[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 46a9e7a0a462095add7fa508322d837b78912596

24 Mar 2024

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
       via  46a9e7a0a462095add7fa508322d837b78912596 (commit)
       via  08b7500b267a54aa634fb34b67b4dfc0934ae2be (commit)
       via  ad0d064a487c8912cbe4bd77ae652a4212e0fae9 (commit)
       via  4e8225a778f838dadc530759b9341fc9dbf5d534 (commit)
       via  cf6eaba833abee235fffdf377a0d6379a0ff8406 (commit)
       via  563e4a4298b881d612a14994d90bbb7503e1d754 (commit)
       via  0842e694a6b577843362ea6b854d336b867d6f00 (commit)
       via  df7977fde7dec9516036afd8b687acab9f034bf4 (commit)
       via  738ee720275e56bd6fff06b2b53730f903dd02df (commit)
       via  0564584a5887b7498ae9ea638bc4799d2a6147e8 (commit)
      from  6581c6e3a6c28e040c2bbaae21f1f5c926d4b840 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 46a9e7a0a462095add7fa508322d837b78912596
Merge: 6581c6e3a6 08b7500b26
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Sun Mar 24 08:48:51 2024 +0100
Merge remote-tracking branch 'origin/master' into next
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes:
 config/cfgroot/ids-functions.pl                    | 11 +++---
 config/rootfiles/oldcore/185/filelists/files       |  3 ++
 .../{131 => 185}/filelists/ids-ruleset-sources     |  0
 config/rootfiles/oldcore/185/update.sh             |  9 +++++
 config/suricata/ruleset-sources                    | 28 +++++++++++++++
 html/cgi-bin/ids.cgi                               | 42 +++++++++++++---------
 langs/de/cgi-bin/de.pl                             |  1 +
 langs/en/cgi-bin/en.pl                             |  1 +
 src/scripts/update-ids-ruleset                     |  2 +-
 9 files changed, 75 insertions(+), 22 deletions(-)
 copy config/rootfiles/oldcore/{131 => 185}/filelists/ids-ruleset-sources (100%)
Difference in files:

