This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via ad0d064a487c8912cbe4bd77ae652a4212e0fae9 (commit) via 4e8225a778f838dadc530759b9341fc9dbf5d534 (commit) via cf6eaba833abee235fffdf377a0d6379a0ff8406 (commit) via 563e4a4298b881d612a14994d90bbb7503e1d754 (commit) via 0842e694a6b577843362ea6b854d336b867d6f00 (commit) via df7977fde7dec9516036afd8b687acab9f034bf4 (commit) via 738ee720275e56bd6fff06b2b53730f903dd02df (commit) from 0564584a5887b7498ae9ea638bc4799d2a6147e8 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit ad0d064a487c8912cbe4bd77ae652a4212e0fae9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 22 06:01:45 2024 +0100
ids.cgi: Improve add provider logic
Do not longer add unsupported/removed providers as an option when adding a new/first ruleset provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4e8225a778f838dadc530759b9341fc9dbf5d534 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Mar 22 15:29:22 2024 +0000
core185: Ship IPS files
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cf6eaba833abee235fffdf377a0d6379a0ff8406 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Mar 21 21:51:18 2024 +0100
ids.cgi: Adjust code for marking unsupported providers
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 563e4a4298b881d612a14994d90bbb7503e1d754 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Mar 21 21:51:17 2024 +0100
ruleset-sources: Restore generic details about recently dropped providers
At least these informations are required to display something usefull on the webgui, even if a provider has been dropped.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0842e694a6b577843362ea6b854d336b867d6f00 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Mar 21 21:51:16 2024 +0100
update-ids-ruleset: Disable provider if not dl_url can be obtained
Unsupported/Removed provides does not longer have these information
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit df7977fde7dec9516036afd8b687acab9f034bf4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Mar 21 21:51:15 2024 +0100
ids.cgi: Change check if a provider is not longer supported
This check is now based on a download URL instead of checking if an entry in the ruleset sources is present.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 738ee720275e56bd6fff06b2b53730f903dd02df Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Mar 21 21:51:14 2024 +0100
ids-functions.pl: Improve logic to get the cached rulesfile of a provider
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/ids-functions.pl | 11 +++++--- config/rootfiles/core/185/filelists/files | 3 +++ config/suricata/ruleset-sources | 28 +++++++++++++++++++++ html/cgi-bin/ids.cgi | 42 ++++++++++++++++++------------- langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + src/scripts/update-ids-ruleset | 2 +- 7 files changed, 66 insertions(+), 22 deletions(-)
Difference in files: diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index d97431b4a3..c29a5151f9 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -1027,11 +1027,14 @@ sub _store_error_message ($) { sub _get_dl_rulesfile($) { my ($provider) = @_;
- # Check if the requested provider is known. - if ($IDS::Ruleset::Providers{$provider}) { - # Gather the download type for the given provider. - my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; + # Abort if the requested provider is not known. + return unless($IDS::Ruleset::Providers{$provider});
+ # Try to gather the download type for the given provider. + my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; + + # Check if a download type could be grabbed. + if ($dl_type) { # Obtain the file suffix for the download file type. my $suffix = $dl_type_to_suffix{$dl_type};
diff --git a/config/rootfiles/core/185/filelists/files b/config/rootfiles/core/185/filelists/files index 750a006418..09ce838868 100644 --- a/config/rootfiles/core/185/filelists/files +++ b/config/rootfiles/core/185/filelists/files @@ -46,9 +46,12 @@ lib/firmware/nvidia/tegra186/vic.bin lib/firmware/nvidia/tegra210/vic.bin srv/web/ipfire/cgi-bin/dhcp.cgi srv/web/ipfire/cgi-bin/dns.cgi +srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/time.cgi +usr/local/bin/update-ids-ruleset var/ipfire/backup/bin/backup.pl +var/ipfire/ids-functions.pl var/ipfire/main/manualpages var/ipfire/ovpn/openssl/ovpn.cnf diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index 2b3b4ffcb7..4e9ea5fa93 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -97,6 +97,34 @@ our %Providers = ( dl_type => "plain", },
