public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
* [PATCH 1/4] sources: remove the 3CORESEC ipblocklist entries from the sources file
@ 2025-04-24 14:20 Adolf Belka
  2025-04-24 14:20 ` [PATCH 2/4] backup.pl: Remove any 3coresec ipblocklists from old backups being restored Adolf Belka
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Adolf Belka @ 2025-04-24 14:20 UTC (permalink / raw)
  To: development; +Cc: Adolf Belka

- The three 3CORESEC ipblocklists were removed and the web server urls completely
   removed on 3 Feb 2025. There was no explanation or announcement.
- There was some suggestion from their twitter account that they might be ressurrected
   which is why the removal was delayed. However there has been no further notification
   or indication of any change.
- From their website they focus on a turnkey platform provision and the provision of
   actionable threat information being provided on a subscription basis. So I believe
   they have decided to stop the free IPBlocklist provision but were not willing to
   make a clear announcement on that fact.
- This patch removes the three lists from the sources file.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/ipblocklist/sources | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources
index 0e26792d6..b0b405357 100644
--- a/config/ipblocklist/sources
+++ b/config/ipblocklist/sources
@@ -111,24 +111,6 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name'     => 'Emerging Threats Blocklis
                                     'parser'   => 'ip-or-net-list',
                                     'rate'     => '30m',
                                     'category' => 'attacker' },
-             '3CORESEC_SSH'    => { 'name'     => '3CORESec SSH Activity Blocklist',
-                                    'url'      => 'https://blacklist.3coresec.net/lists/ssh.txt',
-                                    'info'     => 'https://blacklist.3coresec.net',
-                                    'parser'   => 'ip-or-net-list',
-                                    'rate'     => '1d',
-                                    'category' => 'attacker' },
-             '3CORESEC_SCAN'   => { 'name'     => '3CORESec Scan and IDS Blocklist',
-                                    'url'      => 'https://blacklist.3coresec.net/lists/misc.txt',
-                                    'info'     => 'https://blacklist.3coresec.net',
-                                    'parser'   => 'ip-or-net-list',
-                                    'rate'     => '1d',
-                                    'category' => 'reputation' },
-	      '3CORESEC_WEB'    => { 'name'     => '3CORESec Web Server Activity Blocklist',
-                                    'url'      => 'https://blacklist.3coresec.net/lists/http.txt',
-                                    'info'     => 'https://blacklist.3coresec.net',
-                                    'parser'   => 'ip-or-net-list',
-                                    'rate'     => '1d',
-                                    'category' => 'attacker' },
 	      'THREATVIEW_IO_IP'    => { 'name'     => 'Threatview.io Malicious IP Blocklist for known Bad IP addresses',
                                     'url'      => 'https://threatview.io/Downloads/IP-High-Confidence-Feed.txt',
                                     'info'     => 'https://threatview.io/#services',
-- 
2.49.0



^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH 2/4] backup.pl: Remove any 3coresec ipblocklists from old backups being restored
  2025-04-24 14:20 [PATCH 1/4] sources: remove the 3CORESEC ipblocklist entries from the sources file Adolf Belka
@ 2025-04-24 14:20 ` Adolf Belka
  2025-04-24 14:20 ` [PATCH 3/4] update.sh: Core195 - remove any 3coresec ipblocklists during Core Update Adolf Belka
  2025-04-24 14:20 ` [PATCH 4/4] core195: Ship backup.pl and sources files Adolf Belka
  2 siblings, 0 replies; 4+ messages in thread
From: Adolf Belka @ 2025-04-24 14:20 UTC (permalink / raw)
  To: development; +Cc: Adolf Belka

- This patch ensures that any restore from an old backup cointaining the 3coresec lists
   will not restore the ipblocklist associated files for those lists.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/backup/backup.pl | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 0cfbd4fc3..b36296ee8 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -252,11 +252,14 @@ restore_backup() {
 			-out /etc/httpd/server.crt &>/dev/null
 	fi
 
-	# Remove any entry for ALIENVAULT, SPAMHAUS_EDROP or ABUSECH_BOTNETC2 from the ipblocklist modified file
+	# Remove any entry for ALIENVAULT, SPAMHAUS_EDROP, ABUSECH_BOTNETC2 or 3CORESEC from the ipblocklist modified file
 	# and the associated ipblocklist files from the /var/lib/ipblocklist directory
 	sed -i '/ALIENVAULT=/d' /var/ipfire/ipblocklist/modified
 	sed -i '/SPAMHAUS_EDROP=/d' /var/ipfire/ipblocklist/modified
 	sed -i '/ABUSECH_BOTNETC2=/d' /var/ipfire/ipblocklist/modified
+	sed -i '/3CORESEC_SSH=/d' /var/ipfire/ipblocklist/modified
+	sed -i '/3CORESEC_SCAN=/d' /var/ipfire/ipblocklist/modified
+	sed -i '/3CORESEC_WEB=/d' /var/ipfire/ipblocklist/modified
 	if [ -e /var/lib/ipblocklist/ALIENVAULT.conf ]; then
 		rm /var/lib/ipblocklist/ALIENVAULT.conf
 	fi
@@ -266,6 +269,15 @@ restore_backup() {
 	if [ -e /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf ]; then
 		rm /var/lib/ipblocklist/ABUSECH_BOTNETC2.conf
 	fi
+	if [ -e /var/lib/ipblocklist/3CORESEC_SSH.conf ]; then
+		rm /var/lib/ipblocklist/3CORESEC_SSH.conf
+	fi
+	if [ -e /var/lib/ipblocklist/3CORESEC_SCAN.conf ]; then
+		rm /var/lib/ipblocklist/3CORESEC_SCAN.conf
+	fi
+	if [ -e /var/lib/ipblocklist/3CORESEC_WEB.conf ]; then
+		rm /var/lib/ipblocklist/3CORESEC_WEB.conf
+	fi
 
