinminer.rules']->filter = (string)$csets['emerging-trojan.rules']->filter;
|
||||
$nsets['emerging-malware.rules']->enabled = "1";
|
||||
$nsets['emerging-malware.rules']->filter = (string)$csets['emerging-malware.rules']->filter;
|
||||
}
|
||||
if (!empty($csets['emerging-info.rules']) && $csets['emerging-info.rules']->enabled == "1") {
|
||||
$nsets['emerging-hunting.rules']->enabled = "1";
|
||||
$nsets['emerging-hunting.rules']->filter = (string)$csets['emerging-info.rules']->filter;
|
||||
}
|
||||
if (!empty($csets['emerging-policy.rules']) && $csets['emerging-policy.rules']->enabled == "1") {
|
||||
$nsets['emerging-hunting.rules']->enabled = "1";
|
||||
$nsets['emerging-hunting.rules']->filter = (string)$csets['emerging-policy.rules']->filter;
|
||||
}
|
||||
if (!empty($csets['emerging-trojan.rules'])) {
|
||||
// deprecated ruleset
|
||||
$model->files->file->del($csets['emerging-trojan.rules']->getAttribute('uuid'));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,7 +1,7 @@
|
||||
<?xml version="1.0"?>
|
||||
<ruleset documentation_url="http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ">
|
||||
<location url="https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz" prefix="ET open"/>
|
||||
<version url="https://rules.emergingthreats.net/open/suricata-5.0/version.txt"/>
|
||||
<location url="https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz" prefix="ET open"/>
|
||||
<version url="https://rules.emergingthreats.net/open/suricata-4.0/version.txt"/>
|
||||
<files>
|
||||
<file description="botcc.portgrouped" url="inline::rules/botcc.portgrouped.rules">botcc.portgrouped.rules</file>
|
||||
<file description="botcc" url="inline::rules/botcc.rules">botcc.rules</file>
|
||||
@ -10,31 +10,25 @@
|
||||
<file description="drop" url="inline::rules/drop.rules">drop.rules</file>
|
||||
<file description="dshield" url="inline::rules/dshield.rules">dshield.rules</file>
|
||||
<file description="emerging-activex" url="inline::rules/emerging-activex.rules">emerging-activex.rules</file>
|
||||
<file description="emerging-adware_pup" url="inline::rules/emerging-adware_pup.rules">emerging-adware_pup.rules</file>
|
||||
<file description="emerging-attack_response" url="inline::rules/emerging-attack_response.rules">emerging-attack_response.rules</file>
|
||||
<file description="emerging-chat" url="inline::rules/emerging-chat.rules">emerging-chat.rules</file>
|
||||
<file description="emerging-coinminer" url="inline::rules/emerging-coinminer.rules">emerging-coinminer.rules</file>
|
||||
<file description="emerging-current_events" url="inline::rules/emerging-current_events.rules">emerging-current_events.rules</file>
|
||||
<file description="emerging-deleted" url="inline::rules/emerging-deleted.rules">emerging-deleted.rules</file>
|
||||
<file description="emerging-dns" url="inline::rules/emerging-dns.rules">emerging-dns.rules</file>
|
||||
<file description="emerging-dos" url="inline::rules/emerging-dos.rules">emerging-dos.rules</file>
|
||||
<file description="emerging-exploit" url="inline::rules/emerging-exploit.rules">emerging-exploit.rules</file>
|
||||
<file description="emerging-exploit_kit" url="inline::rules/emerging-exploit_kit.rules">emerging-exploit_kit.rules</file>
|
||||
<file description="emerging-ftp" url="inline::rules/emerging-ftp.rules">emerging-ftp.rules</file>
|
||||
<file description="emerging-games" url="inline::rules/emerging-games.rules">emerging-games.rules</file>
|
||||
<file description="emerging-hunting" url="inline::rules/emerging-hunting.rules">emerging-hunting.rules</file>
|
||||
<file description="emerging-icmp" url="inline::rules/emerging-icmp.rules">emerging-icmp.rules</file>
|
||||
<file description="emerging-icmp_info" url="inline::rules/emerging-icmp_info.rules">emerging-icmp_info.rules</file>
|
||||
<file description="emerging-imap" url="inline::rules/emerging-imap.rules">emerging-imap.rules</file>
|
||||
<file description="emerging-inappropriate" url="inline::rules/emerging-inappropriate.rules">emerging-inappropriate.rules</file>
|
||||
<file description="emerging-info" url="inline::rules/emerging-info.rules">emerging-info.rules</file>
|
||||
<file description="emerging-ja3" url="inline::rules/emerging-ja3.rules">emerging-ja3.rules</file>
|
||||
<file description="emerging-malware" url="inline::rules/emerging-malware.rules">emerging-malware.rules</file>
|
||||
<file description="emerging-misc" url="inline::rules/emerging-misc.rules">emerging-misc.rules</file>
|
||||
<file description="emerging-mobile_malware" url="inline::rules/emerging-mobile_malware.rules">emerging-mobile_malware.rules</file>
|
||||
<file description="emerging-netbios" url="inline::rules/emerging-netbios.rules">emerging-netbios.rules</file>
|
||||
<file description="emerging-p2p" url="inline::rules/emerging-p2p.rules">emerging-p2p.rules</file>
|
||||
<file description="emerging-phishing" url="inline::rules/emerging-phishing.rules">emerging-phishing.rules</file>
|
||||
<file description="emerging-policy" url="inline::rules/emerging-policy.rules">emerging-policy.rules</file>
|
||||
<file description="emerging-pop3" url="inline::rules/emerging-pop3.rules">emerging-pop3.rules</file>
|
||||
<file description="emerging-rpc" url="inline::rules/emerging-rpc.rules">emerging-rpc.rules</file>
|
||||
@ -46,6 +40,7 @@
|
||||
<file description="emerging-sql" url="inline::rules/emerging-sql.rules">emerging-sql.rules</file>
|
||||
<file description="emerging-telnet" url="inline::rules/emerging-telnet.rules">emerging-telnet.rules</file>
|
||||
<file description="emerging-tftp" url="inline::rules/emerging-tftp.rules">emerging-tftp.rules</file>
|
||||
<file description="emerging-trojan" url="inline::rules/emerging-trojan.rules">emerging-trojan.rules</file>
|
||||
<file description="emerging-user_agents" url="inline::rules/emerging-user_agents.rules">emerging-user_agents.rules</file>
|
||||
<file description="emerging-voip" url="inline::rules/emerging-voip.rules">emerging-voip.rules</file>
|
||||
<file description="emerging-web_client" url="inline::rules/emerging-web_client.rules">emerging-web_client.rules</file>
|
||||
@ -53,7 +48,5 @@
|
||||
<file description="emerging-web_specific_apps" url="inline::rules/emerging-web_specific_apps.rules">emerging-web_specific_apps.rules</file>
|
||||
<file description="emerging-worm" url="inline::rules/emerging-worm.rules">emerging-worm.rules</file>
|
||||
<file description="tor" url="inline::rules/tor.rules">tor.rules</file>
|
||||
<!-- archived sets -->
|
||||
<file description="emerging-trojan" url="inline::rules/emerging-trojan.rules" deprecated="true">emerging-trojan.rules</file>
|
||||
</files>
|
||||
</ruleset>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user