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index d97431b4a3..c29a5151f9 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -1027,11 +1027,14 @@ sub _store_error_message ($) {
 sub _get_dl_rulesfile($) {
    my ($provider) = @_;
-	# Check if the requested provider is known.
-	if ($IDS::Ruleset::Providers{$provider}) {
-		# Gather the download type for the given provider.
-		my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+	# Abort if the requested provider is not known.
+	return unless($IDS::Ruleset::Providers{$provider});
+	# Try to gather the download type for the given provider.
+	my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'};
+
+	# Check if a download type could be grabbed.
+	if ($dl_type) {
    	# Obtain the file suffix for the download file type.
    	my $suffix = $dl_type_to_suffix{$dl_type};
diff --git a/config/rootfiles/oldcore/185/filelists/files b/config/rootfiles/oldcore/185/filelists/files
index 750a006418..09ce838868 100644
--- a/config/rootfiles/oldcore/185/filelists/files
+++ b/config/rootfiles/oldcore/185/filelists/files
@@ -46,9 +46,12 @@ lib/firmware/nvidia/tegra186/vic.bin
 lib/firmware/nvidia/tegra210/vic.bin
 srv/web/ipfire/cgi-bin/dhcp.cgi
 srv/web/ipfire/cgi-bin/dns.cgi
+srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/time.cgi
+usr/local/bin/update-ids-ruleset
 var/ipfire/backup/bin/backup.pl
+var/ipfire/ids-functions.pl
 var/ipfire/main/manualpages
 var/ipfire/ovpn/openssl/ovpn.cnf
diff --git a/config/rootfiles/oldcore/185/filelists/ids-ruleset-sources b/config/rootfiles/oldcore/185/filelists/ids-ruleset-sources
new file mode 120000
index 0000000000..a226ada39b
--- /dev/null
+++ b/config/rootfiles/oldcore/185/filelists/ids-ruleset-sources
@@ -0,0 +1 @@
+../../../common/ids-ruleset-sources
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/185/update.sh b/config/rootfiles/oldcore/185/update.sh
index 2c95c41028..ec4d8ab82b 100644
--- a/config/rootfiles/oldcore/185/update.sh
+++ b/config/rootfiles/oldcore/185/update.sh
@@ -115,6 +115,15 @@ mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
 # Set correct ownership
 chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+# Check if the drop hostile in and out logging options need to be added
+# into the optionsfw settings file and apply to firewall
+if ! [ $(grep "LOGDROPHOSTILEIN=on" /var/ipfire/optionsfw/settings) ] && \
+   ! [ $(grep "LOGDROPHOSTILEOUT=on" /var/ipfire/optionsfw/settings) ]; then
+        sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
+        sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
+        /usr/local/bin/firewallctrl
+fi
+
 # Rebuild initial ramdisks
 dracut --regenerate-all --force
 KVER="xxxKVERxxx"
diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources
index 2b3b4ffcb7..4e9ea5fa93 100644
--- a/config/suricata/ruleset-sources
+++ b/config/suricata/ruleset-sources
@@ -97,6 +97,34 @@ our %Providers = (
    	dl_type => "plain",
    },
+	# Positive Technologies Attack Detection Team rules.
+	attack_detection => {
+		summary => "PT Attack Detection Team Rules",
+		website => "https://github.com/ptresearch/AttackDetection",
+		tr_string => "attack detection team rules",
+	},
+
+	# Secureworks Security rules.
+	secureworks_security => {
+		summary => "Secureworks Security Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks security ruleset",
+	},
+
+	# Secureworks Malware rules.
+	secureworks_malware => {
+		summary => "Secureworks Malware Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks malware ruleset",
+	},
+
+	# Secureworks Enhanced rules.
+	secureworks_enhanced => {
+		summary => "Secureworks Enhanced Ruleset",
+		website => "https://www.secureworks.com",
+		tr_string => "secureworks enhanced ruleset",
+	},
+
    # ThreatFox
    threatfox => {
    	summary => "ThreatFox Indicators Of Compromise Rules",
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 369bf02760..edab971953 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1162,6 +1162,7 @@ END
    			my $subscription_code = $used_providers{$id}[1];
    			my $autoupdate_status = $used_providers{$id}[2];
    			my $status  = $used_providers{$id}[3];
+				my $unsupported;
# Check if the item number is even or not.
    			if ($line % 2) {
@@ -1171,13 +1172,9 @@ END
    			}
# Handle providers which are not longer supported.
-				unless ($provider_name) {
-					# Set the provider name to the provider handle
-					# to display something helpful.
-					$provider_name = $provider;
-
-					# Assign background color
-					$col="bgcolor='#FF4D4D'";
+				unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) {
+					# Mark this provider as unsupported.
+					$unsupported = "<img src='/blob.gif' alt='*'>";
    			}
# Choose icons for the checkboxes.
@@ -1206,7 +1203,7 @@ END
print <<END;
    			<tr>
-					<td width='33%' class='base' $col>$provider_name</td>
+					<td width='33%' class='base' $col>$provider_name$unsupported</td>
    				<td width='30%' class='base' $col>$rulesetdate</td>
<td align='center' $col>
@@ -1262,10 +1259,15 @@ print <<END;
    <hr>
    <br>
-	<div align='right'>
-		<table width='100%'>
-			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-				<tr>
+	<table width='100%'>
+		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+			<tr>
+				<td>
+END
+					print "<img src='/blob.gif' alt='*'> $Lang::tr{'ids unsupported provider'}\n";
+print <<END;
+				</td>
+				<td><div align='right'>
 END
# Only show this button if a ruleset provider is configured.
@@ -1274,10 +1276,10 @@ END
    				}
 print <<END;
    				<input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'>
-				</tr>
-			</form>
-		</table>
-	</div>
+					</div></td>
+			</tr>
+		</form>
+	</table>
 END
&Header::closebox();
@@ -1709,6 +1711,12 @@ END
    						# Grab the provider handle.
    						my $provider = $tmphash{$provider_name};
+							# Check if we are not in edit mode.
+							if ($cgiparams{'PROVIDERS'} ne "$Lang::tr{'edit'}") {
+								# Skip unsupported ruleset provider.
+								next unless(exists($IDS::Ruleset::Providers{$provider}{"dl_url"}));
+							}
+
    						# Pre-select the provider if one is given.
    						if (($used_providers{$cgiparams{'ID'}}[0] eq "$provider") || ($cgiparams{'PROVIDER'} eq "$provider")) {
    							$selected{$provider} = "selected='selected'";
@@ -1809,7 +1817,7 @@ sub show_additional_provider_actions() {
    }
# Disable the manual update button if the provider is not longer supported.
-	unless ($IDS::Ruleset::Providers{$provider}) {
+	unless ($IDS::Ruleset::Providers{$provider}{"dl_url"}) {
    	$disabled_update = "disabled";
    }
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index f13bddf4bc..b7b86fc7fc 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1416,6 +1416,7 @@
 'ids show' => 'Anzeigen',
 'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.',
 'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.',
+'ids unsupported provider' => 'Provider wird nicht mehr unterstützt',
 'ids visit provider website' => 'Anbieter-Webseite besuchen',
 'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.',
 'iface' => 'Iface',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 84370d9f17..8e4ebf3f2d 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1467,6 +1467,7 @@
 'ids subscription code required' => 'The selected ruleset requires a subscription code',
 'ids the choosen provider is already in use' => 'The choosen provider is already in use.',
 'ids unable to download the ruleset' => 'Unable to download the ruleset',
+'ids unsupported provider' => 'Provider is not supported anymore',
 'ids visit provider website' => 'Visit provider website',
 'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...',
 'iface' => 'Iface',
diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset
index 553c1a1e1e..806107e1c2 100644
--- a/src/scripts/update-ids-ruleset
+++ b/src/scripts/update-ids-ruleset
@@ -106,7 +106,7 @@ foreach my $id (keys %providers) {
    my $autoupdate_status = $providers{$id}[3];
# Skip unsupported providers.
-	next unless($IDS::Ruleset::Providers{$provider});
+	next unless($IDS::Ruleset::Providers{$provider}{'dl_url'});
# Skip the provider if it is not enabled.
    next unless($enabled_status eq "enabled");
hooks/post-receive
--
IPFire 2.x development tree

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 46a9e7a0a462095add7fa508322d837b78912596