+ # Positive Technologies Attack Detection Team rules. + attack_detection => { + summary => "PT Attack Detection Team Rules", + website => "https://github.com/ptresearch/AttackDetection", + tr_string => "attack detection team rules", + }, + + # Secureworks Security rules. + secureworks_security => { + summary => "Secureworks Security Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks security ruleset", + }, + + # Secureworks Malware rules. + secureworks_malware => { + summary => "Secureworks Malware Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks malware ruleset", + }, + + # Secureworks Enhanced rules. + secureworks_enhanced => { + summary => "Secureworks Enhanced Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks enhanced ruleset", + }, + # ThreatFox threatfox => { summary => "ThreatFox Indicators Of Compromise Rules", diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 369bf02760..edab971953 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -1162,6 +1162,7 @@ END my $subscription_code = $used_providers{$id}[1]; my $autoupdate_status = $used_providers{$id}[2]; my $status = $used_providers{$id}[3]; + my $unsupported;
# Check if the item number is even or not. if ($line % 2) { @@ -1171,13 +1172,9 @@ END }
# Handle providers which are not longer supported. - unless ($provider_name) { - # Set the provider name to the provider handle - # to display something helpful. - $provider_name = $provider; - - # Assign background color - $col="bgcolor='#FF4D4D'"; + unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) { + # Mark this provider as unsupported. + $unsupported = "<img src='/blob.gif' alt='*'>"; }
# Choose icons for the checkboxes. @@ -1206,7 +1203,7 @@ END
print <<END; <tr> - <td width='33%' class='base' $col>$provider_name</td> + <td width='33%' class='base' $col>$provider_name$unsupported</td> <td width='30%' class='base' $col>$rulesetdate</td>
<td align='center' $col> @@ -1262,10 +1259,15 @@ print <<END; <hr> <br>
- <div align='right'> - <table width='100%'> - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <tr> + <table width='100%'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <tr> + <td> +END + print "<img src='/blob.gif' alt='*'> $Lang::tr{'ids unsupported provider'}\n"; +print <<END; + </td> + <td><div align='right'> END
# Only show this button if a ruleset provider is configured. @@ -1274,10 +1276,10 @@ END } print <<END; <input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'> - </tr> - </form> - </table> - </div> + </div></td> + </tr> + </form> + </table> END
&Header::closebox(); @@ -1709,6 +1711,12 @@ END # Grab the provider handle. my $provider = $tmphash{$provider_name};
+ # Check if we are not in edit mode. + if ($cgiparams{'PROVIDERS'} ne "$Lang::tr{'edit'}") { + # Skip unsupported ruleset provider. + next unless(exists($IDS::Ruleset::Providers{$provider}{"dl_url"})); + } + # Pre-select the provider if one is given. if (($used_providers{$cgiparams{'ID'}}[0] eq "$provider") || ($cgiparams{'PROVIDER'} eq "$provider")) { $selected{$provider} = "selected='selected'"; @@ -1809,7 +1817,7 @@ sub show_additional_provider_actions() { }
# Disable the manual update button if the provider is not longer supported. - unless ($IDS::Ruleset::Providers{$provider}) { + unless ($IDS::Ruleset::Providers{$provider}{"dl_url"}) { $disabled_update = "disabled"; }
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index f13bddf4bc..b7b86fc7fc 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1416,6 +1416,7 @@ 'ids show' => 'Anzeigen', 'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.', 'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.', +'ids unsupported provider' => 'Provider wird nicht mehr unterstützt', 'ids visit provider website' => 'Anbieter-Webseite besuchen', 'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.', 'iface' => 'Iface', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 0113f8811f..8e50aba767 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1467,6 +1467,7 @@ 'ids subscription code required' => 'The selected ruleset requires a subscription code', 'ids the choosen provider is already in use' => 'The choosen provider is already in use.', 'ids unable to download the ruleset' => 'Unable to download the ruleset', +'ids unsupported provider' => 'Provider is not supported anymore', 'ids visit provider website' => 'Visit provider website', 'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...', 'iface' => 'Iface', diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset index 553c1a1e1e..806107e1c2 100644 --- a/src/scripts/update-ids-ruleset +++ b/src/scripts/update-ids-ruleset @@ -106,7 +106,7 @@ foreach my $id (keys %providers) { my $autoupdate_status = $providers{$id}[3];
# Skip unsupported providers. - next unless($IDS::Ruleset::Providers{$provider}); + next unless($IDS::Ruleset::Providers{$provider}{'dl_url'});
# Skip the provider if it is not enabled. next unless($enabled_status eq "enabled");
hooks/post-receive -- IPFire 2.x development tree