 	# The collectd directory structure was changed but not all changes
 	# are done by the official migration script generator
-- 
2.49.0



^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH 3/4] update.sh: Core195 - remove any 3coresec ipblocklists during Core Update
  2025-04-24 14:20 [PATCH 1/4] sources: remove the 3CORESEC ipblocklist entries from the sources file Adolf Belka
  2025-04-24 14:20 ` [PATCH 2/4] backup.pl: Remove any 3coresec ipblocklists from old backups being restored Adolf Belka
@ 2025-04-24 14:20 ` Adolf Belka
  2025-04-24 14:20 ` [PATCH 4/4] core195: Ship backup.pl and sources files Adolf Belka
  2 siblings, 0 replies; 4+ messages in thread
From: Adolf Belka @ 2025-04-24 14:20 UTC (permalink / raw)
  To: development; +Cc: Adolf Belka

- This ensures that any existing 3coresec blocklists that might have been selected
   when they existed will be removed from users systems.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/core/195/update.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/config/rootfiles/core/195/update.sh b/config/rootfiles/core/195/update.sh
index ee9b53497..e934693cd 100644
--- a/config/rootfiles/core/195/update.sh
+++ b/config/rootfiles/core/195/update.sh
@@ -47,6 +47,21 @@ ldconfig
 # Filesytem cleanup
 /usr/local/bin/filesystem-cleanup
 
+# Remove any entry for 3CORESEC_SSH, 3CORESEC_SCAN or 3CORESEC_WEB from the ipblocklist modified file
+# and the associated ipblocklist files from the /var/lib/ipblocklist directory
+sed -i '/3CORESEC_SSH=/d' /var/ipfire/ipblocklist/modified
+if [ -e /var/lib/ipblocklist/3CORESEC_SSH.conf ]; then
+	rm /var/lib/ipblocklist/3CORESEC_SSH.conf
+fi
+sed -i '/3CORESEC_SCAN=/d' /var/ipfire/ipblocklist/modified
+if [ -e /var/lib/ipblocklist/3CORESEC_SCAN.conf ]; then
+	rm /var/lib/ipblocklist/3CORESEC_SCAN.conf
+fi
+sed -i '/3CORESEC_WEB=/d' /var/ipfire/ipblocklist/modified
+if [ -e /var/lib/ipblocklist/3CORESEC_WEB.conf ]; then
+	rm /var/lib/ipblocklist/3CORESEC_WEB.conf
+fi
+
 # Start services
 
 # This update needs a reboot...
-- 
2.49.0



^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH 4/4] core195: Ship backup.pl and sources files
  2025-04-24 14:20 [PATCH 1/4] sources: remove the 3CORESEC ipblocklist entries from the sources file Adolf Belka
  2025-04-24 14:20 ` [PATCH 2/4] backup.pl: Remove any 3coresec ipblocklists from old backups being restored Adolf Belka
  2025-04-24 14:20 ` [PATCH 3/4] update.sh: Core195 - remove any 3coresec ipblocklists during Core Update Adolf Belka
@ 2025-04-24 14:20 ` Adolf Belka
  2 siblings, 0 replies; 4+ messages in thread
From: Adolf Belka @ 2025-04-24 14:20 UTC (permalink / raw)
  To: development; +Cc: Adolf Belka

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/core/195/filelists/files | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/rootfiles/core/195/filelists/files b/config/rootfiles/core/195/filelists/files
index ca8972dd2..ba85f41c8 100644
--- a/config/rootfiles/core/195/filelists/files
+++ b/config/rootfiles/core/195/filelists/files
@@ -4,3 +4,5 @@ srv/web/ipfire/cgi-bin/pakfire.cgi
 var/ipfire/general-functions.pl
 var/ipfire/http-client-functions.pl
 var/ipfire/ids-functions.pl
+var/ipfire/backup/bin/backup.pl
+var/ipfire/ipblocklist/sources
-- 
2.49.0



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-04-24 14:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-04-24 14:20 [PATCH 1/4] sources: remove the 3CORESEC ipblocklist entries from the sources file Adolf Belka
2025-04-24 14:20 ` [PATCH 2/4] backup.pl: Remove any 3coresec ipblocklists from old backups being restored Adolf Belka
2025-04-24 14:20 ` [PATCH 3/4] update.sh: Core195 - remove any 3coresec ipblocklists during Core Update Adolf Belka
2025-04-24 14:20 ` [PATCH 4/4] core195: Ship backup.pl and sources files Adolf Belka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox